Slashdot Mirror
Why Google's Wi-Fi Payload Collection Was Inadvertent
Reader Lauren Weinstein found a blog post that gives a good, fairly technical explanation of why Google's collection of Wi-Fi payload data was incidental, and why it's easy to collect Wi-Fi payload data accidentally in the course of mapping Wi-Fi access points. "Although some people are suspicious of their explanation, Google is almost certainly telling the truth when it claims it was an accident. The technology for Wi-Fi scanning means it's easy to inadvertently capture too much information, and be unaware of it. ... It's really easy to protect your data: simply turn on WPA. This completely stops Google (or anybody else) from spying on your private data. ... Laws against this won't stop the bad guys (hackers). They will only unfairly punish good guys (like Google) whenever they make a mistake. ... [A]nybody who has experience in Wi-Fi mapping would believe Google. Data packets help Google find more access-points and triangulate them, yet the payload of the packets do nothing useful for Google because they are only fragments."
Of course it was accidental, after all, their corporate slogan is "Do no evil". Obviously they wouldn't do anything that would be evil.
Tequila: It's not just for breakfast anymore!
Inadvertent or not Google broke laws in some countries. Accidentally breaking the law doesn't eliminate responsibility or culpability - even if people shouldn't have left their WiFi unsecured.
If I accidentally run over someone with my car because I wasn't paying attention to what I was doing, it doesn't absolve me of the liability - even if that old lady had it coming, er, was jaywalking.
Just don't expect lawmakers or lawyers to have any.
Laws won't stop the bad guys, but if you have laws you can at least punish them if you catch them. Claiming Google are the good guys (based on what? their motto?) and saying therefore there should not be laws is just ridiculous.
Nothing explains why they stored the data so far. Recording names of access points? Okay. Recording locations of access points? Mmmmaybe. Recording data retrieved by connecting to unsecured access points? No. How can that data be used for any honest purpose? And let's be clear about this: collecting and storing data is an act directed by software which was written by a person or persons who were acting under direction ostensibly by specification. You find those specifications and directors and you will come closer to finding the truth as well as those responsible.
The argument is that capturing data packets is useful to find the SSID of access points which send beacon frames with blank SSID field or where only a client is within range but not the access point itself. That argument is bogus. The mobile devices which will later use the mapped SSIDs and BSSIDs to calculate their own position do not see anything but the beacon frames. It is therefore entirely sufficient to capture just the beacon frames.
There is a legitimate argument that Google was just lazy (or "scientific") by capturing everything they can get in the field and analyzing later. There is however no technical reason for this and we should not make one up to defend Google.
If you're broadcast your data via radio, why on earth would you expect anyone to consider it private?
Encryption. If you need it, use it.
A government is a body of people notably ungoverned - AC
So what TFA is saying is that the issue isn't simply Google snooping on networks and collecting data? And that there may have been a legitimate reason for this whole situation? And that it's blown out of proportion? STOP RUINING MY REASONS TO BE ANGRY AT GOOGLE!
My concern with what Google, and many other firms, are doing is that they are dedicated huge amounts of resources to collected huge amount of data on people. As profit making entities, these firms must at some point monetize this data to get a return on investment. Therefore, if google is keeping data other than basic acces point information, then they must be planning to do something with it.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Despite what everyone thinks (and how it seems to the uninformed) it very likely was accidental. If I was tasked to correlate Access Points to their locations, the simplest way would be to dump raw wireless traffic to one file, and raw GPS data to another. Later, you can zip them both up and run some analysis, and get the data you want out.
It'd be real easy to forget to filter the packets you dump to only anonymous, non-data-carrying packets. More than likely the people who designed it just forgot to, or figured it would be no big deal if they just never used that info. Sloppy engineering maybe, but certainly not malicious.
They accidentally recorded parts of publicly broadcasted data....
It is not much different from a phone recording a conversation in a busy enviroment and being blameed for accidentally recoring parts of other people's conversations that you walked past...
They weren't connecting to the networks, just collecting packets that were being broadcast to help triangulate the source of the network. RTFA.
http://CryoLANparty.com/ A lan I'm staff on!
Who can forget the work of great American computer scientists from Leibniz (Combinatorica) to Berners-Lee?
Celebrate the fact that work leading up to today's Internet was a damn good cooperative effort.
Providing "My Location" for Wifi-enabled but GPL-less devices, like my E65.
