Google Didn't Delete All Street View Wi-Fi Data

nk497 writes "Google is in more trouble over the Street View Wi-Fi data slurping incident. Two years ago Google admitted it had collected snippets of personal data while sniffing for Wi-Fi connections. The UK's data watchdog, the ICO, didn't fine Google, but did demand it delete the collected data. Following the FCC's investigation, the ICO double-checked with Google that the data was deleted, receiving confirmation that it had. Except... it hadn't all been deleted, Google has now admitted. That breaches the deal between the ICO and Google, and the watchdog has said it's in talks with other regulators about what to do next."

Don't be evil

Sometimes.

Re:Don't be evil

I still don't know why people harp on this line. Don't be evil was a personal motto inside the company, not a public one. It just so happened that it leaked out into the public.

Do we really need to make a big deal about it every single time there's a google story? Really?

Admitted after being caught

Two years ago Google admitted it had collected snippets of personal data while sniffing for Wi-Fi connections.

Yes, they admitted after being caught by the German authorities.

Re:Admitted after being caught

[NettiWelho]

Yes, they admitted after being caught by the German authorities.

'We have ze ways of making you talk, ja?'

Re:Admitted after being caught

That's because there wasn't anything to "admit" to. A bunch of bozos left there wifi open and now they smell drama and are crying about it. This is pure torches and pitchfork mentality and Slashdot is falling for it hook line and sinker.

Re:Admitted after being caught

[Johann+Lau]

What balls?

Re:Admitted after being caught

Please kill yourself now before your stupidity infects everyone else on the internet.

Re:Admitted after being caught

[GameboyRMH]

Yep. Google was also dumb to admit this mistake in the first place (they weren't caught, they admitted it.) Some testing code was collecting bits of traffic. If they'd just fixed the problem and deleted the data, it would have been no big deal, no harm done.

Re:Admitted after being caught

Douglas Bowman is a troll and he has been exposed multiple times after he took the job at Twitter. Other people working on his team at Google have corroborated the fact that he was asked to resign due to continual incompetence. Leaning on him to prove a point is a bit disingenuous.

Re:Admitted after being caught

This is the joke of the thing.

"Shit, we collected a lot of data that we probably shouldn't have... we better disclose that."

Headline: Google Secretly Stealing WiFi Information on Millions of People

"Well, regulators are going to want to look this over now so we better not destroy it."

Headline: Google Kept Stolen WiFi Data

"Ok, ze Germans said we're alright and to delete the data"

Headline: US Authorities Investigating Google For Destruction of Evidence in WiFi Snooping Controversy

"Shit, someone screwed up and deleted some, but not all of the data. We better disclose."

Headline: Google Faces New Street View Data Controversy

Yeah, they shoulda just kept their mouths shut. If someone spilled the beans afterwards, the response would have been, "Yeah we collected stuff by accident, it was never used anywhere, and we destroyed it." Case closed.

Re:Admitted after being caught

So true and the sad thing is everything you put in quotes put in comment form on Slashdot would be modded down and everything you didn't put in quotes would be modded up. The anti-Google PR machine is strong. Don't look now but you you were modded down. Imagine that.

Re:Admitted after being caught

[Hatta]

Recording data that was broadcast in the clear? How dare they! Next you'll be telling me that they're taking pictures of things that can be seen from the street. Scoundrels!

Re:Admitted after being caught

[bwintx]

Yeah, they shoulda just kept their mouths shut.

1974 version: Yeah, Nixon shoulda just burned those tapes.

Re:Admitted after being caught

I'd say there's a minor difference between someone in the highest political office in the land destroying evidence of an intentional B&E felony committed against your political rivals, and deleting useless wifi data you realize you collected accidentally.

But, you know, spin it however you like.

Re:Admitted after being caught

[Dishevel]

Google can have what ever stupid people decide to send out in the clear.
A bunch of haters bitching about Google recording them screaming aloud in public.
Fuck them. What Google should do is put out an Ad showing the data they get just by driving around then show how easy it is and tell people "We are keeping this data just like the thieves will do."
Fucking governments telling Google they have to delete publicly available, legally attained data.
And in this instance Fuck Google for rolling over on such a stupid fucking demand.

Re:Admitted after being caught

[fluffythedestroyer]

In other words, the media are responsible for Googles bad position since they tell the news in a certain way. You can tell a news that has a certain reaction to your viewers. It does take a certain degree of knowledge in communication but it's been done very well in the media.

Re:Admitted after being caught

[oldlurker]

(they weren't caught, they admitted it.)

They actually first denied it, but when German authorities despite this assurance from Google demanded to audit the collected data, Google came out and admitted it (and would have been caught in the audit anyway). This was covered many places, this is one: http://lastwatchdog.com/googles-wifi-data-harvest-draws-widening-probes/

"In April, Google admitted to German privacy regulators that vehicles specially-equipped to systematically shoot photos of street scenes for Google Maps also carried gear to collect data moving across unencrypted wireless networks situated inside homes and businesses. The company insisted at the time that only basic Wi-Fi location data was being collected. But after Germany requested an audit, Google subsequently disclosed that it had mistakenly collected personal data, as well."

Re:Admitted after being caught

[Johann+Lau]

1. Sources
2. Don't you have eyes in the head?

Re:Admitted after being caught

They don't need to make them talk. They already have the information.

Re:Admitted after being caught

[Stan92057]

I don't agree with you. Google knows better then to assume open WiFi are open on purpose. They have a duty because of their knowledge but they took advantage of people who don't know better. wither they are bozos i will leave to you.

