Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Relents, Will Hand Over European Wi-Fi Data

Posted by timothy on from the at-least-we-know-the-govts-won't-abuse-it dept.

itwbennett writes "Having previously denied demands from Germany that the company turn over hard drives with data it secretly collected from open wireless networks over the past three years, Google has reversed course. A Google representative said that it will hand over the data to German, French, and Spanish authorities within a matter of days, according to the Financial Times, which first reported this latest development on Wednesday. 'We screwed up. Let's be very clear about that,' Google CEO Eric Schmidt told the newspaper."

22 of 214 comments (clear)

  1. Great by lennier1 · · Score: 4, Insightful

    They're opening up a whole warehouse full of cans of worms by handing the data over to a government with plenty of agendas instead of destroying it.

    1. Re:Great by Third+Position · · Score: 4, Insightful

      True. But they opened the first can of worms by collecting it in the first place.

      --
      American Third Position
      Finally, a real choice!
    2. Re:Great by Cyberllama · · Score: 3, Insightful

      This is not useful information even for Google. Their software was constantly switching frequencies so we're talking about less than a seconds worth of packets for any given network.

      What are they gonna do with that?

      "Well, Ted, based off this TCP_ACK I'm seeing here, I think we can safely conclude that this Fred Morgan of 123 Anystreet is gay. Wouldn't you agree?"

      "Sure is Bob, that's the queerest TCP_ACK I've ever seen."

      They don't want this crap. They can't monetize that. They *want* to delete it. They want to have never captured it in the first place, but sadly that ship has sailed. If they delete it, they'll be charged with destroying evidence or whatever the equivalent crime is in the various European jurisdictions in question. One dumb careless mistake has grown a life of it's own.

    3. Re:Great by thegarbz · · Score: 5, Insightful

      Only for those of you who apply all your thoughts on privacy entirely inconsistently.

      Few months ago on slashdot someone published a list of every wifi hotspot on their train line. Where was the uproar then? Cops want to reserve the right no to be photographed in public, and people complain (rightfully so) that what they do in public should be recordable with no recourse. Now google drives a car down the streets and collects your publicly visible information (SSID) and you complain again that they should not be collecting private data?

      How come every ideal on slashdot is applied so haphazardly? Make a choice people. Should something that anyone can see from your street be private, or public?

      As a side note, how many people complaining about Google's collection of wireless information actually bothered to uncheck that little box that says "Broadcast SSID"?

    4. Re:Great by LordKronos · · Score: 2, Insightful

      I swear, I hate when people like you try to be so clever...."so inadvertant that they even applied for a patent on it". Try not to get involved in the discussion if you haven't an understanding of what you are talking about, because you sound like you are just trolling. Google's patent is all about identifying devices and their location. That can be based off of some very simple data which is broadcast by the access point and does NOT require looking at full TCP/IP communications of connected users.

      On my ipod touch, I used to have an app call WiFinder (until the Apple bastards started rejecting the app and it stopped working with the new OS). It would show you all of the wireless networks nearby and display a signal strength for each one. Just by simply walking from one end of my house to the other and checking the signal strength, I was able to get a rough estimate about which direction each signal was coming from. Had I repeated this process up and down the street I could have probably determined with a decent level of accuracy where each wifi network was originating. And all that was without me snooping in on peoples HTTP sessions and such. In fact, snooping on such data would be virtually useless to the goal of locating the access point (unless you just happened to snoop on somebody filling out a non-SSL form that contained address info or something)

    5. Re:Great by yyxx · · Score: 3, Insightful

      Not in Germany.

      Yes, even in Germany taking street photographs and collecting packet radio data was legal in the past.

      Whether recording unencrypted WLAN packets is or is not legal today has been a legally gray area. It depends on whether one considers such data "private" or not. That question is now being settled in a wave of anti-Google and anti-American hysteria.

      What purpose is being served by this is unclear. If you run an unprotected WLAN in Germany, you are probably running afoul of both data protection and copyright laws already.

      Google is large enough to be able to get legal advice for other countries before running a massive data collection operation there.

      They did. The data they actually intended to collect conforms with German law. They spent months talking to German data protection czars about that.

      They simply screwed up and unintentionally collected additional data, and for that they are being crucified.

      The whole uproar has nothing to do with privacy or data protection, it's simple hysteria and political and corporate opportunism. Actual German data protection is atrocious.

    6. Re:Great by yyxx · · Score: 2, Insightful

      I'm sure the whole "being forced to hand it over to the government" thing is being blown out of all proportion, too. More likely Google realised their mistake (or had it pointed out to them), offered to destroy the data to which the government informed them the standard procedure is that they have to hand the data over to ensure it is properly dealt with, then Google go off, check the legal position, come back and agree. But of course, such a reasonable state of affairs wouldn't sell clicks on news sites or provide fodder for conspiracy theorists...

      But it is not reasonable for a supposedly democratic government to be able to obtain 600 Gbytes of private data just because some government bureaucrat says that it is "standard procedure". Private data should only be handed to the government based on a court order, for specific, well-defined, well-articulated purposes.

      This is a big deal and it is unacceptable; it's the kind of thing that happens in police states.

      I suspect both the German data protection official and Google will face legal problems over this transfer of data.

  2. Meta Screwup? by Psaakyrn · · Score: 3, Insightful

    Ok, so which is the screwup, not giving the data, or the giving up of data?

    1. Re:Meta Screwup? by JaredOfEuropa · · Score: 4, Insightful

      The big screwup is getting caught at collecting it.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  3. Google screwed up... by MindlessAutomata · · Score: 3, Insightful

    ...so now people's personal data is now in the hands of the relevant governments. I'm not sure this helps the situation.

