Slashdot Mirror
37 States Join Investigation of Google Street View
bonch writes "Attorneys General from 37 states have joined the probe into Google's Street View data collection. The investigation seeks more information behind Google's software testing and data archiving practices after it was discovered that their Street View vans scanned private WLANs and recorded users' MAC addresses. Attorney general Richard Blumenthal said, 'Google's responses continue to generate more questions than they answer. Now the question is how it may have used — and secured — all this private information.'"
*sigh*
That was some really nice street view mapping, location discovery, and concept of 'out in the public' we had there once :/
Sure, it's fishy. But I can't honestly say I would have done anything differently ('accidentially' or otherwise ;) ) in Google's position...
They had the sudden great ability to improve all their geolocation technology and collect some juicy data from people.
How couldn't they, ehm, accidentally pass that up?
37 States jump on Google Street View bandwagon.
Seriously, who thinks this info is private? We're talking about payload data from unsecured wifi. For that matter we're talking about payload fragments.
Obviously, Google shouldn't have collected this. Obviously, Google shouldn't disclose this information to anyone, including governments.
The data should be destroyed and everyone should move on.
Google didn't collect anything that someone with a wifi card and some easily obtained software couldn't obtain.
Simply put, if you're concerned about privacy secure your wifi because without some encryption you really don't have any privacy.
First off they're scanning public information. This is unencrypted, and broadcast across the airwaves for anyone with a WiFi device to pick up. Secondly they are using this for their location service. By recording the location of the hotspot with the identity they can roughly guess someone's location without the need for GPS. If people want privacy then they should turn off their WiFi or at the very least stop broadcasting the name of the network openly.
As far as Washington goes - just yet another example of idiots in power with no grasp of I.T. and without the wisdom to consult with someone who does.
The allegation that the data they scanned is false. Any unencrypted broadcast wifi data is public, which is all they stored. Not that they need me to help their defense, what with them having billion dollar style lawyering at their disposal.
Am I the only one who thinks this is overblown? For all the actually invasive data-mining that happens on a daily basis on the web and in real life, are we really concerned that Google captures a few seconds of broadcast, unencrypted network traffic? Is this a more important issue than the online and physical database breaches we see all time from other companies (and governments) -- many of those go entirely unnoticed, and even big stories from that category only get a day or two of news coverage, but people have been whining about this Google thing for weeks.
Even if you assume that Google really wanted to capture this data for some nefarious purpose, exactly what are people worried about? It's not at all clear to me that capturing a random 3 seconds of traffic from someone's open WiFi provides Google with any particularly useful or terribly private information. Ignoring the fact that anyone in the neighborhood could be doing continuous captures of the same AP, or that half of these WiFi networks are connected to broadcast-based uplinks (like cable modems), I just don't understand why this -- even if the intent is evil -- ranks high among the other privacy concerns in modern life.
EXTRA! Politicians from 37 states find easy way to make it look like they are doing something useful while ignoring war in Iraq, war on drugs, out of control budgets, ...
This game will waste your life. Don't clicky!
Since when do governments or attorneys general side with the general public rather than with Big Business?
Doesn't Google have a little lobby organisation to prevent this kind of embarrassment? All other large companies would have been able to bribe a few people and lobby against a country-wide investigation. This is bad publicity for Google! How could that happen? Why aren't those attorneys general encouraged to stop writing letters and asking questions after their 1st letter?
In what way is a publically broadcast radio signal "private information"? Every wifi device receives all broadcast signals, and must filter, process and learn MAC addresses and AP names.
If it's private it should be encrypted - I don't see any suggestion that google were cracking WEP or WPA keys. Stupid public.
As I see it, your MAC and SSID are never private. If PBS has ever taught me anything, it's that the data on public access points such as the one I just connected to were brought to me by neighbors such as you.
-Posted from next door.
Someone needs to make an Android app that does the exact same thing these vans did, and publish all the captured data online, free and open. Maybe then the govt. could take their eyes off Google for long enough to realize the real problem here isn't Google -- it's the silly politicians who think recording SSIDs is malicious (the same politicians who'd start training a multi-million-man army for the coming "cyber war" apocalypse if they could), and the stupid networking (hardware or ISP) companies who don't default to secure settings, and don't educate their customers how to maintain their security.
