Connecticut AG Opts For Street View Settlement, Without Seeing the Data

theodp writes "Verifying Google's data snare is crucial to assessing a penalty and assuring no repeat,' said Connecticut Attorney General Richard Blumenthal last December in response to Google's 'accidental' collection of payload data from WiFi networks. 'We will fight to compel Google to come clean-granting my office access to improperly collected materials and protecting confidentiality, as the company has done in Canada and elsewhere.' That was then. Luckily for Google, there's a new AG in town, and Blumenthal successor George Jepsen said Friday that his office will enter into settlement negotiations with the company without reviewing the pilfered data, which Google has steadfastly refused to share with it. 'This is a good result for the people of Connecticut,' Jepsen said in a statement. A separate Jepsen press release suggested some of the blame for the privacy offenses laid with Google's victims, who were advised to 'turn off your wireless network when you know you won't use it' to thwart those who 'may be watching your Internet activity without your knowledge."

So much for "Don't be evil"

So, why'd you believe a marketing slogan from an overgrown ad agency anyway?

Re:So much for "Don't be evil"

[commodore6502]

If someone is shouting-out, "I'm going to check my email...... next I'm surfing over to pay my bank bills... and now I'm visiting playboy.com," such that everyone within a radius of 1 block can hear it

That doesn't make the listener an "evil" person.

Re:So much for "Don't be evil"

[Suki+I]

If someone is shouting-out, "I'm going to check my email...... next I'm surfing over to pay my bank bills... and now I'm visiting playboy.com," such that everyone within a radius of 1 block can hear it

That doesn't make the listener an "evil" person.

That is precisely the point. Securing it would be a good step too. Suing a company for "hearing" broadcasts is just dumb.

Re:So much for "Don't be evil"

[TheRaven64]

Exactly! And if someone is naked in their bedroom, and I happen to climb on the roof opposite with a camera and a telescopic lens and take photos of them to post online then it doesn't make me an evil person!

Wait, what?

Re:So much for "Don't be evil"

If someone is shouting-out, "I'm going to check my email...... next I'm surfing over to pay my bank bills... and now I'm visiting playboy.com," such that everyone within a radius of 1 block can hear it

That doesn't make the listener an "evil" person.

It does when the person is deliberately going around listening for others checking their email, and then deliberately recording those conversations.

Which is EXACTLY what Google DELIBERATELY did.

"But it's Google! We cream our jeans and lose our ability to think when we hear that name!"

Your landline isn't encrypted - and if anyone really wanted to they could easily listen in on your conversations. Would that be OK?

"But it's Google! it's OK!"

Your cell phone conversations are broadcast and can be listened in on? Would it be OK if anyone recorded those conversations?

"But it's Google! It's OK!"

No, it's not.

Re:So much for "Don't be evil"

[laughingcoyote]

On the other hand, if someone is walking around outside naked, and you just happen to see them, you're not evil at all.

I'll be the first to condemn Google when they're in the wrong, believe me. But if you leave your wireless open, you are choosing that anyone within range of it can pick up any packets it's sending. Or you failed to learn even the basics of safely and securely operating a device that carries sensitive data. Either way, it is your fault, not the fault of everyone who steps into range.

Now, were someone to use the gathered data maliciously (posting it in public, for example), you might have a point. But to my knowledge, none of the gathered data here has ever been made public.

Re:So much for "Don't be evil"

[Lazareth]

Taking snapshots of a naked person in a bathroom with a window only viewable using specialist tools and from an unexpected location would equate you purposefully cracking the encryption of a secured broadcast. That's a whole different matter. This is basically somebody walking down the street when they see a couple fucking on their front lawn, no fence.

Re:So much for "Don't be evil"

[Lazareth]

First of all, this debacle wouldn't have occured if Google hadn't said it happened in the first place. Secondly, there was no "checking their email" - it was raw a dump of packets. Secondly, the landline is "encrypted" insofar you have to deliberately break open or otherwise rewire the wirebox, which is a crime. Lastly, cell phone conversations are in fact encrypted (although not very securely in my PERSONAL opinion) and if you wanted to listen in, you would have to crack the protocol being used, which would be a crime.

Wireless communication comes with basically plug and play security measures nowadays. Everybody are able to connect to or listen to the broadcasting device using the exact same equipment with nothing else needed if it is unencrypted.

Re:So much for "Don't be evil"

[Lazareth]

Said secondly twice, second time should obviously be "thirdly".

Re:So much for "Don't be evil"

[commodore6502]

>>>And if someone is naked in their bedroom, and I happen to climb on the roof opposite with a camera and a telescopic lens and take photos of them to post online then it doesn't make me an evil person!
>>>

But that's not what happened.

Broadcasting wireless unencrypted internet (my original example) is the same as putting-up a big screen TV that shows your bedroom 24/7. If someone takes a photo of said TV while you stride past naked, they are not evil. YOU the homeowner are the one at fault.

Re:So much for "Don't be evil"

First of all, this debacle wouldn't have occured if Google hadn't said it happened in the first place.

So, confessions of guilt absolve the guilty?

Interesting legal theory you have there...

Secondly, there was no "checking their email" - it was raw a dump of packets.

Huh?

"We didn't eavesdrop on your converstation, we just copied all words."

Secondly, the landline is "encrypted" insofar you have to deliberately break open or otherwise rewire the wirebox, which is a crime.

