Google admitted on Friday to failing badly by collecting private data including passwords over Wi-Fi networks and outlined a series of steps aimed at regaining the public's trust.
Google drew international scrutiny after the search giant revealed in May that its Street View cars had downloaded user information sent over unsecured wireless networks. On Friday, senior vice president for research and engineering Alan Eustace said subsequent examinations of the data have turned up passwords, URLs and, in some cases, entire e-mails.
"We work hard at Google to earn your trust, and we’re acutely aware that we failed badly here," Eustace said. "We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place."
To resolve the situation, Google has appointed Alma Whitten to serve as director of privacy; her job is to ensure all products have effective privacy controls. Google is also enhancing its privacy training program for engineers and making changes to internal compliance policies.
"We are mortified by what happened," Eustace said, adding that he is confident the changes will improve internal privacy and security practices.
But those changes may not be enough for the 37 state attorneys general, led by Connecticut Democratic Senate nominee Richard Blumenthal, who are investigating the incident to determine if any laws were broken. Google has asserted its actions were legal.
Authorities in countries including Australia and Germany are also investigating the data collection, while authorities in several other countries have asked Google to preserve it as evidence. On Thursday, Google said almost a quarter-million residents in Germany asked to have images of their homes removed from the Street View service.