Slashdot Mirror
Germany Demands Google Forfeit Citizens' Wi-Fi Data
eldavojohn writes "Germany has ordered Google to give up hard disk drives used to store German data collected during their Street View operations in that country. This follows Google's admission last week (after prodding from the Germans) that it had collected the data from unsecured wireless area networks from around the entire world as its roving cars collected the photo archive for Street View. Google says they've offered to just destroy the data, in cooperation with national regulators, but the German government wants to know what they've collected. They do not think that destroying the drives suffices for compliance with the laws. Officials went so far as to say of the situation, 'It is not acceptable that a company operating in the EU does not respect EU rules.' Germany has certainly been keeping their eye on the search giant." The Ars coverage notes that the US FTC may be looking more closely at Google's collection as well.
I seriously hope more EU countries will demand the same thing. It's outrageous
how Google blatantly breaks laws, especially privacy ones, and get nothing for it.
Whoever in the EU parliament will impose big fines for Google breaking privacy laws gets my vote. It seems it's the only way Google will learn. They have previously too pissed of Germany on privacy issues.
US may not do the same, but Europeans take privacy seriously. We have had our governments to completely different agendas many times in the history. It also doesn't help one thing that Google is an US company and US government can get access to all of our data even while those people aren't US citizens. Don't use Google services you say? That's a little bit hard when they have their cars driving around sniffing web traffic.
Viviane Reding, the European justice commissioner, criticized Google for not cooperating with German privacy officials.
"It is not acceptable that a company operating in the E.U. does not respect E.U. rules," she said in a statement released by her office.
This is what Google should learn.
What happened to "Do No Evil"?
Its become "Do No Evil (*)"
(*) Except on Mondays, Wednesdays, Thursdays, Saturdays, Sundays, after 4pm, if it makes us lots of money or if we just cant be bothered with our fake holier than thou image.
Oh good. I was worried it would end up in the wrong hands.
Google [has] until May 26 to hand over one of the hard drives that it had used to collect and store information in Germany, where Street View is not yet available.
Through a spokesman, Google reiterated its offer to destroy the WLAN data in conjunction with regulators, but stopped short of saying it would hand over a hard drive, which would allow regulators to see for the first time what kind of data had been collected.
So they're happy to "destroy" is but don't want to turn it over so Germany can see exactly what they were gathering? Smells fishy to me.
Google is actually doing a good thing: now I don't have to remember the password for my wireless network; any Android device can automatically look it up on Google's servers.
Thanks, Google!
Error: password can't contain reverse spelling of ancient Chinese emperor
If they want to snoop on citizens of other countries there's much better ways of doing it. They don't see any irony in getting upset over mistaken data collection then demanding that data for themselves?
Absolutely correct, and good analogy
If Google acted as a reasonable company run by reasonable people, they would immediately upon discovering this have collected all the hard drives, locked them in a vault with a third party providing a second pair of eyes, and invited the privacy commissioners of every affected country to inspect the data immediately before it's fed into a shredder.
That they didn't is somehow very, very worrying.
1. If you run an unencrypted 802.11 network, expect your data to get pwned.
2. It was an accident of code reuse (seriously, guys, code-reuse accidents happen quite often).
3. If people were just casually using the internet, https saved their stupid little asses from letting their data out in the wild.
4. Why do we trust the German government (or any EU government, for that matter) with this data more than we trust Google? I know that the EU is better about not giving companies a blank check, but let's not forget about the kind of crap that governments pull. This is a surveillance freebie, provided that the illicit persons being surveilled are professional idiots (i.e. had an open network).
Google screwed up, but has the Google-hatred here risen to such a high degree that we're okay with just handing over even accidentally-collected data to the government? I'd at least insist on an independent auditor, to make sure that government abuses of the data didn't take place. With Google's resources, I'd go so far as to take it to the (largely impotent) EU court of human rights.
Google collected broadcast data by accident, but as yet has not violated my privacy.
So the German government wants Google to violate my privacy by giving my data to the German government.
