Slashdot Mirror
Google Agrees To Biennial Privacy Reviews
Blacklaw writes "Google has publicly apologised for the mistakes it made during the launch of its Twitter-like social networking tool Buzz, and claims that it's learned its lesson — and will be undergoing independent privacy reviews to keep it on the straight and narrow."
Good companies like Ubuntu and Microsoft would never do shit like this.
You do know funny mods don't get you karma right? Ubuntu's not a company and Microsoft is hardly a "good" one...
Okay, so the FTC is mad about them violating privacy. So what do they have to do? Agree to an "independent" privacy review? And how picks this organization? Google? Why doesn't the FTC put our tax dollars to work and investigate Google themselves?
Democracy Now! - your daily, uncensored, corporate-free
Google has totally been publicly whipped for Buzz and for collecting WiFi data....
And yet the Telecoms are collecting who-even-has-a-guess-how-much data on our data exchanges, tracking our position, hacking our phones to turn them into ease dropping devices, and whatever else. And we know AT&T, Verizon, Sprint, etc. are sharing this data freely without warrants with the government.
And our government keeps extending and extending and extending the extraordinary measures of the Patriot Act without providing any evidence that this is needed!
Big Content is pushing to reduce our privacy further, and insists upon technologies aimed at reducing file sharing, while enabling all sorts of fun Actors like Iran to use the same technologies to cut off their population from the rest of the Internet.
Now I am happy that Google is willing to take input on better privacy. And they NEED to be good about privacy, as more and more of our communications are open to them. But they are not alone. There are other companies that need to step up to the privacy needs of their customers.
Logging the data that was transmitted in the clear, mind you. If you can't be bothered to encrypt your traffic, you're practically shouting for trouble, and should take full responsibility.
Hyperbole: I use it liberally!
Steve? Steve Ballmer, is that you?
Hyperbole: I use it liberally!
> collecting WiFi data....
WiFi data that was broadcast in the clear, so by definition perfectly OK to receive.
I'm no google fan, I hate them, block their scripts, and refuse to use their services or let them collect data about me. But pretending they did something wrong when they didn't serves no purpose except to dilute the case when they really *have* done bad things.
Once more, with feeling: if you shout, don't be dismayed when someone hears. The very technical definition of 802.11 makes it permissible. If you want privacy, turn on encryption, which is provided on even the cheapest consumer access points.
No, just a developer, developer, developer.... [sound of crashing chair in background]
Can this really be anything else? I mean of all the telcos and other companies that we know violate our privacy in egregious ways, they have to pick on Google? Seriously? Is this the best they can come up with?
Google has totally been publicly whipped for Buzz and for collecting WiFi data....
As is richly deserved for flagrant and willful abuse of privacy. Now please explain to me why these same watchful agencies continue to look the other way and let Microsoft get away with murder in terms of continued market control of PC vendors and such destructive tactics as undermining the ISO standards process. How about fabricating evidence in court, what punishment was there for that?
At least Google is likely to learn and improve its behavior as a result of the punishment. Microsoft never would.
Have you got your LWN subscription yet?
By all means, let the FTC grow to accommodate the job of investigating Google biannually while private companies wither for lack of work, so that private working citizens can pay for it with their tax dollars because public corporations won't.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I could excuse some kid goofing around sniffing networks around but we're talking about a multinational corporation driving around sniffing whatever they can. Their staff should know better, their law department should know better and they should already have accountability procedures in place to prevent this kind of thing from happening. It's a lack of professional ethics of a level normally reserved for banks and government agencies. What's next, driving around recording all conversations within earshot because people can always talk in code if they want privacy ?
If all else fails, immortality can always be assured by spectacular error.
Anyone want to buy some slightly used tin foil underwear?
A feeling of having made the same mistake before: Deja Foobar
The informal Google motto is Don't be evil.
As is richly deserved for flagrant and willful abuse of privacy.
Having people you had already contacted via email being able to follow your Buzz is abuse of privacy? I don't see how. The entire situation was way way overblown.
WiFi data that was broadcast in the clear, so by definition perfectly OK to receive.
STFU shill.
