Google Violates Canadian Privacy Laws

by Jordan Richardson on October 20, 2010

According to Privacy Commissioner Jennifer Stoddart, Google Street View cars violated Canadian privacy laws by collecting personal information through what amounts to a “careless error.” Says Stoddart: “Our investigation shows that Google did capture personal information — and, in some cases, highly sensitive personal information such as complete e-mails. This incident was a serious violation of Canadians’ privacy rights.”

According to the findings of the Privacy Commissioner’s office, Google Street View cars collected information like email addresses, user names, passwords, names, residential telephone numbers, addresses, and even health details.

Google has until February 1 to delete all of the personal information it captured and the Privacy Commissioner will consider the matter resolved once the deletion has taken place.

The personal information was collected unintentionally, says Google. Through a blog post in April, the company admitted to having collected similar information in a number of countries by accident. The cars used to compile data for Street View had inadvertently scanned and gathered information from unencrypted WiFi networks that the vehicles passed by.

The Privacy Commissioner’s Letter of Findings describes how the information came to light:

“Following a request from the German data protection authority in Hamburg to audit the WiFi data collected by Google’s Street View cars during a location-based project, Google discovered in May 2010 that it had been collecting payload data from unsecured wireless networks as part of its collection of WiFi data. By Google’s own admission, it appears that this inadvertent collection was due to the integration of the code developed in 2006 with the software used to collect WiFi signals. As a result, Google grounded its Street View cars, stopped the collection of WiFi network data on May 7, 2010, and segregated and stored all of the data already collected.”

“As we have said before, we are profoundly sorry for having mistakenly collected payload data from unencrypted networks. As soon as we realized what had happened, we stopped collecting all Wi-Fi data from our Street View cars and immediately informed the authorities,” a spokesperson from Google Canada said.

Google should be applauded for its forthrightness and for its cooperation with Canadian authorities on this matter.

Outside of conspiracy circles, there aren’t many reasons to think that Google is up to any nefarious tricks along these lines. Some, however, have struggled with the entire concept of Google Street View, believing that the high resolution imagery constitutes a violation in terms of their right to privacy in a public place.

It does seem that Canada’s Personal Information Protection and Electronic Documents Act may carry the answer, as Stoddart’s office raised concerns about Street View before. “Our Office considers (high resolution) images of individuals that are sufficiently clear to allow an individual to be identified to be personal information within the meaning of PIPEDA,” Stoddart writes.

In any event, this violation of Canada’s privacy laws falls along different avenues. It is useful, though, as a lesson in taking account of one’s personal privacy and ensuring that WiFi networks are encrypted properly before use.

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Jordan Richardson. www.digitcom.ca >. Follow TheTelecomBlog.com > by: RSS >, Twitter >, Identi.ca >, or Friendfeed >

.

{ 5 comments… read them below or add one }

Roy Berger October 23, 2010 at 10:18 pm

…and while Toews was spending the Security budget chasing marijuana users, an advertised vehicle was driving all over Canada inhaling passwords and email. Intelligence agents of a foreign nature were collecting secret data in a routine, consistent and sustained manner using unspecified stealth technology. Yet, just last week Mr. Harper said ‘all Canadians should feel safe on the streets night or day.’ Will the security minister provide proper shielding for our communications hardware? Why are foreign agents allowed to obviously snoop inside our homes? Where were the Radio Rangers on this one? Can the Security Minister find a cricket in the woods? A high profile company used stealth radio wave technology all day, every day and no one thought to sniff a peek? Are we sold out of frequency meters? I understand there is no justice but I expect security. There’s a stranger in the House, that’s the only explanation for Prohibition at this point…probably got a lot of pals running in place by now too.

Jordan Richardson October 24, 2010 at 2:40 am

There is “proper shielding for our communications hardware,” Roy. Properly encrypted networks provide more than adequate security, but the problem is that people think they can just surf on any network and be entirely secure when handling their personal, private information.

There’s really not a lot about this that has much to do with government protection, either, and it sounds like you’re using an inadvertent occurrence to score political points for your cause – especially if your link is any indication. I’m the last guy to defend the Harper administration, but I’m extremely hesitant to suggest that this specific issue constitutes any sort of serious threat to our personal security.

Furthermore, there should be limits to what we ask our governments to do with respect to “security.” It’s a slippery slope, to say the least, and any sort of government-provided mechanism to “shield” our personal communications hardware can have seriously dangerous implications.

Roy Berger October 24, 2010 at 11:31 pm

Ok, Jordon. You know though, in the old days that kind of ‘occurrence’ was called espionage. (See link.) Google admits to the gathering of information. Playback of innocence… What smoke and mirrors lead to the admission, who knows? Good thing no Leak site got a hold of the information. I could have been embarrassed by the 3,000 letters I wrote to Mackenzie King’s dog. They (Google) were sweeping their net in front of every police station, Federal office, courthouse, bank and information depositary in Canada. I only hear admissions of that, no deniability. What else were they doing? Were they laying anything down? How would we know? It was and still is a serious threat to national security. I think John LeCarre’s next novel should be called, The House On The Hill.

Jordan Richardson October 25, 2010 at 2:48 am

There’s “espionage” and then there’s ineptitude by a company. Apples and oranges, Roy, at least in terms of this specific topic.

Google was gathering data for the Street View program. If you want to hazard a guess as to ulterior motives (beyond profit, of course), you’re welcome to it. But I wouldn’t mind some evidence to accompany your presumptions. I agree that it is a good thing that the information wasn’t leaked, but personal and private information is already out there in the glorious cloud we call the internet so this is already a problem we have. A simple glance through your everyday torrent site reveals countless Zip files of health records, personal banking information, etc. It’s a frightening reality that only the most ignorant would deny.

In terms of Google gathering data in front of police stations and federal offices, I would assume that those locations and organizations would be using properly encrypted programs.

Hopefully your letters to Pat will be safe and sound, though. 🙂

Tyler October 26, 2010 at 7:27 pm

NIIIICCCCEEEE while we hate on google were quoting them. nice roy nice. your a champ

Previous post:

Next post: