Google Broke the Law, Say South Korean Police

bonch writes "South Korean police say Google was in violation of Internet privacy laws when its Street View service archived private information in more than 30 countries, including email and text messages. The country's Cyber Terror Response Center broke the encryption on hard drives raided from Google last August and confirmed that private information had been gathered, violating South Korea's telecommunications laws. Police are seeking the original author of the program, though they say it is likely to be a US citizen. Google said it stopped collecting the information as soon as it realized what was happening. 40 states in the US are demanding access to the information gathered by the mapping service in order to determine what was archived, which Google refused to hand over. 'We have been cooperating with the Korean Communications Commission and the police, and will continue to do so,' said a Google Korea spokesperson."

I wonder who they forgot to bribe?

[rolfwind]

This isn't a defense of Google. It just seems that corporations are never called to task for deplorable behavior unless they forgot to grease the right wheels.

Re:I wonder who they forgot to bribe?

[intellitech]

Although Google is large, and does stand to get some bad publicity from this whole situation, it's not fair to lump them in with the same group of corporations responsible for bribing congressmen over automative safety, health problems related to tobacco, or nuclear power plant contamination.

Re:I wonder who they forgot to bribe?

[lexidation]

Where exactly does the dividing line between "spends millions on lobbying and campaign contributions" and "bribes politicians outright" get drawn? I don't mean this as a rhetorical question. It seems to me there's something broken in the system, something which will never get fixed because it underwrites the ambitions of the people in power.

Re:I wonder who they forgot to bribe?

[commodore64_love]

The downfall of the Athenian Empire alone proves that pure democracy (as you propose in your letter) is a bad idea.

Pure democracy can also be called "tyranny of the majority" as the minority voice is drowned-out. Or worse: Crushed. Just ask the Americans that were imprisoned during World War 2, simply because the majority decided they did not like the minority who looked different (i.e. asian). The purpose of a Republic is to have a Supreme Law that protects the minority from such abuses, and which no one, ideally, can remove by a simple 51% vote. The Law of Individual Rights reigns supreme even above the government or its representatives, and can not be revoked.

It isn't a perfect system, but it's certainly much better than a Democracy. Socrates was killed with a simply 51% vote. No trial; no lawyers; nothing to protect his right to speak his mind. The Demos killed him because they didn't like him. That's what a democracy gives you.

Re:I wonder who they forgot to bribe?

[commodore64_love]

>>>I suppose you find it easier to just let government corruption continue unabated.

Strawman argument. I never said that, but I'd still rather have the protections given to me by the current Law of the Republic (rights to free speech, trial, privacy, etc) then to have a Democracy where my voice would be drowned-out by a 51% majority of uneducated boobs that would lock me up simply because I'm gay. Or black. Or asian. Or atheist. Or anti-War on Terror. Or whatever.

As for the problems we face today, most would disappear if we followed the 9th and 10th Amendments instead of ignoring them. No more bailouts of AIG, or forced purchasing of hospital insurance I don't want, or war on (some) drugs, or giving "stimulus money" to General Motors, and so on. Congress is forbidden, by the tenth, to do those things.

Re:I wonder who they forgot to bribe?

[Jophish]

I have been considering this problem for some time now, if only for British politics. One slight problem is that people are dumb. Senators and MPs act not only as a geographical proxy, but as a mediator for stupidity. Take for example the MMR vaccine scare. After this event, the majority of the public were outright scared of this vaccine. It was the duty of the politicians to educate themselves on this issue, and think about things rationally. In addition, educating oneself on a matter takes time. Most people will not be able to find enough time to learn about these issues. This could be partially solved by a few methods. Firstly, only a randomly selected subset of people could be permitted to vote on each issue. This would give people the opportunity to learn about the topic at hand, and make a rational informed decision. Still, people can be swayed by either effects, and most people are very capable of making bad decisions, even if they know all of the information. This could be solved by having people take a "Voting Exam". In the same way that a person driving a car, is likely to do harm if they are not able to control the vehicle, so could a person voting irrationally do harm. I suppose that the voting exam would consist of testing the subject's critical thinking skills and their ability to comprehend and utilize new information.

Re:I wonder who they forgot to bribe?

[beerbear]

Right now your voice is being drowned-out by a minority with money.

Re:I wonder who they forgot to bribe?

