Connecticut AG Opts For Street View Settlement, Without Seeing the Data

theodp writes "Verifying Google's data snare is crucial to assessing a penalty and assuring no repeat,' said Connecticut Attorney General Richard Blumenthal last December in response to Google's 'accidental' collection of payload data from WiFi networks. 'We will fight to compel Google to come clean-granting my office access to improperly collected materials and protecting confidentiality, as the company has done in Canada and elsewhere.' That was then. Luckily for Google, there's a new AG in town, and Blumenthal successor George Jepsen said Friday that his office will enter into settlement negotiations with the company without reviewing the pilfered data, which Google has steadfastly refused to share with it. 'This is a good result for the people of Connecticut,' Jepsen said in a statement. A separate Jepsen press release suggested some of the blame for the privacy offenses laid with Google's victims, who were advised to 'turn off your wireless network when you know you won't use it' to thwart those who 'may be watching your Internet activity without your knowledge."

Secure it and leave it on.

[DarthJohn]

'turn off your wireless network when you know you won't use it'

How about secure your wireless network and nobody except those you specifically allow will be able to use it?

Re:Secure it and leave it on.

I was walking on the sidewalk by his house, and he shouted out the window that he just farted. I took out a notepad and wrote down that the guy just farted. Then he sued me for invasion of privacy.
---> Guy gets laughed out of court.

Same but then something difficult involving "computers and stuff"
---> Guy can make it stick ??!!??

Really ... the didn't recommend encryption?

[Jahava]

A separate Jepsen press release suggested some of the blame for the privacy offenses laid with Google's victims, who were advised to 'turn off your wireless network when you know you won't use it' to thwart those who 'may be watching your Internet activity without your knowledge.

So from the actual link:

The consortium recommends:

1. Use anti-virus and anti-spyware and a firewall.
2. Turn off identifier broadcasting.
3. Change the identifier on your router from the default.
4. Change your router’s pre-set password for administration.
5. Turn off your wireless network when you know you won’t use it.
6. Don’t assume that public “hot spots” are secure.
7. Be careful about the information you access or send from a public wireless network.

Are you fucking kidding me? After all of this, the court case, the hearing, a formal consortium omits the single most important and critical suggestion... turn on WPA encryption and use a VPN or (at least) HTTPS if you're using a hotspot. You know ... the only things that will actually protect your data, rather than obfuscate it?

I mean, to their credit, the list isn't inherently bad. Hide or disable your identifier, don't use public hot-spots, be careful, etc. However, it leaves the user with a false sense of security. If a user followed every suggestion in that list, Google could just as easily sniff every byte of traffic. Talk about inept and ineffective.

Re:Really ... the didn't recommend encryption?

[leenks]

Actually that is the summary the Jepsen press release contained rather than the actual guidelines. Regardless, it is pretty appalling since it is likely most people will not bother to follow the link to the real guidelines.

The actual consortium guidelines (http://www.onguardonline.gov/topics/wireless-security.aspx, linked from the PDF in the article) has the following list:

Use encryption to scramble communications over the network. If you have a choice, WiFi Protected Access (especially WPA2) is stronger than Wired Equivalent Privacy (WEP).

Use anti-virus and anti-spyware software, and a firewall.

Most wireless routers have a mechanism called identifier broadcasting. Turn it off so your computer won't send a signal to any device in the vicinity announcing its presence.

Change the identifier on your router from the default so a hacker can't use the manufacturer's default identifier to try to access your network.

Change your router's pre-set password for administration to something only you know. The longer the password, the tougher it is to crack.

Allow only specific computers to access your wireless network.

Turn off your wireless network when you know you won't use it.

Don't assume that public "hot spots" are secure. You may want to assume that other people can access any information you see or send over a public wireless network.

Re:Really ... the didn't recommend encryption?

[sconeu]

What confused me:

'turn off your wireless network when you know you won't use it' to thwart those who 'may be watching your Internet activity without your knowledge."

But if you're not using it, how is there any of your Internet activity for someone to watch?

Why spread the data around?

[Alpha232]

Ok, Google has it...

They said they will destroy it, either they do or they don't, it doesn't matter because they will do what they choose. But why go handing a copy over to every state who asks for it?

Really, if you're concerned about privacy, you want this information in the LEAST number of hands possible.

