Slashdot Mirror

← Back to Stories (view on slashdot.org)

37 States Join Investigation of Google Street View

Posted by samzenpus on from the loking-into-the-lookers dept.

bonch writes "Attorneys General from 37 states have joined the probe into Google's Street View data collection. The investigation seeks more information behind Google's software testing and data archiving practices after it was discovered that their Street View vans scanned private WLANs and recorded users' MAC addresses. Attorney general Richard Blumenthal said, 'Google's responses continue to generate more questions than they answer. Now the question is how it may have used — and secured — all this private information.'"

38 of 269 comments (clear)

  1. Blah by dissy · · Score: 2, Insightful

    *sigh*

    That was some really nice street view mapping, location discovery, and concept of 'out in the public' we had there once :/

    1. Re:Blah by ultranova · · Score: 3, Insightful

      That was some really nice street view mapping, location discovery, and concept of 'out in the public' we had there once :/

      Yeah, we had such concepts once. That was before everything you did "out in the public" was recorded and followed you everywhere.

      "You have no expectation of privacy in the public" was fine when "no privacy" meant that you could be observed, but stops being fine when "no privacy" means "everybody you ever interact with can view a record of everything you've ever done". I, for one, do not wish to live under the Lidless Eye.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    2. Re:Blah by bonch · · Score: 2, Insightful

      Just because Google gets investigated doesn't mean competitors won't be happy to pick up the slack. It's not like Google is all that exists and that nobody else could do it.

      This is Google's fault for making bizarre mistakes with its scanning software. It deserves a little smackdown to remind it of how careful it needs to be.

    3. Re:Blah by shutdown+-p+now · · Score: 2, Insightful

      "You have no expectation of privacy in the public" was fine when "no privacy" meant that you could be observed, but stops being fine when "no privacy" means "everybody you ever interact with can view a record of everything you've ever done". I, for one, do not wish to live under the Lidless Eye.

      And yet there's no way back - it's just another, darker side of "information wants to be free". You can try to legislate it, but technology today makes stalking people easy and even trivial, and anonymity (or rather sufficient degree thereof) is not hard to achieve on the Net for those in the know, and then gathered information can be spread far and wide.

      The only positive thing in this is that everyone is affected. Consequently, this is going to be a cause of a major shake-up in our cultural values, with much less attention paid to skeletons in the closet - once we find out that, yes, everyone really has one. Which may well be a good thing in the end.

  2. Or by Spad · · Score: 3, Funny

    37 States jump on Google Street View bandwagon.

    1. Re:Or by Zebai · · Score: 2, Insightful

      37 states that see the possibility of extorting some type of payout.

      Don't think anybody without some type of motive would care about this, Google on their own discovered an oversight, corrected it, and publicly disclosed their error without using the data and is willing to destroy it if they weren't likely to get sued for destruction of evidence.

      Perhaps these states want the data to use themselves.

  3. Private Info? by breser · · Score: 5, Insightful

    Seriously, who thinks this info is private? We're talking about payload data from unsecured wifi. For that matter we're talking about payload fragments.

    Obviously, Google shouldn't have collected this. Obviously, Google shouldn't disclose this information to anyone, including governments.

    The data should be destroyed and everyone should move on.

    Google didn't collect anything that someone with a wifi card and some easily obtained software couldn't obtain.

    Simply put, if you're concerned about privacy secure your wifi because without some encryption you really don't have any privacy.

    1. Re:Private Info? by houghi · · Score: 3, Insightful

      I think this is private. I think that even if I do something in public, there is no reason that it should be legal to record it and use it to cross reference it.

      In the past, you are in a public place and people see what you did and had to recollect it from memmory, likely to forget most.

      In the present, you are in a public place and machines record and register what you do. Everybody and his little brother is able to see what you did for all of eternety. Also they are able to crossreference it with everthing else.

      Just because it is legal to keep all this data, it does not mean it should be.

      For me privacy is not about the place, privacy is about the person.

