The ICO is wrong on Google

Google As you can see here, individual liberties and privacy groups call on Information Commissioner’s Office to investigate Google: until a full investigation is conducted, Google must be forced to retain private ‘Streetview’ data

Following revelations that Google’s ‘Streetview’ has been harvesting private information over unencrypted Wi-Fi networks, the European Privacy Association (EPA) and Big Brother Watch call for an investigation.

Google’s disdain for privacy violates the personal privacy that has been a cornerstone of modern Europe.

Little is known about what data was collected, and stressed the need to investigate what information Google was able to gather. In the same spirit in which Google engaged with the Chinese government, we invite Google to disclose why, for how long and what type of information they have been gathering from members of the public with ‘Streetview’ cars. Everyone has a right to know what private data Google has on them.

Whether your Wi-Fi network is unencrypted or secured, anyone should be able to conduct their private affairs, be it online banking, shopping or checking your email, safe in the knowledge that their personal liberty will not be compromised.

If Google does not act in good faith and fully divulge the private information they have been accessing, then a full investigation must be carried out. We applaud the national Data Protection Authorities in Germany, France, Czech Republic, and Italy and are concerned by the Information Commissioner’s decision to dismiss any such investigation in the UK.

We call on the Information Commissioner’s Office to ensure that Google does not destroy all the information they gathered until an investigation has been carried out.

Google is one of the most innovative private enterprises in the world, and we commend them for that. But with a global business there comes global responsibility. It appears that in their endeavors to innovate and design bespoke products they have overstepped the mark and compromised the private lives of potentially millions of British people.

Google still has a lot of questions to answer.

Posted by on May 27, 2010 in Online privacy | 9 Comments


  1. alastair
    27th May 2010

    Guys, your assertions that Google “has been harvesting private information” and “have overstepped the mark and compromised the private lives of potentially millions of British people” seem like they might be libellous. You don’t actually have evidence for either of them, and the latter in particular is the kind of thing that corporate law departments get all excited about. At least stick a few “may”s in there before Google’s lawyers come knocking…
    Further, if I understand you correctly, you’re *seriously* suggesting that it would be better from a privacy standpoint if someone (and I assume you mean someone in government, rather than someone in Google) *inspects* this data? As opposed to deleting it, uninspected?
    On what planet does that keep the data more private, as opposed to less? And why do you assert that we should trust whoever is inspecting the data? If the government, why do you assert that we should trust them more than Google? Normally you tell us *not* to trust the government…
    Additionally, a point of accuracy: your online banking and the payment part of shopping (at least) *are* private because they’re encrypted, regardless of what your WiFi network is set to do. Checking your e-mail may or may not be; ironically, if you’re using Google Mail, it may very well be private because they provide SSL encryption for their users. So perhaps banking and shopping weren’t such great examples?

  2. Redacted
    27th May 2010

    alastair: “your online banking and the payment part of shopping (at least) *are* private because they’re encrypted”
    You would certainly hope so, but you might be wrong…
    I agree with you that there would seem no need for government agencies to be involved in any analysis. I think I’m right in saying that in some places the data has been retained for “independent analysis” i.e. not by government. Ireland, on the other hand, ordered it to be summarily deleted.

  3. alastair
    28th May 2010

    I have to say, I don’t think “independent analysis” makes it any better. I don’t see any reason why the people affected should trust an “independent expert” any more than government or Google to look through this data.
    It would be best just to delete it.

  4. Keith
    28th May 2010

    What am I missing here?
    A Google camera car drives past you home/office and captures a few packets of wireless data.
    If you’re doing anything remotely “interesting” on an *unencrypted* wireless network you’ve got far more to worry about that the remote chance that a google car passes at the exact moment you click submit and transmit your entire sordid life story, in the clear, to a 3rd party who doesn’t care about you privacy either.

  5. Redacted
    29th May 2010

    Google, gets cold feet over handing over data to German Government…
    Google is perhaps afraid of setting a precedent of revealing “their” data in case of future government requests. If Google can’t resist such requests, the case against trusting it to hold potentially sensitive data is strengthened, which is of course damaging to its commercial interests.
    Given that Google weren’t concerned about granting themselves access to this data, it is hard to believe that they care about defending the privacy of the individual per se.
    That, or else the data aren’t quite as innocuous as they suggested, and there is a real issue in turning it over to the German authorities, as appears to be required by German law.
    Are the captured data innocuous or not?
    Perhaps Alastair is right and it should just be deleted. But that would leave the actual nature of the data gathered unresolved, and open to paranoid speculations such as mine.
    Another fine mess…

  6. FaustiesBlog
    29th May 2010

    Google has CIA links. Not only does it provide data to the CIA, but it acquired a venture capital firm which is funded by the CIA.
    Why not switch to another search engine, browser and email client? Startpage offers IP anonymity and, being a meta search engine, uses a host of other search engines, simultaneously.
    The only way to break Google, is to mass- boycott it.

  7. Redacted
    29th May 2010

    @keith: “What am I missing here?”
    Not sure but how about these:
    1) We are only assuming that the data captured were trivial. According to Google’s technical explanation it seems quite likely to be trivial, but there’s no guarantee, as all sorts of stuff *could* have been captured, and also Google could be playing it down.
    2) This is Google, the global data mining company, whose business depends on our trust.
    3) Insecurity of wifi networks is sometimes deliberate I suppose but surely also in many cases it is the inevitable consequence of the transition of computers and networking devices into consumer commodities rather than enthusiast technologies as in former years. People nowadays buy this stuff who haven’t a clue what security is for, how far their wifi signal travels, or even that anyone would bother to snoop. Average consumers are used to the notion that it is up to manufacturers to figure the necessary product safeguards out, and in many cases may imagine that if they try and mess with the default options they risk to break the device.
    4) Britain is still quite weak on data protection, and there’s a fair bit of public apathy about it. But that isn’t true everywhere. The nazi state was based on wholesale intrusions into personal privacy and autonomy, backed up by absolute prioritisation of official bureaucratic requirements over human sensitivities, hence the greater seriousness with which data protection matters are taken in Germany, for instance.
    5) The streetview cars were controversial from the start, just on account of the photography. I can’t recall Google ever volunteering the fact that wifi details were being captured as well, so there is a little hint of “covert” about that part of it really, and then we further discover that far from the surgical gathering of specific ssid and mac address that you might expect, they had actually just recorded whatever wifi packets happened to be going.
    6) Google will keep pushing its luck until people push back. So…..

  8. Keith
    30th May 2010

    Thanks for your reply.
    Given that the range of a wireless network, under normal circumstances, is a few tens of metres and there are 12 available wireless channels, for a Google car to capture any appreciable amount of data it would have to park outside ones house. If people are using open wireless to transmit/receive sensitive data they’ve got bigger issues than the few packets a Google car may have collected
    I’m struggling to see any possible, plausible adverse intent here. Google already know more about most people from their browsing/searching habits.