We should look at the positive side of this. Since the states have so little to do now that they can waste time and money on bullshit like this, that must mean that the economy is fixed, everyone has jobs, there is no poverty or hunger, and crime and violence is a thing of the past.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
secure my wifi i'll just get bitched at when little jimmy wants to use his new $wifi_gadget
Anyone want to bet that they collected this info to try to set up a more accurate geolocation service than anyone else?
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
Most slashdot geeks say they're non-religious, though they still have the urge to believe in a greater entity that is "good" without any doubt. Currently it's google, and like most religious people, they will defend their deity even against their own beliefs and technical knowledge. Would you believe anyone would have modded this post flamebait if the story was about MS doing the same thing? Or any other company, for that matter?
... to people listening to someone shouting across the street? Would the government charge these people for listening in to a "private" conversation of 2 people were shouting at each other loud enough to be heard?
I sometimes wonder if theres an IQ test politicians have to take and anyone who makes it into 3 digits can't become one.
So if a person had never bothered to put up any curtains and failed to install doors in their house and Google snapped a photo of the street in which you can see inside the house should Google be tried for invasion of privacy? Can such a person who leaves his or her house in that state have a reasonable expectation of privacy? Do people that can't be bothered to put up electronic versions of curtains and doors for their wireless networks have a reasonable expectation of privacy?
If you throw out incriminating evidence in the garbage, took it to the curb and investigators went through to get it and used it against you do you have any expectation that they shouldn't be able to use that evidence?
Seriously, if you make your life available to the public, whether it be failing to install curtains and doors in your home, putting sensitive documents in the trash and taking it out to the curb, posting your marital indiscretions on Facebook or allowing the public to connect to your publicly broadcasted and open network you have no reasonable expectation of privacy at those points.
At worst, Google can be accused of being creepy for picking through the "virtual" trash left at the curb and snapping photos of your doorless and curtainless home.
What is scary is that congresspersons involved with this investigation had no clue about securing consumer routers and are currently making decisions guiding the Department of Homeland Security . If there's anything alarming and scary to take away from this story that would be that, not Google.
Well I think the general problem with this is not that they collected it because anyone can collect this data with a wifi card and few pieces of software. The issue is Google stores all there information and never gets rid of it and if there was every a security breach that's a lot of information that can be dangerous in the wrong hands.
http://www.thetechnologygeek.org
See Pamela Lee Jones vs the Dogging vid. She complained, judge said "that was a public place you were fucking in, tough shit, sister."
"Google said it mistakenly picked up 600 gigabytes of data from unsecured networks over the last three years."
Six.Hundred.GIGS?!?
If all Google was logging was the SSID and MAC addresses from unsecured WAPs as flat ASCII, worldwide, I'd wager that data would amount to a small fraction of that amount.
Which begs the question, just what *did* they log? (It also makes me reeeeally glad I heavily secured my WAP years ago).
Some days it's just not worth
chewing through my restraints.
The question isn't "who thinks this info is private?"... ..the question is "who thinks data shouldn't be private?"...
As is usually the case, the law only begins stepping in AFTER the baby has been poured out with the bath water...
Yes, the data is currently available, because people didn't lock the access points. But - outside of the IT geek/nerd community - how many people do you think have Internet connections and aren't aware how to properly secure their network?
And - even if they can secure them - there is still the question about their awareness of what their data can be used for, when they enter it somewhere. How much of what you enter is actually a legitimate concern of the company in question? And how much is just collected for marketing or other purposes the end user might react negatively to?
The US may be at the technical forefront in areas - but you're behind when it comes to the awareness of data security and particularly data privacy issues. What you consider to be the pesky/narrow-minded rules of European governments as to data security - might one day just save you from companies riding rough shot over what you want and think, because they have the necessary data to do so. Of course, if, say, you're into S&M stuff, it may be great that you get advertising tailored to you on sites that deal with it. But, would you want that data to 'leak' out, and all of a sudden co-workers start raising eyebrows, why you get so many porn related ads while looking at google maps?
