Google Releases FCC Report On Street View Probe

← Back to Stories (view on slashdot.org)

Google Releases FCC Report On Street View Probe

Posted by Soulskill on Saturday April 28, 2012 @10:20AM from the fingers-and-cookie-jars dept.

An anonymous reader writes with news that Google has released the full report of the FCC investigation into the incident in which its Street View cars collected personal data while mapping Wi-Fi networks. They are putting responsibility for the data gathering on a 'rogue engineer' who wrote the code for it without direction from management. "Those working on Street View told the FCC they had no knowledge that the payload data was being collected. Managers of the Street View program said they did not read the October 2006 document [written by the engineer that detailed his work]. A different engineer remembered receiving the document but did not recall any reference to the collection of payload data. An engineer who worked closely with the engineer in question on the project in 2007, reviewing all of the codes line by line for bugs, says he did not notice that the software was designed to capture payload data. A senior manager said he preapproved the document before it was written."

26 of 95 comments (clear)

Min score:

Reason:

Sort:

what about the rest of the life cycle? by Anonymous Coward · 2012-04-28 10:25 · Score: 4, Insightful

was anyone assigned to validate requirements against functionality? compliance? export control? 3rd party software integration copyright and license? was any due diligence done other than to review for technical bugs?
1. Re:what about the rest of the life cycle? by zidium · 2012-04-28 10:38 · Score: 3, Insightful
  
  Why is this modded -1????
  I would hope Google would do such things regularly!
  
  --
  Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!
2. Re:what about the rest of the life cycle? by cdrguru · 2012-04-28 11:01 · Score: 4, Interesting
  
  Surely you jest! This is the Internet age of development where most of the bleeding-edge companies doing software development have completely bought into a agile development model where the requirements are "flexible" - usually so flexible that the development group is operating with a completely different set of requirements than the analyst or program manager. End result is you have something that works at the end but nobody quite knows what it is supposed to do only what it does do now.
  Probably one of the funniest tales of software development is how FaceBook actually operates. I suspect much of Google is run the same way, only the search engine is probably overseen rather strictly. The rest? I suspect you could ask three people and get four different descriptions of what a particular product's requirements were today and if they were actually being implemented.
  How do you think Android can have two separate email programs (one for Gmail and one for everything else) and the two apps have wildly divergent sets of options and default settings? This stuff just sneaks in, obviously. Did you really think there was a specification?
  I don't think there is time for any thinking about things like compliance, export control or third party copyright considerations in any place that is trying to keep up with the Internet today and operating an agile development environment. These considerations are thought to have died in the 1970s.
3. Re:what about the rest of the life cycle? by Tharsman · 2012-04-28 11:05 · Score: 4, Insightful
  
  I got to say, it sounds extremely odd that there were no more eyes. Google is a company that has a price tag on how much every signle web search executed by a user cost them, in energy and equipment degradation. They have specially manufactured cpus that can run hot so they can conserve as much heat as they can. ... but in all those years, even in the initial test run... no one noticed the cars where filling their hard-drives WAY too fast?
  This takes me back about 7 years ago in a contract involving 3 parties. Client, contractor and a sub-contractor. In a meeting, the usually incompetent IT manager employed by the client to run their data center, asks our sub-contractor "why is the database growing at a rate of 1GB per day?" The sub-contractor was clueless and we shocked. Sure, we perhaps should had noticed.... (BTW, reason for the growth: zero normalization. I kid you not, these guys had absolutely no normalized tables at all, and nearly every field indexed.)
  My point is: unexpected bursts in data storage are too easy to notice, because the first time hard drives fill up and windows (or whatever OS they use) shouts for air... well... some one will notice.
  But these are not morons... these are Google engineers... the ones that have quantified the cost of a search to the atomic level. I'm sure more than just an unnamed "rogue engineer" was very aware of this.
4. Re:what about the rest of the life cycle? by ColdWetDog · 2012-04-28 11:28 · Score: 3, Insightful
  
  Multi hundred gigabyte HDs don't fill up that fast.
  Besides, Street View is some tiny little bit of Google with managers and engineers stuck in some corner of the cafeteria. It's not like tons of money is expended on them (eg, the price tag on data center cooling) so multiple levels of review / fine tuning probably just doesn't occur. I saw the Google car in town not too long ago - a DIY dream. Gear strewn over the rear seat with cables everywhere and a what appeared to be big tube of cables running into the trunk.
  And these Google engineers - I'm sure they're smart and all, but they put their pants on one leg a time.
  