Which is (as many have pointed out) exactly who i want to be protected from when I decide to consider my data private.
Germany needs to be sat down in the back of the EU with a tall, cone-shaped hat on its head. Again.
You're obviously not a British football fan...
It's sad that Google is getting punished for "doing the right thing" and being honest about their screw-up.
Google: Oops! We accidentally collected all this data we weren't supposed to. Sorry, but we thought you should know. We'll just be deleting* that now... Germany: NO! You don't respect EU laws! Turn that data over!
If Google had just kept quiet and didn't admit their wrongdoing, nobody would have known about the issue, and there wouldn't be any of the wrangling we see now. But should a company keep quiet whenever it fucks up? A culture of denial is worse. It's sad, because it's exactly this sort of persecution which creates a culture where companies never admit anything, ever.
* Except the legal department probably advised them against deleting the data right after the confession, just in case something like this happened.
"Live as if you'll die tomorrow." Ridiculous. You could die later today.
Hi,
We have given you our last copy, we swear.
Signed,
Google
Has no one asked, WHY they were collecting at all?
Aren't the Google Camera Cars for creating street navigation & visual reference?
When does sniffing for data even enter the equation at all?
Surrender the data? Let me Google this.
It must have been something you assimilated. . . .
""Oooh, the Germans are mad at me... I'm so scared! Oooooh, the Germans...Uh oh...The Germans are coming after me... Oh, don't let the Germans come after me... Oh, the Germans are coming after me... No, they're so big and strong... Protect me from the Germans!"
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
Germany has certainly been keeping their eye on the search giant.
Or so the Germans would have us believe.
--
Toro
First time that shtick's ever been funny and accurate.
I'd be willing to bet lots of governments would love to use this opportunity just to examine the WiFi data.
This could be the German government grabbing at free data on open wireless (for people to fine, etc.). I think they may be more interested in free data for their own devices than 'protecting the public.'
If it is EU-wide, why is Germany the only country making any noise about it?
Eloi are stupid, throw morlocks at them!
After the story posted last Thursday about Germany fining someone for having an unprotected network, I have a feeling they only want this data so they can fine more people.
Google should be fined for doing the government's job without a licence.
Now gimme that data!
I don't get it. Why the big fuss? It is a car with cameras and wifi driving down public streets taking a snapshot of time. It is one of the coolest projects mankind has ever done. We can go anywhere in the world without leaving our desks. The information is very useful. Why are governments getting in the way of this? It is a fantastic and useful tool.
Good for Germany! I have more confidence in the German Goverment that in Google.
...Who's going to keep an eye on Germany when the data is in their hands? I'd rather Google have it than the government.
Anyone got a light for my sig?
I used to think that grabbing & keeping 'everything' was good.
But these days I advise my clients to not collect and/or store more data than they absolutely need, and/or are authorised to do.
This is as dumb as merchants and others (illegally) holding your bank or credit-card data.
Google wants 'maps / streetview' to localise you more precisely if you have not GPS by linking your location to a Wifi SSID as well as just the cell towers?
Great, good idea. Not evil.
But why the heck do they need to collect the network traffic and not just the SSID and Lat & Long?
They don't....
Germany is currently 2 up on Google in the 'starting world wars' category.
summary says:
Ya, that's what the German government says. But more probably:
Ceci n'est pas une signature.
...but abstract it from any locational or identifying data. Wrap it up in a bow and let them waste their time wading through it.
I only buy pepper spray that's been tested on anti-vivisectionists.
The Gestapo was never eliminated it just reinvented itself as the German Government. While one can argue that Google was fairly stupid to collect the data in the first place (why create a potential liability since we know that the "powers that be", not just in Germany, always want more information). What was Google hoping to do with the data -- market locations of open WiFi spots? First of all the *information* is "public" -- anyone citizen is free to collect it (if they want to drive around a fleet of vans with the appropriate receivers). Second of all I believe several countries have criminalized open WiFi hubs (so their days are probably numbered -- most probably because the governments want to climb into bed with the providers to know who is using "anonymous" internet access -- look for them to attempt to compromise any "anonymous" software next).
