One Man’s Crusade Against Google Street View’s Payload Data Collection [Updated]
Nobody really knows what kind of information Google obtained when it was collecting payload data as its Street View car drove around the neighborhoods of the world sponging up personal information from people using unsecured wi-fi networks. Speculation abounds about what exactly the Street View cars collected, everything from personal emails, passwords, browsing histories, IP addresses, telephone numbers, full names of users, and even the porno websites some people might frequent. Yesterday, following an investigation by the Federal Communications Commission, the United Kingdom’s Information Commissioner’s Office reopened its probe into Google’s collection of payload data to find out what exact information Google was able to obtain and, perhaps more foreboding, why Google denied knowing about the data collection back in 2010.
Perhaps emboldened by his government’s decision to reopen its investigation of Google, The Daily Mail‘s David Thomas has declared a one-man battle with the company in order to find out just what information may have been secretly lifted from his online life when the Street View car cruised his way.
In a spirited op-ed published yesterday in the Mail, Thomas describes how he was working from home at the time he suspects Google may have sopped up some of his personal information, including financial discussions with his agent, confidential medical information, and material related to his writing (he is an author). Thomas is rightfully upset about his information possibly being secretly collected by Google and although he admits that he was naive to believe it was unnecessary to secure his wi-fi network because he lives in the countryside of West Essex, he isn’t about to let Google off the hook.
Although the ICO has decided to reopen its inquiry into Google, Thomas intends to pursue his own crusade against the mapping service. Citing Britain’s Data Protection Act of 1998, he wrote of his plans to extract from Google what information of his the company may have in its possession.
The Data Protection Act gives us all the right to demand the information an organisation (whether public body or commercial corporation) holds about us. It’s called a Subject Access Request. It costs between £2 and £10, and a reply must be received within 40 days.
So I have decided to make my own small stand against the Google monster. I want to know what it knows about me, and what it might have stolen. If the Street View cars stole data from my system, and it hasn’t yet been destroyed, then I want to know what they’ve got.
And if Google has been passing my personal information on to third-party companies so they can bombard me with advertising, I want to know about that, too.
I’m in no way a sharp tack when it comes to legal issues, but to my mind the United States doesn’t have a comparable law to the UK’s Data Protect Act. While we yankees might not have the same legal opportunities to see what (if any) information was collected on us over here States-side, if Thomas is successful in obtaining any of the information that Google may have obtained from him it could provide some insights of how big this trove of payload data really is.
On the other hand, while Google’s practice of collecting user information with their secret wardriving Street View cars is shady any way you look at it, the potential for Google to scrape off tons of sensitive information from each person on each wi-fi network the Street View cars pass is questionable. For one, if the average speed limit is 25 miles per hour in these neighborhoods where the Street View car travels, that’s an extremely narrow window to collect any information off of any random wi-fi-connected devices. Two, the reach of most home wi-fi networks doesn’t really produce the most powerful connection; if I walk out to my driveway I lose the connection from my apartment that’s less than 60 feet away. Trying to connect from a car in the middle of my street? Not really feasible.
Still, Google got something from wardriving software, we just don’t know what. Google was contacted for comment for this article and asked if it had any intention to comply with the ICO’s requests, but Google did not reply.
Thomas might be escalating this issue further than it deserves to go, or maybe he’s unimpeachably righteous in his effort against Google. There’s no way to tell, and there will not be any way to tell until Google becomes more transparent about the types and depths of information its Google Street View cars collected, which is why Thomas’ determined battle against Google matters.
Update: A spokesperson with Google replied to my request for comment on the ICO’s investigation:
We’re happy to answer the ICO’s questions. We have always said that the project leaders did not want and did not use this payload data. Indeed, they never even looked at it.
While trying to put some distance between itself and the payload data, that doesn’t exactly give any indication about the nature of the payload data.