Slashdot Mirror

← Back to Stories (view on slashdot.org)

Canada Says Google Wi-Fi Sniffing Collected Personal Data

Posted by samzenpus on from the coming-late-to-the-party dept.

adeelarshad82 writes "Canada's privacy commissioner, Jennifer Stoddart, has announced that Google's recent Wi-Fi sniffing was a serious violation of Canadians' privacy rights and included the collection of personally identifiable information. Stoddart's team, who traveled to Google's Mountain View headquarters to examine the data, found complete e-mails, e-mail addresses, usernames and passwords, names and residential telephone numbers and addresses. Google has been asked to do four things before the Canadian Government would consider the matter resolved."

99 of 136 comments (clear)

  1. .... COME ON! by Monkeedude1212 · · Score: 5, Funny

    Google has been asked to do four things before the Canadian Government would consider the matter resolved

    You're going to end the summary there? What a damn cliffhanger!

    1. Re:.... COME ON! by Monkeedude1212 · · Score: 5, Informative

      Double posting to answer my own question. Those 4 things are:

      Put in place a governance model to ensure that privacy is protected when new products are launched;
      enhance privacy training to foster compliance amongst all employees;
      designate an individual responsible for privacy issues;
      and delete the Canadian data

    2. Re:.... COME ON! by CosmeticLobotamy · · Score: 1, Funny

      No, that's it. Just any four things. Google put on a hat, shaved, ate a pinecone, and made a collage celebrating Montreal. Canada was like, "A'ight."

    3. Re:.... COME ON! by Mr.+DOS · · Score: 1

      ...shaved...

      Pretty sure you've got that backwards.

      (Yes, I just made a beard pun. Sue me.)

    4. Re:.... COME ON! by kevinmenzel · · Score: 2, Insightful

      Are you kidding? Canada's government doesn't want information. They killed the long form because of how much they hate having information. The more ignorant they are, the more right they can believe they are!

    5. Re:.... COME ON! by TheSpoom · · Score: 1

      I know Google is evil and all, but selling Canadian data to the Government of California? That's low, even for you, Schwarzenegger.

      --
      It's better to vote for what you want and not get it than to vote for what you don't want and get it.
      - E. Debs
    6. Re:.... COME ON! by TheSpoom · · Score: 1

      (Pssst, in case anyone's wondering, we use .gc.ca as our governmental "TLD", since the US won't let others use .gov, the hosers)

      --
      It's better to vote for what you want and not get it than to vote for what you don't want and get it.
      - E. Debs
    7. Re:.... COME ON! by RussTHX · · Score: 1

      (Pssst, in case anyone's wondering, we use .gc.ca as our governmental "TLD", since the US won't let others use .gov, the hosers)

      Other countries seem to use their second level domains freely, e.g. www.hmrc.gov.uk. Perhaps Canada doesn't for some other reason?

    8. Re:.... COME ON! by RussTHX · · Score: 1

      (Pssst, in case anyone's wondering, we use .gc.ca as our governmental "TLD", since the US won't let others use .gov, the hosers)

      Other countries seem to use their second level domains freely, e.g. www.hmrc.gov.uk. Perhaps Canada doesn't for some other reason?

      Ah, just understood; you're talking about the US not sharing the .gov TLD itself; my mistake. Can't say I blame them, though.

    9. Re:.... COME ON! by drcheap · · Score: 1

      Google has been asked to do four things before the Canadian Government would consider the matter resolved

      You're going to end the summary there? What a damn cliffhanger!

      Yeah, what an eh hole!.

    10. Re:.... COME ON! by Anonymous Coward · · Score: 2, Interesting

      Why is it the fault of google that the data people send out over wireless is unsecured?

      Google doesn't care whether the data is secured or not, they're just interested in mapping the wireless points, not in the data itself, so anyone broadcasting unsecured data over wireless must inherently want that data to be open to everyone.

      Here the blame isn't on google, it's stupid, stupid wireless users, and they should be told its their responsibility to keep things secure.

      For once, just once, I'd like to see the right people smacked for being stupid, in this case, the public.

    11. Re:.... COME ON! by Jesus_666 · · Score: 1

      Huh. I guessed it was name, rank, organisation and mission. So close...

      --
      USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
  2. Pay attention class... by AceCaseOR · · Score: 1

    This is why you encrypt your wireless network. Now, I'm hoping that Google has the good sense to implement the changes requested by Ms. Stoddart, and to go the extra mile and delete any collected data from other countries as well. If they don't delete it, I won't be surprised. Disappointed, but not surprised.

    --
    Zagreus sits inside your head, Zagreus lives among the dead, Zagreus sees you in your bed and eats you in your sleep.
    1. Re:Pay attention class... by Monkeedude1212 · · Score: 1

      We've got a bunch of crazy laws.

      In the states, if you get caught downloading music, you get sued by Sony BMG...

      In Canada, we basically assume you payed your blank media tax.

    2. Re:Pay attention class... by c0lo · · Score: 2, Interesting

      I'd consider another lesson worth of paying attention to: Google admitted the (wrongful) collection of data and took the steps to correct much faster than any other corporate I know (take FB for example).