Re:Admitted after being caught

[Stan92057]

How does one code for open WIFI connections and collect data by mistake? They were soposta just be taking pictures not look for open WIFI. It was no mistake

Re:Admitted after being caught

Wusch!

Re:Admitted after being caught

[GameboyRMH]

It's quite understandable that at some point in development they had the software grab bits of wifi data for testing purposes, that way you can be sure you're actually in broadcast range. They were mapping wifi APs with the intention of making some sort of wifi-assisted GPS substitute. They didn't just take data from the open ones.

Re:Admitted after being caught

[murdocj]

Well, other than violating the law, yeah, Google didn't do anything wrong.

Re:Admitted after being caught

[murdocj]

Ok, Google uses a library that picks up extra data.... not impossible. Google writes all this data to log files without noticing the excess... a little unlikely but lets go with it. Google writes parsers to pick out the info they are interested in... and doesn't notice all of the payload data???? No. No way. There were clearly people within Google who knew damn well they were picking up extra data, personal data, and Google's approach was "We're Google, we can do what we want". That's the part I object to.

Re:Admitted after being caught

That's not insightful, it's naive. An accident is installing hardware to intercept communications in 1 car. Installing in every car, testing it, and deploying it worldwide is not an accident. It's not a joke. It came from the top down, not from some rogue engineer. They recorded encrypted wifi data as well. It's not hard to decrypt it later and still get the same information you need. And after the feds made a copy, they still haven't destroyed it, none of it. The data will be used on internal servers to better identify and target people. Nothing in this world is done by fucking accident. Anyone who says it was an accident is part of the Google PR team or waiting to be put on a train to a detention center. They are too naive to believe their are bad people in the world, that a company would take advantage of them.

Re:Admitted after being caught

Forget these negotiations with Google. The governments should just raid them, confiscate their stuff, and destroy the data on their own. This should include backup tapes. New red scare: Google as the rebirth of the former Soviet Union.

Re:Admitted after being caught

Recording data that was broadcast in the clear?

In the UK, recording air traffic control transmissions is illegal. Technically it is even illegal to listen to them.

They are transmitted in the clear on easliy-monitored frequencies.

Moral: Not everything that is broadcast is meant for your ears.

Re:Admitted after being caught

You're aware that "hardware to intercept communications" is any wireless card .. including the one you've got in your laptop. Right? That's what google had. A regular wireless card.

Sure they tested it. They tested that it worked to extract locations versus access point mac's.

The data stored is miniscule compared to the pictures from the street view cameras. Very miniscule.

And, it did not come from top down. It was one silly engineer who didn't think things through.

Re:Admitted after being caught

word up mah nigga! just dem playa haters tryin to stop da goog from $hining!

Re:Admitted after being caught

[datsa]

If people left their front doors open, and Google employees just walked in (because, you know, the door was open), would you be ok with that too?

Re:Admitted after being caught

[datsa]

"Shit, we sent hundreds of vans all over the United States and Europe with equipment to collect data that we probably shouldn't have..." FTFY

Re:Admitted after being caught

No. And what happened here isn't a secret.

Google was collecting broadcast SSID's and MAC's to assist in geolocation for data the streetview cars were generating. Lots of companies also do this. Some may recognize this technique from mapping apps on their phones.

Later Google disclosed that, after additional internal review of thousands of disks, it turned out that there were some samples of other unencrypted information in that data. That was the accident. They didn't use that data for anything, even though it was from unencrypted public transmissions. In truth, they have no use for the rare set of credentials that some yahoo send via plaintext email, over totally unencrypted wifi. But regardless, they disclosed the situation to the public.

All the hysteria unfolded from there, including rumors that they were building secret maps of peoples locations using their cell phones and laptops, other rumors that the data was being published online where stalkers could use it to locate and kill you, and still other rumors that Google was using everyones sniffed credentials to log into their amazon accounts. Typical paranoid innerweb stuff resulting from general technological ineptitude among the press and bloggers, combined with Google's failure to sufficiently head that ineptitude off before people started freaking out.

So in truth there was no, "We're Google, we can do what we want" involved.

Re:Admitted after being caught

[Lisias]

If I order my employee to capture public data, and he with good or bad faith captures more than I demanded, so *I* made a mistake.

We can argue if my employee make a mistake or a felony, but it's undeniable that what I did was a mistake: I shouldn't had trusted the guy and/or I should spent some money on safeguard measures.
 

Re:Admitted after being caught

[Lisias]

I don't agree with you. Google knows better then to assume open WiFi are open on purpose. They have a duty because of their knowledge but they took advantage of people who don't know better. wither they are bozos i will leave to you.

No, they don't have such duty. Neither any other company or enterprise.

We can argue about they being morally bound to do so (and I'm probably agree with you), but unfortunately, "knowing better" is government duty. It's for this reason sorely that we grant them so many power with our taxes.

Re:Admitted after being caught

[Lisias]

Believe or not, in some countries the Law states that if you leave your door unlocked, you had invited anyone wanting to enter in your home.

Anyway, every law should be take with a grain of salt. If breaking someone else's home is always a felony, the prison population would be consisted mainly by paramedics.

Re:Admitted after being caught

[Lisias]

In the UK, recording air traffic control transmissions is illegal. Technically it is even illegal to listen to them.

Good point. the BBC broadcast signal being another good example.

Re:Admitted after being caught

WTF is a "soposta?"

Is it some form of pasta? I'll have mine al dente, thanks.

Re:Admitted after being caught

[AmiMoJo]

When you are out in a public place talking to someone quietly you still have a reasonable expectation of privacy. It would be unacceptable to place hidden or directional microphones everywhere to listen to people's conversations. In fact the ICO just ruled that recording people's conversations in the back of taxis is unacceptable.