[commodore64_love]

IMHO this all boils down to various Governments wanting to maintain their MONOPOLY on the right to spy. Take the example of Britain where Google got in trouble because their CameraCar caught somebody's wash hanging outside. First off Google did nothing wrong - if you have your undies in view of the front street, then you're just plain stupid. Second you have no right to forbid Google or Me or anybody else from photographing it.

But the UK government decided otherwise, ordered google to erase the undies image, and fined them. Meanwhile that same UK government has cameras installed on every fucking street that are capturing everything from Undies hanging in front yards to... well, fucking.

But that's okay. It's okay for the Government to maintain its Monopoly to spy on us.
Google and other private photographers get slapped down; but the government invades our privacy every day.

Re:I wonder who they forgot to bribe?

[CrimsonAvenger]

They should also revoke those laws that forbid any other party from being on the ballot except Republican and Democrat. Now that we have electronic ballots, there's no reason why we can't list 5-to-10 parties on each one, and let the people decide.

Where do we have laws like this?

I've lived in nine different states, and none of them restricted the ballots to Republican and Democrat.

Re:I wonder who they forgot to bribe?

They don't explicitly restrict the ballots to R and D, but most states have laws making it very difficult for third party politicians to get on the ballot. For instance, they will require an obscene number of signatures for parties that did not get a certain percentage of the vote in the previous election. In Pennsylvania, the courts routinely kick third parties off the ballot for "fraudulent signatures." A few years back Nader got kicked off the ballot and *fined* for a few dozen fraudulent signatures... out of thousands. He had three times the legally required number. It didn't matter that he definitely had the required amount of valid signatures. It didn't matter that his opponent only showed a handful were fraudulent. It didn't matter that there is no way to check that every signature out of thousands is legit. He was kicked off and fined. Not that I'm a fan of Nader, but the court really went out of its way to send a message to third parties: don't even try.

Re:I wonder who they forgot to bribe?

[commodore64_love]

>>>ballots to Republican and Democrat.

In my state if you are a third party, like Libertarian or Communist or Constitutionalist or Green, you must either win 10% of the previous vote or collect signatures from 5% of the population. Since the standard is set so high, the ballot is effectively banned to anybody but the R and D parties. It's a way for them to maintain their control.

Ironically if the R or D parties don't meet these standards (don't get 10% of the vote, or 5% of signatures), it doesn't matter. They are automatically added.

Re:I wonder who they forgot to bribe?

[iserlohn]

The lady that sued Google was in Japan, it was probably because the UK press reported on that you remembered it wrongly.

The whole thing with streetview privacy violation thing is media hype. If you're doing things which can be seen in public, you have a very slight chance that somebody will be capturing it on camera. This something everybody have to accept when being in public view. There's a reason why people don't have sex in their front lawns. If you're transmitting data in the clear on unlicensed frequencies, then there is a slight chance that somebody will come around with airsnort and capture your frames. This is something everybody that is using unencrypted WIFI has to accept.

Re:I wonder who they forgot to bribe?

[euroq]

But it is by no means a 'democracy'

GOD, WHAT THE FUCK. This bullshit is always all over ./ conversations. How can smart people be so ignorant? A democracy is NOT mutually exclusive with a republic. America is a democracy. It also happens to be a republic. It may not be a DIRECT democracy, but it is still a democracy, which is a government which is elected by its people. This should not be a difficult concept to grasp.

Before someone gives the reductionist answer

[Compaqt]

that all Giggle was doing was recording aspects of the electromagnetic spectrum that was hitting their equipment:

What's the limit to that?

Is it also OK to record faint sound waves emitted from a given StreetView address?

Is it also OK to record GSM cell phone transmissions (recently shown vulnerable to cracking)?

Is it also OK to set up a listening device to log the electromagnetic signature emitted by monitors and keyboards, and then associate that with a given StreetView address in your database?

Would it also be OK to use a high-power lens to record photons leaking beyond a window that you thought you had pulled the curtain on?

Would it also be OK to record infrared heat signatures of building occupants walking around or doing whatever?

And if a "normal" person (not a corporation with cute logo) did all this, wouldn't he be arrested for stalking?

Re:Before someone gives the reductionist answer

[commodore64_love]

A reasonable limit might be to disallow recording of any sound (or sight) that is not detectable by human ears/eyes.

So if the sound is below, say, 10 dB then it would be forbidden by private persons/companies to record it. Or if the EM captured is below 50 lux(?) that too would be forbidden to record. That would stop them from using super-sensitive equipment to hear conversations in the kitchen, or take a peak into darkened bedrooms.