Re:Why spread the data around?

[ikkonoishi]

Really there could have been an easy compromise. The AG gets to send someone in to review the data, and confirm it is what google claimed it to be. This person would not be allowed to copy the data. This way the AG gets confirmation that the acquisition was accidental, and the data isn't copied.

Re:Why spread the data around?

[icebike]

Exactly.

Turning someone's accidentally sniffed passwords over to State Government buffoons is the height of stupidity. This simply compounds the problem. It effectively places it all in the public domain, since is is not medical, tax, or banking information, which is all most states are allowed to protect.

I'm glad Google stood its ground. I'm incensed government asked for that data.

I had mixed emotions until...

[ancientt]

Government should be protecting privacy. It seemed reasonable for a state to want to know exactly how the privacy of its citizens was infringed on. I could see the other side, that knowing what was in the records wouldn't improve anyone's privacy and could actually harm them if their state government representatives turned out not to have the most pristine of ethics.

That "turn off your wireless network when you know you won't use it" comment sent me clear over to Google's side. The last thing I want is someone who believes that's the appropriate response to be poking through people's personals.

Re:I had mixed emotions until...

If you want privacy then build a Faraday cage. Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever. If I can see what you're doing from outside of your property, you're not handling your privacy correctly. It's your fault. Stop trying to legislate solutions for a problem that only you can fix.

Re:I had mixed emotions until...

[williamhb]

If you want privacy then build a Faraday cage. Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever. If I can see what you're doing from outside of your property, you're not handling your privacy correctly. It's your fault. Stop trying to legislate solutions for a problem that only you can fix.

So those pesky Eastern European communists, who did the equivalent of Google's actions (paying people to listen in on your conversations throughout all the major cities, noting down everything they could overhear), those were fine hey? No need to legislate against things like that?

Why is theodp's troll crap on slashdot at all?

Google listened to publicly broadcasted info and mined it for wireless network SSIDs. Some idiots were broadcasting passwords and other private info that got picked up. Google wasn't looking for that data, doesn't care about that data, and promised to destroy the data. It was barely a story to begin with, it's even less of a story now, and yet Slashdot keeps reposting flamebait from theodp about it almost every week. Why? No one cares except anti-google shills trying to create a controversy where there is none.

Re:Why is theodp's troll crap on slashdot at all?

[Qwavel]

It is getting a bit sickening, isn't it: seeing this same story repeated over and over again with minor variations for every district.

And every time we see this story it seems to get more confused and inaccurate.

Someone I know got outraged upon reading a recent version of this story. Since they were seeing yet another story they assumed this meant that Google had been caught again - that Google was refusing to stop doing it. I was barely able to convince them that all of these stories were from the original incident and that Google had stopped the program entirely long ago.

My understanding is that there are tons of nuisance, class action lawsuits against Google over this (on top of the legit privacy suits). The purpose of those suits is to create as much bad publicity as possible for Google in order to induce them to settle out of court, and let the lawyers take the majority of the settlement. Apparently this is a common scenario. Promoting the same story many times, like theodp is doing, is an important part of what these guys do, so it is quite possible that theodp is simply doing his job.

Why is common sense so rare?

[hyades1]

When, for the love of pizza, is encryption going to catch on?

Re:So much for "Don't be evil"

[laughingcoyote]

On the other hand, if someone is walking around outside naked, and you just happen to see them, you're not evil at all.

I'll be the first to condemn Google when they're in the wrong, believe me. But if you leave your wireless open, you are choosing that anyone within range of it can pick up any packets it's sending. Or you failed to learn even the basics of safely and securely operating a device that carries sensitive data. Either way, it is your fault, not the fault of everyone who steps into range.

Now, were someone to use the gathered data maliciously (posting it in public, for example), you might have a point. But to my knowledge, none of the gathered data here has ever been made public.

Just for those keeping score...

[ErikTheRed]

George Jepsen is a Democrat. (Disclaimer: I am not a Republican - I can't stand either major party).

Re:Can someone please explain to me how it is that

[drcln]

When the government wants data from Google, Google can "steadfastly refuse". But when the government wants data from Average Joe, they just bust his door down with a SWAT team and confiscate everything.

Google has lawyers. (Haven't you been paying attention?)