Just because you could pick something up unencrypted with suitable equipment doesn't mean it's okay.

Re:Admitted after being caught

I agree that Google's corporate intentions have actually been pretty good through this fiasco.

BUT, considering the global controversy around this issue (valid or not), the fact that they said they would destroy the data and then didn't (lets assume due to negligence) shows a level of incompetence that is surprising.

Wait... the UK?

[Kagetsuki]

Google is being fined for collecting "public" data... in the UK. The same UK that has cameras everywhere and all sorts of invasive monitoring, line tapping, you-name-it big-brother we're-watching-you technlogy and laws in place?

I think this ICO organization needs to get their priorities straight.

Re:Wait... the UK?

Now just calm there, citizen. We're from the government and we're here to help! *snicker*

Re:Wait... the UK?

Yeah but the government can disappear you if they see something on those cameras they don't like. Google is making a glorified map.

Re:Wait... the UK?

[GameboyRMH]

Yet I always hear the British apologists saying that so many of the cameras in London are privately owned? Which is it?

Re:Wait... the UK?

The state just does not like competition.

Re:Wait... the UK?

I thought most of the cameras were private? Mind you, I get primary source is, sadly, Law and Order: UK.

Re:Wait... the UK?

[cpu6502]

The government wants all the power for itself. It wants a monopoly or near-monopoly. And not just for spycams, but also the schools. The trains. The hospitals.....

Re:Wait... the UK?

[Anubis+IV]

They have them rightful. Their job is to protect the citizens from doubleplusungood businesses that would misuse the data. That is an unissue with the government, since the government needs to protect its citizens by knowing their actions at all times. After all, we've always been at war with Eastasia. You do trust your government, don't you, citizen?

Re:Wait... the UK?

Most of the cameras are privately owned. However, in order to run a CCTV system in an area that the public might visit (this includes offices), companies are required to register with the ICO, thus there is a record of who is recording what. Plus the police have feeds from a lot of more public areas (shopping centres, train stations etc).

So they're privately owned, but accessible to the government.

Re:Wait... the UK?

[oakgrove]

So they're privately owned, but accessible to the government.

Yeah, that makes me feel all warm and fuzzy.

Re:Wait... the UK?

[Hatta]

The wifi routers and Google's hotspot were also privately owned. In both cases we're talking about private entities intercepting EM radiation that is public, but not intended for that entity. Either both are OK or neither is OK. Allowing one and not the other is an indefensible double standard.

Re:Wait... the UK?

[EvilBudMan]

Ah the US has them all over now too although most are more undetectable by eye.

Re:Wait... the UK?

[sourcerror]

. In both cases we're talking about private entities intercepting EM radiation that is public, but not intended for that entity.

Do you mean here visible light that's detected by the cameras? Because people are more aware of their privacy in that EM spectrum.

Re:Wait... the UK?

[Hatta]

Yes, that's exactly what I mean. Why should it be legal to intercept 600nM photons but not 125mM photons? It's the same damn thing.

Re:Wait... the UK?

[GameboyRMH]

Best of both worlds right? :-(

Re:Wait... the UK?

[anared]

Their priorities are straight, Google is a privately owned company in another country. Those cams are in the UK, Google isnt. Data is in the UK, data isnt in the UK, but instead in another country. Not that hard to figure out, eh?

Re:Wait... the UK?

[Kagetsuki]

At war with Eastasia? ... I'm Japanese...

Re:Wait... the UK?

[Kagetsuki]

Well I'm glad I don't live in the US either. Where I live we DO have cameras everywhere but they are mostly private security cameras. In order to get the video from the cameras the police need to have a valid reason and need to make a formal request to the manager of the cameras (and since they usually have a valid reason they are rarely turned down). So if I were to commit a crime and the police were already after me getting a video of me would be trivial, but at the same time they don't just have free access to cameras everywhere. It's that difference that makes me glad I don't live in the US, UK, etc.

Re:Wait... the UK?

[Anubis+IV]

See: http://en.wikipedia.org/wiki/Nineteen_Eighty-Four#The_War

Re:Wait... the UK?

According to the UK press, the authorities are asking Google to hand over the data to them, for "forensic analysis". Aiee, what a freebie for the the spooks: a load of everyone's data, that they didn't even need to pass a law to get.

Re:Wait... the UK?

[Kagetsuki]

Wow, that totally changes the context here and completely validates the ICO action. Had I known this I would not have made the above comment. Does anyone have any links with details?

Re:Wait... the UK?

[Kagetsuki]

Aaah, I've never read this so that went right over my head. Thanks for clearing my confusion though.

Re:Wait... the UK?

[Kagetsuki]

THIS!

Re:Wait... the UK?

[AmiMoJo]

This is how it works. A business wants to set up a new shop or apply for a license to sell alcohol etc. The local council and the police make it a condition that they install lots of CCTV both inside the shop and covering the street outside it. The business owners are expected to hand over video on request.

I actually helped install a system like that once.

They must think we are idiots.

[Severus+Snape]

All of these accidents and mistakes, yet we are supposed to believe all of these actions have been unintentional. I call bullshit Google.

Re:They must think we are idiots.

[peppepz]

Moreover, offenses committed "by mistake" are still offenses.

Re:They must think we are idiots.

Lots of evidence here

http://www.googleopoly.net/Googles_Rap_Sheet.pdf

Re:They must think we are idiots.

