Google cleared of UK privacy breach

By Liam Tung on Jul 30, 2010 7:16 AM
Filed under Security

Harm threshold not breached.

The UK's Information Commissioner's Office today declared Google's collection of unencrypted WiFi data while on its Street View operation was inadvertent and harmless.

"The information we saw does not include meaningful personal details that could be linked to an identifiable person," it said.

The ICO had visited Google's offices to assess samples of the data the search giant had collected.

"Whilst Google considered it unlikely that it had collected anything other than fragments of content, we wanted to make our own judgement as to the likelihood that significant personal data had been retained and, if so, the extent of any intrusion," the ICO said.

"On the basis of the samples we saw we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data."

The ICO said it had found no evidence that data captured by Google had caused or could cause any individual detriment, however it did acknowledge that Google "was wrong to collect the information".

UK privacy advocate, Privacy International, which initially raised the case with the ICO, has claimed that Google intentionally collected the data. PI claims that an audit of the program that Google used, "gslite", revealed that it was coded to dump encrypted network data but store data transmitted over unencrypted networks.

"This means the code was written in such a way that encrypted data was separated out and dumped, leaving vulnerable unencrypted data to be stored on the Google hard drives," PI said last month.

Earlier this month Australia's recently replaced Privacy Commissioner Karen Curtis ruled that Google's Street View operation had breached the local Privacy Act, however she was unable to impose any sanctions on the company.

She asked Google to conduct a privacy-impact assessment for future Street View harvests.

London's Metropolitan Police and the Australian Federal Police have commenced their own investigations into Google's alleged data breach.

The US appears to be taking a more hardline approach to the alleged data breach. Last week a 38-state response to Google was spearheaded by Connecticut Attorney General Richard Blumenthal, who wants to know whether Google tested its Street View software before it used it.

If it did, argued Blumenthal, the test should have revealed whether the program collected data.

Blumenthal has asked Google "whether its program was designed to collect random bits of information broadcast over wireless networks or download specific types of data and whether it has sold or otherwise used technical network information also collected."