Google: Protecting Privacy
There was a lot of fuss in regards to the revelation that the Google Street car managed to capture more data than was originally thought. The car was supposed to travel roads in order to take pictures that would appear in the Street View web service. However, it has been revealed in Germany that the vehicle also managed to log all public WiFi networks that could be accessed by anyone passing by.
Originally, it was planned that Google would actually take a full roster of free WiFi networks, but the feature was supposedly removed. The folks at Silicon Valley attest that the function was written in by an engineer and that the information was taken accidentally. In order to preserve public trust in the company, Google has announced that it would be deleting the unnecessary data, and in order to properly delete the files, Google has hired the services of a third party company to delete the files.
iSEC member, Alex Stamos has sent the following letter to Alan Eustace, Senior VP of engineering and research of Google with regards the data.
“I have been working with members of Google's technical staff to organize and securely store the date in question. Before my arrival, Google staff had consolidated the wi-fi packet captures and onto four hard drives. This data was organized into folders corresponding to the nation of origin. Upon my acquisition of the drives from Google staff, I noted that the hard drives had been stored in a secure manner within a secure portion of the facility.”
“I created two new encrypted volumes on separate hard drives, and copied over all of the data with the exception of data that was identified as being captured within the Republic of Ireland. I then witnessed the physical destruction of the original four hard drives.”
“I can attest that all of the data on these drives identified and as captured within the Republic of Ireland was destroyed in accordance with best practices for irreversible data destruction.”