AP name is data like any other, it comes through the same medium as any other Wifi packets. Using *only* those packets requires active filtering.
Was it sloppiness or on purpose? Only they know (but why come out with it if it was on purpose?). The thing is: should it be illegal? I don't think it should.
Dilbert RSS feed
No. It was at best willful sloth.
Any geek with stripes can strip the payloads after identifyng association attempt results, and their locus.
Just gulping the data, which is what they did-- perhaps terabytes of it-- isn't excusable.
There was once a TV show called F Troop. In the opener, they stripped all of the buttons and rank from two soldiers, an officer and an enlisted man, if memory serves. Google should have had by now, a similar such ceremony from their software QA director, and their lead systems engineer. Just WTF were they thinking? Let's have a merry little war drive with some of that open sauce software stuff? Egads. Accidental my ass.
---- Teach Peace. It's Cheaper Than War.
And that the people should have been using WPA if they wanted a private network, and DEFINITELY HTTPS for passwords and such if they didn't mind opening their network...
Despite that, Google should have had more sense.
Why, if they only needed packet headers, did they not wipe the packet contents before saving 'em?
Seems like a simple and obvious thing to do to prevent possible future action against them.
-- perl -e'print pack"H*","6e656d6f406d38792e6f7267"'
They didn't "come out with it." They were required to provide it by government demands. They had to provide it or get thrown in jail.
It is hugely irresponsible to simply do what they did. Hugely irresponsible to do this in countries where it is not legal to do so. Should it be illegal? I have to disagree with you there. It should be completely illegal to do such in private residential areas.
They could have and most certainly should have collected only the data they needed/desired. Collecting additional data still unacceptable. It should be trivial to write code that collects only a certain type of packet.
Yes, they should have only saved the SSID, location, and signal strength. Instead, they used off the shelf software which saved more data. There is no reason to believe this was intentional.
That's fine and legal to do in the USA, as you have no expectation of privacy using unencrypted broadcast:
http://www.law.cornell.edu/uscode/uscode18/usc_sec_18_00002511----000-.html
TITLE 18 > PART I > CHAPTER 119 > 2511
(g) It shall not be unlawful under this chapter or chapter 121 of this title for any person—
(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;
(v) for other users of the same frequency to intercept any radio communication made through a system that utilizes frequencies monitored by individuals engaged in the provision or the use of such system, if such communication is not scrambled or encrypted.
In the US, if you transmit in the clear on unlicensed spectrum, they can legally pick it up due to two different, non-overlapping legal clauses. ( Note, I am not a lawyer, this is not legal advice, this is but one of possibly relevant laws, etc.)
The problem is they didn't need to do so, and it creeps people in the US out. So even here where it is legal, they probably shouldn't have from a PR point of view.
In some other countries it is not legal to collect that data, and doing so intentionally might lower your penalties, but still does not make it legal.
Blessed are the pessimists, for they have made backups.
Basically Google probably could of swept this under the rug, and most companies would have. Google on the other hand came out as the only source. There was no accusations, or indication that this information would leak yet Google freely informed the public that this was an accident, and took responsibility. Maybe there was some underlying motive, maybe there's information we don't have, but with all the info that's out right now it seems Google acted as a good samaritan.
And if you use a RADIUS server and certificates instead of PSK, would it be even harder to crack or the same?
AP name is data like any other, it comes through the same medium as any other Wifi packets. Using *only* those packets requires active filtering.
The last article I read said the software filtered out (discarded) encrypted packets. It would (presumably, in my experience anyway) be technically similar to filter only for whatever kind of packet the AP name is broadcast in.
A blog post by a "a high-end cyber security consulting company" is going to settle it?
Do we know if they've consulted with Google? If a "high-end oil industry consulting company" came out and said the Deepwater Horizon wasn't really BP's fault would we believe them? Or if a "high-end automotive industry consulting company" said that Toyota's unintended acceleration issue wasn't a car problem but due to user error would we be giving them a pass?
Hell this is slashdot, its Apple's fault when AT&T doesn't encrypt their 3G data.
...and then "certainly not malicious". Its been fairly obvious that there are no clear facts in this case. Just like the quote from the summary, "Google is almost certainly telling the truth"... Almost this, probably that, maybe those. To say that it is or isn't malicious is to go out on a limb with an Opinion Safety Harness. The only clear fact is that this is a very shady and inadequately explained and planned event. Whether or not packets saved were to be used maliciously is up in the air.
