Google's Streetview Privacy Snafu Prompts Lawsuit

shmG writes "Google's secret data collection has prompted a class-action lawsuit that could force the company to pay up to $10,000 for each time it recorded data from unprotected hotspots, court documents show. The incident, which the company claims to have been unintentional, has prompted the ire of governments and privacy groups around the world. Google collected information that could be used to identify users, including 'the user's unique or chosen Wi-Fi network name, the unique number given to the user's hardware ... [and] data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being sent over the network by the user,' the suit stated."

Google shouldn't worry

[ClosedSource]

If they lose the class-action suit they'll just have to pay the lawyers and give out discount coupons for Google search.

Re:Google shouldn't worry

[Rophuine]

This is beyond ridiculous. It's no different to standing on your front lawn naked for everyone to see, and then being upset when the streetview van snaps you naked. I can't see why people have any expectation of privacy for unencrypted public-broadcast wireless traffic. The creepy guy across the road is probably logging it all anyway, right?

Everyone is yelling things like "it's clearly violating privacy and European laws", but I want to know how, and which laws. I'm just not buying it.

Re:Google shouldn't worry

[blackraven14250]

You should turn off the damn broadcast if you really care whether it's gonna get picked up by everyone within range. Most wireless routers, if not all, have the option to turn off SSID broadcast. It's like saying "ZOMG teh Googster decided to listen to this radio broadcast I meant only for me to hear, despite me using enough power for it to be heard anywhere within a mile!"

Re:Google shouldn't worry

[erroneus]

I'll agree with you and disagree with you. I'll agree that what they are being charged with doesn't hold water particularly well. I'll disagree with you in that there is a much larger consideration you aren't seeing.

As alluded to in the summary, Google is good about collecting data about faceless, location-less individuals from all over the internet. We still feel quite anonymous because we clear our cookies and browser cache and history or at least take comfort in knowing the option is there. It was all good because in this case, we all go to Google more or less voluntarily with our searches and queries and other things. But now, Google is mapping the OTHER side of the pipe as well... not just the end of the pipe they own -- the one people more or less voluntarily use -- but the end of the pipes we, as end users own. Now, with all this wifi-data collection, there is very real potential for complete identification of a great many individuals that they have been building from the very first days.

What I am saying is that it is all well and good to collect data when people bring it to you. But when you go about collecting it in this way, it can be at the very least, more disturbing.

Re:Google shouldn't worry

[Rophuine]

If somebody steals your car, they've committed a crime against your property. That's pretty much covered in the laws of any country.

If somebody looks at you, they've intercepted photons which you discarded by reflecting them. If someone takes a photo of you in public, they've recorded photons which you sent out into public space. Recording unencrypted wifi frames is much closer to the final analogy than the first.

Re:Google shouldn't worry

[totally+bogus+dude]

You can still get the data if you happen to be using the wireless network at the time they come past.

But really, the issue here is about aggregating seemingly harmless data in an easily accessible format. For example, anyone can drive/walk down a street and see whether your car is in the driveway, and from that ascertain whether you're home or not. Anyone can hang out on the footpath or other public area and keep an eye on your property and make notes on your coming and going.

So where's the harm in doing that on a large scale in an automated manner? But it's pretty clear that it's not going to be in many people's interest to have a website where you can easily find everyone who isn't home at the moment in a particular neighbourhood.

Ease of access to information does play a part in our privacy, as even a false sense of security is still a sense of security. For example, "reverse phone books" that provide name/address from a phone number, tend to be pretty controlled, even though the information in them is all entirely public (just indexed in the opposite direction). So on the one hand it doesn't prevent people from engaging in certain types of antisocial behaviour; but it does increase the amount of effort required to do so.

Re:Google shouldn't worry

[FireFury03]

Average Joe user may have absolutely no clue his WAP is broadcasting in the clear, nor should he be required to have that technical talent

Why? Why should people expect complex technology to do what they want without having any understanding about how to make it do that?

anymore than we should all be expected to be car mechanics

Of course we don't all need to be car mechanics. However, cars are not designed to work perfectly for their whole lives without a mechanic doing some work either. Most people understand that they need to get their car serviced - if they can do this themselves then fine, but those that can't can take it to a professional to be serviced. Why is wifi so different? If you can set it up yourself then fine, otherwise damned well pay a professional to do it for you.

Complaining that your wifi is insecure (because you didn't know how to set it up) is like complaining that your car broke because you didn't understand how to service it - in both cases, if you didn't understand how to do it you should damned well have paid someone who did.

Re:Google shouldn't worry

[thannine]

We *still* don't get what your point is.. if you're broadcasting ANYTHING, even if it is just random numbers, people are FREE to collect that information. There's a little button on the side your router that lets you turn it OFF, do that if you just can't stand the idea of people receiving what you're sending.

