Google 'mortified' that Street View cars scarfed up e-mail, passwords; privacy criticism intensifies

update at 2 p.m.: with comments by Google spokesperson disputing Consumer Watchdog statement; Rep. Ed Markey says episode "disturbing" and calls for more scrutiny

It turns out Google’s Street View cars found out more about Internet users than previously acknowledged. Last Friday, the company said the cars, which roam the world taking pictures for its location-based applications, scarfed up e-mail addresses, URLs and passwords from residential Wi-Fi networks they passed by in dozens of countries.

And while Google said it was "mortified" by its discovery, apologized again, and announced some measures to beef up privacy awareness within its ranks, the admission could expose the company to greater global scrutiny, fines and potential lawsuits, experts said.

Over the weekend, the British government launched a fresh investigation into the Street Cars data breach.

"We will be making enquires to see whether this information relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers,"‬ Google's Information Commissioner’s Office said in a statement Sunday.

Italy demanded that Google give residents several days notice before its cars roam their neighborhoods, Reuters reported. Regulators in France, Germany and Spain have begun inverstigations of their own. More than 30 state attorneys general in the United States also have launched a joint probe. And Epic, a privacy advocacy group, urged the Federal Communications Commission to initiate a breach of privacy investigation of Wi-Fi communications networks.

update: Rep. Ed Markey (D-Mass.), co-head of the House privacy caucus, said in a statement over the weekend that Google's admission was "disturbing" and that lawmakers would consider the episode as it weighs to online privacy bills that have been introduced.

Last May, Google said its Street View cars accidentally picked up some unencrypted information about Wi-Fi networks it was also tracking with the cars.

In Friday's blog post, the company said the fragments of Internet user data the cars had picked up included entire e-mail addresses, Web page URLs and passwords.

“We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place,” wrote Alan Eustace, a senior vice president of engineering and research.

The announcement paralleled similar findings by Canadian privacy authorities, who conducted their own investigation of Street View. Google said Friday that it will beef up training on privacy and had promoted Alma Witten, previously head of privacy engineering, to also lead privacy efforts over product management.

“We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users,” Eustace said.

In a statement, a Google spokesperson said the company has never used the information it gathered from Wi-Fi networks for any Google product.

Some privacy advocates say Google’s admission highlights a common attitude among high-tech firms that rush to get out new technologies without enough consideration of how consumers may be harmed in the process.

"First they said they didn't gather data; then they said they did, but it was only fragments; and today they finally admit entire emails and URLs were captured, as well as passwords," said John Simpson, director of consumer advocacy group Consumer Watchdog. “Maybe some Google executives are beginning to get it: privacy matters. The reality, though, is that the company's entire culture needs to change."

update: In an e-mail, a Google spokesperson disputed Simpson's comments, saying the firm had never said it only picked up fragments data. In its original blog post on the Wi-Fi data breach last May, Google said it "typically have collected only fragments of payload data," the firm said in its first blog post on the topic last May."

And in June, the Financial Times reported that Schimdt said he could not rule out possiblity that bank account information was also collected from Wi-Fi networks.

video: Google's Alma Whitten on privacy

More from Post Tech:

Why networks block will web shows from Google TV.

Netflix moves beyond DVD, tangles with ISPs on net neutrality.

Google economist uses search data as economic indicators.