Humans are terrible replicators of Godly things.
Pretending that WPA provides security should be illegal too.
Should it be illegal? I have to disagree with you there. It should be completely illegal to do such in private residential areas.
Why? When you're broadcasting an unencrypted radio signal you have absolutely zero expectation of privacy for communications over that channel. I believe that this was a bad idea for Google, but only because of reactions like this being inevitable. Driving around capturing any unencrypted WiFi packets is exactly the same as if I was to press the "scan" button on my FRS/GMRS radio and drive around listening to random people talk. They're on an open, unprotected channel, there's nothing wrong with listening to them nor should there be a law against it. If you want your communications to be private you either use encryption or use a wire.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
Any geek worth their salt also never makes mistakes. Myself, I think I made a mistake once many years ago, and for my negligence i was rightfully whipped for it. Now of course I never make them; my work is always perfect.
The thing most people forget to ask, but was asked in this article, is something you conveniently forgot to mention. Here it is:
What possible use could google have for this data? What would be their motive here?
As the article says, there's almost no personal data in the emails. Even if there is, there's so little of it that what useful purpose could it serve? You'd have a hard time correlating it to any one person, or even finding out what it is. There's going to be so little data here, and it'll be so fragmented, that turning it into anything useful would be impossible.
On the other hand, why would google risk collecting this data when they knew what was going to happen if it got out? The risk vs. reward here just doesn't make sense. They're going to risk their reputation on... what? Collecting a few fragments of unencrypted wifi traffic that probably contains so little information and could very well be generated by a bot running on your machine.
I'm not going to believe google did this on purpose until someone can give me a motive that doesn't sound like something from a UFO convention.
And how did the government knew about it in the first place?
http://yro.slashdot.org/story/10/05/14/2259204/Google-Says-It-Mistakenly-Collected-Wi-Fi-Data-While-Mapping
I agree, although I disagree with the law, it's still the law.
Dilbert RSS feed
Shouldn't you have some say as to whether your access point is published to the whole world?
It's always seemed ass-backwards to me that you have to take specific action and pay to not have your name and address published in a phone directory. This seems like the same sort of thing. Too hard to go and ask everybody for permission? Too bad - that's not an excuse for violating privacy.
The tyrant will always find a pretext for his tyranny - Aesop
And how did the government knew about it in the first place?
They didn't. German governments demanded to audit the data Google cars collected before this was known. And then Google came out with this 'additional info'.
This was covered many places, this is one: http://lastwatchdog.com/googles-wifi-data-harvest-draws-widening-probes/
In April, Google admitted to German privacy regulators that vehicles specially-equipped to systematically shoot photos of street scenes for Google Maps also carried gear to collect data moving across unencrypted wireless networks situated inside homes and businesses. The company insisted at the time that only basic Wi-Fi location data was being collected. But after Germany requested an audit, Google subsequently disclosed that it had mistakenly collected personal data, as well.
No, the governments only demanded that they turned the data over after Google willingly revealed that they accidentally collected the data.
If Google was a little less forthcoming and just quietly deleted the data once they saw their mistake the private data wouldn't now be in the hands of countless governments.
We hope your rules and wisdom choke you / Now we are one in everlasting peace
There's a very good article at The Register (I know, a lot of people here consider it a tabloid but the author is Alexander Hanff of Privacy International) explaining why it is almost impossible for Google not to have planned the storage and processing of the unencrypted data. It's here. :
Their argument boils down to
- They have software-building experience and processes and therefore it's not possible the code that stores/parses the unencrypted data is rogue code.
- They actually stored the data, they were not just processing it for location purposes then discarding it (as confirmed by the french agency in charge of privacy that obtained a portion of the data (article here). It's doubtful they exploited the passwords they found, though.
So they broke the law by retaining private data and they planned on doing it (their code development processes surely would have picked up the code doing the storing before production if this code was not wanted) thereby proving intent. I don't think (as the author does) that they intended to use the code for location-based advertising, but nonetheless Google must respond of its actions before the justice of the offended countries.
You may find your mistake early, after gigabytes worth of data. Then you fix it before it becomes TB or PB of data. Right?
We're all allowed mistakes. Mistakes of this size from the uber-geeks of Google isn't a mistake. It's negligence..... not quite of BP's size, but just as shamelessly stupid.
