Member log in

Google will destroy sensitive NZ Street View data - for real, this time

UPDATE Oct 10, 2012: Google will destroy sensitive data incorrectly collected by its Street View cars as they photographed New Zealand, a source close to the company's nearest corporate headquarters, in Sydney,  told NBR today. The destruction would be verified by a third-party, NBR was told.

This morning, NZ's Privacy Commissioner issued a statement to media revealing Google had not destroyed the data, as previous pledged (see below).

Google Australia spokesman Johnny Luu would not confirm or deny if Google had plans to destroy the data, offering only that his company was working closely with the Commissioner to resolve the situation.

Timeline

May 2010: News breaks that Google NZ Street View cars had collected WiFi information, including segments of communications crossing unsecured WiFi networks.

December 2010: Privacy Commissioner concludes investigation, finding Google in breach of NZ privacy law. Google provides undertakings, including undertaking to destroy the payload information.

March 2011: Google verifies that payload information destroyed, supported by independent report.

End of July 2012: Google notifies several privacy regulators that a check had unearthed the fact that it still had payload information from WiFi networks. Privacy Commissioner immediately asks Google to check whether it still held any New Zealand payload information.

October 2012: Google notifies NZ Commissioner that it has located one disk that may contain NZ and Australian payload information.

Source: NZ Privacy Commission

ckeall@nbr.co.nz


Google on privacy: we’re not so bad

Aug 15, 2011 Google has deleted data collected with its Google Street View cars which got them into hot water with the Privacy Commissioner last year, the company has announced.

On Google’s blog today, senior vice president knowledge Alan Eustace said the company had deleted the payload data, which included information about people’s WiFi addresses, its Google Street View cars had collected when they began driving in 2007.

The deliberate collection of such data, which detailed the names, strengths and security status of wireless networks, was partly responsible for an increase in complaints to the Privacy Commissioner Marie Shroff, who launched an investigation in May 2010.

The Commissioner found that Google had breached the Privacy Act with its collected data, had failed to properly notify the public and that such collection was unfair.  However, Ms Shroff said in December that Google had acknowledged it had gone about things the wrong way and that it had had a legitimate reason for collecting the data. 

Google’s announcement today said it had been a mistaken collection of publicly broadcast payload data, and that it had downloaded the data in February, under independent supervision.

Google also said it had made a commitment to the Commissioner to conduct a Privacy Impact Assessment (PIA) on any further Street View activities in the country, which it published today.

The PIA states that Google will continue to ensure Street View images are not real time, and to blur faces and license plates.  In addition, the company has said it removed all WiFi equipment from Street View cars, and would not be collecting such data.

In October it appointed a director of privacy across engineering and product management, to ensure effective privacy controls were built into products and internal practices, the company said. 

Google also said that as part of its privacy overhaul, every engineering project leader is required to maintain a privacy design document for each project, recording how user data is handled. This document would be reviewed regularly by managers and an independent internal audit team, it said.

Google apologised for its mistake and said it was looking forward to getting Street View cars back on the road.

“Maintaining people’s trust is crucial to everything we do, and we have to earn that trust every single day.”

More by Chris Keall and NBR staff

Comments and questions
14

Just hurry up and update the streetview images that are now woefully out of date due to all this delay.
Android handsets are collecting wifi locations now anyway so its not as necessary to do driveby collections.

Yes big yawn to this whole non-saga.

All so the Privacy Commissioner's office can look like it actually does some work.

Google - please update our street view images - preferably during the New Zealand summer.

Yep getting some new street view images would be good. I had a house guest who parked their Toyota Prius parked in the driveway outside the house for one day - wouldn't you know that's the day Google street viewed my street and collected my WIFI network address.

Now that they've destroyed the WIFI network address information they can get onto something actually useful and I can get the picture of that bloody hybrid off the street view of my house!

Had plenty of time to analyse all the data and get the paydirt. Nothing like making a PR campaign out of a hard drive clean out.
Get some respect Google.

This is a non-issue. If a government with a police force etc is doing this then I would be worried. All Google can use this for is to try to sell more. So what.

Given how frequently banks and credit card services have been hacked, personal security is critical. If you don't think so, read again: "The deliberate collection of such data, which detailed the names, strengths and security status of wireless networks". This data is pure gold to digital criminals and not information that should be held by a search engine company. The location of routers for location based services is one thing, but how secure they are is something that should not be collected by anyone unless under a police warrant. .

How about google just be a good search engine provider and a maps outfit rather than wanting to know everything about us?
I trust them about as far as I can drive today (being snowed in and all), especially after the Egypt situation...

What are they really going to do with your information - What does everyone have to hide ??

Google do your worst... I enjoy using it.
Its better googling things than trying to find them in books.

Call me Lazy but Im a google convert..

If you've done nothing wrong, they have no reason to look right?

Or is it presumption of guilt a free society was built on ... wrong-headed thinking like this leads to Stasi state. You are lazy and lazy people end up in concentration camps.

I really want to see this Google car. A car which has no driver? How did they built such car? Does this car have the same parts like the AC Flush Kits, acceleration pedals and tires as the normal car?

Google is terrible on privacy ... they are the Orwellian vanguard for the Statists dream of a full retarded Stasi know-all state.

Maybe they got the hint from Dotcom fiasco that Kiwis are serious about their privacy. Wish it didn't take that for people to wake up to all the stuff that has been pushed through passed dozey politicians noses in the IT snooping sphere ... i.e. by SIS and GCSB and alphabet soup of doing god-knows-what intelligence agencies.

Awesome stuff from the timeline above:

"March 2011: Google verifies that payload information destroyed, supported by independent report."

Presumably future independent reports will take a more accurate approach e.g. "We watched them destroy a pile of disks. We have no idea what was on them and whether that was all of it or whether they kept some."

Speaks volumes as to why it's better not to let them have the stuff they shouldn't in the first place, if they can't keep track of where it is.

Google's entire business model is based around harvesting of information either willingly (through sponsored adwords), unwittingly (in the case of Gmail, web cookies) or unwillingly (like harvesting wi-fi data & security data).

You would think they would be hyper-sensitive about the legitimacy & legality of collection & storage of this information, but appears from the outside to have a more cavalier attitude to it. How could they possibly think it was ok to snoop on the security strength of private wi-fi networks? Its a bit like checking out what kind of locks are on the front & back door of each house in the country.

Makes me want to use multiple different web browsers for key tasks to prevent info sharing. Say IE for facebook, Chrome for Gmail, and Firefox for general surfing.

Isn't it impossible to know if its destroyed or not. Who knows if they just went copy -> paste and then destroyed one and said there it's destroyed happy now?