Google Relents, Will Hand Over European Wi-Fi Data

itwbennett writes "Having previously denied demands from Germany that the company turn over hard drives with data it secretly collected from open wireless networks over the past three years, Google has reversed course. A Google representative said that it will hand over the data to German, French, and Spanish authorities within a matter of days, according to the Financial Times, which first reported this latest development on Wednesday. 'We screwed up. Let's be very clear about that,' Google CEO Eric Schmidt told the newspaper."

Great

[lennier1]

They're opening up a whole warehouse full of cans of worms by handing the data over to a government with plenty of agendas instead of destroying it.

Re:Great

[Third+Position]

True. But they opened the first can of worms by collecting it in the first place.

Re:Great

[micksam7]

They opened the can of worms by announcing that they had collected it. If they stayed silent, and shredded the data quietly, they'd probably wouldn't be in this mess and no one would have known they ever did it. Google instead has been trying to make this situation 'right' by being transparent about it, and no one gives a crap about it. The governments certainly are going to grab that data, use it as evidence to prosecute Google, and keep it around for ~other reasons~ for years upon years.

Re:Great

[_merlin]

Agree, and that's all the more reason they shouldn't have collected it in the first place. I don't trust Google or the government. The government probably sees this as a bonanza - they know they wouldn't be allowed to collect the data themselves, so it's a bonus that a company did it illegally to cop the rap.

Re:Great

[twidarkling]

HA! Right. If Google hadn't announced they'd collected it, they'd never destroy it. Remember, their entire business model is information. I think you trust in them a little too much if you think they'd just randomly destroy any information that might possibly have value.

My call is they went public with the info because they knew a leak was inevitable, and thought they could save face by being open. They didn't quite count on governments taking an interest so forcefully. That, or they knew governments would, and planned so that they could still end up looking like the good guys, because hey, the big mean government is taking the data, and who knows what THOSE GUYS are going to do with it.

Looks like that option worked on you, so no, they opened the can of worms by collecting it unnecessarily.

Re:Great

[orkysoft]

They could have announced it after they destroyed it.

Re:Great

[buttle2000]

Yes Sir. I don't trust the European Star Fleet any more than I do Google.

Re:Great

[JaredOfEuropa]

I wonder what exactly is in that data. Because if it's anything good, they'll use it for sure. Remember, the German government is the same one that bought data which was stolen from a Swiss bank, to go after tax evaders with offshore savings accounts... They then sold the stolen data to the Dutch internal revenue service. The Dutch courts (this went all the way to the supreme court IIRC) had no issue whatsoever with this data being used to track down tax evaders.

Funny, evidence in criminal court needs to meet certain standards, and there are rules for intel that doesn't get used as evidence as well. But when it comes to tax evasion, apparently it's fine to traffic in stolen goods. No, I do not trust my government with the Google data, and I hope they will not get it.

Re:Great

[Cyberllama]

This is not useful information even for Google. Their software was constantly switching frequencies so we're talking about less than a seconds worth of packets for any given network.

What are they gonna do with that?

"Well, Ted, based off this TCP_ACK I'm seeing here, I think we can safely conclude that this Fred Morgan of 123 Anystreet is gay. Wouldn't you agree?"

"Sure is Bob, that's the queerest TCP_ACK I've ever seen."

They don't want this crap. They can't monetize that. They *want* to delete it. They want to have never captured it in the first place, but sadly that ship has sailed. If they delete it, they'll be charged with destroying evidence or whatever the equivalent crime is in the various European jurisdictions in question. One dumb careless mistake has grown a life of it's own.

Re:Great

[TheVelvetFlamebait]

What exactly would the government want with WiFi data?

It's probably the final stage in their plan to destroy democracy.

Re:Great

[LordVader717]

The "sensitive" Data is only a small fraction of what happened to be transmitted while the Google car drove by. There would be hardly any value to it at all.
And they had been doing it that way for about three years, without anyone at Google themselves ever noticing what was being recorded. The chances of anyone else finding out are rather slim indeed.

Re:Great

They opened the can of worms by announcing that they had collected it. If they stayed silent, and shredded the data quietly, they'd probably wouldn't be in this mess and no one would have known they ever did it. Google instead has been trying to make this situation 'right' by being transparent about it, and no one gives a crap about it. The governments certainly are going to grab that data, use it as evidence to prosecute Google, and keep it around for ~other reasons~ for years upon years.

eh.. you do know that they only announced this after governments in Europe requested to audit their data collection in general? The ball was already rolling on this, and they were smart in rolling with it. But this was not something Google just announced out of the blue on their own without outside pressure.

And Google has a patent pending on the method they used to collect this data.. Accident my ass.

Re:Great

[AHuxley]

"They want to have never captured it in the first place" would have seen Google 'see their' error on day one and call it a beta test with safeguards for the real global collection.
Google knew it was wrong in Germany as it started, but thought they could get away with it due to other collection attempts.
Google spun up the German legal system for a long term cash win and looks like they will have the data seen by outsiders.
Tech law was fluid in most parts of the world, but law makers did seem to realise you dont get to play man in the middle and keep any data.
No matter what others might have done, the encryption not used, the profit projections or the global long term "error".

Re:Great

[thegarbz]

Only for those of you who apply all your thoughts on privacy entirely inconsistently.

Few months ago on slashdot someone published a list of every wifi hotspot on their train line. Where was the uproar then? Cops want to reserve the right no to be photographed in public, and people complain (rightfully so) that what they do in public should be recordable with no recourse. Now google drives a car down the streets and collects your publicly visible information (SSID) and you complain again that they should not be collecting private data?

How come every ideal on slashdot is applied so haphazardly? Make a choice people. Should something that anyone can see from your street be private, or public?

As a side note, how many people complaining about Google's collection of wireless information actually bothered to uncheck that little box that says "Broadcast SSID"?

Re:Great

[yyxx]

My call is they went public with the info because they knew a leak was inevitable, and thought they could save face by being open. They didn't quite count on governments taking an interest so forcefully.

And why should they? Historically, collecting pictures and wireless transmissions in public has been legal. And it's also something plenty of other companies have done.

If Google hadn't announced they'd collected it, they'd never destroy it.

Google has data retention policies and they probably comply with them. And the data is essentially useless. But even if not, what difference would it make? This is publicly broadcast, unencrypted data.

they could still end up looking like the good guys, because hey, the big mean government is taking the data, and who knows what THOSE GUYS are going to do with it.

I really doubt that they planned this. But that is indeed the question you should be asking.

Re:Great

[digitalchinky]

It was definitely useful to someone in google, you don't collect this stuff by accident. Not only that but if you can't understand how this is an utter gold mine for various governments around the world, then you need to soak up a few more conspiracy theories coupled with information published by groups like the Federation of American Scientists (fas.org) - that'll gain you a tremendous amount of insight in to the actual real life inner workings of various secret 3 letter agencies. Former 3 letter agency drone myself, so I speak from experience.

Traffic analysis, it's all part of the bigger picture. Less than a second can still yield interesting results. MAC addresses tied to latitude and longitude, secret rooms in major ISP's that have access to whatever they need, enough information that they can accurately deduce who you are and where you are, but even more scary, who you talk to, who they talk to, and on and on for as many layers as the data storage medium can log. This is, effectively, the same type of thing that facebook does. Facebook obviously figured out a commercial use for it. Governments have been doing the same thing for as long as they've existed.

Re:Great

[unkiereamus]

Truth be told, even if I were not to write you off as a crazy conspiracy theorist and instead were to take your words as being utterly honest and upfront, there's not a damn thing I can do about it, so I'm happier disregarding such threats.

I'll take being happy over being right any day.

Re:Great

[unkiereamus]

I often promise myself that were I to receive again mod points, I would apply them with great fervor to the places they are deserved, this comment exemplifies that notion.

While I await that happy circumstance, I content myself to combat ignorance as I am best able. It doesn't actually improve things around here, but it makes me feel better.

You sir, have made a point better than I could ever hope to, I commend you.

Re:Great

[Monolith1]

True. But they opened the first can of worms by collecting it in the first place.

Sorry, I disagree. FFS, if you have an open network you deserve to get owned by whichever network snooping person is driving past.

If you choose to broadcast unencrypted in range of a public road that google are driving along, IMHO stiff, you are broadcasting into the public domain. Anyone reading /. should know better and I cant believe all the Holier than Thou attitudes to this. Google are slimy suit wearing advertising types, but hell, these fools were asking for it.

Would there be all this uproar if Google collected data on people which didn't have a front door (or any form of physical entrance security) to their house?

ENDRANT

Re:Great

First, quit suggesting they should disable SSID broadcast -- breaking standards to try to get "privacy" is hard to justify in the first place, but urging people to do it in this case, where it has no significant privacy benefit, and offering them a false sense of security, is just plain douchebaggery.

Second, in this specific case, the complaints are about Google logging payload data. Hint for clueless morons: payload data would be transmitted regardless of whether you hide your SSID -- that only affects beacons. If your network was in fact completely idle when the Googlemobile drove by, they didn't get any payload data, and blocking beacons would have prevented them from seeing your AP. If it wasn't, THEN THEY GOT YOUR FUCKING BSSID REGARDLESS OF WHETHER YOU BLOCKED BEACONS, BECAUSE THAT'S THE ONLY WAY THE FUCKING RADIOS KNOW WHO THE HELL THE PACKET GOOGLE "STOLE" IS MEANT FOR!

Re:Great

[El_Muerte_TDS]

Actually, I trust Google more than the Government because Google can be held accountable, the Government cannot.

If Google accidentally let this information slip into the world it will seriously harm their business. And so far Google has done a good job at keeping the information they have locked away. According to my count it's 1 incident where they were actively hacked.

Now for Governments, they regularly leak highly sensitive information by carelessness of their employees. And that's not even counting targeted attacks. And when there is another incident, not a single head rolls because of it. They just spend a shit load of extra money on regulations that they think will prevent another incident.

Re:Great

Would there be all this uproar if Google collected data on people which didn't have a front door (or any form of physical entrance security) to their house?

Erm... yes! If someone opens their windows/doors, then of course they are allowing anyone in visual range to observe what they do. That is not the same thing as granting permission to anyone in visual range to *record* what they do. The latter would be a horrific invasion of privacy.

When I leave my office door unlocked during the day, I don't expect someone to come in and steal my computer, or my wallet or mobile phone if I've left them on my desk. Theoretically anyone could walk into the unlocked building, enter my unlocked office and steal my things when I'm in a meeting etc. They don't, because I live in a functioning society where people by and large trust each other. If some slimy advertiser from Google walked in and started photographing all of my things, I'd consider it a violation of both my privacy and the social norms of the society I live in.

Google's management and staff may believe that a society where corporations are free to invade privacy and violate social norms is acceptable, but when they try to get away with this in Europe, they may find that the public, and the governments that serve the public, won't accept it.

Re:Great

[jandersen]

HA! Right. If Google hadn't announced they'd collected it, they'd never destroy it. Remember, their entire business model is information. I think you trust in them a little too much if you think they'd just randomly destroy any information that might possibly have value.

I assume you have heard about making copies of harddisks? I think we can trust Google to have this insight too - the data are not going to be destroyed, of course, only the originals - possibly, after a backup has been made.

