Google to Roll Out Encrypted Search After WiFi Snooping Snafu
The roll-out of the new service comes on the heels of the Internet giant's disclosure Friday that for the past three years, its Street View cars have mistakenly collected more than just photos, local WiFi network data and 3-D building imagery for its location-based services. The cars were also picking up snippets of information on users' activities as they passed by unsecured WiFi networks.
For example, a person using a WiFi network that didn't require a password could have had such information as their Internet searches, what they were downloading, or their log-on user name and password picked up by a Google Street View car if it passed by while they were engaged in such activities.
Google said its plans to separate this data from its network and delete it as soon as possible, and the company has disabled the network data collection ability of its Street View cars. The company noted it never used any of the inadvertently gleaned information in any of its products.
German Audit Uncovered Old Software's Impact
The snafu was discovered earlier this month, when German data-protection authority officials asked to audit the WiFi data Google was collecting via its Street View cars. In re-examining the data, Google said it discovered the unintentional data collection and ate crow regarding its earlier statements that its cars were collecting nothing but WiFi location-based data.
"The engineering team at Google works hard to earn your trust -- and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake," Google said in its blog post.
Here's Google's explanation of how this mistake went down:
And with that, Google said it was launching an encrypted version of its search, noting that events in recent weeks have highlighted the need for greater user awareness about how people can protect their privacy, such as looking for URLs that begin with "https," rather than "http" to determine if sites are secure, and using your own encryption software when connecting to the Internet over an unprotected WiFi node.So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google's Street View cars, they included that code in their software-although the project leaders did not want, and had no intention of using, payload data.
There has been no word yet about whether other popular search engines such as Yahoo (YHOO), Microsoft's (MSFT) Bing, or Ask.com will follow suit in offering encrypted searches. Encryption would add another layer of cost for the companies, but it's a feature that financial institutions, in particular, believe is worth offering as they seek to move more of their customers into online banking, a shift that will lower their overall costs.