Google Relents, Will Hand Over European Wi-Fi Data

itwbennett writes "Having previously denied demands from Germany that the company turn over hard drives with data it secretly collected from open wireless networks over the past three years, Google has reversed course. A Google representative said that it will hand over the data to German, French, and Spanish authorities within a matter of days, according to the Financial Times, which first reported this latest development on Wednesday. 'We screwed up. Let's be very clear about that,' Google CEO Eric Schmidt told the newspaper."

Great

[lennier1]

They're opening up a whole warehouse full of cans of worms by handing the data over to a government with plenty of agendas instead of destroying it.

Re:Great

[Third+Position]

True. But they opened the first can of worms by collecting it in the first place.

Re:Great

[micksam7]

They opened the can of worms by announcing that they had collected it. If they stayed silent, and shredded the data quietly, they'd probably wouldn't be in this mess and no one would have known they ever did it. Google instead has been trying to make this situation 'right' by being transparent about it, and no one gives a crap about it. The governments certainly are going to grab that data, use it as evidence to prosecute Google, and keep it around for ~other reasons~ for years upon years.

Re:Great

[orkysoft]

They could have announced it after they destroyed it.

Re:Great

[Cyberllama]

This is not useful information even for Google. Their software was constantly switching frequencies so we're talking about less than a seconds worth of packets for any given network.

What are they gonna do with that?

"Well, Ted, based off this TCP_ACK I'm seeing here, I think we can safely conclude that this Fred Morgan of 123 Anystreet is gay. Wouldn't you agree?"

"Sure is Bob, that's the queerest TCP_ACK I've ever seen."

They don't want this crap. They can't monetize that. They *want* to delete it. They want to have never captured it in the first place, but sadly that ship has sailed. If they delete it, they'll be charged with destroying evidence or whatever the equivalent crime is in the various European jurisdictions in question. One dumb careless mistake has grown a life of it's own.

Re:Great

They opened the can of worms by announcing that they had collected it. If they stayed silent, and shredded the data quietly, they'd probably wouldn't be in this mess and no one would have known they ever did it. Google instead has been trying to make this situation 'right' by being transparent about it, and no one gives a crap about it. The governments certainly are going to grab that data, use it as evidence to prosecute Google, and keep it around for ~other reasons~ for years upon years.

eh.. you do know that they only announced this after governments in Europe requested to audit their data collection in general? The ball was already rolling on this, and they were smart in rolling with it. But this was not something Google just announced out of the blue on their own without outside pressure.

And Google has a patent pending on the method they used to collect this data.. Accident my ass.

Re:Great

[thegarbz]

Only for those of you who apply all your thoughts on privacy entirely inconsistently.

Few months ago on slashdot someone published a list of every wifi hotspot on their train line. Where was the uproar then? Cops want to reserve the right no to be photographed in public, and people complain (rightfully so) that what they do in public should be recordable with no recourse. Now google drives a car down the streets and collects your publicly visible information (SSID) and you complain again that they should not be collecting private data?

How come every ideal on slashdot is applied so haphazardly? Make a choice people. Should something that anyone can see from your street be private, or public?

As a side note, how many people complaining about Google's collection of wireless information actually bothered to uncheck that little box that says "Broadcast SSID"?

Re:Great

[KDR_11k]

And why should they? Historically, collecting pictures and wireless transmissions in public has been legal.

Not in Germany. Google is large enough to be able to get legal advice for other countries before running a massive data collection operation there.

Re:Great

[LordKronos]

I swear, I hate when people like you try to be so clever...."so inadvertant that they even applied for a patent on it". Try not to get involved in the discussion if you haven't an understanding of what you are talking about, because you sound like you are just trolling. Google's patent is all about identifying devices and their location. That can be based off of some very simple data which is broadcast by the access point and does NOT require looking at full TCP/IP communications of connected users.