That, or they knew governments would, and planned so that they could still end up looking like the good guys, because hey, the big mean government is taking the data, and who knows what THOSE GUYS are going to do with it.

Well, I don't. I think people in America are a lot more paranoid about government than most. To me it doesn't seem like an incredibly big deal, to be honest. After all, what can they actually do with the data? I have regularly the opportunity to sift through largish datasets, being in charge of a number of big UNIXes and having to figure out from the logs why the hell it went wrong; I find that hard going sometimes, and that is just some 10MB of what must called clear text (which is not to say that the meaning is obvious). Just imagine having to wade through probably 100s of TB of randomly scrambled network packages.

Finding the network traffic relating to one or a few suspects may be just barely within the reach of the authorities with current technology, but there is no way they can start making a comprehensive map of everything all individuals have been doing on the net; there won't be technology available for it for a long time yet either.

And just think about how much serious crime still slips under the radar - ordinary citizens have little to fear from the government (apart from incompetence), whether they are malevolent or not. The only way a repressive government can keep their population under surveillance is by minimizing the amount of information people can exchange, which is one reason why North Korea is so completely shut off from the world; and even then it doesn't work very well.

Re:Great

[perryizgr8]

I'll take being happy over being right any day.

you are free to have any opinion but being ignorant or feigning ignorance is completely unacceptable to me. i'd take knowledge over happiness/satisfaction any day.

Re:Great

[perryizgr8]

i doubt that google recorded 600GBS of SSID. don't you think it would be absurd?? i meaan ssids are usually 6-10 characters in length arent they?

Re:Great

[Hermel]

I'm happy you didn't receive any mod points. Otherwise you would have voted up a completely ignorant post. Google collected much more than the SSID, it also collected transmitted data (see also the comment titled 'RTFA').

Actually, I just logged in in the hope of getting mod points to be able to downvote the ignorant comment and upvote 'RTFA'. But I didn't get any either.

Re:Great

[Jah-Wren+Ryel]

How come every ideal on slashdot is applied so haphazardly?

Because YOU are not ME and we are both slashdot.
Or in other words slashdot is tens of thousands of individuals all with their own ideas.

Re:Great

[Ginger+Unicorn]

According to google they reused some code from another project but failed to disable an irrelevant part of the old project that collected traffic. Seems plausible to me. Without any proof of intent it's just down to how malevolent you feel Google are I suppose. I personally don't see what incentive Google have to shoot themselves in the foot like this. They make too much money out of the data they collect from willing punters to throw it all away risking illegal shit like this.

Re:Great

[LingNoi]

Google has a patent pending on the method they used to collect this data

They used code from a different project. Just because they have patented the technique (which is stupid in itself because of how novel it is) doesn't mean it's in anyway related to the data collection they've been doing.

Re:Great

Cops want to reserve the right no to be photographed in public, and people complain (rightfully so) that what they do in public should be recordable with no recourse. Now google drives a car down the streets and collects your publicly visible information (SSID) and you complain again that they should not be collecting private data?

Regarding the "cops" example, the important part which you left out is that people were only really talking about cops ON DUTY.

If a police officer is acting in their official capacity, they've got quite a few powers that are not available to ordinary citizens. But with power comes responsibility - and of course, the police should be the servants of the people, anyway, not their masters. Therefore, it's entirely reasonable that the actions of police officers ON DUTY should be possible to scrutinize.

Police officers OFF DUTY are a very different story, on the other hand. They're private individuals just like everyone else, and they deserve their privacy.

Re:Great

[LingNoi]

Yes, that doesn't make much difference though does it. Scanning on 11 different channels and driving at an average of 30 Mph what you going to get? Absolutely nothing interesting at all and if it is encrypted all you're going to get is junk.

Do you get pissed at people listening to your "private" conversation while walking by Mr double standards? No, didn't think so. I hope you come to realise how ridiculous you sound.

Re:Great

[somersault]

i'd take knowledge over happiness/satisfaction any day.

Clearly knowledge satisfies you on some level otherwise you wouldn't be saying this. I generally agree with you, but I am also occasionally envious of those who are blissfully ignorant. I myself have actively chosen not to be like them, chosen knowledge over happiness in some regards - I have forsaken religion and the restricted worldview that it engenders - but put it this way: knowledge and happiness/satisfaction are not mutually exclusive unless you actively choose to focus on things that make you unhappy. One such indication of this is that you like to watch the news and complain a lot, yet keep looking for more things to complain about.

There's always going to be enough bad things happening to make you truly miserable if you want to be. I like having Slashdot as my main source of news. There's still a lot of complaining, but I don't get notified every time someone is murdered/raped. I know these things are going on (ie I'm not ignorant not trying to pretend that I am), and I hate it, but I really can't stop other people doing these things, and I am not going to actively try to make myself miserable by subjecting myself to it constantly.

The only other way to stop being miserable about other people's pain is to become desensitised to it (which I already am to some degree I have to admit, after going through a couple of periods of depression in my life I have developed a coping mechanism of just numbing my own negative feelings when they get out of hand), and I think that is even worse than choosing to not actively seek out knowledge of the pain that others are suffering.

Re:Great

This is not useful information even for Google. Their software was constantly switching frequencies so we're talking about less than a seconds worth of packets for any given network.

What are they gonna do with that?

"Well, Ted, based off this TCP_ACK I'm seeing here, I think we can safely conclude that this Fred Morgan of 123 Anystreet is gay. Wouldn't you agree?"

"Sure is Bob, that's the queerest TCP_ACK I've ever seen."

They don't want this crap. They can't monetize that. They *want* to delete it. They want to have never captured it in the first place, but sadly that ship has sailed. If they delete it, they'll be charged with destroying evidence or whatever the equivalent crime is in the various European jurisdictions in question. One dumb careless mistake has grown a life of it's own.

You REALLY need to read US patent application 20100020776.

Yep - Google has a patent application on collected all kinds of WiFi control packets AND ACTUAL PACKET DATA and getting information out of it that they can monetize.

Imagine that.

So get Sergei's dick out of your mouth, you fawning fanboi.

Re:Great

[jonbryce]

Yes, and it was so inadvertant that they even applied for a patent on it. http://www.theregister.co.uk/2010/06/03/google_wardriving_patent/

Re:Great

[KDR_11k]

And why should they? Historically, collecting pictures and wireless transmissions in public has been legal.

Not in Germany. Google is large enough to be able to get legal advice for other countries before running a massive data collection operation there.

Re:Great

[thegarbz]

Google collected much more than the SSID, it also collected transmitted data (see also the comment titled 'RTFA').

Ok let's roll with this. You walk down the street and overhear a conversation between two people sitting on the bench. They did this in public with no attempt to obfuscate what they were saying. Do they have a right to privacy?

Again we're back to the users. Those who demand a right to privacy have all the tools right their in their little plastic box. Sure WEP is weak, and if google were to try and circumvent WEP I'm sure they'd be guilty of crimes in many jurisdictions but this so far is not the case (or at least not covered by any claims). But if you want privacy tick WPA.

I'd be very surprised if there is a single active access point out there without the capability of enabling encryption. The notion of invading privacy by snooping data that is broadcast publicly on common consumer hardware on a common frequency would be the equivalent of putting a big neon sign in your front yard and then complaining when people read it.

Re:Great

[perryizgr8]

Clearly knowledge satisfies you on some level otherwise you wouldn't be saying this.

true. my statement should not include satisfaction. its a kind of confusing, circular-logic thing. usually happy and satisfied go hand-in-hand but here, knowledge satisfies me even if it makes me miserable. but then if i am miserable how can i be satisfied? o_O

but I am also occasionally envious of those who are blissfully ignorant.

i'm not. i pity them. maybe its a sign of immaturity, maybe i'll grow out of it.

knowledge and happiness/satisfaction are not mutually exclusive unless you actively choose to focus on things that make you unhappy. One such indication of this is that you like to watch the news and complain a lot, yet keep looking for more things to complain about. There's always going to be enough bad things happening to make you truly miserable if you want to be. I like having Slashdot as my main source of news. There's still a lot of complaining, but I don't get notified every time someone is murdered/raped. I know these things are going on (ie I'm not ignorant not trying to pretend that I am), and I hate it, but I really can't stop other people doing these things, and I am not going to actively try to make myself miserable by subjecting myself to it constantly.

completely agree. i never watch news on tv. nor on the web. i read the newspaper, but just skim over the headlines. murder/rape/riots have always been happening and they will escalate as our population grows. nothing to worry too much about, because the best way to reduce this is (imo) to do your own work honestly and efficiently. otoh, reading slashdot lets me know about things that are new and cutting edge. and inspite of all the trolls, i've never been audience to insightful debates that occur on slashdot everyday. people i meet in real life are really dumb, pathetic, shallow. not like that here.

The only other way to stop being miserable about other people's pain is to become desensitised to it

everyone's already pretty desensitized here. let me tell you a bit about the place where i live. my friend and i were standing by the side of the road, in front of the local market, waiting to cross the road. in the afternoon, in broad daylight and about 100 people in view. a couple of crooks with a steel rod and a knife come running and hit my friend on the legs with the rod. they took all his money and his cellphone and left him with a massive bruise. i got ignored somehow. nobody did anything. they got away. we went to a nearby hospital, got my friend bandaged and returned to our homes. people here (including me) just accept this sort of thing and get on.
a police superintendent inspector i know had his house looted. lots of electronics and some jewelry was taken. he did not file a report. why? because he knows (he is an inspector) that nothing is going to happen. the thieves will never be caught.
when you have to live through this, it is quite understandable that people do not give a fuck about privacy, google and anything so abstract.
enough offtopic for today i think.

Re:Great

[thegarbz]

They could have downloaded whatever the heck they wanted. The point does not change. What you transmit over public free to use airwaves can afford absolutely no expectation of privacy. If you talk over a CB radio you don't expect a private conversation too do you?

This is the whole reason WEP and WPA exists in the first place. Now if google were actually circumventing WEP then that is an entirely ball game. Probably not even a ball game anymore. That in many jurisdictions would constitute a crime. But not one person has claimed that yet.

Re:Great

How come every ideal on slashdot is applied so haphazardly? Make a choice people. Should something that anyone can see from your street be private, or public?

False dichotomy. Expectations of privacy are fine-grained. Let's say that I can record what you type on your computer in your private home, by recording electromagnetic fluctuations outside your home. There's are small spikes every time you hit a key. By your standard of "all or nothing", that's fair game.

Technology evolves, and unless you wrap your house in shielding, more and more of your activity inside will be subject to eavesdropping from the street.

Re:Great

[thegarbz]

Police officers OFF DUTY are a very different story, on the other hand. They're private individuals just like everyone else, and they deserve their privacy.

Expand on this. Where do they deserve privacy? Certainly not walking down the street. Applying that same principle here there's the option of putting a Faraday cage around your house, or using the encryption tools provided for exactly this form of privacy.

I'm not quite sure how laws in America work, but the definition of what is public and private in Australia is based on a reasonable expectation. A person sitting by himself actively avoiding everyone is expecting privacy even when sitting in a public restaurant. But his conversation is no longer private if he shouts it in a way that people could overhear it. The same applies here. Legally (here anyway) you'd be entitled to privacy if you encrypted your wireless.