      --
      Questions raise, answers kill. Raise questions to stay alive.
    3. Re:Pay attention class... by mysidia · · Score: 3, Insightful

      I think Google has offered to delete the data, but some goverments ordered them not to. If i were google, i wouldnt go the "extra mile" as it may cause them a law suite. I would contact the other goverments where data has been collected

      The answer should have been... "We already deleted it, sorry."

      Why the heck would they announced that they inadvertently collected data, without guaranteeing its destruction first, so the data would be gone before anyone could dare ask for some order to request preservation?

    4. Re:Pay attention class... by dogsbreath · · Score: 4, Funny

      We've got a bunch of crazy laws.

      In the states, if you get caught downloading music, you get sued by Sony BMG...

      In Canada, we basically assume you payed your blank media tax.

      You insensitive clod: it's not a tax; it's a fee.

      Feel better?

    5. Re:Pay attention class... by aliquis · · Score: 1

      Here in Sweden plenty of people did that, but there was a TV documentary just a week or so ago about how the ISPs told people it didn't mattered whatever they used WEP or WPA so that's how they decided what to have ... Awesome.

      Good people at those positions.

    6. Re:Pay attention class... by jonwil · · Score: 1

      Any country that would want to ban a sandwitch THAT cool (and tasty looking) is clearly screwed up beyond all hope of help.

    7. Re:Pay attention class... by ceoyoyo · · Score: 2, Informative

      Actually, it's a levy.

    8. Re:Pay attention class... by gagol · · Score: 1

      Read many many more from dumblaws.com, hours of fun!

      --
      Tomorrow is another day...
    9. Re:Pay attention class... by steeleyeball · · Score: 2, Insightful

      There is still no excuse for not securing your network... There really ought to be a test for using/accessing the internet akin to Amateur Radio licensing. If you can't take the trouble to secure your network, as minimal as that security is, then you are living in La La land and are safer without internet access. 128 bit encription is good enough against War Drivers, just not against someone who parks on your block and really tries to crack the encryption... Why bother when there are unsecured networks out there to connect to though.

    10. Re:Pay attention class... by Zygamorph · · Score: 3, Interesting

      If I remember correctly Google said they would keep the data until the Canadian authorities had stated they had finished examining it to determine what laws were breached. Once the evidence had been evaluated and they get authorization, they will delete it. Basically they are saying they won't delete evidence of a possible wrong doing until the appropriate authorities say it is OK. This means that they have to hold on to the data collected in each country until they get permission from that country's authorities. Sounds like and administrative nightmare.

      Its also a perfect example of how the laws don't reflect how the technology was designed to work. WAPs are designed to handle two situations:

      1. I want to share with everybody, a.k.a "Open WAP"; and
      2. I want to share with only a select few, a.k.a. "Encrypted or closed WAP".

      From the technology design point of view if you run across an open WAP then you "know" they want to share. If its closed then you know they don't. I agree that it gets very grey when you knowingly start to collect user ids and passwords. If its an automated download of everything that is available, sort of like a wget, then you can argue the stuff should have been secured.

      The laws try to protect the group of people who are too lazy to learn how and why you should secure a WAP as well as your data. The problem is how to differentiate between those open WAPs that people want to share from those where people don't.

    11. Re:Pay attention class... by ScrewMaster · · Score: 1

      Actually, it's a levy.

      Yes, well those tend to break when it rains really hard. So just be careful downloading during a thunderstorm.

      --
      The higher the technology, the sharper that two-edged sword.
    12. Re:Pay attention class... by phyrexianshaw.ca · · Score: 1

      and might survive the next hundred or so years without our hearts exploding. :P

    13. Re:Pay attention class... by mcgrew · · Score: 1

      "Mean old levy, got me to weep and moan. It's got what it takes to make a mountain man lose his home". -- Led Zeppelin (singing, of course, on the fees levied on US file sharers who get caught)

      --
      Free Martian Whores!
    14. Re:Pay attention class... by dogsbreath · · Score: 1

      My chance at being modded "funny" and I'm wrong.

      Poop.

    15. Re:Pay attention class... by ceoyoyo · · Score: 1

      That makes it funnier.

      Notice I just got boring "Informative."

    16. Re:Pay attention class... by dogsbreath · · Score: 1

      Don't be discouraged; I am sure that both your mother and your team at work are happy that you are informative. Me, I like being informative but people usually respond with very negative attitudes.

      Anyways, the secret to being modded "funny" is to use the phrase "You insensitive clod". Slashdot modders are required to funny this up just like Mel Gibson felt a compulsion to buy "Catcher in the Rye" in "Conspiracy Theory". Watch out for Starship captains with bandaged noses.

      Cheers

    17. Re:Pay attention class... by mcgrew · · Score: 1

      There is still no excuse for not securing your network

      How is my providing free wifi for my neighbors hurting you? I don't NEED an excuse.

