[remosi]

Nine days ago the data protection authority (DPA) in Hamburg, Germany asked to audit the WiFi data that our Street View cars collect for use in location-based products like Google Maps for mobile, which enables people to find local restaurants or get directions. His request prompted us to re-examine everything we have been collecting, and during our review we discovered that a statement made in a blog post on April 27 was incorrect.

In that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products.

-- http://googleblog.blogspot.co.uk/2010/05/wifi-data-collectio...

[pearjuice]

How do you _mistakenly_ collect "samples of payload data"? Someone mistakenly wrote/used a packet logger, compiled/installed it on the Street View cars and mistakenly executed the service to be running in the background? How does that happen?

[barryhunter]

The logger was obviouslly there, it was deliberatly collecting the SSIDs and MAC addresses.

Possibly a debug option to log the whole packets added during development, and it was accidently left on in production.

Or the whole packet was always logged, a second process would then skim just extracting the SSID/MAC (correlating with GPS), and another process was deleting the raw logs. That third process failed.

A few big drives in teh data collection devices, and possibly nobody noticed where filling up a little too quickly.