Re:Great

[perryizgr8]

i agree that unencrypted data flowing through the air is liable to be intercepted freely but your assertion that "someone published a list of every wifi hotspot on their train line" is the same as what google did, is wrong. google did not merely record ssids, they recorded the data too. also your solution to google's snooping that "As a side note, how many people complaining about Google's collection of wireless information actually bothered to uncheck that little box that says "Broadcast SSID"" is ineffective, because they can easily sniff the data packets even on a network which does not broadcast its ssid.
once again, i agree that what google did is nothing wrong. but they did NOT merely log the ssids.

Re:Great

True. But they opened the first can of worms by collecting it in the first place.

Sorry, I disagree. FFS, if you have an open network you deserve to get owned by whichever network snooping person is driving past.

If you choose to broadcast unencrypted in range of a public road that google are driving along, IMHO stiff, you are broadcasting into the public domain. Anyone reading /. should know better and I cant believe all the Holier than Thou attitudes to this. Google are slimy suit wearing advertising types, but hell, these fools were asking for it.

Would there be all this uproar if Google collected data on people which didn't have a front door (or any form of physical entrance security) to their house?

ENDRANT

Deserving "to get owned" does not excuse the intentional act of the peeping tom, now does it?

Re:Great

[FreakyGreenLeaky]

This kind of information would have come out no matter what, and Google should be prosecuted. Period.

Re:Great

[know1]

Best troll I've seen in a while, well done.

Re:Great

[speculatrix]

erm, if you're a serious wardriver you don't scan the channels, you have a wifi card for each channel, as these people showed:
janus project

Re:Great

[LordKronos]

I swear, I hate when people like you try to be so clever...."so inadvertant that they even applied for a patent on it". Try not to get involved in the discussion if you haven't an understanding of what you are talking about, because you sound like you are just trolling. Google's patent is all about identifying devices and their location. That can be based off of some very simple data which is broadcast by the access point and does NOT require looking at full TCP/IP communications of connected users.

On my ipod touch, I used to have an app call WiFinder (until the Apple bastards started rejecting the app and it stopped working with the new OS). It would show you all of the wireless networks nearby and display a signal strength for each one. Just by simply walking from one end of my house to the other and checking the signal strength, I was able to get a rough estimate about which direction each signal was coming from. Had I repeated this process up and down the street I could have probably determined with a decent level of accuracy where each wifi network was originating. And all that was without me snooping in on peoples HTTP sessions and such. In fact, snooping on such data would be virtually useless to the goal of locating the access point (unless you just happened to snoop on somebody filling out a non-SSL form that contained address info or something)

Re:Great

[Muad'Dave]

If you talk over a CB radio you don't expect a private conversation too do you?

That's what common sense would dictate, but that didn't stop the cellular phone industry back in the analog-only days. They jammed through several pathentic laws to 'prevent' eavesdropping of in-the-clear cellular phone conversations instead of doing any sort of obfuscation or encryption. A simple frequency inversion technique or noxious filterable carrier tone would've prevented casual eavesdropping at the cost of pennies per phone.

The industry apparently found it less expensive to buy Congressmen that better handsets. Once again, we all lose a little freedom in the name of corporate profits when our elected officials can be 'bought'.

Re:Great

Wait, so it's OK for a private entity to collect/hold this data, but it's not OK for an elected government to examine it?

Re:Great

[Muad'Dave]

I think he meant the same level of privacy afforded any other civilian when off duty vs his level of privacy when on duty.

You know, using the word 'civilian' when describing people who are not police officers rubs me the wrong way. They're not military, so why do they call us civilians? They're civilians, too. I see that some dictionaries include the police (and firefighters?) as non-civilians, but I think that distinction feeds into the militaristic mindset of some police forces. Frankly, it worries me when SWAT teams are better equipped and trained than the National Guard.

Re:Great

[DrScotsman]

In the UK we have the Data Protection Act. AFAIK it places no restrictions on the public, but it means that companies need to have to have a good, legitimate reason to keep data. I'm interested in hearing your thoughts on this. A person > a company, agree or disagree?

(And yes, I do think the streetview photos do have a good legitimate reason)

Re:Great

[ironicsky]

IMHO I do not think Google did anything "wrong". People, specifically home internet users are stupid and willingly provide open networks to anyone who drives by and connects, a lot of them have file sharing turned on to share stuff between computers which makes the problem worse for the end user because anyone can get their crap...(Little bit off topic)

But this is hardly Google's fault. Instead, lets blame Linksys, D-link and any other router manufacturer who's WIFI default is no encryption instead of making it a mandatory setting.

So if anything, Google should take this opportunity to educate the public on WIFI security, create their own super awesome secure router that "anonymously" reports your activities to Google by using Google DNS and provide it for free.

Re:Great

[AltairDusk]

It collected unencrypted data that was being broadcast openly. If you are having a sensitive conversation with your neighbor by yelling at each other across the street, and someone happens to drive by who is filming their trip you would say that they have broken the law by recording your exchange of information?

Unencrypted wifi is just like shouting to your neighbor, anyone can easily see it and you are broadcasting it to them. This is not like someone hiding in a hedge by the road and using binoculars to read your lips through the window so they can know what you're saying.

I realize it's unheard of in this day and age but sometimes people need to actually take responsibility and not look for someone to blame (in this case big bad Google).

Re:Great

[Abcd1234]

They patented a wardriving mechanism, not the act of capturing *and storing* sniffed packet streams.

Christ, get a grip, and while you're at it, learn to read.

Re:Great

[delinear]

What about 50% of the people in this thread seem to be missing is that there are two issues here. The first is the fact that they were collecting data to identify the location of public broadcast WiFi. That's the valuable data, and there's no legal issue with them collecting and keeping that data. The other issue is that their software, while collecting that data, also sniffed some packets being transmitted on unsecured connections. This is the "illegal" data, and it's practically useless to them. I can't imagine it's not the case that they re-used some code which collected this data erroneously, if they were collecting it for any other reason they would have collected much more of it, it's next to useless, in terms of the amount captured, for any kind of data mining purposes (not to mention they'd have to be incredibly lucky to have captured anything actually personally identifiable during this tiny burst of data).

I'm sure the whole "being forced to hand it over to the government" thing is being blown out of all proportion, too. More likely Google realised their mistake (or had it pointed out to them), offered to destroy the data to which the government informed them the standard procedure is that they have to hand the data over to ensure it is properly dealt with, then Google go off, check the legal position, come back and agree. But of course, such a reasonable state of affairs wouldn't sell clicks on news sites or provide fodder for conspiracy theorists...

Re:Great

[delinear]

Google is one of the big tech companies that will patent technologies to prevent patent trolls doing the same and using it to milk them in the future. It's not unreasonable that they'd patent everything connected with such a big undertaking to cover themselves, neither is it beyond the realms of belief that they'd re-use code from another project (Google have been known to release buggy code before). I'm sure they're smart enough that if they were actually doing something underhand, they'd have collected more data so it would have a bigger chance of turning up something useful, and they'd have hidden the fact that they'd collected it too (like they don't already know about data audits), even then, what possible use could they make of the data? They're Google, they can't just sell it on the black market, and if they tried to sell illegally obtained data through legitimate channels they'd know the huge risks involved. No, I'm with you, there are plenty of underhand shenanigans going on in big business, but I think this was a genuine error that they're trying to resolve as best they can.

Re:Great

[delinear]

They're civil servants, we're civillians. Using those terms reminds me that, in theory at least, they're meant to work for us.

Re:Great

[darkpixel2k]

True. But they opened the first can of worms by collecting it in the first place.

Am I missing something? They collected samples of data bring brodcast from open wireless access points.
Are you going to bitch next if Google happens to capture the text on a billboard while mapping I-5? It's information being broadcast in *public*.

Re:Great

[delinear]

The chances of there being anything even remotely useful in this snapshot of data collected is miniscule. Wasteful as governments are, I'm sure even they can find better uses for their money right now than paying someone to trawl through hundreds of gigs of completely random, meaningless data which have an almost infinitely small chance of providing them with both a) something they can use against an individual and b) some way of identifying that individual.

Re:Great

Yeah, when something happens ACCIDENTALLY it tends to be unnecessary as well.

Re:Great

balls

Re:Great

[jonadab]

> Clearly knowledge satisfies you on some level otherwise you wouldn't be saying this.

It's not so much that knowledge satisfies us, as it is that curiosity compels us.

Re:Great

How come every ideal on slashdot is applied so haphazardly? Make a choice people. Should something that anyone can see from your street be private, or public?

Maybe it's haphazard, or maybe you're missing the point so badly that it seems haphazard to you. Let me spell it out for you:
1. Justified or not, people expect third parties to stay out of any interaction that does not concern them. You may be familiar with the phrase "none of your business"?
2. Justified or not, people expect privacy for private(!) citizens, but not for public(!) servants.
3. Justified or not, people are much more sensitive to "big guys" collecting information about "little guys" than vice versa.

Re:Great

[noidentity]

I can just hear the thoughts in the government officials' heads... "We need to make an example of Google for collecting private data like that, so we will look good. They need to destroy it. Hmmm, we would really like to sift through that data. Ahhhh, we can require that Google hand it over to us, so that we can be sure it's 'destroyed' properly. Double-score for us!"

Re:Great

[Just+Some+Guy]

They don't want this crap. They can't monetize that. They *want* to delete it. They want to have never captured it in the first place, but sadly that ship has sailed. If they delete it, they'll be charged with destroying evidence or whatever the equivalent crime is in the various European jurisdictions in question.

Perhaps I haven't followed this closely enough and it's already been answered, but why wasn't their announcement to the effect of "we accidentally collected this data, which we have already destroyed for your privacy."

Re:Great

[yyxx]

Not in Germany.

Yes, even in Germany taking street photographs and collecting packet radio data was legal in the past.

Whether recording unencrypted WLAN packets is or is not legal today has been a legally gray area. It depends on whether one considers such data "private" or not. That question is now being settled in a wave of anti-Google and anti-American hysteria.

What purpose is being served by this is unclear. If you run an unprotected WLAN in Germany, you are probably running afoul of both data protection and copyright laws already.

Google is large enough to be able to get legal advice for other countries before running a massive data collection operation there.

They did. The data they actually intended to collect conforms with German law. They spent months talking to German data protection czars about that.

They simply screwed up and unintentionally collected additional data, and for that they are being crucified.

The whole uproar has nothing to do with privacy or data protection, it's simple hysteria and political and corporate opportunism. Actual German data protection is atrocious.

Re:Great

[yyxx]

I'm sure the whole "being forced to hand it over to the government" thing is being blown out of all proportion, too. More likely Google realised their mistake (or had it pointed out to them), offered to destroy the data to which the government informed them the standard procedure is that they have to hand the data over to ensure it is properly dealt with, then Google go off, check the legal position, come back and agree. But of course, such a reasonable state of affairs wouldn't sell clicks on news sites or provide fodder for conspiracy theorists...

But it is not reasonable for a supposedly democratic government to be able to obtain 600 Gbytes of private data just because some government bureaucrat says that it is "standard procedure". Private data should only be handed to the government based on a court order, for specific, well-defined, well-articulated purposes.

This is a big deal and it is unacceptable; it's the kind of thing that happens in police states.