  --
  Faster! Faster! Faster would be better!
5. Re:what about the rest of the life cycle? by zippthorne · 2012-04-28 11:50 · Score: 2
  
  ...but they put their pants on one leg a time.
  I've always wondered about this phrase... Sure, you put 'em on one leg at a time if you don't have anything to sit on, or don't feel like sitting, but most of the time I change in my bedroom, which has ready availability of.. a bed.. for sitting. In that case, It's not really much difference in effort to pull 'em on a leg at a time, or all at once.
  Anyway, I'd say that, based on experience of one person - me, most people put their pants on one leg at a time, about 60% of the time.
  Also, I can't be alone in that every time someone uses that phrase here, I cannot avoid thinking of two or three pantsing/de-pantsing device designs of varying practicality and requirements (are the pants allowed to touch the floor? Can they be folded or bent?)
  
  --
  Can you be Even More Awesome?!
6. Re:what about the rest of the life cycle? by Fwipp · 2012-04-28 12:19 · Score: 2
  
  Logging internet traffic is going to be a drop in the bucket compared to taking 360 photos every twenty feet or so.
7. Re:what about the rest of the life cycle? by icebike · 2012-04-28 15:31 · Score: 4, Informative
  
  This is the new "agile"' methodology. There is no design or validation, just furious coding off a prioritized feature list and "code reviews" which amount to little more than some other programmer skimming a check-in and signing off.
  And that s quite sufficient for an in-house tool. They were not selling street view cars, they were simply collecting their own data, which they never intended to sell.
  This is not a development system for launching rockets or writing pay checks. Its not a deliverable in a contract. Its strictly an in-house lash-up where one guy decided to exceed his mandate.
  When your manager asks you to write a quick program to find all the Ford Truck owners that Work in Building B by scanning the parking tag database, you do it the fastest way possible. You don't start with any more of a requirements statement that your boss gave you, you don't send your grep script out for a third party review, you don't run it by legal, you don't hold design meetings, and write memos, because the friggin Black Ford Ranger truck is LEAKING GAS RIGHT NOW, and the police won't tell you who owns it from its license plate number without a subpoena.
  Not every project is a big production. This whole wifi project was a pimple on street view's neck, so that google didn't have to pay Skyhook for its database. It was a cheap expedient, and it was a perfect single engineer project or at most a couple guys to kick the code around an two or three hardware guys to assemble the wifi receiver packaging.
  
  --
  Sig Battery depleted. Reverting to safe mode.
8. Re:what about the rest of the life cycle? by gmanterry · 2012-04-28 15:48 · Score: 2
  
  I generally have a favorable image of Google but this sounds like pure bullshit. Even the guy reviewing the code line by line didn't notice? Come on!!!
  
  --
  Since when is "public safety" the root password to the Constitution?
Re:Obama ate a dog. by Nyder · 2012-04-28 10:27 · Score: 5, Funny

Obama ate a dog.
That's what happens when times are tough. You order take out. You think the meat is chicken, it's not.