      --
      Free Martian Whores!
    18. Re:Pay attention class... by AltairDusk · · Score: 1

      While I agree with this on principle in some areas it really doesn't make a difference. Where my parents live for instance you can't even detect the SSID from the road, the signal simply won't reach that far and they would notice someone running around in their yard with a laptop. (Houses tend to be very spread out in rural Maine) In their case I have the network set up for WEP but due to the aforementioned reasons it's fairly pointless anyway. (Thanks to Nintendo's crappy encryption support on the DS they can't use WPA or higher).

    19. Re:Pay attention class... by wastedlife · · Score: 1

      If its an automated download of everything that is available, sort of like a wget, then you can argue the stuff should have been secured.

      From what I understand, this is the case. Google's intent was to record locations of open access points in order to use as either coarse location(for Android or maybe ChromeOS, or even to compete against a similar service that I can't recall the name of) or a public WiFi database. The implementation was to have it sniff out unencrypted packets and record it to later strip out the SSID information. What they didn't consider was the ignorant masses broadcasting private information over open WiFi and the implications of recording it. If they had put a little more effort into the implementation to strip it down to just the SSID information before recording it to disk they would have needed less disk space on these computers and would have saved themselves from this headache.

      Much of this is as stated by Google, so should be taken with a grain of salt. I personally find it to be the more likely cause, and also have no sympathy for those that do not encrypt their wireless connection or at least the private data they are transmitting. Open WiFi is just that, open. It is the equivalent of yelling through windows to your neighbor across the street instead of calling them. Anyone can overhear everything you say in this manner. Encrypted wifi is still yelling across the street, but at least you are using your secret decoder rings to keep prying ears from understanding it, even if they overhear it.

      --
      Said, "It's just like dice but it's got more sides And it tells me who lives and who dies"
    20. Re:Pay attention class... by Stihdjia · · Score: 1

      Geez, chill man. Nobody claimed to be hurt by non-encrypted networks. Maybe he was hoping to do YOU some good. If your such a philanthropist, just give your neighbors the key.

      --
      I see the fnords!
  3. Canada wants that internet money by xda · · Score: 2, Funny

    Was one of the 4 things " hey guy, we want to get in on some of that internet money" ?

  4. Continuing the summary: by cobrausn · · Score: 1, Redundant

    "Stoddart asked Google to do four things before she would consider the matter closed: put in place a governance model to ensure that privacy is protected when new products are launched; enhance privacy training to foster compliance amongst all employees; designate an individual responsible for privacy issues; and delete the Canadian data."

    --
    How does it feel to be a liar with pants constantly on fire?
  5. Article comment puts it best by brunes69 · · Score: 5, Insightful

    registraruser

    October 19, 2010 8:07pm

    Whoa! A company stored lists of patients with a medical condition and contact information on a computer connected to an *UNSECURED and UNENCRYPTED* wireless network, and we are supposed to believe that Google is the "bad guy"?

    1. Re:Article comment puts it best by FrankDrebin · · Score: 3, Insightful

      Sophomoric and stupid comment.

      Stoddart is fulfilling her role in ensuring companies do not collect personal information from individuals (except under very specific circumstances). Doesn't matter if it's done through side-scan radar, digging through your trash, or WiFi sniffing... it's not legal in Canada.

      --
      Anybody want a peanut?
    2. Re:Article comment puts it best by houghi · · Score: 2, Informative

      Yes, we are, at least I am. Privacy is perceived different in different countries. Where in the US everything that is not happening in a private place is considered public, a lot of other countries feel that it is not so much the location as it is the person that has a right on privacy.

      Doing the right thing is not the same as not doing anything illegal. So just because you can does not mean you must.

      --
      Don't fight for your country, if your country does not fight for you.
    3. Re:Article comment puts it best by Anonymous Coward · · Score: 1, Insightful

      Sophomoric and stupid comment.

      Not true. Google recorded data that people were actively broadcasting in the clear for anyone in range to receive. Stoddard may be doing her job in determining what Google recorded and asking them to delete it, but it's not Google's fault that a lot of people are dumb enough to share their private information with anyone in hearing distance. Even a weak WPA or, if it can't be helped, WEP key is better than nothing whatsoever.

    4. Re:Article comment puts it best by Chirs · · Score: 2, Informative

      Google recorded data that people were actively broadcasting in the clear for anyone in range to receive. /quote>

      While true, it is not legal for a corporation to capture and store this data because it is still considered private.

      (Incidentally I happen to agree with you, they were shouting the information to anyone who would listen.)

    5. Re:Article comment puts it best by mcneely.mike · · Score: 1

      Until the USA goes completely and utterly and Bushbarrackly bankrupt... then we will buy up the whole lot of you crackers and make you bend over and squeal like little piggies.

      Thas it, just bend over thar and squeal for me.

      Hyuck... hyuck.

      • Obligatory: Eh?
      --
      soylentnews.org Go there to enjoy the people!
    6. Re:Article comment puts it best by ceoyoyo · · Score: 2, Insightful

      If you give your social insurance number to your employer, should you expect they'll delete it when you leave the company?

      In Canada you should. Even if you go and shout something on the street, a company doesn't necessarily have the right to retain the recording. It's not necessarily a problem if their microphone captures it, but it is if they knowingly keep it.