I suspect both the German data protection official and Google will face legal problems over this transfer of data.

Re:Great

[somersault]

Sure.. but you must be receiving some kind of positive feedback from time to time on knowledge otherwise you'd quickly stop wanting to learn in the same way that you stop wanting to put your hands into fire after you first get burned.

Re:Great

the "not in my backyard" argument is as old as time. only cops and people on the train route would complain about those other stories.

Re:Great

[twidarkling]

Just to mention, I don't think *either* Google OR the government should have the data. But Google definitely fucked up by collecting it in the first place.

Re:Great

[thegarbz]

No idea what to make of this point. Google is in the business of hoarding data. I wonder if that alone is reason to be able to not delete it. But I don't agree with the law you quote. Why should a company not be able to store publicly available data? Private data I would understand, but public data? It's like having to have a good reason for keeping a street directory in the car.

Some laws just make no sense the way they are written. In my state in Australia it is legal for a bicycle to turn right from the left lane of a roundabout, and technically have right of way too. I'm not sure if they created that law to remove some brain-dead cyclists from the gene pool but the law is in direct contravention of the road rules for cars. Guess who will win.

Re:Great

[DrScotsman]

From Wikipedia on ECHR:

Article 8 - privacy
Article 8 provides a right to respect for one's "private and family life, his home and his correspondence", subject to certain restrictions that are "in accordance with law" and "necessary in a democratic society"

Many Slashdotters seem to think no one has a right to privacy, but people DO have a right to privacy, albeit a restricted right such that it doesn't trump everyone else's rights. Sounds fair and balanced to me.

One of the restrictions "necessary in a democratic society" is that it doesn't trump a person's rights such as taking photographs in a public place. It's not that you have no privacy outside, it's that other people's rights for the most part trump your privacy and hence effectively you have no privacy outside. However a company does not have fundamental rights like a human, and as such a person's fundamental rights prevail over a company's rights, including a person's right to privacy.

Remember I did say that a company can keep the data with a good reason. Debt collectors get to keep your contact details for instance. Google Streetview blanks out nearly everything that could infringe someone's privacy and hence probably doesn't fall foul. I hardly see a good reason that Google would need to keep your SSID and the like.

Your impression that there is a contradiction between Slashdot's anti-privacy views (photographing a police officer or a building) and Slashdot's pro-privacy views (Google SSID) hinges on your impression that a company (or the government) has the same rights as a person (or that people don't have a right to privacy, but you know that's not true). I know you said you're from Australia but that's a very American view IMO, not really compatible with Europe.

By the way the Data Protection Act is a good piece of legislation, it has specifically helped me twice before. The extent of the complaints I've seen about it on Slashdot have been that companies can easily get around it, not that it's damaging.

Re:Great

[Cyberllama]

It's not a gold mine to anyone. We're talking about 600 gigabytes of packets over 6 years. Not nearly as much as they could have collected had this been done intentionally. This is a trivial amount of data that could easily go unnoticed by Google. This would fit entirely on one hard drive with plenty of room to spare.

Now ask yourself, if the Street View car drives by your house and at that exact moment you're using the internet, how likely is it to be something unencrypted and sensitive? Emails take a split second to download, and the street view car is only listening for a split second. The timing would have to be a 1 in a million shot.

If I download, on a given day, 3 megabytes worth of webpages, 100 kilobytes worth of Email, and 50 megabytes worth of gaming, 300 megabytes worth of netflix streaming, 1 gigabyte worth of bittorrent -- ask yourself what are the odds that the street view car gets a slice of that 100 kb instead of something else completely useless to anyone?

So yeah, we have like 600 gigabytes, of which maybe a few hundred megabytes might actually be sensitive plain text information at best -- and even then you're not getting all of it, just fractional bits. Spread out over 6 years, you think this tiny trickle of single tiny pieces of peoples emails, half of which probably went through gmail anyways, is something Google is willing to break the law to get?

Seriously. What the hell do you think Google wants with this? Take the tinfoil hat off and THINK.

Re:Great

[Cyberllama]

I really wanted to respond to this, but it was only semi-coherent. Each sentence makes sense, but not in any connection to reality or to the sentence that preceded it. I really don't want to make fun of you, but I'm kind of sad to see that Google is the new CIA to people wearing tinfoil hats. I guess it was inevitable.

Re:Great

[thegarbz]

Ok so in the UK the law is on the side of the public (first sensible UK related law I've heard in a long time). But I ask you, aside from the law, is there a reasonable expectation of privacy for data that you stream wirelessly and openly with no obfuscation onto the airwaves using commodity hardware? I propose this in a kind of tone saying people who don't encrypt this stuff get what they deserve. What's your personal opinion on this? It is a relevant question because the opinions of people dictate what lawsuits happen whether they be frivolous or not.

That's the legal problem in Australia. The right to privacy laws relate to the opinion of a reasonable person. The person has a right to privacy if a reasonable person expects their situation to be private. The classic examples where this creates a legal grey area are:
- Girl gets dressed in her bedroom without closing curtains. Passer by takes a photo from the street and posts it on the internet. Tough luck for the girl because she can't expect to have a right to privacy from photography if she's standing right in front of the window in plain view from the street.
- Now imagine the same situation except the house is 150m from the street and the passer by takes the photo with a long 300mm lens. All of a sudden with no clear definition about what constitutes an invasion of privacy the girl's rights to privacy have been violated.

These examples actually went though our legal system at some point (from what I remembered of the one boring law subject I took anyway). So applying our laws, is the SSID and any data you transmit private?

Re:Great

[DrScotsman]

No, I do not think there is a "reasonable expectation of privacy" with unencrypted wireless data. However it is still personal data, and as such while a member of the public can do whatever I do not believe that a company has the right to retain that data.

Besides your first sentence you appear to have somewhat ignored my assertion that people and companies do not have equal rights to trump other people's privacy rather specifically dispute or agree with it. I completely agree with your examples about the girl, however if instead of a passer by we had an employee photographing for a company, the company would most likely not have a legitimate reason to keep her personal data and hence it shouldn't be kept. If he was just a lucky passer by then he should be able to keep it.

Additionally I have to respectfully disagree with your opinion that people who don't encrypt get what they deserve. I'm willing to bet the majority of unencrypted access points are so for lack of technical expertise, and while I do not think they have a "right" to use the Internet without expertise, I don't think we should expect them not to try to use it if they don't have the expertise.

By the way I think you'll find most civil laws in the UK are pretty decent, and while many of the reported criminal laws bother me I appreciate I am far more likely to use the civil ones to my advantage than have the criminal ones to my disadvantage.

Re:Great

[thegarbz]

Yes true I did gloss over it. I fully agree with your assertion that private data should not be allowed to be held by a company with no good reason, and in this case it's 50/50. The SSID I don't think in any way constitutes private data. But the actual snooping of unencrypted data does to a degree and I think google would not have a good reason to store it (though I don't think they were wrong in snooping it on the way past, and now you have me somewhat conflicted about this :).

On a somewhat off topic, at least it's good to see now that when you buy wireless routers / modems they come with encryption enabled by default. I just hope it's not always the same password.

Whatever for?

[alfredos]

What will those govt's (mine among them) do with that? Call me anything, but I'd prefer the data to be in Google's hands, where it will give something back, than in the hands of the Government. Especially if those misnamed "intelligency agencies" are to set their hands on them.

Re:Whatever for?

[yuhong]

Well, the government wanted the data for an investigation into what Google collected.

Re:Whatever for?

Don't worry. They got backups...

Re:Whatever for?

[alfredos]

Usually that would mean sending someone to have a look and see and perhaps sample the data. It's how they go about our IRS equivalent, social services, workplace safety, and about any situation where the Gov't needs to inspect something. TFA says originally Hamburg wanted about that - access to a hard drive and to a Street View car; note the singular. However, now they are talking about giving "the data", not about letting the authorities inspect it. Too fuzzy for my liking.

Funny, by the way, how Google wondered about the legality of having its data inspected by the data protection authority. "We screwed up" is the only adequate and honest thing for them to say after that. It's not without merit, because what other big company would?

Re:Whatever for?

[yyxx]

Yeah, that's actually the real question: what are they going to do with it? Look for file sharers? Look for pornography? Under German law, a lot of communications are illegal, and there are probably hundreds of thousands of felonies recorded in that data.

Even more worrisome is the procedure by which the government obtains this. Google hasn't been ordered by a court to hand over this data, it is simply being requested by a government bureaucrat. Penalties for not complying with his demands can be steep, not just for the company but its employees.

Re:Whatever for?

[yyxx]

Funny, by the way, how Google wondered about the legality of having its data inspected by the data protection authority.

Nothing "funny" about it; they probably have good lawyers, lawyers who advised them that handing over the data to the "data protection authority" without a court order may itself constitute a violation of German privacy laws.

Usually that would mean sending someone to have a look and see and perhaps sample the data.

Or it might mean that the "data protection authority" goes on a massive data mining quest to identify file sharers, pornographers, and anybody who runs an open WLAN, and then charges all of those people with breaking the law. They couldn't drive around collecting that data themselves, but they can obtain it from Google. Probably it doesn't mean that in this specific case, but it sets a bad precedent.

Think about it: if you were a government intent on violating people's privacy, what would be the best place to do it? That's right: the "data protection authority", armed with a legal right to request and inspect anybody's data without a court order, just to look for more "data protection violations".

Re:Whatever for?

[AHuxley]

Intelligence agencies already work with telcos and Bells from inception. Its part of getting your telco approval.
Germany has laws, as do other parts of the world saying you cannot break into other peoples networks (encrypted or not) and keep the data (small or large amounts).
The origin of the laws might have been data protection ie hackers or other from private firms or public/private partnerships.
Google knew this but still went ahead with wide area wifi collection.
Google could have lobbied hard for an exemption or law change re education, nation building, disability support, tourism or any buzz issue with PR tech bite.
Requested to build a better iworld, this is what we are doing, your evil luddite state/federal regulator said "No"
But Google just tried to slip under the legal protection of "they did it too".

Re:Whatever for?

FUCK you and your moronic crap.

Their "wide-area wifi collection" didn't "break into" anyone's network -- not even by the loosest definition of associating to an open AP. They recorded data that was broadcast, but did nothing to cause, incite, or affect its transmission. This obviously puts them in the moral clear, though it doesn't directly speak to the legal situation. After all, many European countries are so fucked up that it's not permitted to own a radio receiver for audio or TV broadcasts without a license from the government, so who the hell knows. But it CERTAINLY doesn't violate any law that can HONESTLY be characterized as "you cannot break into other peoples networks (encrypted or not) and keep the data (small or large amounts)".

Second, note that nobody, not even the German Fucking Government, complained about the original goal, recording BSSID/location data for geolocation. This whole controversy is about the _payload_ data that was stored. Google has claimed this was an accident, and there's not a particularly good reason to disbelieve them -- I'll spend the next three paragraphs spewing forth an explanation of this, even though it does drift astray from any points you may have tried to make.

The way most off-the-shelf tools are setup by default is to record everything, analyse it later. The obvious way to write your own software (from a technical, not legal perspective, because it was written by coders, not lawyers) is to save everything you hear -- on-the-fly filtering is at best an optimization to save disk-space. I'm not clear on whether they're using their own software or an off-the-shelf tool (AFAIK they've not told us), but either way, saving everything is a plausible, even strongly likely, default.

