Slashdot Mirror

← Back to Stories (view on slashdot.org)

Congressman Steps Up Pressure On Google, Facebook

Posted by kdawson on from the play-nice-now dept.

crimeandpunishment and other readers noted the US government's increasing pressure on Facebook and Google. On Friday the head of the House Judiciary Committee, John Conyers, sent the two companies a letter asking them to cooperate with any government inquiries. It's not clear exactly what purpose the letter served, other than to make Google's and Facebook's lawyers squirm a bit more than they already were, with Germany and courts and the FTC looking hard in their direction; Conyers did not say his committee will be holding hearings. The FTC just asked Google to hold onto the Wi-Fi data that it says it accidentally collected while snapping Street View photos. And in response to the growing outcry since its F8 conference last month, Facebook offered some simplified privacy controls — though opinions vary on how much the new controls simplify things for users.

37 of 120 comments (clear)

  1. Accidentally or Tactically Aquired data by Loupis · · Score: 2

    How do you accidently collect wi-fi data through Street View photos?

    1. Re:Accidentally or Tactically Aquired data by spleen_blender · · Score: 3, Informative

      The cameras are hooked up to a computer. The computer has wifi. The cars have GPS. All of the logs for each of these are synchronized since they are all on the same computer. So if your wifi logging happens to be detailed enough you could definitely "accidentally" collect that data just by having the wifi on with a default of connecting to any open network.

      Does anyone know what these computers in the Street View cars were running OS wise? Hardware wise?

    2. Re:Accidentally or Tactically Aquired data by phantomcircuit · · Score: 2, Informative

      So if your wifi logging happens to be detailed enough you could definitely "accidentally" collect that data just by having the wifi on with a default of connecting to any open network.

      They did not connect to anybodies network. They simply sniffed over the air broadcasts. They did not actively do anything.

    3. Re:Accidentally or Tactically Aquired data by beakerMeep · · Score: 4, Informative
      Or, you could have just answered his question in a sentence or two. From what I have read, Google was collecting publicly broadcast SSIDs on purpose to help with geo-location and their Maps service. However they (claim) the code they used to gather this data was accidentally cut an paste from a research project that demonstrated how much more than just SSIDs could be captured.

      So while they were hoping for grabbing just this:

      getSSID();

      they got

      getSSID();
      getAllSnifableTraffic();

      This is an oversimplification-guesstimate, but I think makes the claim more understandable. Are they telling the truth? Hard to say. Certainly we've all seen cut and paste errors in code like that. But you'd also think if someone was using code from a project designed to actually sniff traffic they would know to be careful what they cut and paste. So while it seems a bit fishy, it's absolutely plausible the whole thing was just an accident.

      --
      meep
    4. Re:Accidentally or Tactically Aquired data by beakerMeep · · Score: 2, Insightful

      That's awfully presumptuous. Maybe he had read other articles and did not fully understand them, maybe he didn't have the time. Maybe it's just good to have the answer right below the summary which, as you noticed, lacks the proper background for someone new to the story.

      Really though, maybe if we spent a little less time telling each other to RTFM and a little more sharing info, we could save a lot of nonsense back and fourth like this.

      I know you're trying to teach him to fish, but I'd like to give people the benefit of the doubt and assume they will want to teach themselves to fish. They aren't going to go look something up because you called their question stupid.

      Maybe it's about time we broke the stereotype of tech-people being unapproachable and snobbish in their unwillingness to tolerate those that know less than they do, no?

      Maybe you could have given him the answer and suggest he look more deeply into it on his own next time?

      --
      meep
    5. Re:Accidentally or Tactically Aquired data by nacturation · · Score: 2, Informative

      I know you're trying to teach him to fish, but I'd like to give people the benefit of the doubt and assume they will want to teach themselves to fish. They aren't going to go look something up because you called their question stupid.

      Maybe it's about time we broke the stereotype of tech-people being unapproachable and snobbish in their unwillingness to tolerate those that know less than they do, no?

      My response to the OP wasn't unapproachable or snobbish -- I would classify it as a "polite but terse RTFA", if you will. If the OP took my advice and looked for more info, he could have replied to my post saying "I looked it up and here is what I found" and maybe also made some other interesting commentary that added value to the discussion.