      --
      Don't fight for your country, if your country does not fight for you.
    2. Re:Private Info? by gnasher719 · · Score: 2, Interesting

      Seriously, who thinks this info is private? We're talking about payload data from unsecured wifi. For that matter we're talking about payload fragments.

      On a recent discussion about the data that the iPhone collects and sends to Apple, many people commented that Apple is worse than Google. Apple collects and sends the following data:

      1. MAC address

      That's it. Apple doesn't collect the SSID which could likely be used to identify you. And Apple most definitely doesn't even look at any payload. Why would Google have any need to look at payload data? They have no legitimate reason whatsoever. I cannot see any technical reason why looking at any payload data would help them with Streetview. And they discarded all encrypted traffic and kept unencrypted traffic, making it very, very clear that this was intentionally nosing into stuff that they have no right to nose into.

    3. Re:Private Info? by WarJolt · · Score: 3, Informative

      Even when connected to secured wifi networks your MAC can be sniffed. MACs are not secure. Try using airodump sometime. ;-)

    4. Re:Private Info? by silentcoder · · Score: 5, Insightful

      >For me privacy is not about the place, privacy is about the person.

      Perhaps - but what google did isn't like hiding in a bush behind you recording your conversation with your girlfriend. It's more like you are standing on top of a chair shouting "I love you Jane Fonda will you marry me" and they record it.

      Seriously - when you BROADCAST information, without making any attempt to limit who can receive it despite your broadcasting device being equipped with the means to do so you can't expect it to be private afterward.

      Or to use an analogy I used in a previous story on this topic: If you shag your girl against the window without closing the blinds you can't blame the neighbours for staring - not even the pervy fat-guy across the road who videotapes it (and then posts on slashdot about privacy concerns).

      I can even give you a car analogy. If I take pictures of the highway as you drive by - and thus get a picture of your car showing make, model and registration - how did I invade your privacy ? If I do it in your own front yard I still didn't invade your privacy - especially since, if you really cared, you could easily have draped a car-condom over it.

      Information you broadcast without limiting who can receive/understand it - is not private information - your own actions have MADE it public information.

      --
      Unicode killed the ASCII-art *
    5. Re:Private Info? by Anonymusing · · Score: 3, Insightful

      Information you broadcast without limiting who can receive/understand it - is not private information - your own actions have MADE it public information. (emphasis added)

      Therein lies the problem. The average consumer does not think of wireless networking as "broadcast" information. They still consider it private. This is partially a lack of understand of the technology, and partially because it does not occur to most people that anyone else might try to snoop.

      If I don't want you petting my dog, I can put up a fence around my yard that keeps the dog in and strangers out. But there's no fence I can use to stop wireless signals from going past my physical property, or to keep you from petting my computer... digitally, I mean... hey, stop it.

      --
      Liberal? Conservative? Compare perspectives at Left-Right
    6. Re:Private Info? by Zironic · · Score: 5, Insightful

      What certain geeks like you seem to fail to understand is that normal people don't give a flying fuck about how it works on a technical level.

      What a normal reasonable person expects from an open wi-fi is that their neighbors might borrow their internet. What they don't expect is that a random asswank will record all their data. While it's very easy to do it does require you to go out of your way to do it which means you're a dick.

      In the same way when you sunbathe in your backyard or fuck your girlfriend in the window you probably don't mind if your neighbors see you, but you have every right to be pissed if someone decides to take photographs.

      I for one don't want to live in a world where any information that leaves the 4 walls of my house is public.

    7. Re:Private Info? by AMindLost · · Score: 5, Insightful

      So you think your DNA isn't private? You leave it everywhere you go so it's in the public domain. Is it OK for a company to collect it, store it and profile it for its own purposes?

    8. Re:Private Info? by DJRumpy · · Score: 2, Interesting

      From what I've read, it doesn't matter as it was not intended to be public. This relates to the same situation police officers faced attempting to record thermal data by reading the thermals off the side of a person house. They argued that since they were not entering into a private residence, but rather reading the data from the external walls, that there was no invasion of privacy. The supreme court threw the argument out, indicating that there was an expectation of privacy involved, and that it was not legal to collect such data without a warrant.

      https://ssd.eff.org/your-computer/govt/privacy

      (although the Supreme Court has held that more invasive technological means of obtaining information about the inside of your home, like thermal imaging technology to detect heat sources, is a Fourth Amendment search requiring a warrant).