But that's just it. There's no real offense. After collecting the data it didn't quite feel right so they took it upon themselves to go to the authorities and say, "hey we got some data from open access points so just letting you know". Then the anti-Google PR initiative kicked into high gear and people went apeshit. The real offense was not handing the data intact over to the authorities. That is what pissed them off. Nice to see no good deed goes unpunished.

Re:They must think we are idiots.

That's your "evidence"? A link to BS you didn't even come up with yourself? The first line "Google is expected to". Really? Expected? That is evidence now? Hahahahahahahahah...when can I buy your DVD?

Here's something to keep you entertained in the meantime: Microsoft's "Rap Sheet"

Criticism of Microsoft has followed various aspects of its products and business practices. Issues with ease of use, robustness, and security of the company's software are common targets for critics. In the 2000s, a number of malware attacks have targeted security flaws in Microsoft Windows and other programs. Microsoft is also accused of locking vendors and consumers into their products, and of not following and complying with existing standards in its software.[1][2] Total cost of ownership comparisons of Linux as well as Mac OS X to Windows are a continuous point of debate.[3]
The company has been the subject of numerous lawsuits by several governments and other companies for unlawful monopolistic practices. In 2004, the European Union found Microsoft guilty in the European Union Microsoft competition case. Additionally, EULAs for Microsoft programs are often criticized as being too restrictiv

Vendor lock-in

From its inception, Microsoft defined itself as a platform company and understood the importance of attracting third-party programmers. It did so by providing development tools, training, access to proprietary APIs in early versions, and partner programs. Although the resulting ubiquity of Microsoft software allows a user to benefit from network effects, critics decry what they consider to be an "embrace, extend and extinguish" strategy by Microsoft of adding proprietary features to open standards, thereby using its market dominance to gain de facto ownership of standards "extended" in this way.[5][6][7][8]
Microsoft software is also presented as a "safe" choice for IT managers purchasing software systems. In an internal memo for senior management Microsoft's head of C++ development, Aaron Contorer, stated:[9]
âoe The Windows API is so broad, so deep, and so functional that most Independent Software Vendors would be crazy not to use it. And it is so deeply embedded in the source code of many Windows apps that there is a huge switching cost to using a different operating system instead... It is this switching cost that has given the customers the patience to stick with Windows through all our mistakes, our buggy drivers, our high TCO (total cost of ownership), our lack of a sexy vision at times, and many other difficulties [...] Customers constantly evaluate other desktop platforms, [but] it would be so much work to move over that they hope we just improve Windows rather than force them to move. In short, without this exclusive franchise called the Windows API, we would have been dead a long time ago. â
More recently, Microsoft had their OOXML specification approved by the ISO standards body in a manner consistent with previous attempts to control standards.[10]
[edit]Copyright enforcement

When Microsoft discovered that its first product, Altair BASIC, was subject to widespread illegal copying, Microsoft founder Bill Gates wrote an Open Letter to Hobbyists that openly accused many hobbyists of stealing software. Gates's letter provoked many responses, with some hobbyists objecting to the broad accusation, and others supporting the principle of compensation.[11] This disagreement over whether software should be proprietary continues into the present day under the banner of the free software movement, with Microsoft characterizing free software released under the terms of the GPL as being "potentially viral"[12] and the GNU General Public License itself as a "viral license" which "infects" proprietary software and forces its developer to have to release proprietary source to the public.[13]
The Halloween documents, internal Microsoft memos which were leaked to the open source community beginning in 1998, indicate that some Microsoft employees perceive "open source" so

Re:They must think we are idiots.

Do you have any evidence? Otherwise you are just spewing conspiratorial nonsense. But then what should I expect on here?

Sometimes people lie, especially when they just got caught doing something they know they shouldn't do.

What a bunch of conspiratorial nonsense!

Re:They must think we are idiots.

That's just it. You people are completely ignoring what actually happened. Google voluntarily alerted the authorities that they had gotten the data. The anti-Google PR machine caught wind of it and now you have this mess. The government is mad because Google refused to hand over the data. If you think it is about "protecting peoples' privacy" then you are a fool.

Re:They must think we are idiots.

[peppepz]

Actually, they were caught, by the French, stashing private user data by mistake. And they were uncooperative during the investigations in the USA ( http://techcrunch.com/2012/04/14/fcc-google-wifi-investigation/ ). And now they even admit they didn't comply with the british regulators' order, still by mistake.

Re:They must think we are idiots.

[hawguy]

All of these accidents and mistakes, yet we are supposed to believe all of these actions have been unintentional. I call bullshit Google.

Why would Google admit to not deleting the data if they were intentionally trying to hide it? Wouldn't it be easier to hide their supposed illicit activity by saying "yeah, we deleted it all. Here's the pile of destroyed hard drives it used to be on. It's alllll gone now. Yessiree. Ain't no way we copied any of that data to our servers hidden in Albania before "deleting" the data."

And really, what possible use would they have for data they snooped from unencrypted wifi except for the use they've already admitted to?

Re:They must think we are idiots.

Actually, they were caught, by the French, stashing private user data by mistake.

Fucking lie.

And they were uncooperative during the investigations in the USA

Yeah, because the FCC says they were "uncooperative" it must be true. After all, the FCC is part of the government. And the government never lies, right? Right?

Re:They must think we are idiots.

[peppepz]

Fucking lie.

http://www.bbc.co.uk/news/10364073

Yeah, because the FCC says they were "uncooperative" it must be true. After all, the FCC is part of the government. And the government never lies, right? Right?

http://en.wikipedia.org/wiki/Rule_of_law

Re:They must think we are idiots.

http://www.bbc.co.uk/news/10364073

You said they "tried to hide" something. They didn't you idiot. They volunteered to the authorities that they had collected data.

http://en.wikipedia.org/wiki/Rule_of_law

http://en.wikipedia.org/wiki/Cognitive_bias

You really need to read that one.