    7. Re:Article comment puts it best by phyrexianshaw.ca · · Score: 1

      the problem here is that it IS illegal in Canada to retain that data, even if it was handed to you (in this case via unencrypted broadcasts!). to protect people from themselves, Canada maintains laws that a company (or person/group) can only KEEP data that's not personally identifiable, unless the person they gathered information about waves that right.

    8. Re:Article comment puts it best by Geminii · · Score: 1

      If the personal information is being written on a billboard in twenty-foot-high letters, does Stoddart go around forbidding people from looking at it? Is it still illegal to collect information if it's being broadcast at you 24/7?

    9. Re:Article comment puts it best by volcan0 · · Score: 1

      What happens if you are a registered google user ? Don't you already allow them specifically to retain data on you as a user ? Retaining data from your WAP is just an extension of this right if you really what to take it literally regarding Canadian law.

    10. Re:Article comment puts it best by odeland · · Score: 1

      You can look at it, obviously. But you can't take a picture and keep it. How hard is it to understand?

    11. Re:Article comment puts it best by AltairDusk · · Score: 1

      to protect people from themselves

      While it may seem like a noble goal nobody learns anything that way. When governments start worrying about protecting people from themselves it often results in the loss of freedoms over time.

    12. Re:Article comment puts it best by phyrexianshaw.ca · · Score: 1

      again, Canadian privacy laws are some of the toughest.

      even if the EULA said "we will keep your data for 5 years and try not to give anything identifiable to anyone" they still can't legally do it: even if you wave your right to let them.

      without a clearly defined reason to keep the data as-is with the identifiable parts intact, you can't get somebody to wave their right to privacy here. unless you tell them everything you plan to do with their data, and only -ever- stick to that, you can't keep their data.

    13. Re:Article comment puts it best by phyrexianshaw.ca · · Score: 1

      I don't disagree at all. In addition to assisting people in being stupid about their privacy, I personally think the whole idea's draconian and stupid.

      But that doesn't stop it from being the law.

    14. Re:Article comment puts it best by Geminii · · Score: 1

      And if it's your business to drive through public places with a 360-degree continuously recording camera on top of your car...?

  6. Hypocrisy by XanC · · Score: 1

    It's always funny to watch governments charge in and take the high road about collection of data.

    1. Re:Hypocrisy by c0lo · · Score: 1

      It's always funny to watch governments charge in and take the high road about collection of data.

      To me is self-evident - the high road is design for speed, therefore the govs can collect the data more efficiently and thus data collection costs the tax payers less! See? The govt takes care of you!

      --
      Questions raise, answers kill. Raise questions to stay alive.
  7. The Internet is not Secure. by blair1q · · Score: 4, Insightful

    The Internet is not Secure.

    Even less so when you broadcast your Internet packets to every antenna within several hundred yards.

    1. Re:The Internet is not Secure. by FrankDrebin · · Score: 1

      The point is, secure or not, in Canada it's not legal for companies to collect individuals' personal information.

      --
      Anybody want a peanut?
    2. Re:The Internet is not Secure. by elkawuf · · Score: 1

      Geeks know this. To really make the public understand the issue, though, they need to make a movie out of it.

      "Mr. President, sir... it's our internets! They're leaking. At the rate we're losing data, our country will be buried in a syrupy mass of LOLcats, pictures of people's junk, and non-specific teenage angst within the month!"
      "Can't we shut it down?"
      "No sir... trying to plug the tubes now would just make them burst."

    3. Re:The Internet is not Secure. by cynyr · · Score: 1

      so the fault is solely with those that did the collecting, and not those that let that data out in the first place? if you give me your info willingly then i may do WTF i want with it?

      --
      All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
    4. Re:The Internet is not Secure. by ceoyoyo · · Score: 1

      so the fault is solely with those that did the collecting, and not those that let that data out in the first place?

      Not really a problem if they collect it accidentally. It is a problem if they keep it. That's why they've been asked to delete the data, and take steps to make sure they don't accidentally collect and retain it in future, instead of being charged or fined.

      if you give me your info willingly then i may do WTF i want with it?

      No you may not.

    5. Re:The Internet is not Secure. by ScrewMaster · · Score: 1

      Geeks know this. To really make the public understand the issue, though, they need to make a movie out of it.

      They did. It was called "Hackers", and John Q. Public never understood a word of it, being thoroughly distracted by a young Angelina Jolie.

      --
      The higher the technology, the sharper that two-edged sword.
    6. Re:The Internet is not Secure. by phyrexianshaw.ca · · Score: 1

      yep, second the above poster.

      in Canada, if a patient at a hospital walks outside and hands you his medical records, you cannot retain them.

      if a person decided to walk down the street buck naked and you snap a picture, you MUST get their permission to keep or use that image.

      in Canada, to prevent people from getting burned for leaking information they wanted to keep private: nobody can store/use the information they gathered without the consent of that person.

    7. Re:The Internet is not Secure. by blair1q · · Score: 1

      That movie was about the internet?