Yes, how dare you remind people to use encryption? There are people who make a good living by capitalizing on poor security practices, you insensitive clod.
See, you posted anonymously, taking reasonable measures to ensure that your (very cerebral) comment can't be linked to you. This is -- in a very loose sense -- somewhat akin to encrypting your WiFi, something the victims of Google's data collection did not do.
If you don't want your brilliant comments hurting your karma (or be traceable to your account / real name / whatever), post anonymously; if you don't want your WiFi data being broadcast to all, encrypt it. Neither is a perfect solution, but both are easy first steps.
No, someone from "the outside" will audit Google to ensure that they are taking appropriate steps to protect your privacy.
This is not the same as seeing if your data is being leaked. It is a review of their processes.
To be clear, in the fine article, the Google director of privacy is quoted as saying:
"We’ll receive an independent review of our privacy procedures once every two years, and we’ll ask users to give us affirmative consent before we change how we share their personal information."
I don't know about you but a Biennial Privacy Review sounds like it hurts!
The difference here is that Google cares about its users... or at least maintains that it does. AT&T doesn't much give a damn and makes this pretty obvious. Of course these things probably have more to do with user apathy and fleeting internet buzz (can I still use that word?) than actual corporate attitudes.
See, you posted anonymously, taking reasonable measures to ensure that your (very cerebral) comment can't be linked to you. This is -- in a very loose sense -- somewhat akin to encrypting your WiFi, something the victims of Google's data collection did not do.
If you don't want your brilliant comments hurting your karma (or be traceable to your account / real name / whatever), post anonymously; if you don't want your WiFi data being broadcast to all, encrypt it. Neither is a perfect solution, but both are easy first steps.
But judge, clearly this woman wanted me to sniff her panties or she would've closed her bedroom window.
If all else fails, immortality can always be assured by spectacular error.
When I was getting my ham license, the instructor related an anecdote of a married man arranging a tryst with someone other than his wife. He did this on a ham radio, using the local community's repeater to patch into the phone system (mobile calling has been around long before cell phones) -- and of course, everyone used that frequency. Needless to say, his wife, uh, found out.
Point is, if you're broadcasting sensitive information over the air, you need to encrypt it if you expect any privacy at all, period (unless it's remarkably short-range). This was true in WWII, it was true in the 80's, and it's true today. I'm not saying I agree with what Google did, but someone with a laptop, GPS and kismet could do exactly the same thing, just on a smaller scale.
How many companies show you pages like this or this? Facebook is even worse by not letting you control what information they give out to their "partners".
Sounds reasonable to me. I didn't read the article, but the summary doesn't say that they were forced to do this. If it is voluntary, it is far more than I would expect from other companies.
If you can smell the panties in her room from out on the street, she has no place to complain that you did. You on the other hand have a right to complain.
Less disgustingly, if she throws them at you while you are playing a show, you also in the clear to sniff them.
Conversely, if she puts even the slightest effort into keeping you from smelling them, you do not.
Hehe.... According to the Googe rep's statement in the article, it's part of Google's agreement with the FTC, "to address their privacy concerns." In any case, I agree, it does sound reasonable, even if it's not entirely voluntary.
More companies would benefit from having that kind of audit pressure.
When I was getting my ham license, the instructor related an anecdote of a married man arranging a tryst with someone other than his wife. He did this on a ham radio, using the local community's repeater to patch into the phone system (mobile calling has been around long before cell phones) -- and of course, everyone used that frequency. Needless to say, his wife, uh, found out.
Point is, if you're broadcasting sensitive information over the air, you need to encrypt it if you expect any privacy at all, period (unless it's remarkably short-range). This was true in WWII, it was true in the 80's, and it's true today. I'm not saying I agree with what Google did, but someone with a laptop, GPS and kismet could do exactly the same thing, just on a smaller scale.
But it IS remarkably short range, 802.11n is like 50m indoors maybe ? It's more akin to listening at the keyhole than tuning into a broadcast as in your example. I'm all for encryption, the more the better, but that doesn't change the fact that there has to be a reasonable expectation of privacy even when encryption fails or more likely the setup is insecure out of the box and the technical know-how isn't there to improve things. Like I said elsewhere in the comments I could give a pass to a kid having fun, closer to a classic "nosy neighbor" situation, but this is a multi national corporation scanning people for data to use for its own gain. It's going too far.