--
Be seeing you...
Re:Cool! by preaction · 2012-04-28 10:36 · Score: 3, Insightful

No, one engineer is being thrown under the bus. I wonder if his name was Goldstein...
IS this really such a big deal? by Anonymous Coward · 2012-04-28 10:36 · Score: 5, Informative

As much as I like google, I would be the first one to complain if I thought they were doing something wrong. But let's think about this:
1. If they were capturing unencrypted packets from non-secured WiFi networks.... that would be creepy, but probably not illegal. Anyone who sets up an unencrypted network should expect that other people might use it to just listen in. Google would just be picking up information they were already broadcasting in the clear.
2. If they were capturing encrypted packets then... they have useless data.
And the car was moving, which means that in case 1, they may have a dozen packets each from millions of different routers. They weren't parking somewhere to capture all of someone'S data, but got lots of random garbage instead. I am sure all they were interested in was the BSSID in order to tag it to a location.
Now, if they were trying to crack encrypted WLAN packets, then legal or not, there is something very suspicious going on - especially if they kept it secret.
1. Re:IS this really such a big deal? by Tastecicles · 2012-04-28 10:59 · Score: 5, Interesting
  
  Well, in an ideal world you'd be right on point #1, but this isn't an ideal world, we (in the UK) have a clause in the Computer Misuse Act 1990 (section 1(a) and 1(b) in fact), that instantly criminalises the capture of (ANY) data by an unauthorised person - which makes wardriving illegal, more than that it makes scanning for local wifi networks illegal - unless you knock all your neighbours and ask them permission first!
  
  --
  Operation Guillotine is in effect.
2. Re:IS this really such a big deal? by Qwavel · 2012-04-28 11:17 · Score: 2
  
  No, it isn't such a big deal.
  Not only did they never do anything with this payload data, there is no record of them ever planning to do anything with it, and it's actually pretty hard to even think of anything they realistically could have done with it (without devolving into paranoid conspiracy theories). Which all supports the theory that collecting the data was not part of the master-plan.
  But there is something wrong with Google only paying $50K penalty for non-cooperation.
  http://finance.yahoo.com/news/google-pay-25-000-fcc-113025671.html
  The penalty should have been calibrated to the size of the company so that it hurt. If you don't like the gov' snooping into the private business of corporations then vote for Ron Paul, but in the mean-time companies must comply with investigations, or face penalties that aren't a joke.
3. Re:IS this really such a big deal? by fluffy99 · 2012-04-28 17:38 · Score: 2
  
  I am sure all they were interested in was the BSSID in order to tag it to a location.
  I would guess they were probably also grabbing the mac address of the router.. This fits in nicely with the recent revelation that Apple and some browser plugins were tracking users by using the mac address of the gateway as a unique ID.
4. Re:IS this really such a big deal? by Tastecicles · 2012-04-29 13:34 · Score: 2
  
  I accept your challenge.
  http://www.techspot.com/news/22178-wardriving-credit-card-thief-gets-9-years-in-jail.html
  http://www.crn.com/news/security/26806554/wardrivers-plead-guilty-sentenced-to-jail-time.htm
  and one from the UK:
  http://news.bbc.co.uk/1/hi/england/hereford/worcs/6565079.stm
  
  --
  Operation Guillotine is in effect.
Didn't bother to read the memo... by Local+ID10T · 2012-04-28 10:40 · Score: 3, Insightful

Actually, this sounds like most managers I know.

Managers of the Street View program said they did not read the October 2006 document [written by the engineer that detailed his work].

--
"You want to know how to help your kids? Leave them the fuck alone." -George Carlin
1. Re:Didn't bother to read the memo... by war4peace · 2012-04-28 10:58 · Score: 4, Interesting
  
  Not just what some management people said, but everything in this affair is a classic case of corporate snafu. I'm seeing these things every day.
  About 18 months ago I was requested to build some Excel macro which would parse a pile of structured data from a table and generate a snapshot report based off that. Multiple people in various locations had to run that file every hour, interpret the results and take action if certain thresholds were met. Now thresholds started to be met but action was not taken, so their management asked them "so, what's up, why are you not taking action?". They said "it must be the macro because we run it every hour and it doesn't tell us that thresholds have been met". management came to me and asked me what's up, and I could tell them, because the macro contained a very simple (primitive even) log. Each time the report was run, an entry was stored in the file in a hidden spreadsheet which could be shown by pressing a button on the form and entering a very simple password (which was stored in the VBA code as a plain text string). As I was saying, primitive.
  So I asked for all the files which had been distributed to those people and checked the logs.
  Some of them had never opened the file. Some others had run the script a few times then abandoned it. All others ran it pretty irregularly, the most often run pace being once a day. Nobody ran it every hour.
  So I centralized the logs, went back to management and told them "here's what happens: your guys don't run the reports. That's how I know: I've been logging their activities.". They said "thank you" and nothing changed ever since.
  The above is an example of someone writing extra code which might prove to be illegal and nobody giving a shit, although they have been informed. As I was saying, typical corporate snafu...
  