What about the 17 year old that proudly blogged how he screwed a neighbours kid out of some stuff or other... It's bad enough for the youth to live it down that time. But would you want potential future employers 20 years later make a call on how trustworthy, how grown-up you are by what you posted back then, and might be indexed by some other service in the future?
This is your WiFi...
Scanning...
Linksys(unsecured)
Linksys(unsecured)
Linksys(unsecured)
Linksys(WEP)
Belkin(WEP)
DD-WRT(WPA2)
2Wire(unsecured)
846fork14(unsecured)
8 APs found. ...and this is your WiFi being managed by the same people who have their windows update set to 3AM, never install them, and are still worried about viruses and people getting into their items while running Windows XP SP1 and vista gold. Also, all of these access points have log in pair (Admin/password), (blank,blank), (blank, admin), (admin, blank). The only grace of that is you can play WiFi conductor for the betterment of everyone in an apartment complex when twenty people around you think it is a good idea to pile on channel 6.
Or just a map of open APs. Which would be useful. OR would it be better for Google to go phoning every telephone asking if they have an open AP and what its details are..?
The only problem is making sure that Google delete the data once they've found the SSID/channel/etc of any open access points they found.
If I'm broadcasting unencrypted WiFi, it is because I want to broadcast or too stupid to know better. In either event it is a public disclosure using that fine spectrum delivered for this purpose by the kind folks at the FCC. Have at it!
I don't see what wrong with them recording this. It's like driving through a neighborhood in the next state over and scanning to see what radio stations they have. Maybe Google was going to include the location of free Wifi Hotspots on the map. This would be a nice feature. They would have to filter the private netowrks from free services and this would be difficult. Maybe that is why it never happened.
>I sometimes wonder if theres an IQ test politicians have to take and anyone who makes it into 3 digits can't become one.
Close, it's more like everybody who doesn't make it into 2 digits are destined to be one.
Unicode killed the ASCII-art *
I sometimes wonder if theres an IQ test politicians have to take and anyone who makes it into 3 digits can't become one.
George Bush has an IQ of 125.
Given that the average IQ is (by definition) 100, that should say something about the people who vote these politicians in.
Can we get a list of their names, brand their foreheads with "I don't know nothin about no internets!" and then never let them vote on anything relating to technology ever again.
Is that enough to get a constitutional amendment against Google? I'm sure we could dream up something...
For justice, we must go to Don Corleone
Has the FCC permitted the states to assist it in enforcing or expanding federal communications laws? Didn't congress give exclusive authority for communications to the FCC with a few exceptions for the military?
So what can they get from that info ? 1. MAC Adress 2. Location 3. MAC vs Searches (they are google and have dns server) vs Location 4. On their DNS, they can match MAC addresses too... but they cant find your locations ? 4. look up mac addresses 5. find out what ip entered what sites and go after those persons ? what else ?
All this private information
If it's a Wifi access point, it's obviously not private. Imagine having a message stuck to the back of your car, and whine about it being private if someone notices?
- Dan.
~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
Well most of them were lawyers, so there's at least one test they need to pass.
There is no reasonable expectation of privacy when you broadcast information from your home in an unsecured form.
If you secure the information you can be considered to have taken reasonable steps to ensure some level of privacy, but that doesn't mean you are guaranteed privacy - you are still broadcasting the information, albeit encrypted.
If you want to keep your MAC addresses (or any other information) private, don't broadcast them.
Now, if anyone finds evidence that Google is harvesting MAC addresses and combining them with MAC addresses harvested from, say, Google searches or web advertising tacking, then you start to head towards a problem, but you don't really get there (IMHO). These are all opt-in activities, you choose to go online, you choose to broadcast your information, it's not Google's fault if you fail to realize those two choices are related, and together could result in certain other decisions being made as a direct result of those two decisions (browse and broadcast).
I had to laugh at earlier attempts to portray this as a matter of "National Security" because members of Congress had unprotected WiFi links in their houses that could be picked up by anyone driving by, be it Google's camera cars, a war-driving teenager, or a neighbor walking down the street with a WiFi-enabled smartphone. The fault, in this case, lies squarely in the hands of the congress-critters that relied on technology they didn't understand and took few, if any, precautions to safeguard their communications.