      You asked why I didn't simply supply the answer, and that's where I explained that I thought the question was stupid. The way I see it, we have two choices here:

      1. Encourage people to post questions easily answered with a few minutes of research.
      2. Encourage people to research their questions first, then post a question if there was something they didn't understand.

      The first choice ends up turning Slashdot into a helpdesk for dummies, where stupid questions are encouraged because people know that someone's going to supply the answer to them. The second choice leads to people understanding that they're going to get called out if they ask a 'Let Me Google That For You' question.

      However, let's say that I did answer the OP's question. If we reward simple questions, here's how it might look:

      Q: "How do you accidently collect wi-fi data through Street View photos?"
      A: "You don't. Google also collects SSID information at the same time it snaps Street View photos."
      Q: "What is SSID?"
      A: "It stands for Service Set ID, a part of wifi."
      Q: "What does this have to do with Street View?"
      A: "They do this to improve location based services."
      Q: "What are location based services?"
      A: "They are services which make use of location data to provide additional information."

      And so on. Had the OP done some of this research up-front, they might have run across this blog post which explains, in detail, the what and why of everything. Then, they might have asked a different question, such as:

      Q: "I understand that the MAC address is being collected as it's guaranteed to be unique to each device, but what value is there in collecting the SSID names along with it since most of them will have the same default name?"

      This would have spawned a far richer discussion, with others commenting on the uniqueness of MAC addresses, the possible applications of SSID names, and so on. And hopefully the discussion won't get mired down in people replying with "What is a MAC address?" or "What is the default name?" etc.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  2. "It's not clear what purpose the letter served..." by John+Hasler · · Score: 4, Insightful

    There is an election this fall.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  3. Government by XanC · · Score: 4, Insightful

    So in government-land, the way to fix the problem of data accidentally collected is to order that said data be KEPT, instead of immediately deleted??

    1. Re:Government by Anonymous Coward · · Score: 2, Insightful

      There is no data. We were never at war with Eurasia. Pick up that can citizen.

    2. Re:Government by nacturation · · Score: 3, Insightful

      For some reason, the United States is the only country on Earth where accidents don't happen – it's always somebody's fault, and you can sue that somebody for neglect.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    3. Re:Government by khchung · · Score: 2, Insightful

      So in government-land, the way to fix the problem of data accidentally collected is to order that said data be KEPT, instead of immediately deleted??

      If you caught a corporate spy trying to leave your company premise with a USB drive containing "accidentally collected" company data, do you also immediately wipe out the USB drive? No, you would have KEPT the drive to use as evidence and for further investigation to proof exactly what had happened and how the data got there.

      That is just plain common sense.

      The Google fanboys in /. are really amazing, you guys(*) would even advocate destroying evidence when Google broke the law!

      (* - there are many other posts saying the data should be immediately deleted, even before any investigation is made)

      --
      Oliver.
    4. Re:Government by XanC · · Score: 2, Insightful

      In your corporate espionage scenario, that's my own data the spy has got. If I'm looking at my own data, no foul.

      This is random Web access data from the general public. The result of government obtaining it is that the government will paw through it. This is a whole new level of scary from a privacy perspective.

      If the goal is to preserve the privacy of the people whose data this is, then this makes no sense.

    5. Re:Government by XanC · · Score: 3, Insightful

      (apologies for the double reply)

      Let's consider this scenario: I'm diagnosing some problem with my wireless network, setting my radio to promiscuous mode and recording the results. I happen to record a few minutes' worth of traffic from the access point of you, my next door neighbor. Which of the following would you prefer:

      a) To protect your privacy, I immediately delete the data.

      b) To protect your privacy, I "turn myself in", sending a copy of what I recorded to the FBI, CIA, John Conyers, and anybody else who feels it's his job to "safeguard privacy".

      You're arguing for b), which is the wrong answer.

    6. Re:Government by jibjibjib · · Score: 2, Insightful

      You really think the government will bother to look through this data? It simply wouldn't be worth it. It's little segments of logs mostly less than a minute long from unencrypted wireless networks. The chance of there being anything useful in it is so low that it wouldn't be worth the effort. And then there's the inconvenience of not being able to admit they used it, since such use would be illegal and much more outrageous than what Google's already done. Besides, if the government wants random bits of logs of random people's internet use, they can get those from ISPs already.