  8. What about the companies that leaked the info? by fuyu-no-neko · · Score: 2, Interesting

    In this case, I'd be more worried about the companies that are transmitting sensitive information over unsecured wireless networks than I am about Google. If Google can pick up such information by accident, then less trustworthy types can probably pick up similar information intentionally. Unfortunately I expect that such companies are going to get off with no repercussions as everyone gets distracted by going after Google.

    --
    Don't take the above poster too seriously. He doesn't.
  9. I really have to wonder... by The+Ultimate+Fartkno · · Score: 1

    ...just how much of an "invasion of privacy rights" it is when all you have to do is come whizzing by in a camera car to intercept all of this supposedly "private" data. If you're spewing a cloud of personal information around the neighborhood that's unencrypted, unlocked, and unfettered in any way, then I don't think you can expect any more privacy than someone who's in their house and beating the crap out of their spouse so loudly that the entire block can hear it from the street. At some point people are going to have to realize that being on the interwebs doesn't just magically make all of your secrets completely invisible to everyone but those evil Ukranian hax0rs. If it's not encrypted, it's public. Period.

  10. Wrong Target by rickzor · · Score: 1

    Google has provided north america (and the world) with a good lesson, to encrypt your personal data.

    Teaching users not to publicly broadcast their web activity would prevent many other issues than Google's recent steetview scandal, and just announcing that Google is evil and violating everyones privacy is going to be a lot less effective in the long run. Especially when in this case "Privacy" is being broadcast in plain text over public radio waves.

  11. Expectation of Privacy by bem · · Score: 5, Interesting

    If you stand on a public street, it is legal to take pictures of anything you see: there is no expectation of privacy in public.

    If you stand naked in your front yard, you have no expectation of privacy.

    If you stand on your front porch and shout out your Visa number, you have no expectation of privacy.

    If you buy a toy AM transmitter from Radio Shack and broadcast your SSN, you have no expectation of privacy.

    But put it in cleartext on an 802.11g router... and you expect privacy?

    1. Re:Expectation of Privacy by Chirs · · Score: 1

      If you stand on a public street, it is legal to take pictures of anything you see: there is no expectation of privacy in public.

      This is not necessarily the best analogy. Arguably if you stand on a public street with a high powered telephoto lens and take pictures of someone through a small opening in the drapes of a window....the story may be different.

      Personally, I do agree with you that people using unencrypted wireless shouldn't expect it to be private--however, since most people are uneducated in this area they in fact do expect privacy and therefore the law grants it to them.

    2. Re:Expectation of Privacy by mungewell · · Score: 1

      In Canada it is permitted to listening in on _Analogue_ radio signals, providing that the information is not used in action of a crime and is not re-broadcast/told to others.

      However listening _Digital_ transmissions are _NOT_ permitted, so in fact Google did break Canadian law by receiving the said data, even if by mistake. They would be extremely unwise to have done/do anything with data-mining the data.

      Mungewell.
      PS. As people are generally stupid, I have to point out I am not a lawer and could be completely mistaken on my view of reality.

    3. Re:Expectation of Privacy by misexistentialist · · Score: 1

      What about cellphone transmissions?

    4. Re:Expectation of Privacy by AHuxley · · Score: 1

      But put it in cleartext on an 802.11g router... and you expect privacy?
      Under anti hacking laws in parts of the world, your network, you formed with a pw, website, IM does get full privacy protection under the law.
      The quality of the pipe is not a consideration. As a non gov sanctioned effort, no data collection and storage.

      --
      Domestic spying is now "Benign Information Gathering"
    5. Re:Expectation of Privacy by ceoyoyo · · Score: 3, Interesting

      Strangely, Canadian privacy law seems to make a distinction between individuals and corporations. If I hear you yell out your credit card number on the street I can write that in my diary (but I can't USE it for anything). If a corporation hears you, it is NOT allowed to write it in it's diary.

      As for radio, if I hear you broadcast your SSN on the radio, I may listen, but I may not use that information, or tell anyone about it. I think that one is actually the same in the US.

    6. Re:Expectation of Privacy by nbossett · · Score: 1

      "expectation of privacy" can have the legal meaning (whether others are prohibited from violating it) or the common sense meaning (whether it's likely that privacy will not be maintained). Also, whether or not there's an expectation of privacy, in each of your examples the law may well restrict what others are allowed to do. An example would be eavesdropping on some types of radio chatter not intended for you: it may not be encrypted, but it can also be illegal for others to listen in.

    7. Re:Expectation of Privacy by blahplusplus · · Score: 1

      "But put it in cleartext on an 802.11g router... and you expect privacy?"

      Yes since most people are morons and don't understand the implications. The whole idea that the "user knows best" is flawed. Things like network names on identifiable computers can be mapped geographically using googles techniques to identify who people are, their incomes, occupations, their behavior patterns, etc. When you use the internet and couple those usage patterns with even more data like google maps and Wifi scanning you get even more vectors for accurately determining who people are and what they do, building up a more and more accurate profile of human beings. The fact that this is all going on in violation of other countries laws is the issue.