---- Teach Peace. It's Cheaper Than War.
They can ask google to remove the pictures. That's more than you can ask the government when its cameras pick up you.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Yes, I'm sure it's easy to accidentally capture a few more packets than you thought.
It's probably only a little bit less easy to also accidentally store the whole packets on your harddrive, instead of just the bits you care about.
But once you have several frigging drives full of the stuff, you ought to notice, don't you think?
Assorted stuff I do sometimes: Lemuria.org
You make an excellent point.
For my part, I'd like to point out that if Google wanted to read your email, they wouldn't bother collecting wifi data. They'd just read yer fucking email.
I think what is more likely is that someone came to the engineer and said they needed to get the data and nobody really bothered to think of the privacy concern since it was going to be used internally anyway. Sure, if the engineer was told that the requirements demanded better privacy, he could have stripped the payloads, but if someone asked you to just get the data, it's less likely you'd think of that as a problem.
I would redefine it as sloth on the part of the management for not considering the issues, as opposed to lazy engineers.
Next time they will use hostilewrt...
I think what is more likely is that someone came to the engineer and said they needed to get the data and nobody really bothered to think of the privacy concern since it was going to be used internally anyway. Sure, if the engineer was told that the requirements demanded better privacy, he could have stripped the payloads, but if someone asked you to just get the data, it's less likely you'd think of that as a problem.
I would redefine it as sloth on the part of the management for not considering the issues, as opposed to lazy engineers.
This is exactly what I was thinking, but I forgot to express it in my comment.
Despite what everyone thinks (and how it seems to the uninformed) it very likely was accidental. If I was tasked to correlate Access Points to their locations, the simplest way would be to dump raw wireless traffic to one file, and raw GPS data to another. Later, you can zip them both up and run some analysis, and get the data you want out
Your definition of "accidental" is very strange. You are saying that you would have, not accidentally but fully intentionally, chosen the simplest method which would be collecting all wireless traffic including private data that you are not allowed to collect. When laws make a difference between doing something intentionally or without intent, the question is not whether you intended to break the law or not, the question is whether you intended to do what you did. I would hope that these Google engineers had no intent to break the law, but they certainly had intent to collect the data. Sloppy programming doesn't matter. It was entirely foreseeable that software collecting WiFi data _might_ record private information, and that is illegal, so they should have taken care of it properly. And anyway, Google threw away all encrypted traffic.
So Google's WiFi snooping and logging was a perfectly-understandable inadvertent accident *and* was done by a rogue programmer. Get your story straight, Google! http://www.techeye.net/internet/google-blames-engineer-for-street-view-snooping
Regardless of whether it's accidental, or difficult as the OP suggests, the reality is that both of those are merely excuses and rationalizations for externalizing the bad effects of behavior while privatizing the profits. Try translating those excuses to another industry and see how satisfying an answer they are. Consider medicine, there are undeniable benefits to modern therapies. However because it's hard to get right, we don't just accept any random treatment. Before companies unleash their new products upon the public we require that they take the time to ensure, as much as possible, that they are safe and don't have unintended effects. You may suggest that Google isn't a medical company whose products and services won't be killing anyone or causing them to grow a third eyeball, therefore they don't have the same obligations. OK, then how about banking? Credit reporting? Private investigators? Mining companies?
Entirely outside any other arguments, I find it hilariously ironic that Google -- the company staffed entirely by PhDs, by the most brilliant minds in the industry, by saints who'll do nothing wrong -- always comes back to "look we have this awesome idea with splendid (but vague and non-specific) benefits beyond making us incredibly wealthy, however there are significant downsides for the rest of you and those downsides are hard to avoid." Which makes me think that maybe they aren't so smart, which means that maybe their idea isn't so great. Isn't the point of being smart that you can do things that are hard? QED.
The thing most people forget to ask, but was asked in this article, is something you conveniently forgot to mention. Here it is:
What possible use could google have for this data? What would be their motive here?
As the article says, there's almost no personal data in the emails. Even if there is, there's so little of it that what useful purpose could it serve? You'd have a hard time correlating it to any one person, or even finding out what it is. There's going to be so little data here, and it'll be so fragmented, that turning it into anything useful would be impossible.