The only way Google climbs into the equation is that they happen to have collected (concentrated) public data. So they represent an easy target for governments to go after to gain an information source which it might be illegal to obtain (May depend on jurisdiction. In the U.S. spying on ones own citizens is extremely problematic one hopes). Far easier to issue a subpoena for the data from a foreign company than to actually collect the data oneself. I would have no objections if any such data releases were being subjected to a joint oversight commission by the EU and the U.S. to ensure that it was not being subjected to misuse. (The recent ACTA exposures and such agreements as the EU-India Free Trade Agreement which is in part trying to protect the EU from Indian generic drugs suggest that the EU is as "in bed" with corporations as people in the U.S. know is the default reality). One has to ask why would governments seek information from private organizations which they could collect themselves? I at least would ask serious questions regarding why they need or want such information. Perhaps seeking an end-run around issuing subpoenas to all ISPs for citizen browsing habits? And even more importantly a criteria for selecting an ISP -- those whom DO NOT KEEP RECORDS.
Anyone who ignores just how awesome StreetView is should be considered the real villains in all this.
Did anyone realize that the data could be destroyed by magnetizing the drives and re- aligning the iron?
Just a thought.
I'm here for the experience, not the Hyperbole.
Seriously, how is that flamebait ? Mods are out of control in here.
That's not strictly true. Squatter's rights exist and, at least in the UK, if there is no forced entry it's not criminal.
If you read up on trespassing laws you'll see that simply being on someone's property or even in their home is not a crime. If you do things like leave your door open all the time and I lay a catalogue inside your home then I probably won't get in trouble especially if you have a mail slot on your door which I couldn't use since the door was open. I could even be found further in your house claiming I thought something was wrong as the door was open and assumed a crime took place. Good Samaritan laws can override your right to keep me out. In fact you can physically break into someone's house if there was a just reason. For instance I found you bleeding on your door step.
Most people don't have a right to be in your home and if they're found doing something questionable or with your property in their hands then yes they're screwed and yes entering open windows is generally, without a doubt, considered wrong but the fact is people can enter your property, especially if you leave it open and it's not automatically a crime or even a civil penalty.
provided the German government destroy the drives by burning them in a furnace. Everybody makes a mistake once in a while, huh?
This is just SSIDs and MAC Addresses right? I'm sorry but if you believe that your SSID and/or MAC address are private, personal information then you don't really understand what WiFi is or how it works. If having your SSID makes it easier for someone to do anything negative to you, steal your bandwidth, spy on actual personal information, etc... then you didn't configure your router correctly. The only thing this information is useful for is estimating where you are when either your device does not include GPS or for one reason or another you cannot receive a decent GPS signal.
Beating up Google for using a record of MAC addresses and SSIDs to bring better location data to map software is counterproductive and Luddite. Anyone who agrees with Germany on this should turn in their geek card and their router. If Google is forced to stop this in Germany then I guess I don't care because I live, work and drive a long way from Germany. If well meaning but ignorant people take up this cause and cause Google to lose this data in the US then I am going to be pissed.
No seriously, how many people came here just to post that same silly "if you are broadcasting your data..." argument?
Slashdot should always allow you to moderate someone redundant (with heavy metamoderation) or allow people to mod themselves redundant, maybe a system to offer another poster all your child posts if you realize you are just repeating the same things.
--
Aaaaaaany way, I don't think the government should have access to such info precisely for the same reason I don't want Google to have it and in fact, part of my complain against Google's data mining is that it enables governments to outsource fascism.
My policy is that, anything you don't want your government to do, or you don't want them to do without a warrant, you don't want a corporation to do freely either.
The "broadcasting your data..." is silly for reasons I won't get into in this post.
But... the future refused to change.
I mean, if 2.4Ghz has all these laws protecting us against observation, how about some laws that cover 660Thz. I want to be able to project information in blue and know that it's illegal for others to look at it.
You're obviously a German historian.
Seen on a brass plaque in Berlin "On this spot, between 1939 and 1945, nothing at all happened".