      I'm sure Google and the american government are extremely close, Google and the internet is like the ultimate spy machine. I can only imagine the kinds of files they can build on people from espionage techniques applied to the world public at large.

      This kind of information is great for propaganda and other purposes.

    8. Re:Expectation of Privacy by nimbius · · Score: 1

      you forgot to say, "in America."

      --
      Good people go to bed earlier.
    9. Re:Expectation of Privacy by smart_ass · · Score: 1

      In Canuckistan we have SINs (Social Insurance Numbers) not SSNs

      --
      Ouch ... did I just say that.
    10. Re:Expectation of Privacy by tlhIngan · · Score: 1

      What about cellphone transmissions?

      In Canada, unlike the US, it was perfectly acceptable to intercept cellphone signals (the US barred receivers from the 850MHz cellphone ban, something that was only enforced economically in Canada (because US made equipment wasn't unblocked for Canada)).

      However, the law has said that while you can listen in on any radio transmission, unless it's for public consumption, you cannot utilize the contents. So if someone gives you a hot stock tip, you are technically bound to not use it. Or if someone broadcasts their credit card number - you can hear it, but you can't use it (nevermind the credit card fraud).

      Basically, yes, you can receive it for interest's sake, that's about it. You're individually expected to maintain the privacy between the parties involved still. Corporations are even under harsher terms than this, them having more resources to scrub the data they get.

    11. Re:Expectation of Privacy by ceoyoyo · · Score: 1

      Yes... I have lived here for thirty some years. It helps to translate for the 'mericans though.

    12. Re:Expectation of Privacy by phyrexianshaw.ca · · Score: 1

      somebody already said this, but you forgot to put "in america" at the bottom.

      in Canada, almost every statement you made is false.

      if you stand on a public street, you cannot take pictures of people without consent forms, any trademarked items without consent from the owner, even structures without consent from the architect.
      if you stand on your porch naked, PEOPLE cannot take your picture. hell, even if you go streak down main street in a major city they still cant. (they can, but cannot retain that data unless you consent to it. )
      if you literally hand out photocopies of your visa, people are legally required to securely dispose of them unless they have a reason to believe they should have access to that data.
      the AM bit is exactly what this is about. in canada, you can broadcast that, and anybody that would write it down, or remember it and use it at some point HAS broken the law.
      and your last line there is just a different flavor of the AM one. you can tell your life story to someone over coffee and if they ever try to use those details without consent: they broke the law.

      Canada has some of the toughest privacy laws anywhere.

      just goes to show: I guess we all have big secrets to hide.

    13. Re:Expectation of Privacy by Geminii · · Score: 1

      I have an idea for an unbreakable encryption protocol, involving translating all data into SSNs and broadcasting them in the clear...

    14. Re:Expectation of Privacy by AltairDusk · · Score: 1

      If you stand on a public street, it is legal to take pictures of anything you see: there is no expectation of privacy in public.

      This is not necessarily the best analogy. Arguably if you stand on a public street with a high powered telephoto lens and take pictures of someone through a small opening in the drapes of a window....the story may be different.

      Personally, I do agree with you that people using unencrypted wireless shouldn't expect it to be private--however, since most people are uneducated in this area they in fact do expect privacy and therefore the law grants it to them.

      It could be argued that peeping through a small opening in the drapes is circumventing the users effort at protection. They did close the drapes, they clearly made an effort to prevent peeping. I would view that as similar to WEP encryption, it's full of holes and easily broken but in the case of intercepting WEP encrypted data you know the user made an effort to keep it private. Unencrypted wifi seems more equivalent to the person leaving the drapes wide open.

    15. Re:Expectation of Privacy by Elshar · · Score: 1

      I'm not condoning the actions (or inaction) of people that result in private/personal information being broadcast over wifi.. But, consider that most routers are setup insecure by default AND the people they are targeted to generally are NOT geeks like us, it's reasonable to assume that the people do NOT know that their information is publicly accessible.

      I'm not going to put out an analogy, but keep in mind all of yours included someone actively giving out their information.

      With these incidents via wifi, the people passively gave it out their information. They likely had no idea until this google thing, and even MORE likely is most people that google got packets from STILL don't know. Why? Because they're not geeks like us, and as such, likely don't even read the stories. Even if they did read the story on what google did, and how badly people's routers are set up, they probably wouldn't think it even applies to them.

      Luckily, my first point is getting redressed. I know new linksys routers support a secure setup mechanism, and attempts to set the wep/wpa level to the highest it can and remain compatible with the laptop/device used to set it up. But there's still a long ways to go before the general non-geek populace understands what this jargon means for them.

    16. Re:Expectation of Privacy by LeadSongDog · · Score: 1

      "just goes to show: I guess we all have big secrets to hide."
      Paradoxically, a pair of pants covers a small secret even better than a big one!