On my ipod touch, I used to have an app call WiFinder (until the Apple bastards started rejecting the app and it stopped working with the new OS). It would show you all of the wireless networks nearby and display a signal strength for each one. Just by simply walking from one end of my house to the other and checking the signal strength, I was able to get a rough estimate about which direction each signal was coming from. Had I repeated this process up and down the street I could have probably determined with a decent level of accuracy where each wifi network was originating. And all that was without me snooping in on peoples HTTP sessions and such. In fact, snooping on such data would be virtually useless to the goal of locating the access point (unless you just happened to snoop on somebody filling out a non-SSL form that contained address info or something)

Re:Great

[yyxx]

Not in Germany.

Yes, even in Germany taking street photographs and collecting packet radio data was legal in the past.

Whether recording unencrypted WLAN packets is or is not legal today has been a legally gray area. It depends on whether one considers such data "private" or not. That question is now being settled in a wave of anti-Google and anti-American hysteria.

What purpose is being served by this is unclear. If you run an unprotected WLAN in Germany, you are probably running afoul of both data protection and copyright laws already.

Google is large enough to be able to get legal advice for other countries before running a massive data collection operation there.

They did. The data they actually intended to collect conforms with German law. They spent months talking to German data protection czars about that.

They simply screwed up and unintentionally collected additional data, and for that they are being crucified.

The whole uproar has nothing to do with privacy or data protection, it's simple hysteria and political and corporate opportunism. Actual German data protection is atrocious.

Re:Great

[yyxx]

I'm sure the whole "being forced to hand it over to the government" thing is being blown out of all proportion, too. More likely Google realised their mistake (or had it pointed out to them), offered to destroy the data to which the government informed them the standard procedure is that they have to hand the data over to ensure it is properly dealt with, then Google go off, check the legal position, come back and agree. But of course, such a reasonable state of affairs wouldn't sell clicks on news sites or provide fodder for conspiracy theorists...

But it is not reasonable for a supposedly democratic government to be able to obtain 600 Gbytes of private data just because some government bureaucrat says that it is "standard procedure". Private data should only be handed to the government based on a court order, for specific, well-defined, well-articulated purposes.

This is a big deal and it is unacceptable; it's the kind of thing that happens in police states.

I suspect both the German data protection official and Google will face legal problems over this transfer of data.

Re:Great

[Cyberllama]

It's not a gold mine to anyone. We're talking about 600 gigabytes of packets over 6 years. Not nearly as much as they could have collected had this been done intentionally. This is a trivial amount of data that could easily go unnoticed by Google. This would fit entirely on one hard drive with plenty of room to spare.

Now ask yourself, if the Street View car drives by your house and at that exact moment you're using the internet, how likely is it to be something unencrypted and sensitive? Emails take a split second to download, and the street view car is only listening for a split second. The timing would have to be a 1 in a million shot.

If I download, on a given day, 3 megabytes worth of webpages, 100 kilobytes worth of Email, and 50 megabytes worth of gaming, 300 megabytes worth of netflix streaming, 1 gigabyte worth of bittorrent -- ask yourself what are the odds that the street view car gets a slice of that 100 kb instead of something else completely useless to anyone?

So yeah, we have like 600 gigabytes, of which maybe a few hundred megabytes might actually be sensitive plain text information at best -- and even then you're not getting all of it, just fractional bits. Spread out over 6 years, you think this tiny trickle of single tiny pieces of peoples emails, half of which probably went through gmail anyways, is something Google is willing to break the law to get?

Seriously. What the hell do you think Google wants with this? Take the tinfoil hat off and THINK.

Meta Screwup?

[Psaakyrn]

Ok, so which is the screwup, not giving the data, or the giving up of data?

Re:Meta Screwup?

[JaredOfEuropa]

The big screwup is getting caught at collecting it.

Google screwed up...

[MindlessAutomata]

...so now people's personal data is now in the hands of the relevant governments. I'm not sure this helps the situation.

Re:Google screwed up...