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Whadda buncha boneheads. The point of getting the data is to prove that Google has violated the privacy laws so that they can prosecute them. DUH! They don't care if you were surfing pron.
Normally, when a person wants to delete some data when said data is connected to a suspected case of violation of the law, it is called "destroying evidence".
E.g. You are accused of corporate espionage and police suspect your USB drive contains stolen company trade secrets. Is it ok for you to offer to wipe the USB drive but refuse to hand the drive over to police? No way.
But now when it comes to Google, destroying evidence is now regarded by some /.ers as "protecting our privacy"?! Even when those evidence is exactly for proving how Google violated EU privacy laws?!?! *head explodes*
Oliver.
In Germany, every mobile phone, Internet connection and other communications device needs to be registered with the government, under your real name and address; without it, you can't use those devices. The German government tried to get companies to record all connection information and store it for a period of six months. Even broadcast receivers require a license. And if you want to communicate across your property lines even with a WiFi access point, you need a license for that too. Receiving transmissions without a license can land you in jail for two years. For the German government to complain about privacy violations because Google recorded publicly broadcast packets is a joke. Germany is a police state when it comes to communications, with laws and regulations on the books that would cause massive protests in other nations.
It is also far from clear whether Google has actually broken any laws. In order to violate the German telecommunications law, the communication being recorded actually needs to be a telecommunications message as defined by the law. It is doubtful that unencrypted WiFi transmissions from unlicensed equipment meet that standard. Furthermore, any provider of telecommunications services is themselves legally responsible for safeguarding transmissions with cryptography. So, unencrypted WiFi broadcasts can't fall under the telecommunications laws. And German courts just handed down the decision that you effectively are not allowed to run open WiFi access points at all because they enable copyright violations.
Contributing to this uproar is that the right wing populist German government is tapping into widespread latent anti-Americanism in Germany. We' re not talking about foaming-at-the-mouth, burning-US-presidents-in-effigy anti-Americanism, but Germans are largely convinced that America has one of the worst governments in the world and that Germany is a shining beacon of democracy and human rights to the rest of the world. You could hear the same kind of rhetoric in the 1920's and 1930's in Germany, and in East Germany until that state failed. And the people indoctrinated with, and spreading those ideas didn't just disappear from the face of the earth, and neither did the people supporting them (and both the Third Reich and the DDR had considerable popular support).
German politicians and corporate interests love taking advantage of this. Instead of addressing the serious data protection shortcomings and invasions of privacy in the German government, politicians find it much easier to spread FUD about Google. And because German telecommunications companies have spied on their employees and misused data and are complicit in the recording of communications by the government, they love the idea of deflecting scrutiny from themselves.
Recording unencrypted packets broadcast over public airwaves should be legal anywhere. It probably is legal in Germany. Google should take a principled stand, tell German "privacy" regulators to go take a hike and take this to the German supreme court if need be. Or maybe Google should just leave Germany altogether, like they did in China, for pretty much the same reason: unwarranted and unacceptable government interference in communications.
As for Germans themselves: start learning something about the world outside your borders, start learning something about your own history, and start showing some humility in light of your own history. And start realizing that good democracy is more like a GM car than a Mercedes: good democracy is not a perfectly oiled luxury vehicle, it's messy, inconvenient, and barely gets you to where you want to go.
Google has been building a database of wireless access point / physical location pairs for quite a while. This is how Google Maps on cell phones and such can find its current location - if a wi-fi access point is in range it can look it up and find the physical location. iPhones and their ilk also find their current location in the same way; Apple builds their database when you sync up to iTunes. Since you gave Apple your address when you registered your iThingie - all it has to do is look for an access point when it's syncing the iThingie and add that pair to the database.
These location schemes aren't perfect but they do provide "location aware" services to devices that don't include a GPS receiver - or allow even more accuracy when a GPS receiver is present. I've always wondered if doing this secretly and not letting people know what they were doing and why was a little creepy - but maybe it makes more sense now. If you're scanning for wi-fi access point identification you just might be violating some broadly written anti-hacking law.
