Google audits systems in wake of wardriving scandal

UPDATE Conroy flays Google in full Senate transcript

Google has stalled updates to its Street View mapping service until it has completed a review of its processes, in the wake of what Communications Minister Stephen Conroy labelled the "single greatest breach in the history of privacy".

Although it won't commit to audit "every single line of code" in its software, Google will review its processes and applications for future violations, its chief code cutter in Australia said.

Until Australia's privacy watchdog has decided the advertising giant's fate, Google's plan to send dozens of cars and tricycles scouring Australia's roads and lanes to update Google Maps' Street View with high-definition photos is on hold.

Speaking at the Google I/O conference in Sydney, Google's engineering director Alan Noble (pictured below) said it would "basically like to dispose of the data, to be done with it" but acknowledged that it may need to be retained for evidence should legal action be taken against the company.

Related:

• Senator urges channel to step into wardriving breach

"We're doing an internal audit of the processes," Noble told about 100 developers and media at its Sydney Googleplex.

"We do have quite rigorous auditing systems in place. Is every single line of Google code audited? No.

"Do we audit our major systems, our major products? Yes.

"And obviously we're trying to improve our standards but this is a work in progress."

Noble said the offending code written by a Google engineer and included in its Street View mapping that may have illicitly captured data sent over unsecured wireless networks was not authorised by a Google manager.

Noble and Google spokesmen would not name the coder or his manager or say if any disciplinary action was taken against them or the project leaders involved over what has become the company's most embarrassing episode.

Noble blamed the "mistake" on the reuse of code that was intended for a "completely different product".

"This is something that was definitely not signed off by anyone. The intention was to capture wi-fi protocol information and not 'payload' information," Noble said, referring to private data such as bank account information, emails, files or passwords that may have been sent over the air and unprotected when the Google Street View vans were roving.

Noble said the company was reviewing its processes and software to ensure inappropriate reuse of such code was not repeated. News of the privacy breach has overshadowed other projects including its high-profile plan to put Google in home entertainment devices through its Google TV project.

In a blog post, Google's preferred way to communicate its internal thinking, Google's senior vice president of engineering and research Alan Eustace said the offending code dated to 2006.

"An engineer working on an experimental wi-fi project wrote a piece of code that sampled all categories of publicly broadcast wi-fi data," Eustace wrote.

"A year later, when our mobile team started a project to collect basic wi-fi network data like SSID information (wi-fi network names) and MAC addresses (unique codes that identify users) using Google's Street View cars, they included that code in their software - although the project leaders did not want, and had no intention of using, payload data."

The privacy breach reportedly prompted Federal Communications Minister Senator Stephen Conroy on Monday to launch into an attack on Google, labelling it the "single greatest breach in the history of privacy" in what SA Liberal Senator Mary Jo Fisher called a 10-minute "diatribe" before a Senate committee hearing.

A Google Australia spokesman said the company was "surprised to hear more discussion about Google and Facebook than about the proposed filter" that would block content the Government and its offices deemed objectionable.

To follow what was said at the briefing use Twitter hashtag #sydgoogleio.