    7. Re:Government by DerekLyons · · Score: 2, Insightful

      To answer the grandparent:

      So in government-land, the way to fix the problem of data accidentally collected is to order that said data be KEPT, instead of immediately deleted??

      It's called preserving evidence.
       
      To answer the parent:

      For some reason, the United States is the only country on Earth where accidents don't happen - it's always somebody's fault, and you can sue that somebody for neglect.

      If the United States was a place where a deliberate and intentional decision to perform an action could be called an 'accident', you'd have a point. But the United States (indeed the whole world) isn't such a place. Somebody at Google decided to write the function into the code and the database schema to collect and store that data - there is no possible way for it to have occurred accidentally. (Now, it may have been stupidity rather than malice that lead to that decision - but that doesn't change the fact that it was deliberately done.)

    8. Re:Government by shentino · · Score: 2, Insightful

      Sounds like a loophole to get around the 4th amendment.

    9. Re:Government by khchung · · Score: 3, Insightful

      Let's consider this scenario: I'm diagnosing some problem with my wireless network, setting my radio to promiscuous mode and recording the results. I happen to record a few minutes' worth of traffic from the access point of you, my next door neighbor.

      See if your analogy still make sense if you add the following:

      1. You have been recording for the past 3 years' data from my access point, instead of a few minutes, and you have been processing those data for the whole time instead of just letting them sit there. Kind of hard to say you are not aware of those data are there for the whole time, huh?

      2. For the sake of argument, there are relevant laws in your country that exactly prohibits such recording. (you may consider, as example, covertly recording telephone conversations in countries that requires consent from both parties)

      3. Turning yourself in means sending what you recorded to the relevant authorities, != every 3 letter agencies you can imagine.

      Still unconvinced? Consider another analogy:

      A peeking tom living nearby has been secretly taking pictures of your daughter for the past 3 years. And (for the sake of argument) there are local laws that forbids exactly this kind of tracking/following/photo-taking activity. Now you find this out, but you have no idea what kind of pictures have been taken, you confronted the peeping tom and he promised to delete all the pictures.

      Do you prefer to:

      a) To protect your daughter's privacy, let the peeping tom delete all the pictures, trust him that he will actually do it.

      b) To protect your daughter's privacy, call the police, knowing that they will need to take the pictures as evidence to prosecute the peeping tom?

      You are arguing for (a), that may be the right answer for you, but don't judge others arguing for (b) as "wrong".

      --
      Oliver.
    10. Re:Government by khchung · · Score: 3, Insightful

      So what's the point of the order to keep it, then? If this data is so unimportant and un-sensitive, then who cares anyway?

      How about as evidence to proof Google violated the law in court?

      Isn't that the whole analogy with corp spy about, and the purpose as evidence part was explicitly spelled out in the post as well.

      Really, this is quite a unique experience for me! To see, first hand, where otherwise technically competent people suddenly unable to understand simple things (i.e. illegally collected data is evidence) when it contradicts with their beliefs (Government==bad, and Google can do no wrong).

      --
      Oliver.
  4. Re:FTC? by davester666 · · Score: 2, Insightful

    Data mine it for information on terrorists. Duh.

    --
    Sleep your way to a whiter smile...date a dentist!
  5. Google just needs to ask him "how much?" by Attila+Dimedici · · Score: 4, Insightful

    Obviously, Brin, Page and Zuckerberg obviously haven't been giving as much to Conyers re-election campaign as he would like.

    --
    The truth is that all men having power ought to be mistrusted. James Madison
    1. Re:Google just needs to ask him "how much?" by binarylarry · · Score: 3, Informative

      No joke, it's just a corrupt Detroit politician shaking down big corporations for money.

      The guy's wife got put in jail for doing the same thing when she was on the Detroit city council: http://en.wikipedia.org/wiki/Monica_Conyers

      --
      Mod me down, my New Earth Global Warmingist friends!
  6. There is something deeper going on by Omnifarious · · Score: 4, Insightful

    I have a random suspicion about this...

    Microsoft has been looking to use the big lobbyist network they acquired when they decided that the antitrust trial happened because they hadn't bought off the government and their competitors had (because, you know, they couldn't have done anything wrong!). They've been angling on Google for a long time.

    I think they haven't gotten any action because while congresspeople like lobbyists and money, they can't actually act in a way that shows it obviously is the driving force. They have to sort of look like they're actually carrying out the political will of the people, more or less.