    1. Re:Google screwed up... by adolf · · Score: 2, Insightful

      I approach the whole thing with a big "meh."

      The common Slashdot mindsets of "teh Gubament shouldn't have that data!!" and "if they didn't want anyone to see it, folks should've encrypted it!!" are not mutually exclusive.

      Fact is, if the government(s) really wanted to sniff cleartext data broadcast via Wifi, they'd be doing it. In fact, I'd be very surprised if they haven't been sniffing things for a long time.

      So if someone else happens to gather up some cleartext data by accident, and the government(s) demand it to be delivered to them, all I can say is this: Gosh, folks. As far as we can tell, WPA2 with AES is plenty safe at the moment, and you're a fool if you're using neither that nor some other form of encryption. And while I don't think that the government(s) should be able to do demand that the data be turned over to them, it is rather in-keeping with the general rule of things: When the government learns that you have a pile of stuff that doesn't belong to you, do they simply ask you to destroy it? No! They take it away.

      Meanwhile, I've been doing a lot of wardriving for a while, recording SSIDs, BSSIDs, and GPS coordinates on my Droid, just because it's interesting to me. Even in the short time (half a year, or so) that I've been doing this, I've seen a big increase in encryption usage in my area. This is a Good Thing, An important unintended side-effect of stories about this Google oops is that they will certainly help keep the trend toward encryption moving.

      --
      Kid-proof tablet..
  4. Re:Destroy? by Psaakyrn · · Score: 2, Insightful

    Only works if you can unsee said information.

  5. at the end of the day... by powerspike · · Score: 3, Insightful

    Really i don't see a problem with what google did, apparently it was only open networks etc, having an open wireless device in your house would be like not having curtains on your windows, if your not going to "stop" people from looking in, you've got nothing to complain about. If they were only taking samples, there shouldn't be much of an issue, because you where broadcasting the data to the public anyway...

    1. Re:at the end of the day... by grantek · · Score: 2, Insightful

      This isn't walking into someone's house through an open door, it's taking photos from the street, and I have no idea why people thing it's different to Street View - as GP said if there's no curtains on your windows people will be able to see in.

    2. Re:at the end of the day... by yyxx · · Score: 3, Insightful

      Wardriving is something people did (and do?) for the fun of it, it's not major corporations doing it on a massive scale to collect data on people,

      But other corporations have done this as well.

      it's illegal too btw in some countries.

      It shouldn't be. If you broadcast unencrypted packet, people shouldn't be thrown in jail for receiving them.

  6. Re:Yea sure by Psaakyrn · · Score: 2, Insightful

    Simple: by recording everything without verifying whether said data should be record. Capturing everything is easier than implementing filters, especially if storage space is not an issue.

  7. Why is this still in the news? by rm999 · · Score: 3, Insightful

    People kept their networks open, Google gathered some probably useless information about them - presumably no more than 15 seconds worth in most cases (because it's a car driving by). Google has far more information on far more people from saved web searches/e-mails/etc. I'm tired of seeing these stories, I really don't care.

    If European Governments are actually pursuing this, shame on them.

  8. Re:The data is potentially court evidence by arkenian · · Score: 2, Insightful

    The data is potentially evidence in upcoming court cases.

    Yes, well, whether this is okay or not depends entirely on the court case, doesn't it? I think more than a few /.'ers are concerned that it may indeed be used for court cases, but not necessarily just cases against Google....

  9. Re:Whatever for? by alfredos · · Score: 2, Insightful

    Usually that would mean sending someone to have a look and see and perhaps sample the data. It's how they go about our IRS equivalent, social services, workplace safety, and about any situation where the Gov't needs to inspect something. TFA says originally Hamburg wanted about that - access to a hard drive and to a Street View car; note the singular. However, now they are talking about giving "the data", not about letting the authorities inspect it. Too fuzzy for my liking.

    Funny, by the way, how Google wondered about the legality of having its data inspected by the data protection authority. "We screwed up" is the only adequate and honest thing for them to say after that. It's not without merit, because what other big company would?

  10. Re:The data is potentially court evidence by Anonymous Coward · · Score: 2, Insightful

    Repeat after me: What the government wants, and what is right, are not synonymous. I would much rather a random thief have my diary, and then destroy it, than for the government to ever lay their filthy paws on it.

    "It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis

  11. Re:Whatever for? by yyxx · · Score: 4, Insightful

    Funny, by the way, how Google wondered about the legality of having its data inspected by the data protection authority.

    Nothing "funny" about it; they probably have good lawyers, lawyers who advised them that handing over the data to the "data protection authority" without a court order may itself constitute a violation of German privacy laws.

    Usually that would mean sending someone to have a look and see and perhaps sample the data.

    Or it might mean that the "data protection authority" goes on a massive data mining quest to identify file sharers, pornographers, and anybody who runs an open WLAN, and then charges all of those people with breaking the law. They couldn't drive around collecting that data themselves, but they can obtain it from Google. Probably it doesn't mean that in this specific case, but it sets a bad precedent.

    Think about it: if you were a government intent on violating people's privacy, what would be the best place to do it? That's right: the "data protection authority", armed with a legal right to request and inspect anybody's data without a court order, just to look for more "data protection violations".

  12. Re:RTFA by sahonen · · Score: 3, Insightful

    How exactly is data which is transmitted to the public airwaves by you any different than an SSID which is transmitted into the public airwaves by a router? If you transmit information unencrypted in an extremely widely known modulation scheme, where exactly is the expectation of privacy in doing so? It's like complaining that someone wrote down something you yelled in the middle of Times Square.

    --
    Make me a friend and I'll mod you up