by Jason Lewis
Mail on Sunday Security Editor
29 May 2010
from
DailyMail Website
Google is facing renewed privacy concerns after
it secretly mapped every single wireless internet connection in Britain -
including those in millions of homes - to help it sell advertising and other
services.
The move was part of the search engine’s controversial
Street View project, which drew widespread
criticism after it photographed people’s houses and published the images on
the internet.
Now it has been revealed that the firm had failed to disclose that it was
simultaneously building a massive database of individual home Wi-Fi networks
across the UK and in other countries.
As Google’s distinctive fleet of cars, fitted with roof-mounted cameras,
cruised Britain’s streets over the past three years photographing every
house and public building, antennae inside were also pinpointing the Wi-Fi
hotspots.
There were earlier reports that Google had
admitted accidentally collecting some emails from ‘open’ wireless networks.
But The Mail on Sunday today reveals how - and
why - the company has collected details of all wi-fis, even those protected
by security.
Last night the firm, one of the world’s most powerful companies and worth
£28billion, admitted that it should have been ‘more transparent’ about the
full extent of the project and pledged to stop mapping any new personal
wireless networks in future.
But it said it would not delete the information it had already obtained from
the Street View project which now covers almost every road in Britain.
Personal wireless equipment - known as a router - allows people to access
the internet from anywhere in their homes without plugging laptops and other
devices into a telephone point.
However, the broadcast signal is not confined by the walls of a property and
its footprint will often spill into neighboring buildings and the street
outside.
Internet providers encourage people to set up passwords to prevent anyone
from using their web connection without their knowledge or potentially
gaining access to personal information held on their computers.
But, even with a password in place, Google was able, without alerting anyone
in advance or seeking any permission, to log the locations of all these
Wi-Fi networks noting their names, called
SSIDs, and the unique
MAC, or Media Access Control,
address of people’s personal equipment.
There are fears - dismissed as ‘conspiracy theories’ by Google officials -
that personal information, together with the precise location of specific
computer devices mapped by the firm, could be cross-referenced to track
individuals’ internet use for commercial reasons.
The internet giant, which made profits of £4.5billion last year, says it is
now using the data it gathered to offer location-based commercial services
and advertising to mobile phone users and people with other portable
devices, including Apple’s much-hyped iPad.
Watch out,
Google's about:
Street View swivels around
Parliament Square looking towards Big Ben from every possible viewpoint
Software and phone ‘applications’ can pinpoint
exactly where a mobile or computer device is by triangulating its position
with the nearest wireless hot spots either at businesses or private
addresses.
Google’s Mobile App, for example, allows users to link directly to
restaurants and shops, find cinemas and theatres and hotels in their area
and even to track the precise location of their friends and display
information on their recent movements.
The search engine makes money by selling advertising attached to its
internet maps and other content on its site, and also charges business when
customers ‘click through’ to their websites to book a table or reserve a
hotel room.
Using the Wi-Fi hotspot locations means Google can pinpoint users more
precisely and more cheaply than using mobile phone masts or global
positioning satellites.
According to its website, Google advertisers can,
‘connect with the right customer at the
right moment, wherever they are’.
It adds:
‘Is your customer just around the corner
from you? Mobile users’ locations can be pinpointed with meter-level
accuracy. Advertisers can easily target or tailor your message according
to location and automatically show your customer relevant local store
information, like phone numbers and addresses, to enable them to take
immediate action.’
The concern about Google’s new system has also
raised questions about other less well-known firms who have been quietly
building up their own database.
One,
Skyhook, says it has collected its
information by,
‘deploying drivers to survey every single
street, highway, and alley in tens of thousands of cities and towns
worldwide, scanning for Wi-Fi access points and cell towers plotting
their precise geographic locations’.
There are also fears about possible future uses
of the information, which could include users being targeted by unsolicited
local advertising sent to them automatically as they walk or drive down a
specific street.
For example, an automatic message paid for by a multinational coffee shop
chain could be sent saying:
‘Feeling thirsty? You’re just 100 yards from
our nearest coffee shop.’
Details of this secret side of the Street View
project emerged this month after German regulators demanded details of the
data Google was collecting on its citizens as it mapped the country for its
version of Street View.
US privacy campaigners are urging the country’s
Federal Communications Commission to investigate Google for ‘wiretap’
offences for what they say amounts to illegally intercepting people’s
personal communications.
Last night, British privacy campaigners were urging the Information
Commissioner’s Office and Government to intervene.
Human rights group Privacy International said Google was trying to
put a spin on the story as being about its mistake in capturing of fragments
of people’s emails and internet searches, saying it was ‘sorry’ and would
delete it.
A spokesman for the campaign group said:
‘We are deeply unsettled by Google’s
assertion that this situation was caused by a mere “mistake” brought
about by accidental use of inappropriate code developed for sniffing the
content of Wi-Fi networks. This explanation to us seems entirely
implausible.
‘Only a full-scale audit will help uncover
the facts. This is a disappointing chapter in Google’s history.’
The group said Google should delete the
‘intrusive’ information it had mapped on people’s personal computer network.
The spokesman added:
‘This is a very serious matter and
regulators need to place limits on the use of this private
identification without consent.
‘The ghost of Street View continues to haunt Google.
‘We think it will historically be viewed as a horrendous breach of law
and something which a better regulator with a better understanding of
the issues and the technology would never have allowed to happen.
'There should be a parliamentary inquiry which should question Google
and finally get it to explain what it is up to both technically and
commercially.
‘The idea that it can log everyone’s Wi-Fi details because it is all
“public” is a bogus argument. It is bogus because of the question of
scale and the question of integration with other information which would
amount to a huge breach of our privacy.
'The regulator, the ICO, is equally to blame for this mess as it has
totally failed to grasp the implications of what Google has been doing.’
Last night, Google acknowledged that it should
have been more open about what it was doing, but was unrepentant about its
decision to build the database of home internet connections for its
commercial use.
Peter Barron, the ex-BBC Newsnight editor who is now head of Google’s
corporate affairs department in Britain, said:
‘We collect Wi-Fi network information to
improve location-based services like Google Maps.
'For example, people can identify their approximate location based on
the Wi-Fi access points which are visible to their mobile device.
‘Many other companies have been collecting data like this for as long
as, if not longer than, Google. We don’t collect any information about
householders, we can’t identify an individual from the location data
Google collects via its Street View cars, and we don’t publish this
information.
'This is publicly broadcast information which is accessible to anyone
with a Wi-Fi-enabled device, but we accept in hindsight it would have
been better to be more transparent about what we collect.’
Asked why Google had failed to announce its
decision to map people’s home networks, he added:
‘Given that this information is accessible
to any Wi-Fi-enabled device, we didn’t think it was necessary.’
He promised that Google would never use the
information gathered for any other purpose and added that it was not
technically possible to use the details to trace individual internet users
and their searches on the Google network with the data they had gathered.
He added:
‘We make privacy a priority because our
business depends on it.’
Despite Google’s failure to alert British
authorities to the massive project, the Information Commissioner’s Office
said it was merely watching the situation closely.
A spokesman for
the ICO, which is already facing criticism
for not investigating the computer firm in more detail over its capture of
people’s emails and other personal information, said:
‘We are aware that the collection of
information by Google Street View cars has raised a number of issues
which we are considering.
‘All organizations that process personal
information must comply with the requirements of the Data Protection
Act. Organizations are only permitted to collect data for a specific
purpose. Similarly, organizations must only retain data for as long as
necessary.
‘If we find evidence of significant wrongdoing, we will of course
investigate and consider what action should be taken.’