Encryption broken?

[hcs_$reboot]

“We succeeded in breaking the encryption behind the hard drives, and confirmed that it contained personal e-mails and text messages of people using the Wi-Fi networks,” said a [Korean] police official.

I was however assuming
1. that in such case Google would have been legally forced to provide the encryption key,
2. and anyway, that a HD encrypted by Google wouldn't be so (apparently) easy to break.

Re:Encryption broken?

[slaad]

2. and anyway, that a HD encrypted by Google wouldn't be so (apparently) easy to break.

That was my first thought as well. Given how much most people know about encryption though, I'd be willing to bet that it wasn't even encrypted. There was probably some aspect of the data that was encoded in some way and the official(s) who wrote and/or gave the statement just said encryption.

Hang on...

[c0lo]

... letting aside the "breaking the encryption behind the hard-drives" containing "sensitive private information from unencrypted wireless networks during the filming process."... what the hell is with:

“We are looking to penalize whoever ordered and developed the program, but are unsure as of yet who that might be,” said a police official.

1. first whoever ordered and whoever developed are highly probable two different persons.Did both of them broke the SK law?
2. why they go after the "whoever ordered and developed" and not after "whoever used the tools"? Is it in SK customary to go after the person that manufactured the knife used in a stabbing?
3. the way I know, Google used some open-source components in putting the "tool" together. Is the original author of these components equally guilty?

Re:anyone who believes Google did this by accident

[Sarten-X]

Hi. I'm a software engineer. A few months ago, I dumped a few million social security numbers to a log file. It sure is a good thing I turned off that logging before I switched projects.... Of course, it was turned on for five days until that happened, and nobody realized that SSNs were part of that log.

Life with data is difficult. Fields of "arbitrary data" are logged, sometimes publicly. There's nothing any reasonable person or company can do to stop it. The best they can hope for is that they've hired ethical people who will respect the limits of what they should and should not see.

s/\d{3}-\d{2}-\d{4}/SSN-SS-NSSN/g

Hard drive encryption broken?

[Graftweed]

"We succeeded in breaking the encryption behind the hard drives"

Wait, what? All of the solutions I know of to encrypt hard drives at block or filesystem level are prety well implemented. You can't just brute force them. So either:

• Someone at google left the password/phrase on a postit note next to the HDDs and/or it was '12345'
• It wasn't 'encrypted' at all, but the Cyber Terror Response Center[1] thought it would sound awesome to say they broke it
• The South Koreans are hiding the most advanced super computer in the world on some basement somewhere. Or some methematicians who can factor large primes in their sleep.

[1] What the hell is up with these bullshit terror-inspiring names anyway? It sounds like a bunch of kids getting together on the playground and trying to think of the most kick-ass name for their dodgeball team.

Re:anyone who believes Google did this by accident

[Cyberllama]

It was a pretty obvious accident, if you understood the technical explanation of what happened. The problem is, if you don't, it sounds like something that couldn't possibly be an accident. The crux of the matter is this:

They were gathering data on purpose. This was NOT the data they were trying to gather. They were trying to gather WiFi SSIDs for geolocation purposes. Unfortunately, the code was simply sloppy. It needed the first X bytes of the packet (which contain the SSID and ended up getting the first X+64. In other words, they weren't even capturing *entire* Payloads of packets -- only fragments of payloads. The data they were trying to gather is perfectly fair game and not at all a privacy issue. All devices do this to some extent, its how they find out what networks are around you and whether or not they're encrypted. You can't simply rely on the broadcast packets for that purpose.

If this was an accident, it was the result of the programmer doing a half-assed job. If it wasn't, however, then the programmer did a completely incompetent half-assed job. If he was *trying* to get this data, then he did it in probably the stupidest possible manner. The only logical conclusion to draw is that it was genuinely an accident.

Re:The South Korean Government is no fan of Google

[John+Saffran]

The real-name laws in korea were created for two reasons:

1. Serious instances of unfounded slandering against various people, especially celebrities.but not restricted to them. The aim is to encourage people to behave responsibly on the internet by tieing what they post or upload back to the individual, beyond that the SK government doesn't give a rat's arse what you do online or which sites you go to.

Case in point being, to continue with your example, that Google (or more specifically Youtube) was required either to have a system to point back to the real-person or alternatively restrict the ability to post or upload potentially slanderous material. Google chose the latter and it's worthy of note that people can do everything else, eg. view videos.