And that's different how from deliberately driving around with a system sucking up and recording every WiFi packet?

They're both deliberate acts.

Lastly, cell phone conversations are in fact encrypted (although not very securely in my PERSONAL opinion) and if you wanted to listen in, you would have to crack the protocol being used, which would be a crime.

Wireless communication comes with basically plug and play security measures nowadays. Everybody are able to connect to or listen to the broadcasting device using the exact same equipment with nothing else needed if it is unencrypted.

What Google did is like going around testing every door on everyone's house and if it wasn't locked they opened the door and took pictures of the inside of the house.

Quit trying to excuse it.

Re:So much for "Don't be evil"

[TheRaven64]

You're not even trying to come up with original names for your sockpuppets anymore, are you commodore64_love? Why don't you just realise that your karma sucks because you keep trolling, and stop trolling? Or, at the very least, put a bit of effort into it...

Re:So much for "Don't be evil"

[commodore6502]

>>>And if someone is naked in their bedroom, and I happen to climb on the roof opposite with a camera and a telescopic lens and take photos of them to post online then it doesn't make me an evil person!
>>>

But that's not what happened.

Broadcasting wireless unencrypted internet (my original example) is the same as putting-up a big screen TV that shows your bedroom 24/7. If someone takes a photo of said TV while you stride past naked, they are not evil. YOU the homeowner are the one at fault.
.

Secure it and leave it on.

[DarthJohn]

'turn off your wireless network when you know you won't use it'

How about secure your wireless network and nobody except those you specifically allow will be able to use it?

Re:Secure it and leave it on.

[Amorymeltzer]

turn off your wireless network when you know you won't use it

That's like suggesting you not to take your cell-phone with you if you don't think you'll need it. Hell, it's like suggesting unplugging your land-line (haha, land-line) if you aren't expecting a call since a telemarketer might ring.

The whole point of these services is that they are available. I should be able to read a book and get an email even if I'm not intending on reading one, and I should be able to get a phone call even if I'm reading email and not trying to call anyone. I should be able to get push notifications about my iOS scrabble games when I'm gabbing away on my non-smart phone.

Re:Secure it and leave it on.

I was walking on the sidewalk by his house, and he shouted out the window that he just farted. I took out a notepad and wrote down that the guy just farted. Then he sued me for invasion of privacy.
---> Guy gets laughed out of court.

Same but then something difficult involving "computers and stuff"
---> Guy can make it stick ??!!??

Re:Secure it and leave it on.

'turn off your wireless network when you know you won't use it'

How about secure your wireless network and nobody except those you specifically allow will be able to use it?

I think this means if you are using a wireless router but are only using wired connections, then you should disable the wireless radio.

Re:Secure it and leave it on.

[Lord+Byron+II]

Amen. This whole Street View debacle has been just absolutely ridiculous. Especially in a world of push-button WPS protection, it is just plain silly not to have encryption on your network.

Most people get their wifi from the router that comes with their high-speed Internet and most of those come with encryption enabled. How many people still are using unencrypted wifi anyway?

Re:Secure it and leave it on.

[robot256]

How many people still are using unencrypted wifi anyway?

Mostly people who don't know enough to properly put the password into their laptops but can somehow figure out how to turn the default encryption off. And then there are the ones stupid enough to think the hassle of giving the password to their friends when they come over is more important than the risk of getting hacked. *sigh*

Re:Secure it and leave it on.

Yeah, it's ridiculous, isn't it?

I mean, just yesterday I walked into this guy's house, opened his drawers and looked through his files, and he had the gall to yell at me. He hadn't even locked his door, much less his drawers!

And then there was another guy who complained to me when I opened his letters and read them. Why, they weren't even sealed! And the content was not encrypted, either.

Ridiculous... right?

Re:Secure it and leave it on.

fail

In your first scenario, you're still trespassing. The information you are acquiring you could not have acquired from a public area.

In the second scenario you're breaking some other law regarding mail, and the same public vs private bit applies.

GP also fails, however, as in court his "he farted" would be his word vs the guy's at best - while streetview is for all (billions) of people to see at any time they want.. those same billions of people could not, not even theoretically, have been there at that very moment and absorbed this information themselves. Those who argue there's no difference have lost all sense of reality and really -should- have their every move tracked and recorded on camera for all the world to see.

Re:Secure it and leave it on.

[zeroshade]

GP also fails, however, as in court his "he farted" would be his word vs the guy's at best - while streetview is for all (billions) of people to see at any time they want

First of all, this is about Google picking up wifi payloads of networks as they passed by. They did not make this data publicly available. Secondly, If we revisit the "he farted" example, if instead of just writing it down, I had also gone online and posted publicly "Today, when I was walking down such and such street, when I passed house number #, I heard the man inside shout 'I farted!'." And then the man sued me for "invasion of privacy" he'd still get laughed out of court.

Re:Secure it and leave it on.

[suomynonAyletamitlU]

I was walking on the sidewalk by his house, and he shouted out the window that he just farted. I took out a notepad and wrote down that the guy just farted. Then he sued me for invasion of privacy.
---> Guy gets laughed out of court.