On the other hand, why would google risk collecting this data when they knew what was going to happen if it got out? The risk vs. reward here just doesn't make sense. They're going to risk their reputation on... what? Collecting a few fragments of unencrypted wifi traffic that probably contains so little information and could very well be generated by a bot running on your machine.
I'm not going to believe google did this on purpose until someone can give me a motive that doesn't sound like something from a UFO convention.
What if this were a calculated marketing maneuver designed to test the waters and find out how much people really care about privacy and the possible hard-to-justify violation thereof? This is, after all, a company that would make far less money if everyone had excellent online privacy. How much people are willing to protect that privacy and how much outrage they express at real or perceived violations of it could be very important data to a company like Google.
This is data that would be difficult for Google to obtain from their usual channels. Just like in politics, it has to become an "issue" and then the reaction can be assessed. A privacy matter that collects little or no directly sensitive information (thus protecting Google from potential liability) that still raises the issue and gets people talking about it would be perfect for this purpose. That's exactly what happened here.
The more successful a company, the more resources it possesses, the more talent it has hired, the more difficult it becomes to believe that they'd make trivial mistakes that most Slashdotters, acting alone with an infinitessimal fraction of the same resources, would have easily avoided. Good long-term strategy looks a lot like things just happening to work out a certain way as a product of chance. It's possible someone at Google could have made the incredibly trivial mistake that caused this chain of events. What's unlikely is that among all of the managers, designers, and programmers involved in this project, not one person noticed such a mistake.
It is a miracle that curiosity survives formal education. - Einstein
data wouldn't be a problem if they had encrypted the traffic. I'm not sure which level WPA2 is on, but it may also be hiding mac addresses.
All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
Hmm, I didn't knew that.
Dilbert RSS feed
Your ends-justifies-the-means concept holds no water.
My wifi access points are a matter of public knowledge. After all-- they're freaking radios. What's not public knowledge is anything after the location of it, and its authentication- if any.
The data that flows there is mine, and no one elses. The other MAC addresses associated with the AP are also my business, and no one else's. Differing jurisdictions have different views of the severity of the theft that their mindlessly-stupid shark-like gobbling did. I hope they suffer the higher of the common denominators of justice.
At the time of this writing, the parent post is marked "Troll".
How is this trolling? Consequentialism is a valid thing to argue against. Granted, you may disagree with parent's opinion of what is and is not a private component of a Wi-Fi transmission. If you disagree with him that a violation has occurred then you would necessarily also disagree that Google should suffer legal action from any sort of justice system. If that's the case, then the respectable non-cowardly way to handle it is to argue against it and take him to task.
I'll spell this out since a lot of mods clumsily fail to grasp a few basic concepts. "Troll" is something of an accusation or judgment. That doesn't change because you express it by selecting it from a menu rather than directly confronting the poster. As such, it requires at least some kind of positive indication. Specifically, it would require a good reason to believe that the parent poster could not conceivably express the above as a sincere opinion and is saying it merely to get a reaction out of others. There is no such indication here.
This reminds me of too many Apple discussions, in which the fanboyism towards $popular_company is stronger than the love of free speech or the ability to handle opinions with which you disagree. I don't particularly care so much about the waste of a perfectly good mod point. Rather, the hypocrisy is what needs to be pointed out.
It is a miracle that curiosity survives formal education. - Einstein
Internal or external use makes no difference.
Ultimately, Google, top-down, is responsible.
Taking responsibility is the hallmark of maturity and character. Ensuring quality work is taking that responsibility. They knew; you can't gather that much data and NOT know.
---- Teach Peace. It's Cheaper Than War.
Data would be THE problem. It's not theirs. It matters not what the user's choice of encryption is. The data is NOT Google's. It's gathering and use where I live is plainly illegal, no matter what its purpose.
---- Teach Peace. It's Cheaper Than War.
The software they obtained from another party and used to gather information on WiFi locations has the default setting of recording what they recorded. They, in fact, did not intend to collect the data, they merely failed to intend to not collect the data.
You may find your mistake early, after gigabytes worth of data. Then you fix it before it becomes TB or PB of data. Right?
Umm, this whole controversy is about an entire total of 600GB, so I think it is quite fair to say that Google did find their mistake after "gigabytes" and not TB or PB.