As for the notion "they'd have realized it was filling up the disk with too much data -- what would you do? In the absence of some suspicion of a problem, would you count the SSIDs recorded, figure out how many bytes they should each take, add a reasonable percentage for db overhead, and crap out an expected storage space, just to check? Or would you take it for a run the first day, measure the space used, and call that "typical"? Hint: the latter is not necessarily right, but it's not really wrong, and is certainly what most people would do.

Unless they had a lawyer, or other legal-minded individual, involved to the point of asking probing questions about the _implementation_ (not just signing off on the plan), or otherwise were prompted to an actual suspicion of a problem, it's quite plausible that they did in fact inadvertently capture the data, and remained unaware of it for quite some time. Given that what they say is perfectly plausible, and I have yet to hear ONE SHRED of evidence to the contrary, I guess I'm inclined to believe them.

Re:Whatever for?

[perryizgr8]

Funny, by the way, how Google wondered about the legality of having its data inspected by the data protection authority.

Nothing "funny" about it; they probably have good lawyers, lawyers who advised them that handing over the data to the "data protection authority" without a court order may itself constitute a violation of German privacy laws.

Usually that would mean sending someone to have a look and see and perhaps sample the data.

Or it might mean that the "data protection authority" goes on a massive data mining quest to identify file sharers, pornographers, and anybody who runs an open WLAN, and then charges all of those people with breaking the law. They couldn't drive around collecting that data themselves, but they can obtain it from Google. Probably it doesn't mean that in this specific case, but it sets a bad precedent.

Think about it: if you were a government intent on violating people's privacy, what would be the best place to do it? That's right: the "data protection authority", armed with a legal right to request and inspect anybody's data without a court order, just to look for more "data protection violations".

so when did pornography become illegal , then?

Re:Whatever for?

Think about it: if you were a government intent on violating people's privacy, what would be the best place to do it? That's right: the "data protection authority", armed with a legal right to request and inspect anybody's data without a court order, just to look for more "data protection violations".

But this is Germany, where the Datenschutzbehoerde ("data protection authority") is actually concerned with protecting the privacy of German citizens, even if that means pissing off other government agencies. It does not concern itself with filesharers or pornographers, as that is the job of the police and/or the state prosecutor's office, and it can't pass on data to them without a court order either. (Note that pornography is legal in Germany, so neither police nor state prosecutor are going to be interested).

Re:Whatever for?

In Germany, storing payload data that was not meant for you is illegal. It doesn't matter if it was broadcast in the clear or not - if the packet header says the data is not intended for you, you are not allowed to look at it or store it, just like you aren't allowed to open other peoples' mail without permission. It also doesn't matter if it was intentional or not, that just matters for the sentence handed down if a judge finds you guilty of having broken the law. And unless you are a German citizen, what you think of this law is completely irrelevant.

Re:Whatever for?

[AHuxley]

As for "most off-the-shelf tools" would be set up for in house sweeps (legal) or war driving to produce false color maps of epic admin errors in a central business district for a lol online.
"certainly what most people would do" is fine if your a hacker, university student, geek or nerd but Google is a multinational with information technology aware legal teams and claims to have hired competent people.
Test wifi collection one day vs local laws, keep emails safe the next competent people.
"Signing off on the plan" is not what most laws in most parts of the world say anymore.
Financial, legal, data protection law has followed structural engineering - if it fails, its your experts name and brand name.
Google knew its German law, knew it should not collect data, but collected it anyway or did not put any safeguards in place.
Google wanted all the benefits and profits of operating in German ect.
That does come with responsibility beyond a PR 'opps" and "they where doing it too". Others seem to be in compliance with privacy and data protection laws everyday of the week.

Re:Whatever for?

Okay, then the GGP's characterization of the laws was flat-out wrong, AND the law doesn't make any sense. From what you describe, it sounds as though it's illegal to put a wireless card in promiscuous mode (well, technically, to put it in promiscuous mode when someone else is transmitting...). Not exactly surprising (like I said, I'm perfectly aware that some countries cpmpletely forbid unlicensed receivers, so forbidding certain receiving functionalqity is not unexpected). Just wrong.

And I'm glad it doesn't matter to me what other countries do; I hope you're not among the folks who always go griping about the US's issues, unless you're a US citizen -- after all, the fact that an unjust law here might affect you doesn't matter. Of course, if others' opinions of German law don't matter, it makes me wonder why GGP felt the need to mischaracterize them as something more reasonable.

Meta Screwup?

[Psaakyrn]

Ok, so which is the screwup, not giving the data, or the giving up of data?

Re:Meta Screwup?

Ok, so which is the screwup, not giving the data, or the giving up of data?

Denying that you collect the data, or collecting the data in the first place ?

Re:Meta Screwup?

The big screwup is announcing they collected the data before destroying it, allowing governments to get their paws on it. And we all know the governments will never destroy it. Collecting the data was bad, but insignificant compared to this.

Re:Meta Screwup?

[JaredOfEuropa]

The big screwup is getting caught at collecting it.

Re:Meta Screwup?

Bigger screw-up happening right now in a dark basement somewhere - making backups of (the) data before handing it "all" over...

Play for time while the slaves furiously make copies.

Governments now have all the dirty work done, "free".

Win-win for the big guys. As always.

Re:Meta Screwup?

[delinear]

The big screwup is announcing they collected the data before destroying it, allowing governments to get their paws on it. And we all know the governments will never destroy it. Collecting the data was bad, but insignificant compared to this.

Yeah, it sickens me to think maybe they snooped half an AC comment I was downloading from /. on the day they drove past and that that's now out there, in a massive, massive sea of similarly "important" information just waiting for those evil governments to pay someone a small fortune to trawl through the data and... well, not trace it back to me, because there'd be absolutely nothing personally identifying, but to at least read it and... erm... someone help me see the evil here?

Re:Meta Screwup?

[delinear]

Play for time while the slaves furiously make copies.

How high is the loon quotient today, is it a full moon or something? Seriously, this has been going on for a while now, how long do you think it takes, or how many slaves are required to back up 600GB of data? I've copied more than that over my crappy home equipment in a few hours. Far more likely they were delaying while their legal team verified the actual legal position on handing over this data.

Re:Meta Screwup?

[kellyb9]

The big screwup is getting caught at collecting it.

Correct me if I'm wrong, but I thought Google admitted to collecting this data without an inquiry from any European countries. Sorry, I didn't read the article, but I recall when this issue was first brought to light.

Not good

I trust Google more than German officials, really... (I'm speaking as a German citizen)

Re:Not good

[denmarkw00t]

It's not an issue of whose hands the data is in now - Google shouldn't have had it in the first place, although maybe it WAS ok, depends on if they used the data. Also, the fact that they didn't do anything to filter it or destroy it after a certain period, or inform local authorities it would be collecting the data, are all probably at issue here.

Re:Not good

[RAMMS+EIN]

``I trust Google more than German officials''

I wouldn't. Both Google and German government are made up of people. There will be good people and bad people in both organizations.

The major differences are that the the German government has a rather limited sphere of influence and you have some control over it through elections and other measures, like demonstrations, campaigns, founding your own party, etc. You vote along with a lot of citizens who are in the same boat as you are.

On the other hand, Google operates world-wide, and I doubt that you have a lot of control over their actions unless you work for them. Sure, you can buy shares and have a vote, but it will be your vote among that of a lot of people who don't know and/or don't care what happens in Germany.

Speaking for myself, I would rather keep my data away from both the government and large multinational companies. I am certainly no more comfortable with Google having it than with my (Dutch) government having it. And, as this case demonstrates, it doesn't necessarily matter who collects the data - you may be more comfortable with Google collecting it than with your government collecting it, but it looks like now both Google and the government are going to have it.

Re:Not good

The major differences are that the the German government has a rather limited sphere of influence and you have some control over it through elections and other measures, like demonstrations, campaigns, founding your own party, etc. You vote along with a lot of citizens who are in the same boat as you are.

My, aren't you a funny one.

German cops give you a thorough beat-down if you go to demonstrations. Elections are a worthless show; as in any so-called democracy.

The German government/agencies regularly ruin lives because they are fucking incompetent morons or plain corrupt. Granted, the data protection agency is one of the more benevolent ones; they surprisingly often work for instead of against citizens.

The government has the authority, malice and enough brain-dead enforcers to screw you over. Google not so much; I bet any Google employee is less likely to screw up than those fucks in the German parliament, police and courts.

Re:Not good

Alt.Governments.nazi-like

Of course if you said this in Germany you would likely be shot. Making it even the more true.

Re:Not good

[dangitman]

I wouldn't. Both Google and German government are made up of people.

But, in the German government, one of those people is HITLER!

Re:Not good

The major differences are that the the German government has a rather limited sphere of influence and you have some control over it through elections and other measures, like demonstrations, campaigns, founding your own party, etc. You vote along with a lot of citizens who are in the same boat as you are.

This is exactly why I trust Google more than German officials. The majority of the electorate is completely clueless when it comes to issues like this, where as Google is effectively a dictatorship run by people who seems to have the same values as me.

Re:Not good

[moronoxyd]

I'm trusting the German government more than Google (speaking as a German citizen).

Re:Not good

Think about all the tax savings! Google could probably collect all this data for a 1/10 of the cost that the government would budged, and they would make a nice profit because there actual spending ends up at 1/20th. My (Dutch) government would be lucky if they spend less than 10 times the original budget. There, just saved our government 99%.

Re:Not good

[LordKronos]

I am certainly no more comfortable with Google having it than with my (Dutch) government having it.

Google could potentially use the data to (gasp) serve you targeted advertisements (ie: they're gonna try to annoy you with ads either way, but at least then it will be an annoyance that's relevant to you, instead of tampon ads for a guy, or ads for a Boston restaurant shown to a person in Seattle). The government, on the other hand, can charge you with crimes, fine you, throw you in jail, etc. I think anyone who is not more comfortable with the former than they are with the latter has their sense of perspective severely out of whack.

Re:Not good

[kangsterizer]

I wouldn't be so sure than being able to vote for some people made the said people better than Google or any company's people.

Sometimes (often) one single guy being a good guy can fire all the bad guys he finds and keep things running mostly well.

On the other hand you can't fire someone who has been elected and his party. Most of the time they get elected because they appeared better, due to larger money, influence, and probably some "bad guy stuff" giving them the edge.

Now, it doesn't mean the German govt is especially bad and corrupt or Google especially good. Simply, that it's hard to base such judgment on that alone.

Google screwed up...

[MindlessAutomata]

...so now people's personal data is now in the hands of the relevant governments. I'm not sure this helps the situation.

Re:Google screwed up...

[adolf]

I approach the whole thing with a big "meh."

The common Slashdot mindsets of "teh Gubament shouldn't have that data!!" and "if they didn't want anyone to see it, folks should've encrypted it!!" are not mutually exclusive.

Fact is, if the government(s) really wanted to sniff cleartext data broadcast via Wifi, they'd be doing it. In fact, I'd be very surprised if they haven't been sniffing things for a long time.