    9. Re:Private Info? by DJRumpy · · Score: 2, Insightful

      Reasonable means...typical home owners are not going to understand the reasons to create a cage, have the means, or technical knowledge to do this, let alone work around issues like cell signals, radio, etc.

    10. Re:Private Info? by silentcoder · · Score: 3, Insightful

      >The average consumer does not think of wireless networking as "broadcast" information

      The average consumer also doesn't think drunk driving is such a big deal - we still hold them accountable when they kill somebody.

      Failing to recognize the potential consequences of your actions does not absolve you from being responsible for them.

      --
      Unicode killed the ASCII-art *
    11. Re:Private Info? by drinkypoo · · Score: 2, Interesting

      Therein lies the problem. The average consumer does not think of wireless networking as "broadcast" information.

      I'm sick and tired of hearing this bullshit excuse. If someone doesn't think that running someone down with their car will kill them because they watched too many episodes of Itchy and Scratchy, is that a potential defense for vehicular homicide? What about the Streisand effect? Would it be legitimate to prevent taking pictures of other people's property from the air if they didn't know that photons were reflecting off of it at all times and making it visible? Stop making excuses for the technological ineptitude of the masses of asses. They don't bother to educate themselves because there's no reason to do so. Well, I for one think that there is a reason to try to be up on the basic technologies of your age, and further, I think that you should be held liable for your own [mis]use of same. If you don't want to have to learn about how your AP works, run a fucking wire. Advanced technology requires advanced understanding. The legal standing has never been based on understanding but on one basic premise: the data traveling to the person and not the person traveling to the data. There is absolutely zero difference here, and the broadcaster should be liable for their broadcast, just as you would be liable for interference caused by plugging in an FM transmitter and using it to listen to your mp3s anywhere in your house. It doesn't matter that a person doesn't understand that radio waves aren't blocked by walls.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    12. Re:Private Info? by silentcoder · · Score: 4, Insightful

      Not even close to the same ballpark... hell it's not even the same damn sport.

      If a policeman walking down the road sees you shooting a gun at your girlfriend through the window with the open blinds he will damn sure rush in and intervene. "Plain sight" is not covered by the 4th ammendment and broadcast data is much closer to "plain sight" than thermal imagery from INSIDE the house.
      More-over there is no practical way to PREVENT thermal energy if you want to, but it's easy to prevent broadcasting unencrypted wifi. Every damn router on the market has an easy setup wizard that suggests encryption as the RECOMMENDED DEFAULT. That makes disabling it an act of choice. Usually made to avoid the hassle of passwords.
      Well the price you pay for that convenience is the choice to make your data public.

      --
      Unicode killed the ASCII-art *
    13. Re:Private Info? by Spad · · Score: 2, Insightful

      Public != Public Domain.

      As long as their purposes are legal, then they're not doing anything wrong. They might be acting unethically, you might not *like* them doing it, but that's another issue entirely; this whole Google debacle is about legality.

    14. Re:Private Info? by HungryHobo · · Score: 2, Insightful

      It is reasonable however to expect them to tick that little box when they first set up their router, you know the one, to secure it.
      If that isn't enough their computer makes every effort to tell them "warning this connection is unsecured" etc etc etc

      If you're too stupid to realise than things written in the margins of a library book are less private than things written in your diary or that "warning, this connection is not secured" means "warning, this connection is not secured" then you've passed bellow the "reasonable" threshold.

    15. Re:Private Info? by HungryHobo · · Score: 4, Insightful

      oh it can leave your 4 walls but you have to make at least a symbolic gesture that you wish it to be private.

      Encrypt with WEP rather than broadcast it openly.
      Seal it in an envelope rather than writing it on a postcard.
      Speak it over a private telephone line rather than using a loudspeaker.