Re:They must think we are idiots.

Do you even read what you link to? It's about french firm examining data after Google told about collection, not about catching them collecting.

Re:They must think we are idiots.

[peppepz]

CNIL, like many other data protection agencies worldwide, asked Google to hand over copies of the data it gathered to find out if privacy laws had been breached. CNIL chairman Alex Turk said Google handed the data to the agency on 4 June following an official request and it was now in the process of combing through the reams of information.

Re:They must think we are idiots.

It could have gone something like this:

  "I've seen them shuffling the drives around here and there... well not here, and certainly not in the duplicator. Oh dear I've said too much"
-Some junior google employee

Re:They must think we are idiots.

[peppepz]

You said they "tried to hide" something.

I didn't. FCC, if anything, said they "deliberately impeded and delayed the investigation".

Re:They must think we are idiots.

So bolded copypasta is making a point now? Nothing there agrees with your assertion that Google was hiding anything. Just admit you are a dime-a-dozen Google hater that no matter what they say or do it will never be enough because you don't "believe that shit, man". Whatever, loser.

Re:They must think we are idiots.

I hate to quote lies but this is what you said:

Actually, they were caught, by the French, stashing private user data

So they weren't "hiding", they were "stashing". Does your head hurt from talking out of both sides of your mouth.

Re:They must think we are idiots.

The row has blown up following Google's admission that its Street View cars "accidentally" grabbed data from unsecured wi-fi networks as the vehicles were snapping stills of street scenes in 30 nations. Google has now stopped gathering information about wi-fi networks.

See, I also can use bold text. I can also read more than 2 paragraphs of linked article.

So, how's "like many other data protection agencies worldwide, asked Google to hand over data" for examination after Google's own admission is "catching Google"?

Re:They must think we are idiots.

[peppepz]

You're missing the background. Google's "admission" was not spontaneous.

They were first investigated by the German authorities for collecting WiFi addresses (not even private data). During that investigation, they accidentally falsely stated that they did not collect private data beyond unique WiFi addresses. http://www.theregister.co.uk/2010/04/22/google_streetview_logs_wlans/

Some time after that, they corrected their accidental false statement with the "admission" you're talking about. http://news.cnet.com/8301-30686_3-20005051-266.html?tag=mncol;txt

So they were "caught" by the German, they accidentally lied to them, then they rectified their statement by saying that they accidentally did store users' data, they were investigated by half world as a result of that, were accused of impeding the investigations by the FCC in the USA, and they were "caught" by the French having stored sensitive data.

Re:They must think we are idiots.

[peppepz]

Then suggest me a better word for "accidentally storing large quantities of private user data, including (according to the French) e-mail passwords, while saying that they weren't doing that". http://googlepolicyeurope.blogspot.com/2010/04/data-collected-by-google-cars.html

expectation of privacy

This stuff was was broadcast in the clear over public airwaves. That means it has no expectation of privacy. If you want privacy, every WAP I've ever heard of provides encryption. Turn it on, and you DO have an expectation of privacy, so if Google was decrypting it, then they should be punished.

Must we design the whole world to protect the least competent people from themselves?

Re:expectation of privacy

[cpu6502]

>>>Must we design the whole world to protect the least competent people from themselves?

Apparently "yes". Maybe the Congressmen who admitted the people are too dumb to rule themselves was correct. They need to be treated like children. (And I agree Google did nothing wrong if they captured data that was being "shouted" from homes without encyrption.)

Re:expectation of privacy

Must we design the whole world to protect the least competent people from themselves?

It seems to work that way already, it's something called welfare state.

Re:expectation of privacy

[Genda]

Apparently so... its already working so well with tort law...

Re:expectation of privacy

In the US all electronic communications have an expectation of privacy. When cordless phones first came out, anyone with a scanner could listen in on your conversation, but it was still illegal. This is no different, just because your communication is easily observable doesn't mean it's ok to record it.

Re:expectation of privacy

oh i dunno maybe fine them $30000,000 per item of song after All taping from the radio is piracy and it's KILLING music!

Re:expectation of privacy

There's always an idiot with this non-argument. You gotta wonder what their agenda is, protecting the ad agency.

Hey, since you have no expectation of privacy when moving through public space, I bet you wouldn't mind if an automated tracking system posts all of your movements online in realtime? I bet you wouldn't mind too if the government or some ad broker would do that with everybody?

Either both are silly non-arguments, or both arguments are valid.

Re:expectation of privacy

[StripedCow]

This stuff was was broadcast in the clear over public airwaves.

Using this logic, if you leave the shades of your bedroom open for, say, an inch or two, I am allowed to record from the outside what is happening inside (*), and then put these recordings on the web, index them, etc. After all, those electromagnetic waves are transmitted from your bedroom, and are for everybody to see.

(*) don't worry, I won't.

Re:expectation of privacy

[datsa]

Must we design the whole world to protect the least competent people from themselves?

Eh? The "least competent people" did nothing to themselves. Google did it. They went around spying on people who neglected to lock their proverbial doors. The idea that it was the fault of the people who failed to protect themselves is astounding, and flies in the face of the most basic premises of civil society.

This whole argument reeks of "she had it coming, the way she was dressed".