Ken
That would be interesting - a database of constantly uploaded images with long/lat coordinates, so you could see what is going on anywhere... As long as someone there is running the app. Think of it as a crowd-sourced, constantly refreshed street-view... Of course, you'd have to turn it off when the police are nearby.
Ken
There is no reasonable expectation of privacy when you broadcast information from your home in an unsecured form.
Disagree. This still requires deliberate access of a resource you know not to be your own. That you leave the door open does not make walking in and helping yourself to anything in the house legal.
This is also the main argument why a WiFi enabled device should not automatically join an unprotected network. That it is often done does not make it legal, but in Google's case we're even talking about deliberately setting up for this..
Insert
I'm confused as to why we should expect privacy for anything that we broadcast out to the world. The signals from your computer and router are the electromagnetic wave equivalent of a rather strong yell. It seems stupid to complain that people are eavesdropping when you're screaming it out for all to hear.
People were fucking broadcasting plaintext! Call what Google did (continuing to store information other than what they were trolling for) undesirable if you like, but saying it's a privacy violation is absurd (at worst it was a privacy leak perpetrated by the "victims"), and anyone who is still broadcasting that plaintext can still be snooped by anyone else without the "victim" having any recourse or even knowledge that it happened. Google isn't your problem here.
Oh, and Google isn't continuously watching your network. They were out in front of your house for a few seconds. But someone else might be watching. If you've got a problem with that, do something about it. This isn't some kind of horrible panopticon problem that you can't do anything about except to withdraw into seclusion. If it were (like, say, camera proliferation) I would have a lot more sympathy. But this is something you can trivially fix by encrypting.
So quit tossing your love letters our onto the street and bitching when someone who isn't even camped out there, drives by and picks one up and reads it. You are hurting privacy advocacy when you get this ridiculous. The people bitching about this are just making strawmen for real Orwellians to either trivially knock over or play lip service to, and they are NOT helping to protect privacy.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
This fucking sucks. Instead of worrying about corporate fraud, or shutting down the derivatives bubble that is bigger than the real economy... we have 37 different state offices and a bunch of press focused on the recording of unencrypted WiFi packets and massive scare mongering.
I want my country back.
How dare they collect private information like MAC addresses! Those carefully shielded numbers are there for an important purpose: to be kept safe from prying eyes, hidden behind a shield of apparently unlocked wireless networks.
Asses.
WRT network content: If you decide that a regular house isn't good enough for you so you buy a fully glass house, then don't hang up any curtains, what the heck did you expect to happen? "Oh look, this big bad corporation took photographs of my completely glass house! They don't have any intent to do anything with it. We must sue them before they do that!" Why do you people think that your computer warns you every time you connect to an unsecured network that everyone can see all of your bits! The reason they could photograph you naked in public is because YOU WERE NAKED IN PUBLIC. Normally I have some sympathy for non-tech users getting things wrong, but this one is just long-running and stupid.
As a side note, it seems a little odd that people are freaking out that Google might have their e-mails, the websites they visited, etc. That's like complaining that General Petraeus might have improperly bought a slingshot at a fair. Google pretty much knows the gender of your next child. If they saw you remotely streaming Wrestlemania IV, Amazon probably already told them what you rated it and that you keep re-reading Twilight on your Kindle. While I'm uncomfortable with individual corporations having so much data about people, they've already got it. I'm just expecting the day that I get an e-mail from Google saying that they've automatically updated my calendar with the date I made over Google voice, they called the repairman about the noise in the car, and I have six months until an undiscovered cancer kills me. Sniffing my wireless network won't give them anything they're probably not already collecting from this Chrome browser. Of course, my wireless network isn't completely naked because I actually read the 20 point font easy setup card that came with the damned thing.
The ______ Agenda
Here's what I sent to Indiana's AG...
TO:
Office of the Indiana Attorney General
Indiana Government Center South
302 W. Washington St., 5th Floor
Indianapolis, IN 46204
Phone: 317.232.6201
Fax: 317.232.7979
E-mail: Constituent@atg.in.gov
FROM: Mike Warot
Hi
I'm Mike Warot, from Hammond. I'm a network administrator working in Chicago.
