Sniffed data was mostly fragmentary but in some cases included entire e-mail messages, URLs, and passwords, according to a blog post by Alan Eustace, senior vice president of engineering and research.
“We work hard at Google to earn your trust, and we’re acutely aware that we failed badly here,” he says in his post.
Eustance provided a brief outline the company’s privacy plans going forward, which include changes in people, training, and compliance.
Training and compliance changes include enhanced training for engineers which will have “a particular focus on the responsible collection, use and handling of data,” Eustance says. Every engineering project lead will also need to have a privacy design document that will regularly be reviewed by managers and an independent audit team, he says. “We believe these changes will significantly improve our internal practices (though no system can of course entirely eliminate human error).”
In other words: You’d better learn how to lock down your home network, just in case there’s a problem with Google’s protective bureaucracy.
The data goof came to the public’s attention earlier this year when the company admitted a faulty code made it into Street View car software. The code collected data from non-password-protected Wi-Fi networks and was allegedly the remnants of an earlier project to help improve accuracy of its location-based products such as Google Maps.
The company has since faced several class-action lawsuits in the United States and several overseas investigations.
Eustance says the world can rest easy.
“We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users,” he says. “We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place.”