I know this "shouting" example gets thrown around a lot with question, but it's much more that he had private data (passwords, email, etc) on a big screen TV, which you can see clearly from the street. He could have done any number of things to secure it (turn the TV, close the blinds), and realistically he has no expectation of privacy, but in the end, it's a setup that he fails to understand the consequences of, rather than an action he takes over and over (vis a vis shouting).

Also, if you're routinely writing down things people yell out their window (or especially one person's house), that's exceptionally creepy behavior. I have no idea if it's illegal or not, but jeeeeeez.

Re:Secure it and leave it on.

[icebike]

Mostly people who don't know enough to properly put the password into their laptops but can somehow figure out how to turn the default encryption off. A

No, the union of those two sets defines the null set. No one smart enough to connect to their router and turn off encryption is also too dumb to enter a password in windows or mac. I simply don't believe these people exist.

If routers were not shipped with encryption OFF by default this would never happen.
If Geeks trying to solve problems for friends and relatives didn't resort to turning off encryption as their first diagnostic step this would never happen.
If routers would only work for an hour with encryption off this would never happen.
If routers came with a bright label (removable) on the bottom with a randomly assigned password this problem wouldn't happen.

This tendency to run with no encryption is due almost solely to the fact most routers are shipped that way.

Re:Secure it and leave it on.

[sortius_nod]

Routers do come with a brightly coloured label on the bottom with the WPA key from some ISPs in Australia. The problem is that once you start putting devices like gaming consoles on your wireless network, well, people fiddle around with it because they don't want to have to enter the key with the difficult to type with device.

Re:Secure it and leave it on.

[Ash+Vince]

<quote>turn off your wireless network when you know you won't use it</quote>

That's like suggesting you not to take your cell-phone with you if you don't think you'll need it. Hell, it's like suggesting unplugging your land-line (haha, land-line) if you aren't expecting a call since a telemarketer might ring.

Actually its nothing like that. The difference is that many people can use the router they bought without ever turning the wifi on. Many people only have a desktop computer and a crappy old phone that does not have wifi built in. I know this might come as an anathema to many slashdot geeks but we are probably also the type who make sure our wifi is secure anyway. There are some people however, who get given one of these things when they sign up for broadband and then just plug there desktop computer into it.

Until I bought and android phone recently I never bothered to turn the wifi on my router on as I only had a laptop that could use it, and I preferred to keep that docked when I was at home as the speed of the wifi annoyed me when copying files between that and my main PC. I also never use wifi for connecting to my bank website. This might sound ridiculous but most laptops don't last very long on batteries anyway so it makes sense to plug them in whenever you can, in which case wifi is not really necessary.

The fact is that encouraging people to turn the wifi on their routers off is a damn good idea since it causes people to question why they are using it anyway, especially now that even WPA can be cracked so easily: http://www.theregister.co.uk/2011/01/11/amazon_cloud_wifi_cracking/

Wifi might be more convenient, but that convenience comes at a cost.

Re:Secure it and leave it on.

[icebike]

Do once. Done.

Re:Secure it and leave it on.

[williamhb]

I was walking on the sidewalk by his house, and he shouted out the window that he just farted. I took out a notepad and wrote down that the guy just farted. Then he sued me for invasion of privacy.
---> Guy gets laughed out of court.

Same but then something difficult involving "computers and stuff"
---> Guy can make it stick ??!!??

Organise a paid group of people to walk down the streets of every major city, with explicit instructions (equivalent of computer code) to listen for and write down every private conversation they can overhear, and yes you probably will be sued and no it wouldn't be laughed out of court. And if you are arrested by the police and refuse to hand over the notebooks as evidence for the court, saying a big "up yours, cop, my name's Google and everybody knows I can't do anything wrong no matter what your pissy little laws and courts say" things would not go well for you.

But then this is Slashdot where Google is the equivalent of just one guy who didn't know what he was doing...

Re:Secure it and leave it on.

[uninformedLuddite]

How many people still are using unencrypted wifi anyway?

I have unencrypted WiFi connecting my main box to a couple of laptops we have floating around the place. I can not foresee that this is a risk to us and/or our data.

Re:Secure it and leave it on.

[uninformedLuddite]

Mostly people who don't know enough to properly put the password into their laptops but can somehow figure out how to turn the default encryption off. A

No, the union of those two sets defines the null set. No one smart enough to connect to their router and turn off encryption is also too dumb to enter a password in windows or mac. I simply don't believe these people exist.

I agree totally. I do run unencrypted WiFi at home purposefully though.

Re:Secure it and leave it on.

[Khyber]

Yea, right, that's what YOU think.

Try it with most any Belkin device.

Fuck, I have to change shit WEEKLY because Belkin just sucks that fucking much.

I don't even touch the PS3 now because the Belkin and almost every other router out there today are total pieces of shit.

Gigabit switch, bitch. Fuck your shit wireless.

Re:Secure it and leave it on.

[Khyber]

"Also, if you're routinely writing down things people yell out their window (or especially one person's house), that's exceptionally creepy behavior. I have no idea if it's illegal or not, but jeeeeeez."

Are you that ignorant to not know what gossip consists of?

Ouch, back to school for you. Preferably middle school, where this type of behavior typically begins.

Re:Secure it and leave it on.

[commodore6502]

If someone is shouting-out, "I'm going to check my email..... next I'm surfing over to pay my bank bills..... and now I'm visiting playboy.com," such that everyone within a radius of 1 block can hear it

That doesn't make the listener an "evil" person. The person doing the shouting is at fault, and he should encrypt his wireless so the broadcast is not understandable by passers-by.