  --
  ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
2. Re:Didn't bother to read the memo... by ColdWetDog · 2012-04-28 11:29 · Score: 3, Funny
  
  I don't remember.
  
  --
  Faster! Faster! Faster would be better!
Management's justifications by Anonymous Coward · 2012-04-28 10:42 · Score: 5, Insightful

They are putting responsibility for the data gathering on a 'rogue engineer' who wrote the code for it without direction from management.

An engineer who worked closely with the engineer in question on the project in 2007, reviewing all of the codes line by line for bugs, says he did not notice that the software was designed to capture payload data. A senior manager said he preapproved the document before it was written."
Isn't interesting in Corporate America, when things go great, it's management's brilliance? And when things go bad, it's a rogue employee?
I'd really like to know management's justification for their obscenely high compensation, for one thing.
Here's another thing while I'm ranting:That's one of the big differences between managing and leading.
Leader: it's MY fault and I'll take care of it.
Manager: it's someone elses fault. You go take care of it.
OH PUHLEASSSSEEEE! by NoNonAlphaCharsHere · 2012-04-28 10:43 · Score: 3, Insightful

If I had a nickel for every time I've inserted code (especially the "I've got the data in my hand, why don't I save it somewhere" kind) "without direction from management" that I ABSOLUTELY KNEW was useful and/or going to be asked for as soon as they thought of it anyways; well, let's just say I could have retired early. Call me a "rogue".
Re:Cool! by marcello_dl · 2012-04-28 10:43 · Score: 2

Wait but you can't say that, because Google is "not evil"(tm).
They have painted themselves into a corner quite well, this time.
But people forget soon. Heck, they are still buying Windows, praising Jobs, and considering Richard Matthew "Told you so!" Stallman a commie idealist.

--
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
Managers' Fault by Anonymous Coward · 2012-04-28 10:44 · Score: 2, Insightful

The developer documented his work and sent the documentation out to others on the team (including the managers). It's the managers' jobs to make sure the developers understand the requirements correctly. In fact, the developer was working on the project in order to capture the data and study it to see if it would of use to Google.
What are the managers doing if they aren't managing the engineers? We might have to stay late writing code, but are they staying late reading documents and getting up to speed on what everyone is doing? Isn't that their job? I'm still in school so please correct me if I'm wrong.
1. Re:Managers' Fault by busyqth · 2012-04-28 10:50 · Score: 3, Insightful
  
  What are the managers doing if they aren't managing the engineers? We might have to stay late writing code, but are they staying late reading documents and getting up to speed on what everyone is doing? Isn't that their job? I'm still in school so please correct me if I'm wrong.
  Of course it's their job. And they probably did it.
  However, when the Federal Government comes sniffing around it's very convenient to forget that you read the document.
What if they were capturing voice communications? by iceperson · 2012-04-28 11:18 · Score: 2

I don't understand why this was legal. Had the non-encrypted wireless transmissions they captured been voice wouldn't that have been covered under current wiretapping laws? If so, why is this different? Not trying to troll, just wondering why non-encrypted wireless data communications transmitted over the air are assumed free game.

Also, what if they were capturing encrypted communications over an open wifi signal (ie, someone browsing an HTTPS site.) Wouldn't they have still captured that data? Does it make a difference now that they are capturing encrypted packets?
Re:Obama ate a dog. by busyqth · 2012-04-28 17:37 · Score: 2

It is common to omit the article when speaking of a a place of origin in German, thus the accusation that Kennedy called himself a jelly doughnut because he did not omit the article.

However, it is true that the Germans listening understood very well what he meant and appreciated what he said.