I don't think it was "forgetful" rather than miscommunication. Think about how this probably works inside Google - you have geeks back at HQ doing deep and advanced research into how to do triangulation of hotspots and geolocation based on that. They, of course, are experimenting so they are making software that captures absolutely freaking everything so that they can do full and complete analysis on the data and use any piece of it that seems to help the algorithm get better. For them, the natural default mode of the software is to capture everything - nothing worse than wasting days collecting experimental data because you forgot to capture some critical component.
Now, much later after most of the research phase is complete, the same software gets deployed out to the field. The guys in the car would naturally assume that the default configuration be what they are supposed to use - they are not experts in Wifi capture, they are driving a car. The last thing they should be doing is reconfiguring the software! So they turn it on and it seems to be capturing the data and the folks back at HQ say it all looks good.
I think this is just a classic case of missing communication and lacking oversight - someone should be in the middle there checking the legals of exactly what is going into the cars, and this is what broke down.
I imagine if a mistake were made in the setup, it would not be caught until after the "gather data" phase, during an internal audit.
Which, suprise, suprise, is EXACTLY what happened. During an internal audit, Google found the issue, notified the world, and is dealing with the mess.
The thing about the data protection laws is it will not do much about the data capture. When your caught in possession of other peoples data, the extra privacy laws start to add up.
Domestic spying is now "Benign Information Gathering"
The "I'm not a cement/wifi engineer, I'm afraid" seems to be the classic stonewalling line.
Domestic spying is now "Benign Information Gathering"
Yes and they want to be able to roll out a fiber network... :)
Be fun if they have to show some regulatory agency their track record around the world
Domestic spying is now "Benign Information Gathering"
The word is "surprise" but I'm not a grammar nazi.
They posted that they had the data. They'd been gathering it for quite sometime, across many jurisdictions, meaning the software load had been made, and replicated as there are many vehicles involved in Google Earth.
They 'fessed up because to not do so would have compounded their irresponsibility. The entire action is but one of dozens of software mistakes made by Google, large and small. No, I don't work for Microsoft, Apple, or any one else. This is a part of a larger problem that Google has: irresponsibility, and the Microsoft/Apple-like way of believing that their brain power trumps common sense and regional, US, EU, and other law.
I'm not a lawyer. But such constant software mistake-making is a loose-and-fast attitude that gave the world the mind-numbingly bad components in Windows that in turn, led to a decade of scraping Windows clean of maggots. Google took a long time to answer the requests of surrendering that data, and answering the jurisdictions that were appalled (and rightly so) that Google had had the temerity to capture payloads to begin with.
So, no, it's not EXACTLY what happened. The 'gather data' phase lasted a long time, didn't it? Did no one see that the payloads were there? Is Google's QA so asleep-at-the-wheel that it wasn't discovered for such a long time? Because it came out in a blog, rather than in a release, Google blew the entire matter from a PR perspective, too.
And it is a mess. And calling the matter 'inadvertent' as the post declares, in my mind is disingenuous, and more fanboi-like and apologetic rather than a missive to attempt to assuage the damage and make sure it doesn't happen again.
---- Teach Peace. It's Cheaper Than War.
Who's saying there should not be laws? TFA is saying that laws don't solve anything, which is quite a bit different.
I was going to use a house as an analogy, but since this is Slashdot, I'll make it a car. If everybody goes around leaving keys in the ignition, lots of cars are going to be stolen. Now, when crime rises, people demand tougher laws, but tougher laws aren't always the solution, and wouldn't be in this case. Pointing that out is not the same as saying that it's OK to steal from careless people.
We Americans seem to be particularly blind to the limitations of punitive laws. That's why we have a bigger percentage of our population behind bars than any other country. (The USSR and South Africa used to be ahead of us, but they've been through some changes...) Most of these convicts have some connection with the "War on Drugs", our 40 year effort to stamp out drug usage once and for all. The main result of which has been to make various drug lords rich (we're talking an 87 billion dollar industry), make a lot of innocent people dead, and create maybe a marginal reduction in illicit drug use.
Whenever I point this out, somebody accuses me of advocating legalization of drug use, just as you accuse TFA of advocating legalized data theft. False dichotomy, dude. The choice is never as simple as tough laws or no laws at all.
They looked after Room 641A just fine. When exposed they played their part well until the both US parties could stop any legal traction.
So yes AT&T does look after the privacy, just not that of telco users or ipads.