      Go for a shit in the bathroom and you can expect privacy.
      Go for a shit in the middle of the public street and you can expect none. Even if you're deranged or stupid and convinced that you're invisible.

      pull the curtain closed in the changing room if you want privacy rather than screaming that passers-by are violating your privacy when you don't.

      if people don't know unsecured actually means "unsecured" then they need to learn.it's simple. the world does not need to bend over backwards for them.

    16. Re:Private Info? by ElectricTurtle · · Score: 2, Funny

      You're not putting these pieces together rationally... clearly he is a pit viper that has somehow learned to use a keyboard... or worse, a mad scientist has created a neural interface for pit vipers to post on Slashdot... and he taught it English! Who knows what a pit viper that can read and write English on the internet is capable of!

      --
      I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
    17. Re:Private Info? by Muad'Dave · · Score: 4, Informative

      I disagree that wifi data meets the definition of a broadcast; rather, it is a non-public communication transmitted without encryption. The only definitions of 'broadcast' I could find at the FCC website were related to specific broadcast services (AM, FM, TV, etc)

      47CFR73 Sec. 73.14 AM broadcast definitions.
      A broadcast station licensed for the dissemination of radio communications intended to be received by the public and operated on a channel in the AM broadcast band.

      Also there are rules in the Amateur service (Part 97) that forbid broadcast transmissions intended for the public.

      The crux of the biscuit is that broadcasts are, by definition, intended for public receipt. Wifi data is not intended for public receipt and the service under which Wifi equipment operates is not licensed as a broadcast service (it is unlicensed, in fact).

      Remember back in the day when HBO, etc were transmitted in-the-clear over C band satellites? I could tune in and watch it with no trouble, but the law said even though it was transmitted in-the-clear you could not legally watch it unless you were a subscriber.

      Did you know that the old-school pagers used in-the-clear transmissions? I could've easily transcribed every single pager transmission in the greater Richmond area (as well as ones intended for those with 'satellite' pagers that worked nationwide). It would not have been legal, however.

      How about the old 49 MHz cordless phones/baby monitors, analog cell phones, etc? They were all in the clear, and special federal legislation was enacted to prevent eavesdropping - they forced scanner manufacturers to block the analog cell frequencies.

      What google did by collecting anything other that the SSID was equivalent to transcribing private pager data and making it publicly available - that certainly would be illegal.

      References:
      Communications Act of 1934, as Amended (pdf)

      http://www.privacyrights.org/fs/fs2-wire.htm

      --
      Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
  4. Devil's Advocate... by Manip · · Score: 4, Insightful

    First off they're scanning public information. This is unencrypted, and broadcast across the airwaves for anyone with a WiFi device to pick up. Secondly they are using this for their location service. By recording the location of the hotspot with the identity they can roughly guess someone's location without the need for GPS. If people want privacy then they should turn off their WiFi or at the very least stop broadcasting the name of the network openly.

    As far as Washington goes - just yet another example of idiots in power with no grasp of I.T. and without the wisdom to consult with someone who does.

  5. Overblown? by profplump · · Score: 4, Insightful

    Am I the only one who thinks this is overblown? For all the actually invasive data-mining that happens on a daily basis on the web and in real life, are we really concerned that Google captures a few seconds of broadcast, unencrypted network traffic? Is this a more important issue than the online and physical database breaches we see all time from other companies (and governments) -- many of those go entirely unnoticed, and even big stories from that category only get a day or two of news coverage, but people have been whining about this Google thing for weeks.

    Even if you assume that Google really wanted to capture this data for some nefarious purpose, exactly what are people worried about? It's not at all clear to me that capturing a random 3 seconds of traffic from someone's open WiFi provides Google with any particularly useful or terribly private information. Ignoring the fact that anyone in the neighborhood could be doing continuous captures of the same AP, or that half of these WiFi networks are connected to broadcast-based uplinks (like cable modems), I just don't understand why this -- even if the intent is evil -- ranks high among the other privacy concerns in modern life.

