UK regulator re-opens probe into Google Street View slurp outrage

ICO hauls Chocolate Factory back onto the data carpet


The Information Commissioner's Office has reopened its investigation of Google's controversial Street View technology, after its data-collecting cars collected payload data including emails and passwords from unencrypted Wi-Fi networks.

The regulator's head of enforcement Steve Eckersley has sent an aggressive letter to senior Google veep Alan Eustace demanding "prompt" answers to seven questions to explain why Street View was able to slurp such data.

The letter followed the US Federal Communications Commission's findings that it seemed "likely that such information was deliberately captured" by the fleet of vehicles in the UK.

The FCC dismissed Google's claim that a lone engineer had been responsible for slurping unsecured Wi-Fi traffic and concluded that while the company had not breached the US Wiretap Act it was guilty of obstructing its investigation.

The search giant was slapped with a $25,000 fine in April this year for wasting the FCC's time.

Now, the ICO wants Google to explain "precisely what type of data and sensitive personal data was captured within the payload data collected in the UK".

It is also quizzing Google regarding just when its management became aware of what data had been collected by the Street View cars.

Further, the ICO wants to know why this information wasn't provided to the regulator when Google visited the ICO's London office with data that had been "pre-prepared" by the company in July 2010.

The ICO is also calling on Google to explain at what point senior members of the firm were privy to software design documents that showed what type of data could be captured by its Street View cars.

It's essentially looking for a corporate audit trail that backs up - or conflicts with - Google's original assertions about the embarrassing payload data slurp, which the company initially denied.

Finally, the ICO cited the Data Protection Act 1998 in its questions to Google. It wants to know what measures were introduced to prevent breaches at each stage of Street View's development and subsequent deployment.

Privacy campaigner Nick Pickles, of Big Brother Watch, told The Register this afternoon: “The Information Commissioner’s Office is absolutely right to re-open the investigation and must now take every step to get to the bottom of just how many Britons had their privacy trampled on by Google."

“The investigation must now be pursued with the vigour sadly lacking in 2010, and every effort made to ensure that Google answers the extremely important questions that it has so far avoided," he added, while accusing the search giant of "deliberately concealing" the truth of what happened from the ICO.

"Breaching the Data Protection Act is a criminal offence and the law should be applied to Google in the same way as any other company or individual.”

El Reg has asked Google to comment on this story, but it hadn't got back to us at time of publication. ®

Similar topics


Other stories you might like

  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading
  • Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

    All together now - R, A, N, S, O...

    A US utility company based in Colorado was hit by a ransomware attack in November that wiped out two decades' worth of records and knocked out billing systems that won't be restored until next week at the earliest.

    The attack was detailed by the Delta-Montrose Electric Association (DMEA) in a post on its website explaining that current customers won't be penalised for being unable to pay their bills because of the incident.

    "We are a victim of a malicious cyber security attack. In the middle of an investigation, that is as far as I’m willing to go," DMEA chief exec Alyssa Clemsen Roberts told a public board meeting, as reported by a local paper.

    Continue reading

Biting the hand that feeds IT © 1998–2021