Google’s Wi-Fi spy cars collected medical info, other sensitive data

October 25th, 2010

Wi-Fi spy car

By Byron Acohido, USA TODAY, Page 3B, Oct. 25, 2010

Google is feeling rekindled heat over the private data it collected without permission in more than 30 nations.

The British Information Commissioner’s Office on Monday asked to take a closer look at the evidence Google made available earlier this year, after the company admitted that cars sent to take photos for its Street View mapping service also carried Internet eavesdropping gear.

The U.K.’s request follows Canada’s disclosure last week that Google, indeed, collected sensitive information during its Street View campaign, not just “fragmentary data,” as the company had earlier indicated.

Stoddard

“Some of the captured information was very sensitive, such as a list that provided the names of people suffering from certain medical conditions, along with their telephone numbers and addresses,” says Jennifer Stoddart, Canada’s Commissioner of Privacy. “It is likely thousands of Canadians were affected.”

Google’s Alan Eustace, senior vice president of engineering and research, had stated in a May 14 blog post that the Wi-Fi data harvested by the Google vehicles was “fragmentary ” since the cars were “on the move.” On Oct. 19, Canada issued an investigative summary. Three days later, Eustace amended his stance.

“A number of external regulators have inspected the data,” Eustace wrote in a Friday blog post. “It’s clear from those inspections that while most of the data is fragmentary, in some instances entire e-mails and URLs were captured, as well as passwords.”

Eustace listed several privacy measures Google has recently implemented. “We are mortified by what happened,” he wrote, adding that Google would like to “delete this data as soon as possible.”

Google spokeswoman Christine Chen says the company wants “to protect the privacy of those whose data we mistakenly collected.”

Google already has deleted data harvested in Austria, Denmark, Ireland and Hong Kong, but has been unable to delete more because “many of the investigations are still ongoing,” Chen says.

Privacy lawsuits and Congressional inquiries in the U.S., the re-opened British probe and potential investigations by privacy regulators in other nations make destroying more data problematic.

Intensified scrutiny of how and why Google collected this data could help explain how and why such a large, sophisticated data-collection project came to be.

“It’s very likely that when the data was initially gathered, the engineers who gathered it intended to use it,” says John Simpson, managing director of the non-profit Consumer Watchdog advocacy group.

Additional commentary  from John Simpson:

Simpson

Google is finally coming clean after the Canadian Privacy Commissioner found that they had in fact gathered entire emails, passwords, and other sensitive information rather than just “fragmentary data” as the Internet giant originally claimed.

I think they are going public because they want to get this behind them. The only logical course is for them to destroy the data when they can. They cannot yet do so in many countries — including the U.S. — because the data is evidence in litigation or formal investigations by authorities.

U.S. State attorneys general have a joint investigation pending. More than 35 states are taking part. FTC is reported to be looking at it.   Back in June three Congressmen wrote Google about Wi-Spy.

The Brits are reopening their probe and are saying that Google may be subject to large fines.

Clearly they are now desperately trying to spin the story now. Rather than deal with the company’s gross invasion of privacy in a meaningful way, Google would rather polish its image.