Sorry, but your analogy doesn't cut it.
I give you an analogy of what Google is doing: some mailman is going around all houses distributing mail as usual. That's his job and that's all he says that he does when people inside a building ask him "who are you?". Now the mailman knows that sometimes people have "interesting conversations" inside their apartments. So as the mailman drops post under your door, he also puts his ear on each apartment's door for 30 seconds and if he hears something cool, he records it. Then he logs all these conversations and uses them for his own profit, maybe selling it, making statistics about where people argue more or tend to have more sex, or whatever. This is what Google is doing, and it is not right. In Europe it is also illegal. Period.
Now going in the direction of common sense: not everyone knows how to secure a network. Some people pay an "expert" to install their routers and they still get it set it up in unsecured mode. Are you still gonna blame those owners for not knowing this? Don't defend Google's actions by blaming unskilled users who all they want is easy access to internet.
My assumption is that they are mapping out locations like Coffee shops and what not so joe blow can find it and head over there from search listings. Also great for devices without gps, it gives a better fix than Cell towers that are thousands of feet off.
Foolish, foolish anonymous coward. The German case you refer to was not about "fines" imposed by the government.
In fact it was clearly not a fine, but a liability for the expenses the complainant had issuing the cease-and-decist letter (Abmahnung). The money goes to the complaining party as compensation, the government received nothing. See where you went wrong?
The Germans even have a law clearly limiting the amount the complaining party may demand in compensation to 100 Euro. This is a pittance compared with the actual cost of hiring a lawyer and the Germans simply wanted to stop the creation of an "industry"of cease-and-decist letters issued to everyone with a BitTorrent client.
The case is very interesting in fact, the judge was very reasonable and only clarified the responsibilities private users have (turn on encryption, change the default password). The person in question was not guilty of copyright infringement and no damages were awarded.
It has a lot to do with the unique nature of the supranational, non-Federal nature of the European Union.
Each nation still retains sovereignty and national justice systems, EU directives have to be implemented within existing national frameworks.
To quote the EU:
"EU directives lay down certain end results that must be achieved in every Member State. National authorities have to adapt their laws to meet these goals, but are free to decide how to do so. Directives may concern one or more Member States, or all of them".
Each nation's police and government will act according to local custom and law. A nation can be more proactive and might interpret the actions of Google in conflict with local laws, while others don't.
Sorry, but you have totally misunderstood the case. There was no law against Open Wifi, in fact there was no fine or damages involved.
However due to the copyright infringement that did occur on the user's network he was liable for the [capped] lawyer fees involved in sending him the cease-and-decist letter.
The law in question actually stops copyright holders from demanding damages and limits this kind of cases to a maximum of 100 Euros in compensation [to the complainant].
The judge stated that users have a responsibility under German law to secure their networks, simply turning on encryption and changing the default password, based upon the existing legal situation.
Even if the user fails to secure it, properly or not, he could not be held liable for damages.
"Wer folglich ein nach diesen Kritierien unzureichend gesichertes oder gar gänzlich offenes WLAN betreibt, kann künftig für jede Urheberrechtsverletzung auf Unterlassung in Anspruch genommen werden, die über den Anschluss begangen worden ist. Allerdings dürften nunmehr die zu erstattenden Abmahnkosten auf 100 Euro beschränkt sein, außerdem muss kein Schadensersatz an den Rechteinhaber geleistet werden."
http://www.focus.de/digital/computer/bundesgerichtshof-wlan-betreiber-muessen-ihr-netz-schuetzen_aid_507474.html
http://www.heise.de/newsticker/meldung/BGH-schraenkt-Folgen-der-Stoererhaftung-fuer-WLAN-Betreiber-ein-998591.html
I disagree. The correct analogy is this: It is stupid of someone to change their clothes with their window curtains open - but that does not give the right to any passerby to take photos of it and keep it. I think most slashdotters are nerds who think anyone who does not understand wireless security is not worthy of owning a computer. Look at it from the other side.