UPDATE: A writ has been filed in Oregon District Court against Google for capturing wireless data of U.S. citizens.  Complicating matters, Google has declared on their blog that they intend to destroy the data that was captured as part of their Street View program.  With a potential legal case against Google, any action on Google’s part to delete or destroy the data for privacy reasons could be perceived by the courts as an attempt to obstruct justice. The parties behind the impending lawsuit have apparently requested that Google retain the data.

While it is well known that Google has been gathering street level data for some time, until recently it was unclear just how much they were after.

Google’s Street View program, which offers street-side imaging of Google Maps has been vocally objected to by a  few members of the public, but citizen complaints have been almost completely ignored by legal authorities — until now.

In addition to collecting pictures, Google has now admitted to German authorities that they were collecting much, much more.

As Google Street View cars passed by recently, they not only collected geolocation data and pictures of the streets, but also recorded information received from wireless hotspots. Google collected data not just from public wifi locations, but from private individual’s wireless routers as well.

Google originally claimed to European Regulators that the information they gathered was strictly for augmenting their GPS data.  But when pressed, Google admitted that they were essentially war-driving, a process where all wireless frequencies are checked very rapidly for any available signals.  Google would then capture a set of data from each open (unencrypted) connection.

While this may not appear to be a serious concern at first, the data collected by Google was stored on hard drives for later processing, and could easily contain personally identifiable information such as Email correspondence, web surfing data, chat conversations and more.  Anything being transferred over a wireless connection that was not encrypted could have been gathered as Google’s cars drove past your home.

On May 14th, Google posted on their official blog, admitting that a previous post about Google maps data was false and that they indeed had gathered private data over wireless.  In response to this Google has taken the apparent high road, writing:

“The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake.”

Google also recommended the obvious: make sure you password protect your router and encrypt your internet connection!

It is very easy to take the most basic precautions when surfing over a wireless connection:

  • Secure your wireless network using a strong Encryption method. Just because you use a password on your wireless router does not mean it is safe! You should use WPA-PSK or WPA2 for the encryption method and be certain to use the latest firmware from your router manufacturer.  Failing to update your router’s firmware may leave you vulnerable even if your router’s network is encrypted!
  • Don’t make purchases or do banking over a wireless connection you don’t trust. If you don’t know who runs the network they could mislead you and steal your personal information.
  • Check all websites you go to for an https:// in the url. If it does not have an https and a padlock icon, you should assume that the information on the page and anything you enter will not be secure.
  • Check the url to make sure it was not mistyped. Hackers and scammers often register typos and similar looking domains to trick unsuspecting users into entering their passwords.

If you still have questions about how to stay safe on the web or how to protect your network or wireless router from problems like the one in this story, contact me today!