Basically it's the side effect of having the highest rate of internet participation in the world .. you get all sorts of people just like normal society, including those who enjoy malicious rumour mongering and think they can engage in that behind the privacy of the internet. Ironically in a large proportion of cases it turns out the posters were immature school kids (including primary schoolers) being just that .. immature.


2. Many government functions that in real-life require authentication are fully online. This is probably beyond the experience of most people on slashdot, but you can do all sorts of personal activities online (eg. taxation, etc) and by definition you can't take people at their word when talking about those. Therefore real-name identification is required there also, particularly as there's rampant attempts at ID theft from china for various reasons.

Ironically your post is a perfect example of scenario 1, ie. malicious slandering by people hiding behind internet anonymity, in the manner in which you deliberately twist the SK's request and google's actions with unsubstantiated additions like:

- It's no secret that the South Korean government isn't overly fond of Google

Hardly, the government has only required that google comply with the laws that were created to address the previously listed comments. Beyond that Google has been free to operate as it sees fit .. calling that repressive is ridiculous, the government doesn't track people's activities nor are companies required to do anything beyond enabling the tracking down of people for legal purposes, eg. lawsuits for slander.

We're not talking about china and it's so-called golden shield (or shower to be more accurate).


- Google chose to block posts to YouTube from Korea

No, google chose to remove the functionality to post without an account liked to a real person. To quote from the article:

YouTube has decided to restrict its video upload and comment functions in South Korea.” It also stated, “Because there is no upload function, users won’t be required to confirm their identification.”

Note that viewing videos is not restricted at all and uploads/comments to sites that are linked to a real-person are unrestricted beyond the uploader being aware that they should be sociable in their behaviour.

I wouldn't be surprised if Google simply didn't feel it cost effective to create complex functionality that would be country specific (with all the possibilities that different countries would then start asking for their own items) so it was easier to simply remove rather than add.

- while encouraging those users to change their country preference to somewhere else

Where exactly did they say that?



It's fair to say that your post is a perfect example of what the law is designed to address, slanderers hiding behind anonymity to post all sorts of lies and half-truths. We'd all like to think that this type of people don't exist, but unfortunately some people only feel better by putting others down, one only has to look a

damn str8!

[airdrummer]

the fcc regs give everyone to right to receive all e/m on the public airwaves...

Re:anyone who believes Google did this by accident

[commodore64_love]

>>>And that's a strawman.

No it isn't. YOU'RE the guy who brought-up the recording of somebody's daughter ("upload video of your daughter on the toilet"), and I responded to that by saying, IF she's doing it in the front yard then yes a guy with a camera has every right to record it. There is no expectation of privacy in a public view.

Now INSIDE your house, then yes said "daughter" has a right to privacy. And I addressed that in a separate post: "A reasonable limit might be to disallow recording of any sound (or sight) that is not detectable by human ears/eyes."

Re:Encryption standards?

[Arancaytar]

I RTFA, and the "breaking the encryption" was a direct quote from the police. So it's not the reporters being stupid.

However, it's quite possibly the police lying to sound more badass.

Re:anyone who believes Google did this by accident

[Sarten-X]

It doesn't matter if I did or not (though I did), because in my company had contracts authorizing us to use the data however we wanted. I'm fairly sure we could run the SSNs across a 6-foot-tall marquee in the office and been legally clear, as long as no visitors were in the office.

All the logs were stored on encrypted volumes anyway, in known locations. Since the information never (because of preexisting security) left the company, no reporting was needed. Then there's the time where my team intentionally bypassed security layers to view other personal (protected) numbers, because we needed to see what they looked like to understand a production-only bug...

My point is that storing recorded information is ridiculously easy, and recording information is part of the job. Google was intending to collect basic wifi information (ESSID and channel, as I recall), and ended up storing a lot more than that (probably to try to only run the vans once). I've long since lost interest in the details of this case, but I'd assume Google vans just stored everything they received, and processed it later. That intermediate storage, never meant to be used or released to the public, would constitute "eavesdropping" under loosely-worded laws.

Re:What gives you the right to send signals...

[ian_from_brisbane]

If you are going to blast the signal to me I have every right to listen/decode/see what you are bombarding my property with 24/7.

I completely agree. And the answer to the GP's various questions is "Yes, it would be OK." It's up the the emitter to restrict emissions that he wants to remain private. That includes photons/vibrations/radio/heat.