Tech
Google collected children’s voices, license plate numbers and car pool routes, privacy breach leak reveals: report
A trove of leaked internal documents shows that Google collected children’s voice data, and recorded license plate numbers and car pool routes including home addresses, according to a report.
The privacy breaches included thousands of alarming incidents that were flagged by Google employees between 2013 and 2018, 404 Media reported Monday — and comes on the heels of the last week’s massive leak of some 2,500 internal documents related to its search engine’s mysterious algorithm.
Incidents reportedly included logging audio from roughly 1,000 children who used the speech command function to access the YouTube Kids app.
The company claimed it was a bug within the Google Assistant feature that was soon fixed.
“Estimated 1K child speech utterances was collected. Team deleted all logged speech data from the affected time period,” the leaked report said.
In another incident, a Google employee reported that Google Street View was storing license plate numbers in a database after the plates were detected by an algorithm that is used to pick up text, according to the outlet.
“Unfortunately, the contents of license plates are also text and, apparently, have been transcribed in many cases,” the Google staffer who noticed the data breach wrote.
“As a result, our database of objects detected from Street View now inadvertently contains a database of geolocated license plate numbers and license plate number fragments.”
The employee noted in the report that “this was an accident” and that the system “that transcribes these pieces of text should have been avoiding imagery identified by our license plate detectors” but “for reasons as-yet unknown, was not.”
The data has since been purged, according to the company.
Google also allegedly exposed the email addresses, geolocation information and IP addresses of one million users, among them children, after it acquired a company called Socratic.org.
“This exposure has been addressed as part of the closing conditions for this acquisition. However, the data was exposed for > 1yr and could already have been harvested,” the report read.
Google told 404 Media that all of the privacy breaches were addressed after the issues were discovered.
“At Google, employees can quickly flag potential product issues for review by the relevant teams,” a company rep said.
“In some cases, these employee flags turned out not to be issues at all or were issues that employees found in third-party services.”
Google said that the reports obtained by 404 “are from over six years ago and are examples of these flags — every one was reviewed and resolved at that time.”
The Post has sought comment from Google.
Google has had a history of notable privacy and data security lapses. In 2010, the company rollout of the now-defunct Google Buzz, the social networking and messaging tool, exposed user contacts without consent, leading to complaints and a settlement with the Federal Trade Commission.
That same year, Google admitted its Street View cars inadvertently collected personal data such as email addresses and passwords from unencrypted Wi-Fi networks.
In 2018, a software bug in the now-defunct Google+ social network exposed the private data belonging to around half a million users.
Another software bug compromised the data belonging to some 52.5 million users, leading Google to shut down the service in 2019.
In 2020, users of Google’s G Suite had their passwords exposed.
In April, Google agreed to destroy billions of data records to settle a lawsuit claiming that it secretly tracked the internet use of people who thought they were browsing privately.