The Federal Privacy Commissioner has directly contradicted claims by Senator Conroy that Google collected banking passwords in its WiFi scanning mistake.
Federal Privacy Commissioner Karen Curtis appears to have directly contradicted a claim by Communications Minister Stephen Conroy that Google may have collected internet banking information as part of Wi-Fi data scooped up by its Street View cars as they travelled the globe.
“Australian banks use secure internet connections and my office is not aware of any instances where banking information has been collected,” said Curtis in a statement. This story appears to have been first published by the Sydney Morning Herald.
The commissioner echoed comments by the System Administrators Guild of Australia that banks used encrypted connections (SSL) with their customers as part of internet banking systems — meaning Google would not have been able to collect the information.
“Google have also assured my office that they have not collected payload data that was transmitted over encrypted Wi-Fi networks. This advice has been confirmed by an independent review conducted by Stroz Friedberg,” said Curtis. The office of Stephen Conroy has been invited by email to comment on Curtis’s remarks — any response will be added into this article.
In a broader sense, Curtis also echoed comments by Google that the data was only collected in brief chunks that may not divulge useful information.
“At this stage, it appears payload data that has been collected comprises only fragments — 0.2-second snatches. My office has not examined the payload data collected, and we have told Google not to examine it. The office is currently considering all the information that Google has provided and what recommendations it will make to Google,” she said.
The commissioner noted that under the Privacy Act she was limited as to what she could say during an investigation. However, she confirmed that her office had met with Google staff on 17 May this year and had put a number of questions to the search giant after the meeting. “Google have answered those questions, and have advised my office that they mistakenly collected data from unprotected Wi-Fi networks in Australia,” she said.
“We continue to liaise with the Attorney-General’s Department and the Australian Federal Police in respect of their consideration of any potential breach of the Telecommunications Interception Act. My office’s investigation is focussed on compliance with the Privacy Act. As part of our investigation we are working with our international privacy counterparts. Once my investigation concludes, I will be making a public statement.”
Google’s Wi-Fi gaffe became an international controversy when it was discovered in May that its Street View cars were simultaneously collecting some payload data on Wi-Fi hotspots as they drove around populated countries automatically taking photos.
The company had been collecting publicly available information on the Wi-Fi hotspots to aid with various tasks – such as triangulating geographical locations – and said it had accidentally collected some of the traffic passing through them.
Google’s senior vice president of Engineering and Research, Alan Eustance, said the search giant would delete the data and stop collecting Wi-Fi data, period (including in Australia). “The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here,” he wrote.
However, the potential privacy breach has not been received well, with governments around the globe expressing outrage towards Google over the matter. In Australia, Communications Minister Stephen Conroy has described the Google breach as possibly “the largest privacy breach in history across Western democracies”.
Delimiter