    The Facebook debacle and Google's mistakes with Wi-Fi harvesting are garnering enough negative public attention that congresspeople can now actually take action against those companies without looking too obviously like they're in Microsoft's pocket.

    I do think Facebook has definitely done something wrong, and I'm really curious as to the whole decision process that led to Google doing what they did with Wi-Fi data. But I don't think, on an ordinary day, that congresspeople would generally care at all. I think the reason they're putting on the appearance caring is money and lobbyists from Microsoft.

    I'm sorry to be so cynical, but I think congress is hopelessly and nearly irreparably corrupt.

    --
    Need a Python, C++, Unix, Linux develop
    1. Re:There is something deeper going on by Vekseid · · Score: 2, Insightful

      Microsoft's investment in Facebook aside, both Google and Facebook have lobbying teams. Few companies have the power to buy -all- of Congress.

      --
      Adult Role Playing Forum
    2. Re:There is something deeper going on by phantomfive · · Score: 2, Insightful

      I'm sorry to be so cynical, but I think congress is hopelessly and nearly irreparably corrupt.

      In my opinion it's getting better, because of public scrutiny. Really the only way it can get better is if people are paying attention, and it's so much easier to pay attention with all our modern information devices.

      An example of how it is getting better is military spending. True, big companies still have influence with how the money is spent, but now they at least try to make it look like there is a legitimate process. 50 years ago they didn't even do that, the 'favors' were right there in the open.

      If you go back even farther, you have things like Tammany Hall and Boss Tweed, or the administration of Warren G. Harding. Ugly times. If the US survived through that, it can survive through pretty much anything.

      --
      Qxe4
    3. Re:There is something deeper going on by pankajmay · · Score: 2, Interesting

      I actually think this is Google and Facebook's own doing rather than a sneaky third party.
      Both Messrs Page/Brin and Zuckerberg have made statements in recent memory that can only be called tactless. Statements like "the age of privacy is over" or "people should not expect privacy" etc...etc...

      When you run one of the world's largest social network and search engine, I am surprised that these gentlemen bandy about making such statements in such a callous manner. They certainly may be geniuses in their respective fields, but making such statements was a public relations disaster. It may be so that what they said was completely true, but when speaking to a group you always need to adhere to diplomacy.

      It is like the oil companies saying - "Yeah, we are in this for oil/money/our investors interest only. People/Environment be damned." -- That is usually the unspoken part and it is hara-kiri to be an executive of the company and actually put this so candidly. In fact you are acting against your company's interest.

      So, I think both Google and Facebook executives alarmed people greatly. Because they are in the business of our privacy. This combined with their latest faux-pas, Google's WiFi data collection, and Facebook's privacy control. Both of these situations could have been mitigated if their Public Relations had acted quickly, reassured people. However, in both cases, the companies inordinately delayed their response, in fact at first not even owning up to their mistake but blaming it on inadvertent situations and naysayers.

      The only way out of this is for them to quickly own up their mistakes (even if they think none was made). Sincerely apologize (or at least make such public gestures, regardless of their personal feelings) and calm some frayed nerves. Trust me -- if tomorrow both Facebook and Google - ran ad campaigns saying "We're sorry. There is nothing more important to us than our user's privacy and we will defend it to death" -- They will be America's sweethearts back again.

      Personally, both their PR firms need to be fired.

  7. No unreasonable search and seizure by rolfwind · · Score: 2, Interesting

    should go beyond people granting their permission. Especially with people who hold your data. As far as I see, ISPs and webmail and other such entities hold as many of people's secrets as a lawyer/doctor and should be almost treated as such. Not quite perhaps, but close to it.

    I don't see blind fishing expeditions of thousands of people at a time isn't unreasonable search.

  8. A new privacy issue I saw today: by Culture20 · · Score: 4, Informative

    After typing my password wrong a couple hours ago, I noticed the new facebook "wrong email/password pair" page does the GUI login interface: it changed my email address into my Full name and profile picture. So now random Joe can find out someone's profile picture without even having a Facebook account. Also, it ties your email address to your real name, even if you don't make your email address visible. All random Joe needs is an email address. It's not like spammers don't have millions of email addresses, and botnets to do the intentionally failed logins.