Really ... the didn't recommend encryption?

[Jahava]

A separate Jepsen press release suggested some of the blame for the privacy offenses laid with Google's victims, who were advised to 'turn off your wireless network when you know you won't use it' to thwart those who 'may be watching your Internet activity without your knowledge.

So from the actual link:

The consortium recommends:

1. Use anti-virus and anti-spyware and a firewall.
2. Turn off identifier broadcasting.
3. Change the identifier on your router from the default.
4. Change your router’s pre-set password for administration.
5. Turn off your wireless network when you know you won’t use it.
6. Don’t assume that public “hot spots” are secure.
7. Be careful about the information you access or send from a public wireless network.

Are you fucking kidding me? After all of this, the court case, the hearing, a formal consortium omits the single most important and critical suggestion... turn on WPA encryption and use a VPN or (at least) HTTPS if you're using a hotspot. You know ... the only things that will actually protect your data, rather than obfuscate it?

I mean, to their credit, the list isn't inherently bad. Hide or disable your identifier, don't use public hot-spots, be careful, etc. However, it leaves the user with a false sense of security. If a user followed every suggestion in that list, Google could just as easily sniff every byte of traffic. Talk about inept and ineffective.

Re:Really ... the didn't recommend encryption?

[leenks]

Actually that is the summary the Jepsen press release contained rather than the actual guidelines. Regardless, it is pretty appalling since it is likely most people will not bother to follow the link to the real guidelines.

The actual consortium guidelines (http://www.onguardonline.gov/topics/wireless-security.aspx, linked from the PDF in the article) has the following list:

Use encryption to scramble communications over the network. If you have a choice, WiFi Protected Access (especially WPA2) is stronger than Wired Equivalent Privacy (WEP).

Use anti-virus and anti-spyware software, and a firewall.

Most wireless routers have a mechanism called identifier broadcasting. Turn it off so your computer won't send a signal to any device in the vicinity announcing its presence.

Change the identifier on your router from the default so a hacker can't use the manufacturer's default identifier to try to access your network.

Change your router's pre-set password for administration to something only you know. The longer the password, the tougher it is to crack.

Allow only specific computers to access your wireless network.

Turn off your wireless network when you know you won't use it.

Don't assume that public "hot spots" are secure. You may want to assume that other people can access any information you see or send over a public wireless network.

Re:Really ... the didn't recommend encryption?

[sconeu]

What confused me:

'turn off your wireless network when you know you won't use it' to thwart those who 'may be watching your Internet activity without your knowledge."

But if you're not using it, how is there any of your Internet activity for someone to watch?

Re:Really ... the didn't recommend encryption?

[Kaboom13]

"Most wireless routers have a mechanism called identifier broadcasting. Turn it off so your computer won't send a signal to any device in the vicinity announcing its presence."

I see this all the time and it's just retarded advice. If you turn SSID broadcast off, it still gets sent with every packet, it just doesn't respond to requests to announce it. It makes it slightly harder for someone who knows nothing to find it, but they arne't a threat anyways. Use an unique SSID, set your WPA2 key to something reasonably long and complicated, and don't worry about it. SSID, MAC filtering , turning it off, etc. are all bullshit. Any attacker sophisticated enough and determined enough (ie willing to dedicate massive resources) to break WPA2 is not even going to be slowed down. You trade a lot of inconvenience for the tiniest increase in security.

Security like this is worse then security through obscurity, it's security through reliance on incompetence. But to even get to those layers of security, you must first have demonstrated you are not incompetent. So they are worthless, and insisting on them just leads to more people saying fuck it and not having any encryption at all.

Re:Really ... the didn't recommend encryption?

[zippthorne]

You realize that when you turn off the identifier, that doesn't prevent the router from broadcasting its existence, it just has an empty string where the the SSID would be...

Re:Really ... the didn't recommend encryption?

"3. Change the identifier on your router from the default."

Google is already using the identifiers to do geolocating on mobile devices without GPS. More unique identifiers will help them a lot :-)

Re:Really ... the didn't recommend encryption?

[Illogical+Spock]

And they forgot MAC filtering too. I believe this is the best security measure you can use, obviously on top of all the others, since this one can't be guessed (it can be spoofed, but the spoofer would need to know your MAC first).

Re:Really ... the didn't recommend encryption?

[kurls]

As pointed out, this is in the consortium's advice. And, to be fair, the paragraph above does basically state you should use encryption, which is presumably why they left it out of the list: "Manufacturers often deliver wireless routers with the encryption feature turned off, Jepsen said. Consumers should consult the instructions for their wireless router or obtain additional information from the manufacturer’s website to enhance the security of their home networks."

Re:Really ... the didn't recommend encryption?

Every packet sent contains two MAC addresses. One is the routers address, and will be the same in all the packets. The other is the one you want to spoof.

If your network guy recommends MAC filtering (or turning SSID broadcasting off), fire him. Because changing the setting takes longer than bypassing it.

Why spread the data around?

[Alpha232]

Ok, Google has it...

They said they will destroy it, either they do or they don't, it doesn't matter because they will do what they choose. But why go handing a copy over to every state who asks for it?

Really, if you're concerned about privacy, you want this information in the LEAST number of hands possible.