[adolf]

I approach the whole thing with a big "meh."

The common Slashdot mindsets of "teh Gubament shouldn't have that data!!" and "if they didn't want anyone to see it, folks should've encrypted it!!" are not mutually exclusive.

Fact is, if the government(s) really wanted to sniff cleartext data broadcast via Wifi, they'd be doing it. In fact, I'd be very surprised if they haven't been sniffing things for a long time.

So if someone else happens to gather up some cleartext data by accident, and the government(s) demand it to be delivered to them, all I can say is this: Gosh, folks. As far as we can tell, WPA2 with AES is plenty safe at the moment, and you're a fool if you're using neither that nor some other form of encryption. And while I don't think that the government(s) should be able to do demand that the data be turned over to them, it is rather in-keeping with the general rule of things: When the government learns that you have a pile of stuff that doesn't belong to you, do they simply ask you to destroy it? No! They take it away.

Meanwhile, I've been doing a lot of wardriving for a while, recording SSIDs, BSSIDs, and GPS coordinates on my Droid, just because it's interesting to me. Even in the short time (half a year, or so) that I've been doing this, I've seen a big increase in encryption usage in my area. This is a Good Thing, An important unintended side-effect of stories about this Google oops is that they will certainly help keep the trend toward encryption moving.

Re:Destroy?

[Psaakyrn]

Only works if you can unsee said information.

at the end of the day...

[powerspike]

Really i don't see a problem with what google did, apparently it was only open networks etc, having an open wireless device in your house would be like not having curtains on your windows, if your not going to "stop" people from looking in, you've got nothing to complain about. If they were only taking samples, there shouldn't be much of an issue, because you where broadcasting the data to the public anyway...

Re:at the end of the day...

[grantek]

This isn't walking into someone's house through an open door, it's taking photos from the street, and I have no idea why people thing it's different to Street View - as GP said if there's no curtains on your windows people will be able to see in.

Re:at the end of the day...

[yyxx]

Wardriving is something people did (and do?) for the fun of it, it's not major corporations doing it on a massive scale to collect data on people,

But other corporations have done this as well.

it's illegal too btw in some countries.

It shouldn't be. If you broadcast unencrypted packet, people shouldn't be thrown in jail for receiving them.

Re:Yea sure

[Psaakyrn]

Simple: by recording everything without verifying whether said data should be record. Capturing everything is easier than implementing filters, especially if storage space is not an issue.

Why is this still in the news?

[rm999]

People kept their networks open, Google gathered some probably useless information about them - presumably no more than 15 seconds worth in most cases (because it's a car driving by). Google has far more information on far more people from saved web searches/e-mails/etc. I'm tired of seeing these stories, I really don't care.

If European Governments are actually pursuing this, shame on them.

Re:Why is this still in the news?

[key.aaron]

Google has stated that their equipment changed channels 5 times a second. So there is no more than 0.2s of data on any one network. Good luck doing anything with that...

The data is potentially court evidence

[khchung]

To all who advocate deleting the data, repeat after me:

The data is potentially evidence in upcoming court cases.

Repeat this until it finally occurs to you that destroying evidence when you know it will likely wind up in court is a very bad idea. . Judges usually don't like defendents who destroy incriminating evidence, especially after the authorities already knew of it's existence and has asked for it to be turned over.

If I sneaked into your home and copied your diary, then put the copy in a safe. Then when the police found this out and asked for me to give the keys to them, the correct response is NOT to burn everything in the safe to "protect your privacy".

Re:The data is potentially court evidence

[arkenian]

The data is potentially evidence in upcoming court cases.

Yes, well, whether this is okay or not depends entirely on the court case, doesn't it? I think more than a few /.'ers are concerned that it may indeed be used for court cases, but not necessarily just cases against Google....

Re:The data is potentially court evidence

Repeat after me: What the government wants, and what is right, are not synonymous. I would much rather a random thief have my diary, and then destroy it, than for the government to ever lay their filthy paws on it.