      --
      Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.
    17. Re:Expectation of Privacy by DarthVain · · Score: 1

      Not to be nit picker, but its individuals VS Business. More specifically Personal Information VS Business information. Much depends on context as well, if you use your Personal Information in a Business context then it is no longer considered Personal Information and is exempt from the Act. The act itself is weighted in favor of the protection of personal privacy and the release of public information. There is some interpretation to the Act, and that is why there are commissioners, and they have a small army of adjudicators to issue orders or decisions on contentious issues. There are some problems with the Act as I see it, but they do a pretty good job, though orders can be pretty slow due to a back log of issues. The one big problem I see is the Act seems to be harder on small business than say large business (such as large corporations), that can say afford to hire an army of lawyers to make their arguments for them.

      Many people I think are unaware of the Act or how powerful it really is. I hear about issues all the time, that if ever brought before a privacy commissioner would be shot down so fast it would make their head spin! Someone has to make an issue of it however before anything is done.

      For instance I heard from someone about how if they were sick, they were obligated to provide their personal medical records to prove that they were sick (including x-rays, etc...). They had to sign a consent form to this effect at their job. From my own experience I would say that is BS. The employer has a right to know from your doctor if you were able to work or not, but the specifics of your medical history is none of their business. Requiring the consent of the release is sketchy as well. I think if this practice were ever brought forward, it would get destroyed. Anyway I am glad we have privacy laws, though the freedom of information part sometimes makes my job a big pain in the ass, as it can be abused pretty badly by the public.

  12. Do any of those four involve money changing hands? by pedantic+bore · · Score: 1

    Shucks; now I'll have to RTFA.

    --
    Am I part of the core demographic for Swedish Fish?
  13. And if it's not resolved... by i_ate_god · · Score: 1

    ...then what?

    --
    I'm god, but it's a bit of a drag really...
    1. Re:And if it's not resolved... by RavenChild · · Score: 1

      Canada is going to send the four requests again... in FRENCH!

    2. Re:And if it's not resolved... by i_ate_god · · Score: 1

      Acadian or Quebecois?

      --
      I'm god, but it's a bit of a drag really...
  14. Re:the "beaming it through my body" principle by pedantic+bore · · Score: 1

    If you shout something from the rooftops, don't bitch when somebody overhears it.

    They're not bitching because someone is overhearing it.

    They're bitching because someone is carefully recording it, cataloging it, pinning your name on it, and selling the information to anyone who wants it.

    --
    Am I part of the core demographic for Swedish Fish?
  15. Time to activate the Canadian Armed Forces by WillAffleckUW · · Score: 1

    There are enough of us in place near Google to launch a tactical strike and bring their servers to a dead stop.

    --
    -- Tigger warning: This post may contain tiggers! --
  16. Re: Your trashcan is not Secure. by xiando · · Score: 1

    The Internet is not Secure.

    I like the trash example above. Your trashcan is not secure. Does that make it alright to dig through your trashcan and store the inventory of it in a database?

    --
    9/11: Never forget it was a false-flag operation
  17. Re: Your trashcan is not Secure. by blair1q · · Score: 1

    If it's in your yard, no. When it's out on the street, yes. If you dump it up and down the street, then very much yes.

    Essentially, when you use unencrypted wi-fi, you are dumping your trash-can up and down the street, and you have no expectation of privacy.

    If you want your trash to be protected by the 4th Amendment, leave the can on your property behind a gate and hire a non-government trash company that promises to keep it out of plain sight during transport and dump it out of plain sight on private property or destroy it. If you want your trash to be secure from everyone, destroy it yourself.

  18. Re:the "beaming it through my body" principle by mcneely.mike · · Score: 1

    But what if they don't know they're shouting it.... these are people who think windows is good enough for them and are willing to pay best buy to get rid of their viruses:

    How are they going to know their computer is leaking unencrypted data?

    --
    soylentnews.org Go there to enjoy the people!
  19. Re:is it me by shentino · · Score: 1

    What bothers me more is that governments are using this breach as an excuse to make google cough up information to the authorities that they'd otherwise have had to get a warrant for.

  20. Re:Corporate Consequences by nedlohs · · Score: 1

    Something less harsh.

  21. Re: Your trashcan is not Secure. by phyrexianshaw.ca · · Score: 1

    If you want your trash to be protected by the 4th Amendment,

    then try moving to the united states.

  22. Google's fault... by hesaigo999ca · · Score: 1

    I am such a great big fan of Google, they could do no wrong, well almost, ...I guess I got to throw in the towel with this one....
    maybe they did this to set a precedent for the future????

    If they really just wanted to WIFI sniff to see available hotspots, that is one thing, but for them to collect personal data by breaching someone's router, that is totally another....and illegal.

  23. Re: Your trashcan is not Secure. by blair1q · · Score: 1

    Being in the minority on /. bothers you.

  24. Won't help much. by DrYak · · Score: 2, Insightful

    Nice idea, but that won't help much.

    enhance privacy training to foster compliance amongst all employees;

    That won't help when the problem itselfs stem from bad users behaviours.
    The whole thing is due to the fact that Google only wanted to store SSIDs to help a SSID-based location.
    Except that lots of access point where apparently configured to transmit data unencrypted, and then lots of people didn't encrypt their session either (they browse HTTP instead of HTTPS and use POP/IMAP instead of IMAPS or STARTTLS, etc.)
    Then this people start exchanging sensitive data over such non-secured channel and are amazed when their data ended up being eavesdropped

    So that would exactly be the situation of movie sound engineer recording some background noise use in a street, exactly at the moment when neighbours on each side of the street decide to discuss some banking matter using megaphone each sitting on his lawn.