Re:Why spread the data around?

[ikkonoishi]

Really there could have been an easy compromise. The AG gets to send someone in to review the data, and confirm it is what google claimed it to be. This person would not be allowed to copy the data. This way the AG gets confirmation that the acquisition was accidental, and the data isn't copied.

Re:Why spread the data around?

Because if google hands it over to the Blumenthal, then google won't have it any more, and Blumenthal can ensure it is destroyed.

Duh.

Re:Why spread the data around?

[Qlither]

The level of data gathered is not all that great either. Sure not something you want to hand out, but ANY ONE could get all the data by war driving. Google owned up to it as well, which blows my mind at how people have practically burnt Google like that are the ultimate evil. In the end Google should have gotten an easier time for owning up to it, and offering to securely destroying all the data, better still they refused to hand it over to anyone, Thank you Google.

Google is still one of the few companies i would consider to be reasonably trustful. I would also like to see anyone else own up to something like this, after how badly Google has had it.

Re:Why spread the data around?

[Metrathon]

If the purpose of the Google data collection effort is to build a database of the physical location of routers as identified by hardware addresses, then it is hard to see why they would be collecting any payload data at all. Having an independent look at what they did collect might shed some light on what they were trying to achieve by doing so.

Re:Why spread the data around?

[nedlohs]

They already gave a pretty simple reason for why they did so. And given that explanation matches the data they gathered - *everything* -- what light are you expecting?

Re:Why spread the data around?

[coaxial]

This is absurd. Google is unaccountable. The state of Connecticut is, and deals with private information all the time with no problems whatsoever.
Google didn't turn it over because it was embarrassing to them and their increasingly trite "Don't Be Evil" slogan.

This is your logic:
Police: "We're here to investigate the allegation that you stole stuff."
Google: "Well, we might have, but probably not."
Police: "Well what do you have?"
Google: "We can't tell you. It's a secret."
Police: "Um... well... We're just the government, and you're a big corporation, so I guess you win. Can you give it to the people you stole it from?"
Google: "Oh no way! We stole too much stuff! While it is true, we could figure out where it all came from, because we have exact addresses in our databases. We just don't want to do it."
Police: "Oh well, carry on."

Re:Why spread the data around?

[icebike]

Exactly.

Turning someone's accidentally sniffed passwords over to State Government buffoons is the height of stupidity. This simply compounds the problem. It effectively places it all in the public domain, since is is not medical, tax, or banking information, which is all most states are allowed to protect.

I'm glad Google stood its ground. I'm incensed government asked for that data.

Re:Why spread the data around?

[icebike]

Sure that might happen. When pigs fly.
Blumenthal would be prohibited from destroying it by law. Its evidence once its in his hands.

And when the next level of government demands it? Will Blumenthal say No?

Re:Why spread the data around?

[icebike]

This has been asked and answered a thousand times on the net.

Why weigh in with this now, when doing so reveals you are willfully ignorant of the situation?

A simple programming error recorded all packets instead of just beacon packets. Period. End of Story.
Google noticed it, reported it, and made no use of it. The actual content has been validated by
other agencies, but not by being given wholesale access to it.

The cars drive by at about 25mph, or highway speeds in rural areas. The amount you can get
when you are within range of any given router at that speed amounts to mere seconds.

The chance of someone getting any usable data other than beacon data is totally eliminated by running proper encryption.

Re:Why spread the data around?

[icebike]

Connecticut is a political agency, and has no law allowing them to keep this information secret.
Tax, medical, and financial data is all that most states have statutory authority to keep secret.

Has Connecticut ever revealed publicly the nature or existence of data that came into their possession by accident? NO.
Has Google? Yes.

Who's more accountable?

What part about being dragged thru court in every country on earth AFTER PUBLICLY FESSING UP do you consider unaccountable?

Re:Why spread the data around?

[williamhb]

Ok, Google has it...

They said they will destroy it, either they do or they don't, it doesn't matter because they will do what they choose. But why go handing a copy over to every state who asks for it?

Because it is evidence of an (alleged) crime. In the next episode of CSI ... "No, no, destroy that DNA right now -- I don't care if the killer will get away with it, we musn't invade anybody's privacy!"

Re:Why spread the data around?

[Khyber]

"What part about being dragged thru court in every country on earth AFTER PUBLICLY FESSING UP do you consider unaccountable?"

The fact the entire fucking company isn't shut down for violating the privacy of practically every citizen on the planet.

The company should be 100% dismantled, its assets liquidated and the money given to everyone else.

Anything LESS is a full LACK of accountability.

Re:Why spread the data around?

If it is entered as evidence, won't that make it more likely that someone takes advantage of the legal system and spreads it around further?

Re:Why spread the data around?

[williamhb]

If it is entered as evidence, won't that make it more likely that someone takes advantage of the legal system and spreads it around further?

So what if it does. The primary function of a prosecution is to charge and convict an (alleged) perpetrator, not to agonize about whether the evidence will be stolen. Court cases can be held "in camera" to prevent information spread, but the legal system's duty to uphold the law is not negated by the chance of someone (illegally) stealing the evidence if it is handed in.

I had mixed emotions until...

[ancientt]

Government should be protecting privacy. It seemed reasonable for a state to want to know exactly how the privacy of its citizens was infringed on. I could see the other side, that knowing what was in the records wouldn't improve anyone's privacy and could actually harm them if their state government representatives turned out not to have the most pristine of ethics.