Re:expectation of privacy

[thegarbz]

Erm you are! Your expectation of privacy is determined by what a normal person can see on the street. If you're climbing a tree with a 400mm lens to peak in through the blinds then you're violating the expectation of privacy. Yet if someone with their iPhone can snap a recording of you from the sidewalk you've given this expectation up.

There's no black line. Most jurisdictions apply a "reasonable person" test to privacy.

Re:expectation of privacy

[StripedCow]

And you don't think that a google car, filled with recording electronics is comparable to a 400mm lens?

Re:expectation of privacy

[Lisias]

Must we design the whole world to protect the least competent people from themselves?

Apparently "yes". Maybe the Congressmen who admitted the people are too dumb to rule themselves was correct.

And people complain about that "Idiocracy" crying of mine...

We get what we voted for. Simply like that.

Re:expectation of privacy

[kiwimate]

This stuff was was broadcast in the clear over public airwaves. That means it has no expectation of privacy. If you want privacy, every WAP I've ever heard of provides encryption. Turn it on, and you DO have an expectation of privacy, so if Google was decrypting it, then they should be punished.

Sigh.

1. Same argument applies to me saying "if you go out and don't lock your front door, I have every right to wander through your home".

2. I really fail to get Slashdot logic. Google grabs data from random people without them knowing about it or even using their services and people are clamoring to defend them. Facebook grabs data from people who sign up for an account and voluntarily hand over their data, and you want to lynch Mark Zuckerberg. How twisted is that?

3. Regarding that whole "expectation of privacy" thing. There is such a concept as social etiquette. Just because you can do something doesn't mean it's good or acceptable. I can whistle and leer at a girl in a short skirt. I can comment out loud on her legs or the tightness of her shirt. But it's not particularly polite, now, is it?

Re:expectation of privacy

[thegarbz]

Nope. From what I've read there was nothing out of the ordinary about the wifi equipment used in the car. Just an off the shelf omni direction antenna plugged into their recording computer. Now if it were setup with multiplexers, amplifiers and multiple high gain yagis to try their very best to capture even the faintest signal I would agree with you. But for the most part they didn't record any information that a passer by wouldn't have picked up on their iPhone.

One of the real problems is people don't quite know how loud their networks are. I setup my telescope and laptop out the front of my house yesterday and then through my network was down because I couldn't get access to my computer over WiFi, but internet worked. For some reason though the 5 year old piece of crap laptop was connected to the open WiFi of the house 2 doors down. Not sure what those guys are doing but they should consider a password and reducing the output power of the WAP.

You can't blame a man for overhearing your conversation when you're shouting at him with a megaphone.

It looks like for the most part people agree with this view too given how the FCC cleared them and the Australian government (despite all the noise in May) refused to re-open an investigation into it here too.

Re:expectation of privacy

[StripedCow]

The issue is not at all a technical one. It is about what people expect to be reasonable.

This makes it hard to come to a good opinion of whether this is fair or not. But I think most people don't even consider the possibility of their data being used in this particular way, and therefore I think what google has done is unreasonable. If you would like to use people's behavior in a way they didn't consider themselves, then at least inform them about your plans first.

Perhaps I should give a different example. Consider that google recorded all spoken conversations people have in public places (using ordinary microphones), converting the speech to text, and storing all of this in a large, indexed database. Would you consider this reasonable?

Re:expectation of privacy

[thegarbz]

Yes. I'm still not sure why a normal person would expect their conversation had out in the open to be private from someone immediately next to them. Now if they crept up with a boom mic and recorded me whispering to someone else that would again be different.

People don't seem to get it. You can not expect complete privacy in public space. The two are completely opposite. The fact that it's recorded and used in a database does not change that. It reminds me of some country which requested that people's licence plates get blurred in street view because they were afraid other people could see them .... eeerrr that's kind of the point of a licence plate.

Questions...

[Frosty+Piss]

I'm really not sure why this is an issue. Sure, there are situations where people have an expectation of privacy. But if you are transmitting data through the air in a public space, isn't it fair game? If you don't want people to look at it, shouldn't you encrypt?

Re:Questions...

Yes. In fact, the very design of the protocol specifically intends for that to be the case, and it allows for encryption when you want privacy. It's critical that we retain the right to listen to things broadcast in the clear over public airwaves. Losing that right is pure insanity and is one more step towards a police state.

Unfortunately, most people don't think about the principles involved. They judge based on whether they "like" the party that's listening (or in other cases, copying protected IP). If we like them, then it's alright, and if we don't, then it's not. Apparently. But the law makes no provisions for this - the same rules apply to all. If you don't want to lose the ability to listen to public airwaves, you sure the hell better support Google's right to listen too, even if you don't like Google. People need to learn to support ideals of a free society, even when those ideals are used by bad guys. The KKK that we hate must have free speech if that political protester we like is to have it too. Otherwise, the rule that shuts down the KKK will shut down the protester. Same idea here. Unfortunately, this concept is beyond most people, who don't value freedom, the value freedom for those they like.

Re:Questions...

[houghi]

Sure, there are situations where people have an expectation of privacy.

It depends on what you want privacy to be.
For me being in a public place should not mean that all I do is public as well. The thing with technology is that it does not forget and it is available for everybody for ever.

Imagine I am at a certain place at a certain time. e.g. a protest for or against something. What used to be the case was that some of my friends might know. Some police office might see me. As long as I did nothing wrong, all was well. People would forget.

25 years into the future:
Now people will be able to see what my opinions where 25 years ago. I might have changed my mind. I might not even remember I was ever there. But others can do a search and find me there. It will be taken out of contest and decisions will be made based on that.

I do call that an invasion of my privacy.

Re:Questions...

