HK commissioner characterizes private data collection by cars as a 'mistake'

Privacy Commissioner for Personal Data Roderick Woo Bun confirmed Tuesday that Google Incorporated has promised to correct the error that resulted in the company's Street View cars transmitting potentially private information over unprotected WiFi networks.

At a meeting with representatives of the search engine giant Tuesday, Woo told reporters the company will review its procedures to ensure a similar gaffe does not recur. A report on the error is to be released.

The company's Street View cars record panoramic roadside views of Hong Kong and other cities for use in Google Maps.

Woo had previously said he did not accept Google's claim it did not know the cars had collected private data from unencrypted WiFi networks over the past three years. "They have committed mistake after mistake, and to salvage the public trust, Google must as a matter of urgency, review its policy concerning strict observance of and respect for personal data privacy rights in the operation of their business," Woo wrote in a statement Monday.

The company was first tipped off it was unwittingly collecting unencrypted data transmitted over WiFi networks after an audit request earlier this month by Hamburg, Germany's data protection authority to review the data collected.

According to a Friday blog post by the search engine giant's senior vice president of engineering and research Alan Eustace, the company never used the data collected from multiple cities over the past three years in any Google products.

Eustace's Friday disclosure comes just four weeks after a separate post in which the company denied it collected data sent over WiFi networks.

He wrote the cars were only trying to collect WiFi access points for use in Google Maps mobile to help people find local restaurants or get directions.

He wrote the company's collection of WiFi data sent from the access points was an error. He said it stemmed from the unintentional inclusion in the software used by the Street View cars to collect data, a prototype program that samples WiFi data.

"In addition, given the concerns raised, we have decided that it's best to stop our Street View cars' collecting WiFi network data entirely," Eustace wrote, adding the company will be asking third parties to review the extent of the data collected and confirm its deletion.

The company will also review its procedures to ensure controls can address similar problems in the future. He added only fragments of data were collected since the cars were constantly moving

The company announced it will also offer an encrypted version of Google Search this week.

"The engineering team at Google works hard to earn your trust," Eustace wrote, adding that "we are acutely aware that we failed badly here."

In a statement issued Monday, Woo wrote, "This is a global issue that has a technological impact on personal data privacy in many jurisdictions. I have contacted a number of overseas privacy authorities with whom I have close links and will seek coordinated international investigative efforts and sanctions."

Chairman of the Internet Society's Hong Kong branch, Charles Mok, expressed surprise that Google did not exercise due diligence by failing to undertake a privacy impact study before setting off to map the city's roads. Mok added the risks were minimal, since sorting out and piecing together the fragments of information would be very difficult.

"Realistically the risks are not high, but the fact they did it is very improper; this is a good wake up call - people should encrypt their WiFi networks," he said, adding some 40 percent of networks in town are still unencrypted.

China Daily

(HK Edition 05/19/2010 page1)