"It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis

Re:Whatever for?

[alfredos]

Usually that would mean sending someone to have a look and see and perhaps sample the data. It's how they go about our IRS equivalent, social services, workplace safety, and about any situation where the Gov't needs to inspect something. TFA says originally Hamburg wanted about that - access to a hard drive and to a Street View car; note the singular. However, now they are talking about giving "the data", not about letting the authorities inspect it. Too fuzzy for my liking.

Funny, by the way, how Google wondered about the legality of having its data inspected by the data protection authority. "We screwed up" is the only adequate and honest thing for them to say after that. It's not without merit, because what other big company would?

Re:Whatever for?

[yyxx]

Funny, by the way, how Google wondered about the legality of having its data inspected by the data protection authority.

Nothing "funny" about it; they probably have good lawyers, lawyers who advised them that handing over the data to the "data protection authority" without a court order may itself constitute a violation of German privacy laws.

Usually that would mean sending someone to have a look and see and perhaps sample the data.

Or it might mean that the "data protection authority" goes on a massive data mining quest to identify file sharers, pornographers, and anybody who runs an open WLAN, and then charges all of those people with breaking the law. They couldn't drive around collecting that data themselves, but they can obtain it from Google. Probably it doesn't mean that in this specific case, but it sets a bad precedent.

Think about it: if you were a government intent on violating people's privacy, what would be the best place to do it? That's right: the "data protection authority", armed with a legal right to request and inspect anybody's data without a court order, just to look for more "data protection violations".

Re:Not good

[RAMMS+EIN]

``I trust Google more than German officials''

I wouldn't. Both Google and German government are made up of people. There will be good people and bad people in both organizations.

The major differences are that the the German government has a rather limited sphere of influence and you have some control over it through elections and other measures, like demonstrations, campaigns, founding your own party, etc. You vote along with a lot of citizens who are in the same boat as you are.

On the other hand, Google operates world-wide, and I doubt that you have a lot of control over their actions unless you work for them. Sure, you can buy shares and have a vote, but it will be your vote among that of a lot of people who don't know and/or don't care what happens in Germany.

Speaking for myself, I would rather keep my data away from both the government and large multinational companies. I am certainly no more comfortable with Google having it than with my (Dutch) government having it. And, as this case demonstrates, it doesn't necessarily matter who collects the data - you may be more comfortable with Google collecting it than with your government collecting it, but it looks like now both Google and the government are going to have it.

Re:let's be clear WHY they stalled

[zuperduperman]

Yes, it is a nice illustration of the double standard that the government is applying. I would like to now see a class action against the government(s) to sue *them* for breach of privacy. Then they would have to either go to court and argue it wasn't a privacy breach (in doing so admitting that what Google did wasn't that bad) or go to court and admit they are even worse privacy breachers than Google (since Google did it accidentally, while they pursued it intentionally).

RTFA

[dangitman]

Now google drives a car down the streets and collects your publicly visible information (SSID) and you complain again that they should not be collecting private data?

Except that Google wasn't just recording SSID data, it was also collecting data that traveled through those access points. Doesn't anybody bother to find out basic facts before commenting anymore?

Re:RTFA

[sahonen]

How exactly is data which is transmitted to the public airwaves by you any different than an SSID which is transmitted into the public airwaves by a router? If you transmit information unencrypted in an extremely widely known modulation scheme, where exactly is the expectation of privacy in doing so? It's like complaining that someone wrote down something you yelled in the middle of Times Square.

Getting worse

[space_hippy]

Still not as bad as the state of New Mexico, where you can be convicted and go to jail for driving "impaired" based solely on the officers "expert" opinion.
No breathalyzer.
No blood test.
You don't even have to fail the field sobriety test. All up to the police officers expert opinion. Some judges are convicting these cases when they should be tossed out.

The burden of proof is shifting to the defendant, not good in my opinion.