Domestic spying is now "Benign Information Gathering"
So, no, it's not EXACTLY what happened. The 'gather data' phase lasted a long time, didn't it? Did no one see that the payloads were there? Is Google's QA so asleep-at-the-wheel that it wasn't discovered for such a long time? Because it came out in a blog, rather than in a release, Google blew the entire matter from a PR perspective, too.
Exactly. Either Google can argue that it took them months to figure out the privacy laws of the countries they were operating in and they weren't smart enough to check in advance (making one wary of using their services, which might contain similar mistakes) or they argue that they are so technically inept that they didn't realize they had way more data on their hands than neccessary to represent SSIDs and signal strengths (which again makes one wary because that raises the question of how broken their products might be). Or they could argue that they don't give a shit about local law until it becomes a PR problem at which point they have admitted that "do no evil" is a thing of the past.
This is Google. These people have excellent computer scientists and excellent lawyers. At some point someone decided not to listen to one of those groups and now it's biting them in the ass.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
Their motivations may be considered but for determining whether or not they are liable for breaking the law it's not. If you run a red light and are caught it doesn't matter what your motivation was unless a real emergency neccessitated the act - you're guilty of running a red light. Google collected data the law prohibits them from collecting, thus they are liable. What they intended to do with the data may influence the verdict but it doesn't change the fact that they broke the law.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
Except that the capturing software they used was an off-the-shelf (or rather off-the-repository) program that can be configured to either log the payload data or not. The configuration of the software was definitely a central thing done by someone technical and the decision on what to do with the collected data afterwards also was.
Even if the payload data were in some way neccessary (perhaps because extracting SSIDs in realtime is beyond the abilities of affordable systems) Google could have tossed it as soon as the SSIDs were extracted. They didn't, which was a matter of policy.
The only communication difficulties were between the lawyers and whoever was in charge: The lawyers were either not consulted on possible legal issues or not listened to. And that's negligience.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
Software engineering seems to have been globally exempted from very careful process and safety testing because business demands it.
Very few people will require a piece of software that is 100% correct when it costs 100 times more than the one that is 99.9% correct.
In banking, that expense is justified because of how much money will be lost if something goes wrong but in a lot of cases, it isn't. In this particular instance we have an internal piece of software which will be deployed to a relatively small number of vehicles which operates entirely passively. For these reasons I would expect that it was not engineered to the same standards which we require for medical therapies or banking software.
I wish to remain anomalous
If I wanted to gain some money the most easy way would be steal it from banks ....
I'm positive, don't belive me look at my karma
Of course they did. And I did not kill this man, I just failed to keep him alive.
Karma cannot be described by words alone.
The more successful a company, the more resources it possesses, the more talent it has hired, the more difficult it becomes to believe that they'd make trivial mistakes that most Slashdotters, acting alone with an infinitessimal fraction of the same resources, would have easily avoided. Good long-term strategy looks a lot like things just happening to work out a certain way as a product of chance. It's possible someone at Google could have made the incredibly trivial mistake that caused this chain of events. What's unlikely is that among all of the managers, designers, and programmers involved in this project, not one person noticed such a mistake.
Which is why giant companies like microsoft never have any bugs or errors in their code. oh wait...
The problem with your analogy is that that's an entirely valid thing to say. If someone is starving and I don't go get him food, or I DO go to get him food but don't get back fast enough I failed to keep him alive but sure as hell didn't kill him.
I think your selective reading of what I wrote caused you to mentally omit the word "trivial" from "trivial mistake." Yes, Microsoft has bugs in its code. They tend to be security issues that require several different conditions to be present before the bug can be demonstrated and are therefore non-trivial in nature. By contrast, gathering several times more data than you intended to obtain and store (the full Wi-Fi headers + much larger data payload, as opposed to only the headers) is trivial in nature and easier for someone to notice. To give an analogy, it's like intending to copy 20GB of data and finding that you have copied one terabyte. That's easy to notice, especially with the talent Google possesses.
Since I never made a claim that depends on Microsoft or anyone else writing perfectly bug-free code, do you care to revise your response?
It is a miracle that curiosity survives formal education. - Einstein
wait, what do YOU think trivial means?
Have you ever seen exploit code? Are you familiar with the low-level details of a stack-smashing attack? For most of the bugs that Microsoft fixes, it requires quite a bit of skill to make them manifest. There's a reason the programmers did not notice them prior to releasing it as production code despite fuzz-testing and other forms of tests and audits. It's because they are non-obvious and non-trivial.
