May 16, 2010

Australian privacy groups target Google Street View

http://www.networkworld.com


The Electronic Frontiers Association (EFA) and Australia Privacy Foundation (APF) have jointly questioned potential security breaches conducted by Google's Street View program.

In an open letter addressed to Google Australia's head of public policy and government affairs, Iarla Flynn, the two organisations highlighted the company's collection of Wi-Fi access point data by cars taking photos of streets and houses as part of its Street View feature.

The letter's complaint centres on Google's announcement last month that its Street View cars captured Wi-Fi access points' unique MAC addresses while also taking 360 degree imagery of the surrounding area. While users can change the name, or SSID, of their wireless network, the MAC addresses are fixed to the router or device.

The rising popularity of consumer electronics devices, such as printers, that create ad-hoc wireless networks between the device and a computer rather than relying on a central router has raised the concern that Google may be able to determine what actual devices a particular house might have.

In the Google blog entry that incited the open letter, the company explains that it utilises this data to provide better location data for GPS-enabled devices such as smartphones.

Many consumer devices, including the iPad and Android-based smartphones, utilise three or more surrounding wireless access points to triangulate their location, which is often faster than satellite-based GPS data, though not necessarily as accurate. While smartphones don't typically cache this data, the letter's co-authors expressed concern that Google may store this data for unknown uses.

"If they intend to keep that information for 10 years, we just don't know what the ramifications could be," EFA vice-chair, Geordie Guy, told Computerworld Australia. "We know there's a potential to get an awful lot more information than they said they're getting, and we know there's a lot of uses for it."

As an example of the potential ramifications of this Guy pointed out that, depending on how long Google stores this information, it could be sold to market research companies to trend sales of consumer electronics, or even used internally in conjunction with other Google services, both present and future.

Social networking sites Myspace and Facebook have both attracted criticisms in regard to their use of user information as a commodity and marketing tool.

Guy and APF vice-chair, Dan Svantesson, said in the letter that the potential privacy issue had already been raised with Google by relevant parties in Germany and the UK. The German Federal Commissioner for Data Protection, Peter Schaar, said he was "appalled" upon discovering the allegations, and called upon Google to delete any "unlawfully collect personal data on the wireless network".

"We note that Australian privacy law may be relevant to the conduct of such activities in Australia," the letter reads.

In addressing the concern, the letter asks that Google reveal information on what other types of information it is collecting, the purpose behind it, and how the company intends to "use, store and make available this information".