That "turn off your wireless network when you know you won't use it" comment sent me clear over to Google's side. The last thing I want is someone who believes that's the appropriate response to be poking through people's personals.

Re:I had mixed emotions until...

If you want privacy then build a Faraday cage. Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever. If I can see what you're doing from outside of your property, you're not handling your privacy correctly. It's your fault. Stop trying to legislate solutions for a problem that only you can fix.

Re:I had mixed emotions until...

[ArthurDA]

Mod parent up... Even for an AC.

Re:I had mixed emotions until...

[ancientt]

There seems to be a misunderstanding. Since I'm not affected by this particular issue directly, I humbly submit that this was neither my fault, nor can I fix it. The broader issue however affects all of us, it is an issue of what should be private, what shouldn't have an expectation of privacy and what role the government should take in protecting privacy.

I can agree that it is my own responsibility to protect my own privacy, but I have trouble with the idea "Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever." In particular, I have an expectation of privacy because my wi-fi is encrypted and I don't share the key. That security isn't good enough to prohibit someone with sufficient resources from decrypting it (WPA-TKIP) but it is a pretty high bar.

If Google did what I'd have expected them to, they just captured all the data that they could without bothering to filter it initially, then ran the analysis software later. At that point they probably realized they had captured personal emails, passwords, and potentially illegal or embarrassing traffic. In a just world, someone from the state would be shown the type of information gathered so that they could confirm that Google wasn't actively decrypting WEP, then Google would be instructed to document the erasing of the data.

In our world, I fear that a politician might see it as an opportunity to use the data to go after all those nefarious cyber-terrorists who download things with bittorrent and hang on to all the embarrassing or illegal bits that might be leveraged against their political rivals. When you're dealing with politicians who don't suggest encrypting your wireless connection, you're dealing with someone who isn't competent to understand the issue or someone who really doesn't want you to secure your data at all. Either way, I trust Google slightly more to do the ethical thing.

With my wi-fi using WPA-TKIP, I don't think it should be okay to decrypt my traffic even if you have the resources. I think it should probably be illegal, though I'm not clear on how that can be justly codified into law. Can you read your neighbor's monitor using sophisticated equipment? If you can, does that make it okay? I read an article about Van Eck phreaking some time back. It made me realize that taking every reasonable precaution that I could to protect my privacy isn't enough, there needs to be a legal protection at some level.

Re:I had mixed emotions until...

[Metrathon]

Applying this to windows (the transparent kind) I conclude I should paint them in order to have any expectation of privacy.

Re:I had mixed emotions until...

Anything travelled over WiFi is no longer private, it simply maynot have been picked up by a neighbor.

Imagine if the homeowner had taken each of their bills, pasted them to a sheet of posterboard, and put it on the edge of their property line, facing out, and then being "shocked, SHOCKED I say!" to learn that their neighbors (or anyone that passed by) could read their bills...

How did Google "violate" the privacy of users that not only took no efforts to protect their information but instead actually went out of their way to broadcast their private information is really a misnomer.

Re:I had mixed emotions until...

[colinrichardday]

Or you could use some esoteric technology, such as blinds or drapes.

Re:I had mixed emotions until...

[coaxial]

That "turn off your wireless network when you know you won't use it" comment sent me clear over to Google's side. The last thing I want is someone who believes that's the appropriate response to be poking through people's personals.

What makes you think that's not a Google recommendation? This is the same company who's CEO said that if you don't like what Google is doing, just change your name.

Re:I had mixed emotions until...

[williamhb]

If you want privacy then build a Faraday cage. Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever. If I can see what you're doing from outside of your property, you're not handling your privacy correctly. It's your fault. Stop trying to legislate solutions for a problem that only you can fix.

So those pesky Eastern European communists, who did the equivalent of Google's actions (paying people to listen in on your conversations throughout all the major cities, noting down everything they could overhear), those were fine hey? No need to legislate against things like that?

Re:I had mixed emotions until...

[Bazar]

"Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever."

What a load of shite.
I believe the US Supreme court decided in a 4-3 decision that there are expectations of privacy, and just because you can observe/listen in a public place doesn't give you a right to do so. (I can't find the case, i believe it was over cops using powerful heat cameras to find and raid weed growing operation houses).

And damned right!.
As it is there are technologies that allow a laser be pointed at a window and you can hear the audio with clarity on the other side.
There are cameras that have limited vision through solid walls. And even your own body leaves behind elements in public places that can be anazlised for private infomation. And that was from what i remember from nearly a decade ago.

Just wait for the portable back scatter machines to be developed, then people will be able to take nude snaps of you if you leave your house...

Privacy isn't a way of life, its a human and legal right. Its even in the Constitution of America, the 4th on the list.
http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution#Definition_of_.22search.22

Now although this might be a breach of privacy, the fault is on the "victims" because they were transmitting infomation, there was no attempt to keep it private, (the hardware goign out of its way to make it public) so i don't believe google are at fault.

Re:I had mixed emotions until...

[Khyber]

"If I can see what you're doing from outside of your property, you're not handling your privacy correctly. It's your fault."

Then you better keep your ass in the house, because I see what the fuck you're doing on your front yard. Don't bother mowing the grass, or I'll be spying on you.