So if someone else happens to gather up some cleartext data by accident, and the government(s) demand it to be delivered to them, all I can say is this: Gosh, folks. As far as we can tell, WPA2 with AES is plenty safe at the moment, and you're a fool if you're using neither that nor some other form of encryption. And while I don't think that the government(s) should be able to do demand that the data be turned over to them, it is rather in-keeping with the general rule of things: When the government learns that you have a pile of stuff that doesn't belong to you, do they simply ask you to destroy it? No! They take it away.

Meanwhile, I've been doing a lot of wardriving for a while, recording SSIDs, BSSIDs, and GPS coordinates on my Droid, just because it's interesting to me. Even in the short time (half a year, or so) that I've been doing this, I've seen a big increase in encryption usage in my area. This is a Good Thing, An important unintended side-effect of stories about this Google oops is that they will certainly help keep the trend toward encryption moving.

Re:Google screwed up...

[MindlessAutomata]

I agree, but I really do think that Google's data collection was in error, and they're far less likely to use it for blatant evil than the governments would.

Also, glad to see someone else like Coil.

Re:Google screwed up...

[Vahokif]

Spoiler: they already have your personal data.

Re:Google screwed up...

...so now people's personal data is now in the hands of the relevant governments. I'm not sure this helps the situation.

And I wonder how many of you in the US that are up in arms about this support the one major party that consistently wants higher taxes. Taxes that support the ability of the government to use this type of data against you.

"Oh, but they want to use taxes only for GOOD things because they're the only ones that really CARE - like ME."

Fools.

Taxes: they WILL be used against you.

Re:Google screwed up...

[delinear]

I can't imagine either of them want to use the data for evil. If Google wanted to* they'd have been a lot more clever about how they collected and hid it from audit scrutiny, and if the government wanted to, as GP said, they'd do it themselves and I doubt, if they were doing so, that they'd bring the issue to everyone's attention by dragging Google over hot coals about it, because I'm betting a fair few people who didn't know about securing their WiFi before will now be looking into it.

*And really, how could they? They're too public to reasonably be able to pass this on without being found out, and they can't identify your requests once they've passed through your ISP anyway so they can't even use it to target you with ads, maybe they could use it to say "people in this region of the country enjoy products X, Y and Z", but that's hardly a massive concern.

Re:Google screwed up...

[delinear]

What an idiotic comment. How about the people who support the one major party that wants less government interference or regulation of corporations? Seriousl, what does politics have to do with this beyond the very tenuous? Disclaimer: I'm a Brit and all our parties are exactly the same as each other (apart from the colour of their manifestos) so I don't have an ulterior motive, just think it's a silly connection to make.

Re:Google screwed up...

[Johann+Lau]

so you're basically saying you trust yourself less than some entity in the clouds? because government = people, google = shareholders...

if you distance yourself so much from government that it becomes something completely external to you, you're beyond help and beyond helping anyone.

Re:Google screwed up...

[MindlessAutomata]

Government is people that aren't me.

The data that google has is useless to it; the data is not useless to the government, however.

Destroy?

[headkase]

If the information has the potential to be misused at an uncertain future date wouldn't it better be prudent to just outright delete it?

Sometimes retaining information is worse than losing it.

Re:Destroy?

[Psaakyrn]

Only works if you can unsee said information.

Re:Destroy?

[headkase]

Has anyone seen all of the automated collection? Should Google be burning select back-up tapes?

at the end of the day...

[powerspike]

Really i don't see a problem with what google did, apparently it was only open networks etc, having an open wireless device in your house would be like not having curtains on your windows, if your not going to "stop" people from looking in, you've got nothing to complain about. If they were only taking samples, there shouldn't be much of an issue, because you where broadcasting the data to the public anyway...

Re:at the end of the day...

[Ziekheid]

If someone leaves the door of his house open you could say it's pretty damn stupid but it doesn't mean walking in and going through someone's stuff is the normal thing to do. Wardriving is something people did (and do?) for the fun of it, it's not major corporations doing it on a massive scale to collect data on people, it's illegal too btw in some countries.

Re:at the end of the day...

[grantek]

This isn't walking into someone's house through an open door, it's taking photos from the street, and I have no idea why people thing it's different to Street View - as GP said if there's no curtains on your windows people will be able to see in.

Re:at the end of the day...

[QuantumG]

As a European commenter said in the last story on this issue (exactly how many do we need?), they have these weird ideas about privacy over there. Apparently it's not enough that something was visible or broadcast in public. Under the rules Google didn't have the right to collect this stuff.

Stupid, restrictive, fascist even, but there ya go.

Re:at the end of the day...

[Pastis]

> This isn't walking into someone's house through
> an open door, it's taking photos from the street

Not even that: it's hearing from the street that there were people talking from the house at that particular moment (not necessarily even hearing what they were saying).

If you don't want them to hear that you are talking and what you are saying, hide your SSID and encrypt your communications. Done.

The only illegal problem I could see is the large scale of the information gathering. Personally, as an owner of a open hotspot, I don't care.

Re:at the end of the day...

[yyxx]

Wardriving is something people did (and do?) for the fun of it, it's not major corporations doing it on a massive scale to collect data on people,

But other corporations have done this as well.

it's illegal too btw in some countries.

It shouldn't be. If you broadcast unencrypted packet, people shouldn't be thrown in jail for receiving them.

Re:at the end of the day...

[silentcoder]

His Analogy works, yours don't.

Having an open wifi is more like shagging your girlfriend against the window with the curtains open... you can't complain about privacy if the neighbours watch you do her when you do it in plain sight.

If exhibitionism is NOT your thing... encrypt your damn wifi.

Re:at the end of the day...

[silentcoder]

Obviously, in this analogy, google is the fat slashdotter across the road who doesn't just ENJOY the show, but videotapes it.

Re:at the end of the day...

[Eth1csGrad1ent]

This is NOT insightful - and smacks of the "you've got nothing to worry about if you've done nothing wrong" mentality. Mostly Joe Public doesn't understand what the difference is between open/closed WIFI... certainly the guy at the shop he bought it from didn't explain it to him... he bought a device that allowed him to surf the net on from his couch. He plugged it in, followed the illustrated guide to set it up and it worked. end of story.

He did not knowingly provide unlimited access to his home network to his government, or any other lowlife company or individual seeking to take advantage of him limited understanding of technology.

GOOGLE, without a doubt, would have known that if they'd informed home owners of what they were doing, having explained exactly WHAT they were up to - by and large, the home owner would've told them to F^&* OFF! That should've been enough.

Re:at the end of the day...

[BenevolentP]

Picking your comment to reply to more or less randomly.
- You can look at a house or make a photo of it. You can overhear a conversation. You're also not a massive database that lives on making everything they get searchable.
- People are not stupid because they dont know about router security. They know that they can access the internet if they connect those boxes to their phone line. You overestimate most peoples basic understanding of what the internet is
- In restrictive, fascist germany the Ministry of justice (or websites in general) is not allowed to store the IP Adresses of the visitors of it's website. I have absolutely no idea why they let google get away with storing them for SIX MONTHS so far.
- Yes, i used google translator for that link :)

Re:at the end of the day...

As far as I am concerned anyone who sends radiowaves outside their own home should not expect any privacy at all regarding the information they send, encrypted or not.

If you intend to send those cancer-generating waves through my body then I will damn well do whatever I like with them, including decrypting them and publish them for all to see. You should be glad that I don't send my own set of waves back at you you insensitive clod!

Re:at the end of the day...

What Google is alleged to have been doing - recording data packets, not just SSIDs from open WiFi networks - is a crime in Germany. Unless you are a German citizen, your personal opinion on this matter is irrelevant.

Re:at the end of the day...

Really i don't see a problem with what google did, apparently it was only open networks etc, having an open wireless device in your house would be like not having curtains on your windows, if your not going to "stop" people from looking in, you've got nothing to complain about. If they were only taking samples, there shouldn't be much of an issue, because you where broadcasting the data to the public anyway...

Read patent application 20100020776. Google was using specially-designed equipment to collect everything they could. (Hmm, I wonder if they grabbed anyone's VOIP packets and have broken laws preventing eavesdropping phone calls...)

What Google did was a deliberate act to collect data from private networks. It's not an inadvertent peek into your window - it's a Google employee putting a ladder up to your second-story bathroom window with a video camera. There's a whole lot of intent there.

Just because you COULD put up an opaque screen doesn't mean Google is innocent here. In fact, you could even say Google "did evil" with this act.

Re:at the end of the day...

This isn't walking into someone's house through an open door, it's taking photos from the street, and I have no idea why people thing it's different to Street View - as GP said if there's no curtains on your windows people will be able to see in.

Wrong.

It's a Google employee on a ladder with a video camera outside your second-story bathroom window.

With the INTENT to violate your privacy. By using equipment specifically designed to do just that.

There's nothing inadvertent here.

Re:at the end of the day...

[FreakyGreenLeaky]

Christ, but you're stupid. Having a curtain ajar does not give a criminal the right to peer in to see what he can steal or surreptitiously record on a camcorder. Thank fuck most people do not think like you and know what privacy means.

Re:at the end of the day...

[kangsterizer]

Oh, analogies.
There's been many replies but here is what I currently think is the most accurate analogy.
Radio waves are like sound waves.

Imagine someone yelling his data in English out at the window and you come by and just happen to hear it because you're in range.
That's open wifi in my eyes. Sure, sure it sounds short minded, but then again let's take yet another fine analogy.

You're talking to your buddy on your analog CB radio (citizen band). Now a dude on the same freq while you're driving by shout his stuff and you get to hear it..

An analogy is never completely accurate, but your analogy is very far from accurate and very misleading in my eyes. (which happens 90% of the time an analogy is written, no worries!)

Re:at the end of the day...

they can watch but can't take pictures

Re:at the end of the day...

[binkzz]

Can we keep to the car analogies, please?

Thank you.

Re:Yea sure

[micksam7]

Likely a configuration issue, keeping raw data around for debug info then forgetting to turn it off before deploying it. Google has been wanting to capture network SSIDs and GPS coordinates [war drivers have been doing this for years], likely for cell/laptop location data, but accidentally grabbed all raw packets instead.

Not copies

[Ziekheid]

They are handing over the actual hard drives that contain the data apparently. This means that it can (and should) be destroyed by the government now but I suspect that they will research the collected data first to see if Google violated laws by doing this. After this they should officially destroy evidence like this for as far as I know but they probably wont, who knows?
Anyway, people shouldn't be whining at the government at this point but at google for collecting it in the first place. What the f where they thinking and what does this say about how far google will go to get information through their own services?

Re:Not copies

As incompetent as they are ( and I live in Germany), there are actually 2 possible options:
1 - The keep the data in somevaults until it is so outdated it's no use anyway
2 - They analyse the relevant harddrive then have them disposed, just to turn up together with all the data on Ebay a few weeks/months later

Never attribute to malice what can be achieved by pure idocy

Re:Not copies

[something_wicked_thi]

RTFA. They wanted to find open access points for people to use when walking around with mobile phones and accidentally captured data as well as AP information.

Re:Not copies

[zuperduperman]

RTFA. They wanted to find open access points for people to use when walking around with mobile phones

Not quite - you should RTFA too. They want it for geolocation. And they couldn't care less if the AP is open or not - they just record enough info to uniquely identify it and map it's signal strength. They are certainly not planning to advertise the location of these open APs which would be somewhat alarming.