    The people needing education ARE THE STUPID IDIOTS WHO DON'T SECURE THEIR DATA.
    Not Google employee. Though, the employee might benefit from a short introduction, reminding them that people are idiot and do stupid stuff. Like emitting sensitive data in the clear. So when doing their next data gathering stuff, they have to take into account that some poeple are emitting data that they don't really want public, and that Google has to take extra measure to be sure that it can't by accident catch the data of clueless dumbasses.

    But the main target of eduction are the idiots themselves. Always secure your critical infromations. "But I'm a little guy, nobody is interestead in stealing my data" is never a goof solution. "But it's illegal to do so, therefor I'm protected", too.
    The day your banking infos are stolen and your account emptied, try using the same arguments against your bank. Go ahead, try it.

    and delete the Canadian data

    That won't help. A bit.
    Google is not FaceBook. All they wanted is the SSID to do SSID based-location. They never had the intention to sell this data. Forcing them to delete it won't magically protects the users. They weren't in danger from Google at all. Google just happened to discover that this data ended up on their cars, immediately stopped the procedure and reported to authorities. (Probably the only reason that Google hasn't deleted this data is due to the ongoing investigation). That these data were captured wont change anything for them - it won't end up in wrong place, that was never the intention.

    But deleting the Canadian data from Google, won't protect the idiots who still transfer their sensitive data over non-encrypted channels. This won't guarantee that tomorrow, some less well intentioned people, (Black hat hackers, Mark Zuckerberg, whatever) won't drive through the same street, recording the private data, and instead of reporting immediately to the authorities, selling the gathered data to whomever gives the best price.

    What is needed is an information campaign so people better understand the risks of non-encrypted transmission.
    If anything, Google has attracted attention on the problem.
    On the other hand, now less collaborating entities might try to reproduce the experiment (war driving while recording clear WiFi transmission) with the clear intention of gathering sensitive data and re-selling it.
    If ana

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  25. Privacy protection: This is not the textbook case by DrYak · · Score: 1

    The law governing the privacy are not designed for this case.

    Their are designed for 2 type of problems :
    - FaceBook-style privacy violations. A company asks your for a specific information (and either promise to keep it only for themselves or this is just assumed by the law). You give your informations, knowing that it won't (or at least) shouldn't get divulged. Company goe ahead and sells data to non authorised 3rd party anyway.
    - Hackers-style privacy violations. A un authorised 3rd party, tries and succeeds accessing data that shouldn't belong to them.

    Here the situation is slightly different :
    - Google accidentally recorded the info. Their intention was to obtain SSID for SSID-based location. Two thing hapenned : their recorded more traffic than expected, and the world is full of dumb people sending data in the clear. (Once Google realised, they stopped and reported the incident to authorities)

    The situation would be equivalent of movie sound engineer recording some background noise use in a street (for making a sound track), exactly at the moment when neighbours on each side of the street decide to discuss some banking matter, shouting with megaphones, each sitting on his lawn.
    Is the sound engineer criminal ?

    If yes, what next ? A new form of joe job : Company A is rival of Company B. Company A manage to find some 3rd party sensitive data, send them anonymously to Company B, and then report Company B to the authorities. Company B being guilty because some sensitive private data ended up unintentionally in their office ?

    Stoddart is fulfilling her role in ensuring companies do not collect personal information from individuals

    At no point in time did Google show effort in *trying to collect* personnal information. They ended up with personnal information due to underestimating the collective stupidity of people sending sensitive data over non-encrypted networks.

    Doesn't matter if it's done through side-scan radar, digging through your trash, or WiFi sniffing... it's not legal in Canada.

    Then the law should be changed, because if it covers unintentionnal accidental gathering, it opens the door to joe-jobs as mentionned above.

    Google could be held responsible for under-estimating the risks of ending up with private data by proceeding as they did.
    They should not be considered guilty of data stealing, though.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  26. Risks of joe jobs by DrYak · · Score: 1

    so in fact Google did break Canadian law by receiving the said data, even if by mistake.

    Then the law should be adapted, because the current form opens risks of joe-jobs :
    You could push digital data into some concurrent company and report them.

    If an entity showed no signs of actually trying to obtain the private data, and if they had the correct reaction when discovering it (i.e.: stop and report immediately to the authorities, instead of trying to mine the data or try to re-sell it), they should NOT be considered guilty of privacy invasion. They could be accused of having underestimated the risks of ending up with private data, but not of trying to steal them.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  27. Re: Your trashcan is not Secure. by phyrexianshaw.ca · · Score: 1

    ...?

    the majority of the world and a LARGE number (I'd be surprised if we weren't the majority) of /. users are from outside the USA.

    (and just to clear up any confusion, I'm from Canada.)