Slashdot Mirror

← Back to Stories (view on slashdot.org)

Canada Says Google Wi-Fi Sniffing Collected Personal Data

Posted by samzenpus on from the coming-late-to-the-party dept.

adeelarshad82 writes "Canada's privacy commissioner, Jennifer Stoddart, has announced that Google's recent Wi-Fi sniffing was a serious violation of Canadians' privacy rights and included the collection of personally identifiable information. Stoddart's team, who traveled to Google's Mountain View headquarters to examine the data, found complete e-mails, e-mail addresses, usernames and passwords, names and residential telephone numbers and addresses. Google has been asked to do four things before the Canadian Government would consider the matter resolved."

10 of 136 comments (clear)

  1. .... COME ON! by Monkeedude1212 · · Score: 5, Funny

    Google has been asked to do four things before the Canadian Government would consider the matter resolved

    You're going to end the summary there? What a damn cliffhanger!

    1. Re:.... COME ON! by Monkeedude1212 · · Score: 5, Informative

      Double posting to answer my own question. Those 4 things are:

      Put in place a governance model to ensure that privacy is protected when new products are launched;
      enhance privacy training to foster compliance amongst all employees;
      designate an individual responsible for privacy issues;
      and delete the Canadian data

  2. Article comment puts it best by brunes69 · · Score: 5, Insightful

    registraruser

    October 19, 2010 8:07pm

    Whoa! A company stored lists of patients with a medical condition and contact information on a computer connected to an *UNSECURED and UNENCRYPTED* wireless network, and we are supposed to believe that Google is the "bad guy"?

    1. Re:Article comment puts it best by FrankDrebin · · Score: 3, Insightful

      Sophomoric and stupid comment.

      Stoddart is fulfilling her role in ensuring companies do not collect personal information from individuals (except under very specific circumstances). Doesn't matter if it's done through side-scan radar, digging through your trash, or WiFi sniffing... it's not legal in Canada.

      --
      Anybody want a peanut?
  3. The Internet is not Secure. by blair1q · · Score: 4, Insightful

    The Internet is not Secure.

    Even less so when you broadcast your Internet packets to every antenna within several hundred yards.

  4. Re:Pay attention class... by mysidia · · Score: 3, Insightful

    I think Google has offered to delete the data, but some goverments ordered them not to. If i were google, i wouldnt go the "extra mile" as it may cause them a law suite. I would contact the other goverments where data has been collected

    The answer should have been... "We already deleted it, sorry."

    Why the heck would they announced that they inadvertently collected data, without guaranteeing its destruction first, so the data would be gone before anyone could dare ask for some order to request preservation?

  5. Expectation of Privacy by bem · · Score: 5, Interesting

    If you stand on a public street, it is legal to take pictures of anything you see: there is no expectation of privacy in public.

    If you stand naked in your front yard, you have no expectation of privacy.

    If you stand on your front porch and shout out your Visa number, you have no expectation of privacy.

    If you buy a toy AM transmitter from Radio Shack and broadcast your SSN, you have no expectation of privacy.

    But put it in cleartext on an 802.11g router... and you expect privacy?

    1. Re:Expectation of Privacy by ceoyoyo · · Score: 3, Interesting

      Strangely, Canadian privacy law seems to make a distinction between individuals and corporations. If I hear you yell out your credit card number on the street I can write that in my diary (but I can't USE it for anything). If a corporation hears you, it is NOT allowed to write it in it's diary.

      As for radio, if I hear you broadcast your SSN on the radio, I may listen, but I may not use that information, or tell anyone about it. I think that one is actually the same in the US.

  6. Re:Pay attention class... by dogsbreath · · Score: 4, Funny

    We've got a bunch of crazy laws.

    In the states, if you get caught downloading music, you get sued by Sony BMG...

    In Canada, we basically assume you payed your blank media tax.

    You insensitive clod: it's not a tax; it's a fee.

    Feel better?

  7. Re:Pay attention class... by Zygamorph · · Score: 3, Interesting

    If I remember correctly Google said they would keep the data until the Canadian authorities had stated they had finished examining it to determine what laws were breached. Once the evidence had been evaluated and they get authorization, they will delete it. Basically they are saying they won't delete evidence of a possible wrong doing until the appropriate authorities say it is OK. This means that they have to hold on to the data collected in each country until they get permission from that country's authorities. Sounds like and administrative nightmare.

    Its also a perfect example of how the laws don't reflect how the technology was designed to work. WAPs are designed to handle two situations:

    1. I want to share with everybody, a.k.a "Open WAP"; and
    2. I want to share with only a select few, a.k.a. "Encrypted or closed WAP".

    From the technology design point of view if you run across an open WAP then you "know" they want to share. If its closed then you know they don't. I agree that it gets very grey when you knowingly start to collect user ids and passwords. If its an automated download of everything that is available, sort of like a wget, then you can argue the stuff should have been secured.

    The laws try to protect the group of people who are too lazy to learn how and why you should secure a WAP as well as your data. The problem is how to differentiate between those open WAPs that people want to share from those where people don't.