Last week, Google admitted that their Street View cars scooped up emails and passwords from Wi Fi networks as they cruised around. The company is "mortified," and has implemented changes it says will improve data security among its employees.
We've known for a while that Google's Street View cars secretly spied on Wi-Fi data for three years. Google initially said they collected only "fragmentary" data, but the true extent of the Wi-Fi snooping was uncovered recently by regulators outside of Google, in some cases looking into possible criminal charges against the company.
It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords. We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place. We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users.
Google's most recent privacy breaches have been personnel, rather than design-based. The Wi-fi snooping was, they say, the side-effect of an experimental project created by an overzealous engineer. Engineer David Barksdale was more deliberate, stalking minors by spying on their gchats and contacts lists. And who knows what the other Google engineer fired for privacy violations was up to.
Google now says it's taking a number of steps to make sure its own employees don't violate users' privacy. They're enhancing their training for employees, including a "new information security awareness program, which will include clear guidance on both security and privacy;" A "director of privacy" will oversee privacy-related matters, and extra care will be taken to make sure that privacy practice are actually followed. How about a mascot, too? Peter the Privacy Bear?