[cpu6502]

"There is no expectation of privacy in a public arena." - Supreme Court. "Government officials in a public setting have no claim on privacy. The citizens have a first amendment guarantee to record by audio or video capture their police and public officials in the actions of their duties." - 1st U.S. Circuit Court of Appeals

If you don't want your actions to come back and haunt you 25 years later, then don't do things in public that you will later regret. Don't post messages online with a public name. And don't acquiesce to a cop or TSA or politician demanding you turn-off your camera, because they have no right to do so.

Re:Questions...

Airwaves are volatile. Google's datastore isn't.

Re:Questions...

Public space = no expectation of privacy is a bit oversimplified. For instance, the counter at the pharmacy is a public space, but you have an expectation of privacy.

But if they set up their computer to broadcast unencrypted data, I also have trouble feeling sorry for them.

This is just dumb

[Daetrin]

Is there any explanation for this other than pure incompetence on Google's part?

I generally think Google didn't do anything wrong in the first place. People shouldn't be complaining that publicly broadcast unencrypted data is recorded by a third party, and if Google had wanted to fight them on the legality of the issue i would have been behind them. However agreeing to delete the data in some kind of plea bargain and then not actually deleting it is a d*** move. (I'm not quite sure at this point if it's a dick move or just a dumb move, but it's definitely one of them.)

Re:This is just dumb

[Kelbear]

I'm guessing it was just a mistake.

Sounds to me like someone tasked with deleting the data must have missed a backup or metadata stored elsewhere, someone else found it later, and instead of just deleting it, legal said they should ask the IOC how they want them to delete it.

At first I wondered why they didn't just delete it without reporting them to save them the extra grief and bad press, but I guess multiple staff were already involved in the discovery and legal told them to just disclose ASAP rather than risk covering up and getting exposed and really getting reamed.

Re:This is just dumb

[lance_of_the_apes]

Most people don't even realize that wireless transmissions are being recorded and associated with an address. This came as news to me. I disagree that people shouldn't be complaining.

Re:This is just dumb

That's two mistakes (initially collecting it was a "mistake").

Up until this point I'd more or less bought Google's claim that the collection was a mistake because I can see how some prototype log-everything-and-let-MR-sort-it-out code can make it to deployment if it works.

But once the lawyers get involved and shit gets real, my assumption of good faith disappears quite rapidly.

Re:This is just dumb

[Daetrin]

The correct response should be "holy crap, perhaps i shouldn't be publicly transmitting unencrypted information i don't want other people to see!" not complaining about Google collecting it for what seems to be non-nefarious purposes. You really ought to be thanking Google for cluing you in, because i guarantee the people who _are_ collecting it for nefarious purposes aren't going to tell you.

Re:This is just dumb

[cpu6502]

>>>Most people don't even realize that wireless transmissions are being recorded and associated with an address

Then they must be fucking stupid. Anyone with sense knows if you pick-up a walkie-talkie or cordless phone and start speaking into it, then somebody else can hear what is being said with a 2nd walkie-talking or phone, and locate its source. Wifi is no different..... it is broadcasting to everyone.

Re:This is just dumb

Where do you live? I'll stand outside your house and use a long range microphone to record all your intimate private conversations and put them online. Maybe I'll do that for your entire street.. After all.. why are you transmitting without encrypting..

Anyone with sense knows if you pick-up a walkie-talkie or cordless phone and start speaking into it, then somebody else can hear what is being said with a 2nd walkie-talking or phone, and locate its source

No.. the data packets are destined to go a specific server/ip address... they are not addressed to Google. Google has no right to snoop on them. You Google shills are fucking annoying..

Re:This is just dumb

[anared]

To transmit the data into a country like USA. I'd call that nefarious enough.

Re:This is just dumb

[cpu6502]

>>>Google has no right to snoop on them. You Google shills are fucking annoying..

If some guy is standing inside his house and shouting at his wife, then you don't have to "listen" to hear it. You can pick it up just by walking by... you hear it anyway Same with radio broadcast (hence the term "broad" cast). Just as people realize if they yell the neighbors will hear it, they should also realize that broadcasting can be heard too.

Re:This is just dumb

Nobody is shouting anything. Wi-fi packets are being sent by a person's laptop/phone intended to be received by the home router. Google is *NEVER* intended to be the recipient. Unlike shouting.. where the primary purpose is to INCREASE the number of listeners .. or increase the range of travel.

then you don't have to "listen" to hear it. You can pick it up just by walking by... you hear it anyway

Ok.. so my laptop has a wi-fi antenna. When I switch it on. .do I just randomly receive all the packets from my surrounding open wifi networks and do all of them get saved? No.. A Google employee had written code SPECIALLY to collect raw data. It was not "testing" code.. or "accidental". Its sole purpose was to collect raw data. Google maps is a well funded group inside google. Its not some pet project of a single employee. This went on for THREE years. As thousands of vans were equipped with sensitive wi-fi antennas to catch even the faintest signals they were also equipped with software written by Google to collect this data. In some instances entire emails were captured. This is not someone passing by your house and hearing a few words.

Since you have turned to blatant lying now there is no point in having any discourse with someone as dishonest as you. Goodbye.

Re:This is just dumb

[cpu6502]

>>>Nobody is shouting anything. Wi-fi packets are being sent by a person's laptop/phone intended to be received by the home router.

Broadcasting at 1/4 watt is the radio equivalent of shouting, which is why the neighbors (or google) can see your signal on their PC screen upto a block away. As long as you are shouting you should not be surprised that others hear it. So encrypt it.

Health records/browsing history?

