Google launches encrypted search engine
Tuesday 18 May 2010 | By Heidi Scott, Gosh! Media Copywriter
Google has announced the launch of an encrypted version of its search engine in order to prevent search results being accessed over open connections. The move follows the company's decision to turn on encryption by default for Gmail users earlier this year and comes in the wake of controversy over breaches of privacy by its Street View service.
It was revealed recently that Google's fleet of Street View image collection cars had unwittingly harvested small pieces of payload data (information sent over the network) from open Wi-Fi connections, while recording information on SSIDs (WiFi network names) and MAC addresses (unique numbers of devices such as WiFi routers) of hotspots for use in its location-based services.
Just last month, Google defended its data collection techniques, saying:
"Wi-Fi location information is by its very nature publicly broadcast and collecting it for geolocation purposes is not new or unique to Google. Such information has been collected by companies for years, and many other internet companies are using exactly the same information collected by different providers."
However, in response to mounting criticism and scrutiny by regulatory bodies, the Mountain View giant has definitely changed its tune. In a post on the company's blog on Monday, Senior Vice President of Engineering and Research, Alan Eustace, was apologetic:
"The engineering team at Google works hard to earn your trust - and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake."
Following investigations by the data protection authority in Hamburg, Germany, Google was asked to audit the WiFi data that its Street View cars collect. Google then re-examined its data and found that its statement in a blog post on April 27 - that it did not collect payload data - was incorrect.
Alan Eustace continues Google's explanation by saying:
"But it's now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products. However, we will typically have collected only fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second. In addition, we did not collect information traveling over secure, password-protected WiFi networks. So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google's Street View cars, they included that code in their software - although the project leaders did not want, and had no intention of using, payload data."
Once aware of the problem, Google grounded its Street View cars and has set about finding and deleting the payload data, in co-operation with the relevant regulators in the countries concerned.
Eustace's Google blog post goes on to announce the move to encrypt search, stating:
"This incident highlights just how publicly accessible open, non-password-protected WiFi networks are today. Earlier this year, we encrypted Gmail for all our users, and next week we will start offering an encrypted version of Google Search."
Google has confirmed that no further information on Wi-Fi connections will be collected by its Street View cars in future.