    It's not as bad as some of the other crap, but this is an example of where they don't think their "ease of use" through.

    1. Re:A new privacy issue I saw today: by MichaelSmith · · Score: 2, Interesting

      Have you tried with a clean browser? Maybe it only does this if you have a facebook cookie for a previous login.

      --
      http://michaelsmith.id.au
    2. Re:A new privacy issue I saw today: by Anonymous Coward · · Score: 2, Interesting

      I'd like to see Facebook offer some serious authentication options. Not just emailing if someone gains access with a new machine, which provides zero real protection, other than notifying the account owner that they are fscked.

      1: Contract with Vasco or RSA and have a rebranded ID token. PayPal does this. eBay does this. Blizzard does this. Even AOL used to offer this for users.

      2: Offer an app, not just for the iPhone, but for Android, Java (for the low end phones), Windows Mobile, Symbian, BlackberryOS, and all major platforms as a secondary platform.

      Second, have the ability to authorize devices so they can stay logged in without needing two factor. When the FB app installs on a device (phone, PDA, tablet), it should generate a unique 256-bit nonce [1], pass it to FB's auth servers. Then, subsequent logins after the device is allowed, access can be done automatically. This way, if the device is lost or stolen, its authorization can be removed quickly.

      Yes, this may be considered overkill for some, but in all honesty, usernames and passwords are not real security these days when push comes to shove. Additional authentication is needed, because even though FB may not be thought of to contain sensitive data, someone can cause someone a lot of damage by sending stuff out as that user.

      [1]: Take a SHA-256 of the timestamp to the millisecond with a 256 bit random number appended onto it. This ensure that even if the RNG is faulty, nobody will have the exact same nonce, and it also protects against someone guessing nonces by looking at the time installed.

  9. Conyers is a crook by Kohath · · Score: 5, Insightful

    Watch out Google and Facebook. One of the most crooked congressmen of modern times wants your "cooperation". He can't use his government staff as personal valets anymore since he got caught. And his wife was recently sentenced to 3 years in prison for taking bribes.

    If he asks you for a private meeting, you'll want to either bring a checkbook or a tape recorder.

  10. Re:FTC? by Peach+Rings · · Score: 3, Informative

    Uh so the evidence isn't destroyed obviously. Presumably because the FTC is investigating.

  11. Re:"It's not clear what purpose the letter served. by zippthorne · · Score: 3, Insightful

    Close. It's part of the campaign itself: If you're an incumbent, it helps to appear to have done something during your term. But your constituents won't remember anything you did before march of the election year, if you're lucky. So, a cheap way to get cameral-cred is to be part of some kind of investigatory commission.

    Like when the US congress thought it would be a good use of their time to interview every f'king baseball player to see if they'd ever used f'king steroids. Steroids. In sports. Considered important enough for f'king Congress to have weeks of hearings. Brilliant.

    Anyway, stuff like this gets their name in the news for free which is even better than spending your hard-grifted campaign cash on advertising.

    --
    Can you be Even More Awesome?!
  12. Re:"It's not clear what purpose the letter served. by XanC · · Score: 2, Insightful

    I wish they had spent more time on the steroid issue. It's a far less damaging way for them to spend their time than normal.

  13. Comment removed by account_deleted · · Score: 3, Funny

    Comment removed based on user account deletion

  14. Re:"It's not clear what purpose the letter served. by Cornwallis · · Score: 4, Informative

    More likely to steer attention away from his wife who was a Detroit City Council member and is due for some jail time over (SURPRISE!) bribery charges.

  15. Facebook by Andy+Smith · · Score: 4, Interesting

    I'm sick of Facebook's attitude to privacy. Their settings page is designed to be confusing and time-consuming.

    As far as I'm aware I have everything set to "friends only" and no apps or third-parties are allowed to see my data. Yet just this evening I went to a photo hosting site that I'd never been to before, and it prompted me to post a comment -- with me logged in using my Facebook account and my profile photo.

    It's maddening.

  16. The real problem with Facebook privacy controls by ZipK · · Score: 5, Insightful

    The problem with Facebook's privacy controls is only peripherally related to their complexity. The real problem is Facebook's habit of changing privacy configuration and automatically opting their 400 millions users into sharing information that was previously private. It's Facebook's monetization of their users' personal information (via constantly shifting opt-out changes to privacy settings) that is the root problem.