Nope, you're quite wrong there. You see, at least here in Finland (and probably in other European countries) it is illegal to collect (or to create a database) of identifiable information without a valid reason ( and even then it is restricted). The point is not that you're broadcasting something, the point is that collecting that information and creating a db might be illegal.

That personal traffic was encrypted anyway.Right?

[williamyf]

I mean, all those people were using WPA, WPA-2, or at the very least WEP.

What I am really curious about is if this comment will be modded funny, or some other thing....

Unencrypted Wifi

Vicki Van Valin ... said that their homes' wireless networks were infact not password protected... In connection with her work and home life, Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless network. A significant amount of the wireless data is also subject to her employer's non-disclosure and security regulations

WTF. Her security was certainly broken, but not by Google - she broke it herself. She should be fired for not using encryption. I know it's wrong to wish ill upon somebody, but in this case, the security of her employer's data is more important than her job. If she does this kind of stupid stuff, she should get a job not involved with confidential data.

The pair also claimed to have sent credit card and banking data over their networks.

If you send your credit card info and bank info over unencrypted HTTP, you have bigger problems to worry about than Google.

Respect the law of the country you do business in

[aepervius]

As another poster pointed out "Germany's privacy laws generally restrict photographs of people and property without a person's consent, except in very public situations, such as a sporting event." therefore your example is TYPICAL of what is *NOT* allowed to to be saved without your consent. It is not the fact that you can be looked at (or the data packet inadvertently caught) it is the systematic saving of the same data (or phtography) which is udner fire.

Send Google a clear message.

[pclminion]

This'll send Google a clear message -- honesty doesn't pay off. If you fuck up and overstep your bounds, for crissakes do NOT let anyone know you did it.

Re:Legal or Not, WHY Did This Happen?

[ShinmaWa]

Why was the Google StreetView system collecting this data to begin with?

To build a database of open wifi hotspots for Wi-Fi Geolocation to add location-based services to Android, much like how the iPhone and iPod Touch use Skyhook to do the exact same thing.

Glad I could help.

So, your laws are universal?

[CaptainZapp]

Yes, it's probably against the law in most jusridictions to steal cars. Hover, other laws differ from country to country and in the US, where you obviously reside, they differ from state to state, even.

Example? Sit onto a bench in central park and drink a beer? Busted! This is perfectly legal in most of Europe. Another example? Drink a beer at the tender age of 17? In most of the US a crime in most of Europe wine and beer can be consumed from 16 up. In Switzerland a 17 year old boy can screw a 15 year old girl (or vice versa) without falling afoul against the law. Something, I would guess, gets you stamped as a felon and a sex offender agains kids for the rest of your life in most states

There's a whole damn library about privacy legislation throughout the EU.

Those binding directives must be implemented into law in all of the EU countries. You can add Iceland, Norway and Switzerland to the mix. This partially translates to criminal offenses if violated and yes - systematically storing and processing personally identifiable data without permission, reason and safeguards may be a crime depending on circumstances.

You may claim that this is stupid. I for one however rather sip a beer, sitting on a park bench on a sunny day then have my private data (including phone, financial and medical data) splattered around the world and sold to every sleazy marketoid that pays for it.

Your priorities may differ, of course.

Please MOD REDUNDANT every one else.

[Requiem18th]

Just one of these stupid posts should be allowed per Google-SSID article. All the other ones are redundant.

Ok, why is this stupid? Because the entire world has grown up to understand the idea that there is a difference between doing something and doing something a lot.

There is a difference between peeking in a magazine and reading it at the store.
There is a difference between listening to music and listening to music at 100dbls in a party.
There is a difference between walking around naked in your house and doing so in your glass house.
There is a difference between selling your old computer in your garage and turning your garage into a used hardware store.
There is a difference between selling your 2 tickets to a concert you won't attend and selling your 100 tickets to the same concert.
In fact the whole RIAA has successfully sold (or rather bought) the idea that it is not the same to share a movie with your friend than sharing it with your other hundred thousand friends.

And yet you are unable to understand that there is a difference between broadcasting SSID and MAC addresses to let your equipment interoperate inside your home and volunteering them to a global geolocating database of the entire Internet!

And yet you are unable to understand that there is a difference to let your neighbors see your face and having an omnipresent and omniscient entity mapping and logging every detail about you!

These people didn't opt-in into this, they never even knew about it, and if they knew, they would have opted out.

Google is abusing both people's thrust in their neighborhood --who could have known that Google is watching you everywhere?-- and their ignorance. Is it ok to take something from someone just because they didn't knew they had it?

Google basically played "easier to ask forgiveness than ask permission". Are you really so incapable to realize the difference between an individual and a corporation?