Re:Not copies

Exactly, and the net result is a pretty neat service that I personally am already enjoying on my Android mobile - being able to get relevant local information without having to pay costly mobile data prices. The valuable data is the location of your wireless device, they can't do anything with this other data, it was clearly a mistake and they're trying to find the best route to rectify it (I'm guessing they're prefer to delete it themselves to avoid all the "Google is complicit in giving all our data to government" rants). When did /. become less interested in how technology is used and more interested in fanning the fires of ignorant rants?

Re:Yea sure

[Psaakyrn]

Simple: by recording everything without verifying whether said data should be record. Capturing everything is easier than implementing filters, especially if storage space is not an issue.

Re:Yea sure

It's not that complicated. While purposely collecting MAC/SSID data, they accidentally also collected payload data.

Nothing to hide

[PotatoFiend]

No worries sharing the data since you've got nothing to hide, right Eric Schmidt? Oh, wait, you really don't have anything to hide -- the data you're handing over is on private wi-fi networks. Thanks for coughing it up to the gubmints, they (like Google) would never use that data for nefarious purposes.

Re:Nothing to hide

[perryizgr8]

Tell your friends it's Linux, not GNU/Linux!

ftfy

Re:Nothing to hide

[PotatoFiend]

Tell your friends it's Linux, not GNU/Linux!

ftfy

Yes, that's the satirical point. :)

Why is this still in the news?

[rm999]

People kept their networks open, Google gathered some probably useless information about them - presumably no more than 15 seconds worth in most cases (because it's a car driving by). Google has far more information on far more people from saved web searches/e-mails/etc. I'm tired of seeing these stories, I really don't care.

If European Governments are actually pursuing this, shame on them.

Re:Why is this still in the news?

[key.aaron]

Google has stated that their equipment changed channels 5 times a second. So there is no more than 0.2s of data on any one network. Good luck doing anything with that...

Re:Why is this still in the news?

[FreakyGreenLeaky]

No, not shame on them. Congrats to them for holding a powerful company accountable.

Idiots should have shut up

[Sean]

They should have just deleted the data and shut up about it. Why they went public is beyond me.

Re:Idiots should have shut up

[moronoxyd]

They were asked by German data protection officials what data they collected with their streetview cars.
First they said they didn't collect anything besides MAC addresses and SSID. Then they found the payload data.

Yes, they could have kept quiet... and thus lied to government officials.
What do you think would have happend if that came to light?

The data is potentially court evidence

[khchung]

To all who advocate deleting the data, repeat after me:

The data is potentially evidence in upcoming court cases.

Repeat this until it finally occurs to you that destroying evidence when you know it will likely wind up in court is a very bad idea. . Judges usually don't like defendents who destroy incriminating evidence, especially after the authorities already knew of it's existence and has asked for it to be turned over.

If I sneaked into your home and copied your diary, then put the copy in a safe. Then when the police found this out and asked for me to give the keys to them, the correct response is NOT to burn everything in the safe to "protect your privacy".

Re:The data is potentially court evidence

[arkenian]

The data is potentially evidence in upcoming court cases.

Yes, well, whether this is okay or not depends entirely on the court case, doesn't it? I think more than a few /.'ers are concerned that it may indeed be used for court cases, but not necessarily just cases against Google....

Re:The data is potentially court evidence

Repeat after me: What the government wants, and what is right, are not synonymous. I would much rather a random thief have my diary, and then destroy it, than for the government to ever lay their filthy paws on it.

"It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis

Re:The data is potentially court evidence

[xenocide2]

Ironically, the purpose of the law, as I understand it, is to prevent oppressive regimes from recruiting companies to collect information about the citizenry.

Re:The data is potentially court evidence

[Ultracrepidarian]

I wonder what Nixon would have said to this. I think it was his pride that kept him from destroying his tapes, and history might have turned out differently. Not better, just different.

Re:The data is potentially court evidence

But when you hand over the diary, the government is going to leaf through it page by page to hunt for crimes I committed. The just thing to do would be to destroy the copy and suck up the punishment. And if you don't want to do the latter, destroy it before making a fuss, and either keeping it quiet for as long as possible, or hope that you can blame the destruction on routine maintenance or lack of knowledge that the data was evidence, or whatever you hope will fly. Of course, you should have never copied the diary to begin with, but having copied it, it's your duty to destroy it before anyone else can get his dirty paws on it. And always remember: legal isn't the same as just.

Re:The data is potentially court evidence

[sosume]

No it isn't. Google is not allowed to sniff out this data (at least, in my country) and is not an investigative authority. Therefore this data is certainly not allowed in court. What if this wasn't Google but China Telecom?

"Sir, we convict you based on data a foreign company claims to have sniffed from your open wifi connection. Yes we know that we cannot verify its authenticity, and we cannot tell if it has been tampered with, but will convict you nevertheless."

Re:The data is potentially court evidence

[perkimon]

I think there is a lot more to this story than meets the eye. For instance I keep hearing that Google only collected a small amount of traffic on publicly announced SSID's. My first thought was that Google simply captured enough traffic to locate and list SSID's. My second thought was they had a 'collect now, analyse later' policy. Maybe they were hoping to find something interesting? I think the German government wants to know or at least get a chance, by looking at the data, to find out. If google did find out something interesting that's worth money surely they could remove the interesting parts from the data they hand over. So the German government get the light weight and safe version of the data. If this scenario happens I hope some genius at the German government has a way to detect it and proves that Google did collect something worth hiding.

Re:The data is potentially court evidence

[delinear]

But when you hand over the diary, the government is going to leaf through it page by page to hunt for crimes I committed. The just thing to do would be to destroy the copy and suck up the punishment. And if you don't want to do the latter, destroy it before making a fuss, and either keeping it quiet for as long as possible, or hope that you can blame the destruction on routine maintenance or lack of knowledge that the data was evidence, or whatever you hope will fly. Of course, you should have never copied the diary to begin with, but having copied it, it's your duty to destroy it before anyone else can get his dirty paws on it. And always remember: legal isn't the same as just.

What if, instead of copying the whole diary, he just copied a few random letters from each page and then hid them amongst the diaries of several hundred thousand other people, and didn't actually identify you other than to write down the name of the street the diary came from. Would you still be paranoid about the government getting their dirty paws on it? Because that's more akin to what happened here (apart from the original intent, I don't even believe Google intended to copy your data, and that must factor in at least a little in whether you think they should suck up the punishment or not).

At most they captured a random 20 second burst of your unencrypted, publicly shared data as their car drove past (and another commenter pointed out that, as they constantly switched channels, it was more likely 0.2 seconds continuous data). Unless they were incredibly lucky to capture you expressing your identity, there's nothing to tie this to you personally. They can tie it to an SSID, but they're non-unique, and if anyone claimed that was enough by itself to identify you in court, a competent lawyer would tear them to shreds. They then buried that tiny piece of meaningless data amongst 600GB of other data. Now, let's assume they do what you say and refuse to hand that data over to the government - assuming the data is as useless as it would appear, they'll be slapped with a huge fine for an honest mistake that resulted in no harm to anyone. Is that your idea of just? What if they refuse to hand over the data, suck up the punishment, and set a precedent for a more underhand company to park a van outside your house for a week recording your data. Would you be glad that you'd told your government you were happier for this data to be in the hands of companies and to just hand out a punishment but leave them with the data?

And always remember: righteous indignation isn't the same as right.

Made a backup copy first no doubt

I doubt they spent the last few weeks torturing themselves about what to do. No doubt some Google employee, being a smart and independent thinker, has done the right thing, and backed up the whole data set for future reference.

Don't do it!

[BLeyten]

I think it's ridiculous that people (or governments) have a problem with Google logging where they find and open WiFi connection. I personally think it would be nice if I could Google to find a WiFi hotspot. Shame on those that don't secure their home wireless connections, that's not Googles fault!! This also seems especially bad for Germans. I recall reading recently that Germany was going to fine anyone with unsecured WiFi connections, this should make it simple to find the "offenders".

Re:Don't do it!

I recall reading recently that Germany was going to fine anyone with unsecured WiFi connections, this should make it simple to find the "offenders".

Someone else did it over my WLAN is just not a proper legal defense anymore.

If you secured your router badly, and someone else did illegal stuff over your
account, you are charged a misdemeanor charge of 100€ or less, but are not
responsible for what the offender did. That's what the court said.

Silly Google...

They should've called it StreetView BETA.

Great. As someone living in Germany...

...I sure don't trust Google with my data. But at the moment I trust my government even less. Both of them... oh fuck.

let's be clear WHY they stalled

[yyxx]

Google has been reluctant to hand over this data because it's not clear that governments should have access to this kind of data. If this really represents private data, as the governments contend, the government has no right to access it either, since the contents of the packets are not necessary for determining what Google did.

Re:let's be clear WHY they stalled

[zuperduperman]

Yes, it is a nice illustration of the double standard that the government is applying. I would like to now see a class action against the government(s) to sue *them* for breach of privacy. Then they would have to either go to court and argue it wasn't a privacy breach (in doing so admitting that what Google did wasn't that bad) or go to court and admit they are even worse privacy breachers than Google (since Google did it accidentally, while they pursued it intentionally).

Re:let's be clear WHY they stalled

[cjjjer]

No let's be clear, Google is reluctant because it's Google's data and they don't want anyone (gov, private or public) to have access to any raw data they harvest regardless what it may be needed for.

Case in point:
Right now Google is planning to use SSL when you use its search engines. Effectively making the referrer http header obsolete and screwing up other "Web Metric" companies since they no longer will be able to track keywords from Google. See Google's encrypted search casts shadow on web analytics

Re:let's be clear WHY they stalled

[yyxx]

No let's be clear, Google is reluctant because it's Google's data and they don't want anyone (gov, private or public) to have access to any raw data they harvest regardless what it may be needed for.

The data they collected is clearly useless and of no commercial value to them or anybody else. And from a commercial point of view, they couldn't care less about whether the government gets their data or not. But they don't want their customers to get the idea that they are effectively a government spy agency.

The culprit here is the German government going on data fishing expeditions and doing exactly what privacy advocates are most concerned about: governments pressuring private companies to release personal data to them.

Dwarf

Remember that day you came home drunk and typed "dwarf porn" into a search engine?

Well, the government does.

What makes you think every ISP doesn't have a black-box monitoring system in place by the government anyways?

no issues

[chibiace]

i dont see what the problem is. the data is freely being broadcast onto the street, sure they could pass laws saying that you shouldnt profit from such data but people already do. most routers have an option not to broadcast the id anyway.

Comment removed

[account_deleted]

Comment removed based on user account deletion

RTFA

[dangitman]

Now google drives a car down the streets and collects your publicly visible information (SSID) and you complain again that they should not be collecting private data?

Except that Google wasn't just recording SSID data, it was also collecting data that traveled through those access points. Doesn't anybody bother to find out basic facts before commenting anymore?

Re:RTFA

[sahonen]

How exactly is data which is transmitted to the public airwaves by you any different than an SSID which is transmitted into the public airwaves by a router? If you transmit information unencrypted in an extremely widely known modulation scheme, where exactly is the expectation of privacy in doing so? It's like complaining that someone wrote down something you yelled in the middle of Times Square.