What you suggest is bullshit and you're a fool for suggesting such.

Re:I had mixed emotions until...

[Khyber]

WTF slashdot? This was to go to AC, NOT williamhb.

Fix your shit, site designers/coders, or go back to school to learn how to create proper CSS.

Even my site has FAR FEWER errors than yours, and I admit I can't do CSS for shit.

Looks like you going corporate made you as dumb as your parent corporation.

Re:I had mixed emotions until...

[Khyber]

""Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever."

What a load of shite."

You're dead fucking wrong, sir. FCC regulations - learn them, live them, love them, or shut your mouth about that which you do not understand.

You LOSE, good day sir.

Re:I had mixed emotions until...

[ancientt]

I don't know, but would like to think that someone with authority to determine if they did, does know. I question what expectation of privacy an unencrypted connection user has. However, if someone is using WEP, even though it is not reliable security, do they have a reasonable expectation of privacy, and a right to it?

I'm not trying to provoke an argument, I'm actually curious if Google decrypted WEP traffic. I wouldn't trust my own security to WEP, but I believe it creates a reasonable expectation of privacy. If Google did decrypt WEP traffic, shouldn't they have to defend their actions? If they don't disclose the information they gathered to anyone of greater authority, how can we know that they didn't?

As noted in my original post, I don't trust the likely authorities, but that doesn't mean that I trust Google either. I'm mostly confident that they didn't decrypt WPA, but I believe they could, and that would sincerely bother me even if I'm not in the group whose data is being discussed for this incident.

For any new or non-geeks:
Unencrypted - allows anyone to connect to a wireless connection without a password and potentially allows anyone to see what is being transmitted and received over the connection.
WEP - Wired Equivalency Privacy is an old way of encrypting wireless traffic, but it can be pretty easily decrypted.
WPA - Wi-Fi Protected Access has the same goal, it encrypts traffic, but it is newer and much harder to break. It comes in different versions, some being much harder than others to decrypt.
Google - One of the few companies that could spare the resources to decrypt significant amounts of WPA traffic without sweating.

The press release says to turn encryption on

The whole press release is about turning encryption on, with one tiny bullet buried in the article saying to turn it off when not using it.

Could it be...

[kenh]

That Then-AG Blumenthal was pandering to the masses as part of his campaign for the US Senate?

No, that couldn't be it - kinda like he had a really, really good reason for going after legally earned bonus/balloon payments for AIG employees - despite the fact he couldn't cite any law that justified his attempts. None. When grilled on one talk show on the justification, he had nothing, sputtering about a responsibility to see the Gov't money was well-spent (despite the fact that the bonus/balloon payments were offered by the Gov't to key AIG employees to stay with the firm and see it through recovery, helping to keep stability in the market).

Blumenthal is a political hack, plain and simple.

It's interesting that only now, after a year+ of saber-rattling by politicians does it occur to anyone in Gov't to suggest people should make efforts to protect their home computers/Internet connections.

Re:Could it be...

How the hell didn't they think of encryption? These people know nothing!!!

I'm not exactly N+ and *I* know about encryption just from coming into contact with a router during installation.

Re:Could it be...

I appreciate that he at least attempts to find a way to stop the outrageous bonuses granted to people who ran a company so poorly that it needed a bail-out from the government.

He's done quite a bit for CT on the environmental front. It's not quite fair to call him a hack. I think I sense a saddened WWE fan ;)

Why is theodp's troll crap on slashdot at all?

Google listened to publicly broadcasted info and mined it for wireless network SSIDs. Some idiots were broadcasting passwords and other private info that got picked up. Google wasn't looking for that data, doesn't care about that data, and promised to destroy the data. It was barely a story to begin with, it's even less of a story now, and yet Slashdot keeps reposting flamebait from theodp about it almost every week. Why? No one cares except anti-google shills trying to create a controversy where there is none.

Re:Why is theodp's troll crap on slashdot at all?

[AHuxley]

Some idiots were broadcasting passwords and other private info that got picked up. Google wasn't looking for that data, doesn't care about that data, and promised to destroy the data.
Google fitted their cars world wide with wifi, signed off on the code that was used and kept the data collected.
Parts of the world do have laws protecting any network from any 3rd party keeping data and google understood local laws about wifi capture.
Recall http://googlepolicyeurope.blogspot.com/2010/04/data-collected-by-google-cars.html
"Is it, as the German DPA states, illegal to collect WiFi network information? We do not believe it is illegal--this is all publicly broadcast information which is accessible to anyone with a WiFi-enabled device. Companies like Skyhook have been collecting this data cross Europe for longer than Google, as well as organizations like the German Fraunhofer Institute."
A cute "If the president does it, it's not illegal" idea?
Google was collecting as much data location data as it could in one pass.
"barely a story to begin with" would have been a few cars in one city. As for "anti-google shills", if Google gets a free pass to suck up and keep any data it likes from any network it can find, data protection and privacy laws become very weak.

Re:Why is theodp's troll crap on slashdot at all?

[Qwavel]

It is getting a bit sickening, isn't it: seeing this same story repeated over and over again with minor variations for every district.

And every time we see this story it seems to get more confused and inaccurate.

Someone I know got outraged upon reading a recent version of this story. Since they were seeing yet another story they assumed this meant that Google had been caught again - that Google was refusing to stop doing it. I was barely able to convince them that all of these stories were from the original incident and that Google had stopped the program entirely long ago.