    1. Re:Overblown? by profplump · · Score: 2, Insightful

      First, Google isn't getting traffic logs. They're getting a couple of seconds of network traffic which may or may not include any useful traffic. Even if you're actively browsing there's a good chance you didn't click on anything in those few seconds, or if you did, that they missed the 1 packet that had the URL in it. Conflating "traffic logs" with a few seconds of packet captures to make Google seem evil speaks more to your character than theirs.

      Second, you and everyone else are welcome to circle my house 24/7 and log or otherwise record all of the broadcast, unencrypted data I emit. I'm not making any special exception for Google -- this information is already public by nature of being broadcast in plaintext.

    2. Re:Overblown? by profplump · · Score: 2, Interesting

      Why was it collected? My first two guess would be:

      A) The system is intended to collect AP MAC addresses and SSIDs. Doing this requires capturing broadcast packets. As it turns out, you only need some of the packets, but because the capture is passive you have to take what you get and parse it to find what you want. So if you stored the data as it came in it's actually *extra* work to remove the parts of the capture you didn't use, and no one wrote that part because it wasn't important.

      B) They wanted to collect all available data in case the in-situ processing fails -- then they can just re-run the data set instead of re-driving the route. Variations on this include "we may encounter new packet types we weren't expecting and want to do post-processing on them" or "we may invent new ways to provide location services based on data that we capture but didn't know at the time was useful".

      It's also possible that they're doing something evil that we can't think of, or that they're just keeping the data around in case they think of something evil to do with it later. I agree, it is possible. But I don't think I'm giving Google a pass here -- given the very limited amount of data they collected from each network I have trouble imagining what that evil thing might be, or why we should consider it more important than the data mining that goes on in other contexts, like when you actually use Google services.

  6. Politicians from 37 states by gravos · · Score: 4, Insightful

    EXTRA! Politicians from 37 states find easy way to make it look like they are doing something useful while ignoring war in Iraq, war on drugs, out of control budgets, ...

    --
    This game will waste your life. Don't clicky!
  7. Hmm. by Anonymous Coward · · Score: 2, Funny

    As I see it, your MAC and SSID are never private. If PBS has ever taught me anything, it's that the data on public access points such as the one I just connected to were brought to me by neighbors such as you.

    -Posted from next door.

    1. Re:Hmm. by HungryHobo · · Score: 2, Interesting

      if you shout your username and password at your friend out on a public street while I'm walking past with a video camera is it my fault or yours?
      should I then blank my recordings for the sake of your fuckup and that you only wanted your friend to hear?

  8. what a waste of time and money by PhrostyMcByte · · Score: 4, Interesting

    Someone needs to make an Android app that does the exact same thing these vans did, and publish all the captured data online, free and open. Maybe then the govt. could take their eyes off Google for long enough to realize the real problem here isn't Google -- it's the silly politicians who think recording SSIDs is malicious (the same politicians who'd start training a multi-million-man army for the coming "cyber war" apocalypse if they could), and the stupid networking (hardware or ISP) companies who don't default to secure settings, and don't educate their customers how to maintain their security.

    1. Re:what a waste of time and money by prash_n_rao · · Score: 2, Interesting

      done: http://code.google.com/p/wardrive-android/ and data available at http://wardrivedb.appspot.com/

      --
      This is not my sig.
  9. Maybe this is good news by davmoo · · Score: 4, Insightful

    We should look at the positive side of this. Since the states have so little to do now that they can waste time and money on bullshit like this, that must mean that the economy is fixed, everyone has jobs, there is no poverty or hunger, and crime and violence is a thing of the past.

    --
    I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
  10. Wrong question -- Re:Private Info? by beh · · Score: 2, Interesting

    The question isn't "who thinks this info is private?"... ..the question is "who thinks data shouldn't be private?"...

    As is usually the case, the law only begins stepping in AFTER the baby has been poured out with the bath water...

    Yes, the data is currently available, because people didn't lock the access points. But - outside of the IT geek/nerd community - how many people do you think have Internet connections and aren't aware how to properly secure their network?

    And - even if they can secure them - there is still the question about their awareness of what their data can be used for, when they enter it somewhere. How much of what you enter is actually a legitimate concern of the company in question? And how much is just collected for marketing or other purposes the end user might react negatively to?