If all else fails, immortality can always be assured by spectacular error.
Their staff should know better, their law department should know better and they should already have accountability procedures in place to prevent this kind of thing from happening.
You actually want the soul-crushing bureaucracy that everyone hates about large organizations? Where every time you want to write three lines of code you have to get it cleared with the full board of directors and six battalions of lawyers?
Give me a break. If we want privacy then we need systems that protect privacy inherently, not witch hunts against whoever manages to remind us how poorly designed existing systems are.
From INSIDE my house, my laptop sees at least 5 different wireless networks from the surrounding houses. If I were in a dense neighborhood or an apartment complex, I'd see far more networks than that. So, no, 50 meters indoors is not "remarkably short range"; it is remarkably long range for a "private" network. This is not an accident; the range is long intentionally.
The blame for the Google fiasco is misdirected at Google. Yes, Google should not have collected the data, as a matter of privacy ethics. However, the real guilty parties are the wireless device vendors and the ISPs who provide to their customers wireless access devices that are insecure by default.
Why should they know better? They did nothing illegal. Some bureaucrats thought they could get brownie points by bullying Google. Google didn't have anything to win by fighting, so they rolled over. None of this means there was any wrongdoing on Google's part. At worst, they were impolite.
Give me Classic Slashdot or give me death!
Google has totally been publicly whipped for Buzz and for collecting WiFi data....
And does anybody think those two decisions were more than 2 years in the planning?
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
It's not necessarily legal to listen to (and archive) radio transmissions which aren't intended for you, even if they are sent unencrypted. There's a big difference between a television station and a private wireless computer network or cordless phone.
Why should they know better? They did nothing illegal. Some bureaucrats thought they could get brownie points by bullying Google. Google didn't have anything to win by fighting, so they rolled over. None of this means there was any wrongdoing on Google's part. At worst, they were impolite.
Wow. I see Google has moved on from copying iOS and is now perfecting its reality distortion field. (Jeez, that one is going to burn some karma.) The poor, poor billionaires at Google are being bullied by the big bad government for being impolite ? Grabbing someones email and passwords, which they owned up to doing ("It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.") goes a little beyond impolite, it is most definitely against EU privacy laws. I've no doubt there was extensive transatlantic diplomacy that led to this slap on the wrist from a US agency rather than legal action in the EU. Besides even if it weren't illegal you'd expect a company with a motto like "do no evil" to have a stronger moral compass than that of pimply faced script kiddie.
If all else fails, immortality can always be assured by spectacular error.
You actually want the soul-crushing bureaucracy that everyone hates about large organizations? Where every time you want to write three lines of code you have to get it cleared with the full board of directors and six battalions of lawyers?
Give me a break. If we want privacy then we need systems that protect privacy inherently, not witch hunts against whoever manages to remind us how poorly designed existing systems are.
We need both. Everybody hates bureaucracy but let's face it sometimes it's a necessary evil. It's not efficient, it's not convenient or nice (and some days I swear if I hear the word "compliance" one more time I'll puke over my desk) but it's there for a reason and that's to protect customers.
If all else fails, immortality can always be assured by spectacular error.
It seems to me all the bureaucracy does is legitimize the evil. The company is still reading their employees emails, the ISP is still sending the NSA a copy of all your internet traffic, Sony is still sending everything you do on your PS3 to their servers, Microsoft is still tracking your Bing search history and sending it to the Chinese government, etc. But it's Corporate Lawyer Approved so it's all OK, right?
So I say again: We need systems that protect privacy inherently. Then we don't need an accursed bureaucracy or a series of witch hunts.
There is absolutely nothing wrong with anyone, individual or company receiving bits that have been transmitted in the clear. I'm no Google fanboy. I don't use Chrome, I don't use Gmail, I don't run their scripts in my browser. I don't like being tracked. If you're dumb enough to transmit bits in the clear, you deserve whatever you get.
Give me Classic Slashdot or give me death!