My understanding is that there are tons of nuisance, class action lawsuits against Google over this (on top of the legit privacy suits). The purpose of those suits is to create as much bad publicity as possible for Google in order to induce them to settle out of court, and let the lawyers take the majority of the settlement. Apparently this is a common scenario. Promoting the same story many times, like theodp is doing, is an important part of what these guys do, so it is quite possible that theodp is simply doing his job.

Re:Why is theodp's troll crap on slashdot at all?

if Google gets a free pass to suck up and keep any PUBLIC data it likes from any PUBLIC network it can find, PUBLIC data protection and privacy laws become very weak.

FTFY.

I totally agree that public data recording is in a weird state that is weakly protected by laws. Technology is allowing much more public data to recorded and made public than ever before, and especially back when most of the laws were passed. But until some law is passed that finds a good grey area between "can't record anything in public" and "can record EVERYTHING in public", Google is not doing anything immoral or wrong. Google DOES have a free pass to record public data, as does everyone else. Kudos to them for finding useful things to do with public data that improve all of our lives.

Connecticut AG's political party, please

Could it happen to coincide with the political party that Google supports with lots and lots of $$$$?

One wonders...

If this data is so private...

[John+Hasler]

...why would you want it handed over to the government?

Why is common sense so rare?

[hyades1]

When, for the love of pizza, is encryption going to catch on?

Can someone please explain to me how it is that

[hellop2]

When the government wants data from Google, Google can "steadfastly refuse". But when the government wants data from Average Joe, they just bust his door down with a SWAT team and confiscate everything.

Re:Can someone please explain to me how it is that

[drcln]

When the government wants data from Google, Google can "steadfastly refuse". But when the government wants data from Average Joe, they just bust his door down with a SWAT team and confiscate everything.

Google has lawyers. (Haven't you been paying attention?)

Just for those keeping score...

[ErikTheRed]

George Jepsen is a Democrat. (Disclaimer: I am not a Republican - I can't stand either major party).

Re:Just for those keeping score...

And so was Blumenthal. Your point?

why would they need to see the data anyway?

The data that Google admitted to collecting is exactly what i would expect to get from sniffing unsecured wireless connections.

The government bodies just see this as a way to get a few extra bucks by screaming about how peoples privacy has been violated. None of the people whos data was snatched will ever see a penny.

The blame lies squarely with the NAT box manufacturers and the users. I have not and still do not see what Google did that was wrong.

If you transmit an unsecured signal you have no right to bitch and moan about someone sniffing the data. It is your own fault if you insist on using technology that you do not understand.

blah

Objection!

Dear gods, no comment about encryption? Recommended that users "turn off your wireless network when you know you won't use it"... Give ya a hint, Google didn't do this to look for an open hotspot to check email or tweet. The issue is the data gathered from people who were actually using their connection at the time. If they grabbed the raw stream, any bets there are a few credit cards and banking passwords in there? Politicians need to go back to banging rocks together... leave the tech to us.

Why the worry about the data?

[Todd+Knarr]

I'm not sure what the obsession with the data is. I mean, it was already being broadcast in the clear to anyone listening. Everything from those homes has to be considered compromised regardless of what Google did or didn't receive. Just because Google doesn't have it doesn't mean a black hat wasn't listening in on it. Google having it confirms it's compromised, but you knew that already just from it having been broadcast in the clear. If this bothers you, why was your network wireless, broadcast-to-the-world, radio-based network running unencrypted in the first place?

It's kind of like the root passwords. When I find one of my admins who knew them just stormed into HR, delivered an angry tirade about how my company's scum and he's quitting effective immediately, then left the building, I don't have my people start checking to see if he's going to abuse his access now that he's left. I change all the root passwords ASAP to make sure he can't abuse his access, because by the time I know whether he will or not it's too late.

If you're running an unencrypted wireless network, it's because you don't care about whether anyone sees the data flowing across it or not. If you do care, you need to be running it encrypted. There are no other options. Caring about keeping a wireless network's data private and running that network unencrypted are simply mutually exclusive options, just like keeping some information private and posting it on a public bulletin board at the supermarket are mutually exclusive options.

Google Privacy Principles Guy Got $10MM Bonus

[theodp]

Alan Eustace, Senior VP of Google Engineering & Research, started off 2010 by touting Google's 'guiding Privacy Principles', but would later have to apologize for the company's Street View privacy breach, saying that the company was 'mortified' by the 'mistake'. Last week, Bloomberg reported that Google gave Eustance a $10 million equity award in 2010 for his efforts.

Hey Gaiz

So there're some of the brightest minds in America working for us, we're on your streets, and accidently the open wifi networkz.

Yeah right.

I hate to defend the AG but...

[kurls]

I think the summary has mis-characterized the note. #5 of several, fairly good, security suggestions was to "Turn off your wireless network when you know you won’t use it. " This hardly seems to be saying that the victims are to blame.

I personally keep my wifi on all the time (with other protections), but there's no question it would be a whole lot safer unplugged.

Why did Google share it with us and not the US?

[brunes69]

I don't understand how the privacy commissioner of Canada (who has actually no powers at all, all she can do is recommended things) got to see the logs, while the AGs of several states (who actually do have a lot of legal power) can not.