I've recently learned that 37 states are joining in an investigation of Google's collection of WiFi data, as typified in this story from the LA Times
http://latimesblogs.latimes.com/technology/2010/07/google-street-view.html
The issue at hand seems to be quite simple. They were trying to make a list of open (unencrypted) WiFi access points as a supplement to GPS to help in navigation. Because the software used to collect this data (Kismet) defaults to collecting entire packets instead of just the names of the access points, there is now an uproar that "passwords were stolen" and other Bull Shit. It was a simple technical oversight, not an evil plot.
Please DO NOT WASTE MY TAX DOLLARS on this wild goose chase. I'm sure you have plenty of other more important work to do.
Thanks for your time and attention.
I always wondered who was ignorant or stupid enough to be sent into a panic by those banner ads which announced that your computer used a unique ID to communicate and some other people could see that ID. Now I know. Politicians.
Hey, you know what else has a unique address that can be used to track you?
That bluetooth headset that you wear around town in order to convince people that you're in the loop.
Or the RFID tags in your car's tires.
Or the unique pattern of resonance given off by the fillings in your teeth.
You have no privacy in the postmodern world.
Two things: What Google did isn't illegal. Maybe it should be, maybe it shouldn't be, but part of this is, in a way, similar to the introduction of the MP3. Sure, you could copy a tape or CD from a friend, but now you could broadcast it to millions worldwide. Similarly, anyone can walk up with a laptop and grab your unencrypted data, but Google just showed that a corporation could do it on a large scale. Granted it was a mistake and what they got was useless. But the politicians have to consider what would have happened if a mapping company wanted more than that, and pressing Google for details on what happened will help them understand (because they're not tech people and don't understand) how this happened and how one would legislate going forward. If the authorities don't do this, and then it's found that Google or some other entity with similar capabilities did do it on a large scale WITH malicious intent then these posts would revert to, "Look at greedy MegaCorp, they can't be trusted with our data." They have to act, even if its stupid. The legislation that's obviously needed is to get the WiFi router manufacturers to make it A WHOLE lot easier to setup the encryption. I just visited my parents, who aren't idiots but are not that tech interested complaining about their wireless. I sniffed around and found that there were FOUR WiFi networks accessible from within their house called 'linksys' and their computers, and their neighbor's computers, and their neighbor's neighbor's computers were all switching between them randomly. You try calling a neighbor in their 60's and say, "Ok, type 192.168.1.1 in the browser bar, select WEP2, and here's a hex string for you." It's not simple, not by a longshot for the average consumer. Teach people to secure their own data and make it easy and you'll solve a lot of what EvilMegaGlobalCorp can do to you maliciously.
The government is only mad ... because it doesn't like competition.
It wants a monopoly on violating citizen's privacy.
Considering that they didn't plan to collect it, I think the answer is "exactly as they did", disclosure. Next time it will go into a bit-bucket because of all the hassle disclosure caused and if an employee had pulled a copy beforehand no-one would have any idea...
Analogies don't equal equalities, they are merely somewhat analogous.
Wifi isn't like anything else.
It is Wifi.
We all need to accept that it is something new and not like anything else.
Until that point, we will not have good law around it.
Lets put it this way: the perception is for most people that their wireless network is private to them.
That is the way it is intended to be used.
The unfortunate part is that the implementation requires broadcasting signals anyone can see.
I think anyone with a proper set or morals would see and respect that.
Amidst all the pessimism surrounding this controversy, surely I'm not the only one excited about the potential benefits of what Google was doing?
Google was collecting information about wifi hotspots. Think about how this could benefit Google Maps, and your own life. Imagine searching for "coffee shop near indianapolis", and there are icons next to each of the names that show whether or not the coffee shop has free wifi. Or how about a "Search for wifi hotspots near this area button? This would be incredibly useful.
There's a tendency, in US at least, of assuming that the Bill of Rights covers all possible contingencies. As Lessig laid out in Code 2.0, laws were designed with contemporary or foreseeable contingencies in mind. In the late 18th century, they wouldn't have anticipated a scenario in which one private organization was in a position to accumulate enormous amounts of publicly available data, index it thoroughly, and make it available to anyone anywhere instantly.
We're in a new situation, and need to have a rational and democratic discussion of what new principles and rules we should have.