Re:RTFA

What's your point - the data was not encrypted. If you don't give a shit about your privacy and are happily broadcasting it out to the world then you'v lost your right to cry about when the inevitable happens. If my dad can encrypt his network then almost anybody can.

Re:RTFA

What's your point? The GP's point is that they were collecting public data. That data traveling through the APs is public in a sense, since it is broadcasted. Were they breaking the encryption and storing that also?

Re:RTFA

[dangitman]

How exactly is data which is transmitted to the public airwaves by you any different than an SSID which is transmitted into the public airwaves by a router?

Do you need an education in computing/network technology? The SSID is broadcasted with the intent of clients being able to find and connect to the access point. The data that is transferred over that access point is not intended to be broadcast as a means of finding an access point.

If you transmit information unencrypted in an extremely widely known modulation scheme, where exactly is the expectation of privacy in doing so?

There isn't any in most countries, but how doers that make it exactly the same as an SSID?/p

Re:RTFA

[thegarbz]

Why does the purpose of the transmission even matter? An SSID sent to announce the location of the access point vs data transmitted over the exact same frequency in an equally unencrypted way would have the same right to privacy. In this case none.

You could equally put up a billboard in you front yard saying:

"Hey Neighbour"
"You owe me $10. Everyone else you shouldn't read this. This is a private message"

And when the google street car snaps a picture on the way past from a public street recording only the things that anyone else could see driving past, is it still a private message?

Re:RTFA

[dangitman]

Why does the purpose of the transmission even matter?

I was responding to the question "how is it any different" with a comment about how it is different. The question of privacy is a different matter.

Re:RTFA

So if I get a SMS on my mobile and you read it by rubbernecking, it is perfectly okay as I am not running home to lock myself in a room with no windows so that I will be able to read that SMS in hopefully full privacy?

Expected privacy is that we hope that most people around us will respect our privacy, so we will return that respect. OF course, if we should not expect privacy I guess we should never show respect for privacy of others. Sounds like a lovely society.

In a society like that most of us will probably become even more selfish, but when we understand we have no privacy, paranoia kicks in and we will most likely not trust anyone around us.

And why stop at privacy? Why not also let common courtesy go down the drain too?
Maybe next time I read a similar comment like yours somewhere I should just write some thing like: "STFU you FM! You are wrong! I hate you! AAARRRGHHHH!!!!" Because why should you expect common courtesy and respect in an online forum where people can post anonymously?

Re:RTFA

I agree, if you're going to leave your AP unencrypted, you better be willing to accept the free internet leaches, and the people whom may packet sniff all the traffic as well.

In my opinion, unencrypted wifi is the equivalent to 2 neighbors sitting on the roofs of their houses and using bullhorns to communicate, there's no expectation of privacy everyone many houses away will be able to hear your conversation

Re:RTFA

[Schadrach]

OK, so if I play a message in Morse code across a loudspeaker, then I should expect absolute privacy in the conversation, as it should be appropriately illegal for anyone whom I haven't explicitly permitted to listen to pay attention to listen to it, right?

Re:RTFA

[delinear]

That's your opinion. The law, on the other hand, clearly states that this kind of data can't be collected. Now I don't believe Google intentionally did anything wrong, and I do agree that if you want privacy you should secure your communications, but the law still has to be followed which means Google still have to give up the data. I honestly don't even see what the story is here - Google accidentally collects some pretty useless data, they do an internal audit ahead of an EU audit and notice this, they come out and admit it, the government says they have to hand over the data under data protection laws and that's what they do. I don't see anything hear to drive the conspiracy theorists on either side into a frenzy, but maybe I'm just not trying hard enough - I admit it is a nice, sunny friday afternoon so I'm finding it difficult to get angried up :)

Re:RTFA

[delinear]

If you don't lock your door then you obviously don't care about your possessions, but it's still a crime for me to come in and take them. They broke the rules (intentionally or not) and now they're complying with the consequences. Move along, nothing to see.

Re:RTFA

[kellyb9]

This was on entirely unencrypted, unprotected networks. It's like opening up the window and shouting your information into the street.

Re:RTFA

[Blue+Stone]

It's like waking round town with your fly undone and your penis hanging out and complaining about all the 'voyeurs' and 'peeping toms'.

Re:RTFA

Doesn't anybody bother to find out basic facts before commenting anymore?

You must be new here...

Re:RTFA

[Penguinoflight]

Somebody posting at 2 points should know better than to make stupid incorrect analogies like that. Broadcasting unencrypted WiFi is more like leaving your furniture on the front lawn, or even on the curb with a "please take" sign. Even so, your communications aren't being stolen, they're simply being recorded. That's the real issue here, governments love recording citizens, but when someone else does it they feel jealous. That's why google is being ordered to hand over the data instead of being fined.

How dare they!

[trapni]

Shame on Germany's Government and all the others to even think about demanding the Wi-Fi data.
Whilst I believe, that "accidentally collecting Wi-Fi data while catpuring street-view images" is practically impossible, no one has the right to have the data.

Google, just rm -rf the data already!

Re:How dare they!

Google, just rm -rf the data already!

Problem is, the court told them to do it.

Since when does German government care about what's allowed and what's not allowed? Remember few months ago? They bought stolen data from Switzerland's banks containing account numbers and transactions?

You live in the US, right ?

data protection authority did more for our privacy than you would imagine. We have for example in europe a right to examine, or change or remove record on ourselves from any firms. Or the ability of firm to gather data is seriously limited. You have not the slightest idea what the Datenschuetztbehoerde is about. But congrat on getting modded up by simply rehashing a US prejudice.

things are very wrong

[perryizgr8]

when i trust google more than the government. what is the eu going to do with the data? isn't the best thing to destroy it? yes it was terribly weong of google to collect it, so punish them. fine them heavily so they won't do it again. but what is the point of handing it over to the govt?

Sharepoint at the Evidence, Your Honor

Since it hit a nerve, we try again: What, then, is your take on M$ Exchange and M$ Sharepoint? Both are used to mung and destroy data that is potentially evidence in upcoming court cases.

Judges usually don't like defendants who destroy incriminating evidence, but we have here two packages that only get deployed when data loss is a goal or at least a desired side effect. Neither product is quite like a digital Ollie North, but do lose, mangle or destroy enough files and messages far and beyond providing plausible deniability to cover unscrupulous behavior.

"The dog^H^H^HBill's Sack O Shite ate the evidence your Honor. Sorry 'bout that, your Honor. Yes, your Honor, the missing files just happen to include every last one required by the Court. Sorry 'bout that, your Honor, nothing we coulda done, ya see."

and now?

All we need is a ethernet jack in the bathroom.

Re:In Europe, this makes sense

Well, this highlights an interesting cultural difference between the US and Europe that can often be observed:

1) In the US, people tend to trust companies more than the government
2) In Europe, people tend to trust the government more than companies

Gemermans

[ThatsNotPudding]

I assume the German government really just wants the list of open wi-fi networks to accelerate their collection of fines.
3. Profit!

I don't feel any better when our government...

[w4rl5ck]

... has a *COPY* of this data.

But well, that's the modern world, or something.

'secretly collected'?

[synthesizerpatel]

Saying that google 'secretly collected' wirelessly transmitted data that people were broadcasting is like saying I 'secretly' hear people when they stand in front of me and talk.

Getting worse

[space_hippy]

Still not as bad as the state of New Mexico, where you can be convicted and go to jail for driving "impaired" based solely on the officers "expert" opinion.
No breathalyzer.
No blood test.
You don't even have to fail the field sobriety test. All up to the police officers expert opinion. Some judges are convicting these cases when they should be tossed out.

The burden of proof is shifting to the defendant, not good in my opinion.

Re:Getting worse

[cdrguru]

There are many, many ways to be "impaired" and not all of them can be proven with a blood test.

Heck, driving while texting is a form of "impairment".

You do not get to drive a multi-ton vehicle capable of inflicting serious bodily harm without being able to devote 100% of your attention to doing so. If, in the opinion of an experienced observer, you aren't driving in a manner that indicates you are in complete control of the vehicle, absolutely you deserve a ticket.

Re:Getting worse

[Johann+Lau]

What does what you said have to do with anything?

"The burden of proof is shifting to the defendant"

How so? You're implying they have been convicted as guilty of something because they could not prove otherwise, which isn't really the case. Your lots of words typing out that anecdote about drivers in New Mexico, and none to point out how that anecdote is connected to this case.

Re:Getting worse

> Heck, driving while texting is a form of "impairment".

Yes, but it doesn't result in being incarcerated.

here we go again...

[Johann+Lau]

Oh no, that evil government is at it again, hurting the butterflies made from love and light that are corporations....

"What has been created by this half century of massive corporate propaganda is what's called "anti-politics". So that anything that goes wrong, you blame the government. Well okay, there's plenty to blame the government about, but the government is the one institution that people can change... the one institution that you can affect without institutional change. That's exactly why all the anger and fear has been directed at the government. The government has a defect - it's potentially democratic. Corporations have no defect - they're pure tyrannies. So therefore you want to keep corporations invisible, and focus all anger on the government. So if you don't like something, you know, your wages are going down, you blame the government. Not blame the guys in the Fortune 500, because you don't read the Fortune 500. You just read what they tell you in the newspapers... all you know is that the bad government's doing something, so let's get mad at the government."

--- Noam Chomsky

Re:here we go again...

Sounds like your tinfoil hat is leaking.

When the population get buttfucked by the likes of the recording industry on a weekly basis it's not that much of a stretch to imagine how data like this could be misused if even more people gained access to it.

Re:here we go again...

[Johann+Lau]

"Sounds like your tinfoil hat is leaking."

sounds you don't like something in that post but aren't able to address it. try again.

"When the population get buttfucked by the likes of the recording industry on a weekly basis it's not that much of a stretch to imagine how data like this could be misused if even more people gained access to it."

when I post something that doesn't speculate at ALL, my tinfoil hat is leaking, but when you say that because the recording industry fucks over people, those governments surely must do, which is not just speculation, but totally non-sequitur to boot, that is not ironic to you at all haha?

the recording industry = private enterprise. the OP seemed to imply that the government has evil agendas by definition, while private corporations are of course just fine...

so what you said actually kinda supports MY point, namely that law enforcement is job of the government and the government is at least potentially by us and for us, while corporations even by definition aren't.

so yeah, try again.

What About Encrypted Data?

It isn't hard at all to crack WEP and WPA, I wonder how many vulnerable WEP packets were recorded too... Or WPA handshakes.... There may be plenty more information that they shouldn't get their hands on... When they mention all the data that they 'accidentally' collected is it just what is in clear text?

Amend

I would amend his statement with, ``I trust Google more that Google more than Google AND the German government.''

Re:Yea sure

[delinear]

Exactly - if they seriously wanted to capture and use this data, they'd park the streetview car outside your house long enough to capture all kinds of interesting data, they wouldn't just drive up the street and hope that the 20 seconds that they were connected to your WiFi just happened to be the moneyshot. Even assuming there'd be some useful data amongst the 600GB collected, it would be so expensive to wade through all the crap to get it, what would be the point, so they could show people in your neighbourhood a slightly more relevant ad?

not good for you

[Johann+Lau]

I don't trust you. Really. (I'm speaking as a German citizen)