When it first came to light that Google Street View cars were collecting reams of Wi-Fi network data, Google said it was a mistake. Then came evidence that the sniffing was actually deliberate. But what did Google's internal audit find?
The Google-sponsored third party analysis of the code in question suggests that there may have been criminal intent, according to privacy watchdog Privacy International. And while Google had chalked it up to a lone engineer's coding error, PI claims some parts of the audit reveal something far more systemic:
The code was written in such a way that encrypted data was separated out and dumped, leaving vulnerable unencrypted data to be stored on the Google hard drives. This action goes well beyond the "mistake" promoted by Google. It is a criminal act commissioned with intent to breach the privacy of communications. The communications law of nearly all countries permits the interception and recording of content of communications only if a police or judicial warrant is issued. All other interception is deemed unlawful.
It's worth noting here the gslite code made no attempt to actually parse the data it collected from the unencrypted networks it passed, but it did collect numerical identifiers of the kit associated with the network.
Google's statement on the report is basically unchanged, admitting that a "mistake" was made but shedding no light on why they'd previously attempted to patent the very sniffing technology that's gotten them into this mess:
"As we have said before, this was a mistake. The report today confirms that Google did indeed collect and store payload data from unencrypted WiFi networks, but not from networks that were encrypted. We are continuing to work with the relevant authorities to respond to their questions and concerns."
It will be interesting to see what else comes out as this case progresses through the legal system. What's clearer and clearer, though, is that the "lone gunman" excuse isn't going to hold much water. [Privacy International via The Register]