Unfortunately, once someone with that level of skill produces exploit code and releases it, any unskilled person can re-use that code to compromise vulnerable machines. Those are called "script kiddies" because they have little or no skill of their own. But that's another discussion. The point is that actually discovering and manifesting that class of bugs is not easy at all.
By comparison, intercepting and recording many times more data than you intended is a very trivial mistake. Any amount of testing against Google-owned Wi-Fi systems (y'know, before deploying this code on a large scale against public systems) would have quickly made this obvious. It's not some terribly complex bug that can remain hidden despite vast efforts to find it. The slightest effort to check whether their code does as it is intended to do would have caught this one. It's either intentional or an instance of incompetence, and while that latter option is possible, Google is not generally known for incompetence.
When I point out with good reason that this is an extremely trivial and easily recognized mistake, you try to make that sound like I am demanding 100% perfection in all things. No, that isn't going to work. It's a failure of reasoning. You don't sound inclined to take my word for that, so please review this reference:
A subfallacy of Strawman is to take an extreme version of a person's position and attack it. According to Fallacy Files (see references below), this is called a Strawdemon.
Mom: The doctor says that these exercises will help you recover more quickly.
Son: Aw, Mom! Do I have to look like Arnold Schwarzsnegger?
It is a miracle that curiosity survives formal education. - Einstein
Seriously. Google the word "Trivial". It doesn't mean what you think it means.
OMFG! Look away! I have not given you permission to observe and store images of my face. Just because my face is out there in public dose not give you the right to look at it! I shouldn't have to go through all the trouble of putting a vale on my face just to protect you from seeing it. Damn evil corporations. I knew it!
Why is it so hard to only have politicians for a few years, then have them go away?
The data that flows there is mine, and no one elses.
It's kind of like putting a note on your front door and then suing anyone who read it because the note was your's and no one else's. The note may be your's but if you broadcast it to the general public you have no recourse should anyone serendipitously collect the information in the note.
Who is John Galt?
No, private communications are supposed to be private. I don't put an access point so that the world, including Google, can hear it. It's nicely encrypted. But the data is mine, not yours, not theirs.
I don't broadcast it to the public, in the same way that my 5.8ghz phone is also encrypted. It's not designed for interception, only my convenience. I'm aghast that so many people are entirely willing to roll over for Google's obvious theft.
---- Teach Peace. It's Cheaper Than War.
Seriously. Google the word "Trivial". It doesn't mean what you think it means.
The second you want to argue semantics in the face of positive points I have made and backed up is the moment you admit to having a weak position. But since it seems unduly important to you, I am proceeding from this definition of "trivial" from dictionary.reference.com:
1. of very little importance or value; insignificant: Don't bother me with trivial matters.
A bug that is insignificant has that status because it's easily corrected.
Now, if you're about done using straw men, arguing semantics (uselessly, I might add), and pulling other very weak tactics that consist of something other than refuting my logic or disputing a single point I've made, maybe you can stop with the very easily deflected non-objections and make your case. If you have one, that is. Furthermore, I notice you do not disagree with my observation that you attempted to use a straw-man fallacy and must assume you aren't disputing that because you know this to be the truth.
I note you seem careful not to dispute me in an active conversation with an audience of others. You seem to cherry-pick old discussions in which most users are no longer participating. That's wise, though in a devious sort of way, for I am not alone in recognizing the weakness of the tactics you are choosing to use. It seems to be your silent acknowledgement that you'd only humiliate yourself. It's providing amusement for me but has no value otherwise.
It is a miracle that curiosity survives formal education. - Einstein
This never would have been a topic. Whilst the mechanism for capture works exactly as posted, the argument and defence of Google in this situation is ridiculous. The possibilities are obvious to anyone with an iota of techincal intelligence namely that 1. The vast majority of access points scanned would NOT be public and consequentially, 2. Confidential information would be captured by Google staff without end user knowledge and/or consent It would have been well within Googles capabilities to create a sniffing application that automatically scrubbed the payload data - packet header sizes and types are not random. At the very least, I expect anyone can acknowledge that as one of the largest technological leaders, Google have completely failed to demonstrate care for the 'masses' along with any form of due diligence. Personally, I hope they get fined 30% of their revenue for the year for gross negligence. How the results of the scans (ie: not the payload data) are actually used is another potential explosion if you care to think about it.