    The US may be at the technical forefront in areas - but you're behind when it comes to the awareness of data security and particularly data privacy issues. What you consider to be the pesky/narrow-minded rules of European governments as to data security - might one day just save you from companies riding rough shot over what you want and think, because they have the necessary data to do so. Of course, if, say, you're into S&M stuff, it may be great that you get advertising tailored to you on sites that deal with it. But, would you want that data to 'leak' out, and all of a sudden co-workers start raising eyebrows, why you get so many porn related ads while looking at google maps?

    What about the 17 year old that proudly blogged how he screwed a neighbours kid out of some stuff or other... It's bad enough for the youth to live it down that time. But would you want potential future employers 20 years later make a call on how trustworthy, how grown-up you are by what you posted back then, and might be indexed by some other service in the future?

  11. Re:Wifi Hotspot map by Zironic · · Score: 2, Interesting

    The problem was that they recorded a lot more information then they needed. Google may not have been malicious in their intent but they still need to be stopped because if we don't draw the line here, what prevents an actually malicious company from driving around vacuuming up all your data?

  12. How Dare They! by cgenman · · Score: 2, Insightful

    How dare they collect private information like MAC addresses! Those carefully shielded numbers are there for an important purpose: to be kept safe from prying eyes, hidden behind a shield of apparently unlocked wireless networks.

    Asses.

    WRT network content: If you decide that a regular house isn't good enough for you so you buy a fully glass house, then don't hang up any curtains, what the heck did you expect to happen? "Oh look, this big bad corporation took photographs of my completely glass house! They don't have any intent to do anything with it. We must sue them before they do that!" Why do you people think that your computer warns you every time you connect to an unsecured network that everyone can see all of your bits! The reason they could photograph you naked in public is because YOU WERE NAKED IN PUBLIC. Normally I have some sympathy for non-tech users getting things wrong, but this one is just long-running and stupid.

    As a side note, it seems a little odd that people are freaking out that Google might have their e-mails, the websites they visited, etc. That's like complaining that General Petraeus might have improperly bought a slingshot at a fair. Google pretty much knows the gender of your next child. If they saw you remotely streaming Wrestlemania IV, Amazon probably already told them what you rated it and that you keep re-reading Twilight on your Kindle. While I'm uncomfortable with individual corporations having so much data about people, they've already got it. I'm just expecting the day that I get an e-mail from Google saying that they've automatically updated my calendar with the date I made over Google voice, they called the repairman about the noise in the car, and I have six months until an undiscovered cancer kills me. Sniffing my wireless network won't give them anything they're probably not already collecting from this Chrome browser. Of course, my wireless network isn't completely naked because I actually read the 20 point font easy setup card that came with the damned thing.

    --
    The ______ Agenda
  13. I wrote my AG, have you written to yours yet? by ka9dgx · · Score: 2, Interesting

    Here's what I sent to Indiana's AG...

    TO:
    Office of the Indiana Attorney General
    Indiana Government Center South
    302 W. Washington St., 5th Floor
    Indianapolis, IN 46204
    Phone: 317.232.6201
    Fax: 317.232.7979

    E-mail: Constituent@atg.in.gov

    FROM: Mike Warot

    Hi
        I'm Mike Warot, from Hammond. I'm a network administrator working in Chicago.

    I've recently learned that 37 states are joining in an investigation of Google's collection of WiFi data, as typified in this story from the LA Times

    http://latimesblogs.latimes.com/technology/2010/07/google-street-view.html

    The issue at hand seems to be quite simple. They were trying to make a list of open (unencrypted) WiFi access points as a supplement to GPS to help in navigation. Because the software used to collect this data (Kismet) defaults to collecting entire packets instead of just the names of the access points, there is now an uproar that "passwords were stolen" and other Bull Shit. It was a simple technical oversight, not an evil plot.

    Please DO NOT WASTE MY TAX DOLLARS on this wild goose chase. I'm sure you have plenty of other more important work to do.

    Thanks for your time and attention.