ICO simply HAS TO mount fresh Google Street View inquiry

Ogle The Information Commissioner’s Office must re-open their investigation into Google, which has now admitted that Street View cars had captured complete emails and passwords from domestic WiFi networks (after issuing denials and suggesting that anyone who said otherwise was trouble-making or untruthful or paranoid).

In an absurd press release sent in the middle of the Metropolitan Police investigation into Google, the ICO cleared the search provider in May after sending two non-technical personnel into the belly of the beast the HQ of a remarkably technologically advanced company and examining a sample of the Street View data, concluding that there was nothing to see. Which was codswallop, as now evidenced by Google's own account.

Google had maintained that it accidentally collected “fragments” of information travelling over unsecured wireless networks. That "explanation" is now palpably false. Regulators in Canada and Spain have accused Google of breaking local laws and, only now, when faced with persistent criticisms which evidently weren't going to go away, Google strategically confessed announced on Friday that it had collected more complete personal data than it had previously admitted.

In response to this, the ICO woke up said on Sunday that it would ask Google if emails and passwords were collected in the UK too:

“We will be making enquires to see whether this [new] information [from Google] relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers."

Of course, that's only possible because the ICO's rubbish previous guidance was stymied by other proceedings. In May, the ICO foolishly asked Google to delete the data it had collected from wireless networks, which would have hidden forever what they'd snatched and denied their victims knowledge of what was stolen (even though really reassuring said victims that the data was genuinely dispatched would be difficult, particularly given the underhand way it was acquired in the first place) – but that process of destroying evidence was thankfully halted when the police began a separate investigation into whether Google had breached the Regulation of Investigatory Powers Act.

Since July, Google’s cars have been back on the road, mapping local information to expand and update Street View. But even though they claim to have stopped collecting WiFi data, the service continues to cause controversy.

In Germany, Google allowed people in cities where it had photographed houses to opt out of the service before the service went online, the first time it had done so. They have thus far received 244,237 opt-outs. One might wonder, when a quarter of a million Germans are able to opt out of this "service", why we weren't afforded the same opportunity in the United Kingdom.

Perhaps finally realising that the cycle of bad deed / get caught / claim it was an accident / apologise was wearing thin, Google have started to get their excuses for violating privacy in ahead of time:

“Given how complex the process is, there will be some houses that people asked us to blur that will be visible when we launch the imagery in a few weeks time. We’ve worked very hard to keep the numbers as low as possible but in any system like this there will be mistakes."


Finally, let us consider the obvious question in relation to this, perhaps the largest invasion of privacy ever to have happened in the private sector in the UK. Google claimed not to have had anything useable. When we suggested that they'd have captured e-mail addresses and personal data, they pooh-poohed us. Now, they admit that they captured e-mails. So – what else did they capture?

(And it will be rather hard to accept any assurance or internal investigation from them, won't it..?)

By Alex Deane

Posted by on Oct 25, 2010 in Online privacy | 7 Comments


  1. alastair
    25th October 2010

    No, no, no. How is deleting the data “foolish”? How is allowing ANYONE to “inspect” it for potentially “interesting” information going to assist anyone’s privacy?
    The alternative is to let some unelected government official, who may or may not be trustworthy, or an “expert” hired by said official, who may also not be trustworthy, inspect the data to see if there is indeed anything “of interest”.
    I worry that some people might be trying to use this incident for publicity and for their own self-aggrandisment, and the end result will be a breach of the privacy of those concerned by officials and experts over whom we have no control.

  2. Gareth Edwards
    25th October 2010

    The tone of this entire article is childish, misleading and loaded with baseless innuendo. I’m happy to say that it does nothing for the credibility of your campaign.
    Yes, Google intercepted and captured data publicly broadcast over WiFi, and yes, some of those fragments will have contained entire passwords and emails. However, I can see no intent or harm done, and remember that it was Google did the right thing by revealing the issue – it could easily have not told anyone, deleted the data and nobody but a few Google engineers and execs would have been the wiser.
    Instead of stamping your feet with an article that is beneath even the Daily Mail’s level of scare mongery, how about educating the ‘victims’ of Google’s revelation on the dangers of publicly broadcasting all of their unsecured online movements and conversations to anyone that cares to sit outside their house with a laptop.

  3. Purlieu
    25th October 2010

    The point is, Gareth, that Google initially denied everything, then admitted to gathering data not of a personal nature, now they admit to personally identifying data.
    What lies ahead ?

  4. Anon
    26th October 2010

    Google should not have collected this information, however it didn’t seem to be intentional. There is a much wider issue which is being overlooked: if Google collected this information then anyone with a laptop can drive around and pick this information up too.
    It seems unlikely that Google will use passwords to break into people’s accounts, and as I understand the only reason they didn’t delete the information immediately is because they were required to retain it by law so that it could be correctly investigated.
    So Google has done wrong, but should there not be a greater emphasis on educating users to encrypt their wireless connections to prevent others from collecting the same information, who may do so to be intentionally malicious?

  5. alastair
    26th October 2010

    @Gareth: Quite.

  6. Scary Biscuits
    28th October 2010

    I think there has always been a danger with the BBW campaign that it will descend into being Luddite, against all technological innovation.
    Nowhere is this article is the economic and social benefit of Google’s investment and innovation mentioned.
    Whilst I agree that Google deserves a slap on the wrist for this breach it is nowhere near as bad as the information it records on your viewing habits via cookies on your computer. This in turn is nowhere near as bad as what the government does.
    BBW should focus on the biggest offender and this will naturally tighten up private practice as a side effect.
    Secondly, we should focus on a change in the law. The ICO should be abolished and the current data protection laws repealled as unworkably complex. (Complex laws also always benefit those with the deepest pockets, i.e. the Government and big business, against small businesses and individuals.)
    Instead, your data should be recognised as your property (which it is) and use of it without permission is theft or, better, grounds for civil compensation decided by the courts. This approach may not even require legislation if BBW were to sponsor civil cases under Common Law.

  7. Frank Sutton
    28th October 2010

    Well OK, Google gathered up the wifi information accidentally. So what information were they trying to collect?