[lance_of_the_apes]

The article mentions health records and browsing history among the data. How is that possible from the street view?

Re:Health records/browsing history?

[GameboyRMH]

The street view vans were basically wardriving to create a map of wifi hotspots. There was also some testing code left in that would grab bits of raw traffic. Some of that raw traffic was unencrypted, and some of that unencrypted raw traffic happened to be browsing history and health records.

Re:Health records/browsing history?

health records

I hate when people use a cause to forward their agenda. I doubt they actually had health records.
Think of the children!

Re:Health records/browsing history?

The street view vans were basically wardriving to create a map of wifi hotspots. There was also some testing code left in that would grab bits of raw traffic. Some of that raw traffic was unencrypted, and some of that unencrypted raw traffic happened to be browsing history and health records.

And now so does potentially hundreds of identity thieves. Why is the government not even attempting to hung these criminals down or stop them? Is this behavior legal now or something?

Why give a free pass to the criminals using those medical records to do their medical record related crimes, but yet target the one company that clearly wasn't using it for any reason let alone narfarous ones as proven by their actions of admitting it?

Just be evil.

[cpu6502]

I'm kinda surprised Google admitted it did wrong. I was just as surprised Microsoft admitted it didn't install the browser choice screen on some Win7 computers. The corporation ought to keep its mouth shut. (See Don't Talk to Cops on youtube.)

Re:Just be evil.

[poetmatt]

Uh, what?

Don't talk to cops applies to individuals. When it comes to corporations in the US may also be one thing. When it comes to global corporations, that is entirely different.

Re:Just be evil.

[cpu6502]

Outside the U.S. it makes even MORE sense not to talk to cops, since they might throw the management in jail & later execute them. Other countries don't have the same legal protections we have.

Re:Just be evil.

[anared]

Like Europe that likes to make evil corporations less evil, its a big loss for them.

Did you really expect them to?

Did you really expect them to? I didn't, information is to valuable. And they are certainly in the information business.

What is the magnitude and makeup of the data?

[mccrew]

Honest question: I am curious about how much (sensitive) data they were able to capture. It seems to me that a car driving through neighborhoods and past businesses will only capture a very small amount of the traffic from some fraction of the access points which have no (or weak) encryption), and "sensitive" traffic (e.g. unencrypted logins) would be a very small fraction of that. So a fraction of a fraction of a fraction diminishes the value quickly - though I suppose they make it back on scale.

Capturing HTTP "remember me" cookies for seems like it would be dangerous since they might be reused back in the lab to access all the data stored at the social or webmail site.

It would be helpful on this issue to understand the magnitude and makeup of the data, and how much of it is actually valuable / dangerous.

Handed over to the ICO?

[hawguy]

This makes no sense:

“In their letter to the ICO today, Google indicated that they wanted to delete the remaining data and asked for the ICO’s instructions on how to proceed. Our response, which has already been issued, makes clear that Google must supply the data to the ICO immediately, so that we can subject it to forensic analysis before deciding on the necessary course of action.

If the data is so sensitive and worrisome, why doesn't the ICO just insist that it be deleted as agreed upon? If it was ok to delete it earlier, why does it have to be handed over now?

I'd rather have my data in the hands of Google than in the hands of Google *and* some random regulatory body. Many companies have a hard time certifying data destruction with multiple redundant offsite backups and replication, and data stored in the cloud where they may not even know every place their cloud provider stores it.

Though really, why is there no outrage about the fact that plaintext email passwords (and credit card numbers or whatever other personal data they are worried about) are even able to be captured with a simple drive-by Wifi scanner? There is no reason why a Wifi router should default to an open unencrypted mode, and even if it does, there is no reason why personal data should be allowed to be sent in the clear. CPU powerh is cheap, SSL should be used to secure *all* sensitive data.

The fact that Google drove by and captured snippets of data is not the problem... they aren't going to steal your credit card number or hack into your bank account (and there is a good chance that they already host your email) - the problem is when an identify thief does the same thing.

Re:Handed over to the ICO?

This makes no sense:

If the data is so sensitive and worrisome, why doesn't the ICO just insist that it be deleted as agreed upon? If it was ok to delete it earlier, why does it have to be handed over now?

Don't worry your pretty little head about it, citizen-unit. :)

This is just association.

Associated with an address? Quick! Someone call the RIAA/MPAA.

That's a culture question

[aepervius]

I would rather have my data in hand of governement ONLY (and anyway they almost certainly have it or can subponea it) which is beholden to keep it secure, rather than in the hand in private industry which can sell it to anybody, can be unsecure, and can just snub me if I don't want to have it spread.

Furthermore you can vote a governement out. It may be hard but it is possible. Private company ? Forget it. Once in their hand it is utterly impossible to stop it spreading.

Re:That's a culture question

[drinkypoo]

Furthermore you can vote a governement out. It may be hard but it is possible.

You can sometimes vote A government out but it's not clear that you can vote THIS government out. Vote fraud is rampant. Our votes don't really matter.

Re:That's a culture question

[chispito]

I would rather have my data in hand of governement ONLY (and anyway they almost certainly have it or can subponea it) which is beholden to keep it secure, rather than in the hand in private industry which can sell it to anybody, can be unsecure, and can just snub me if I don't want to have it spread.

"Your data" in this case is a few seconds you were transmitting in the open as a car drove by.

Re:That's a culture question

[hawguy]

I would rather have my data in hand of governement ONLY (and anyway they almost certainly have it or can subponea it) which is beholden to keep it secure, rather than in the hand in private industry which can sell it to anybody, can be unsecure, and can just snub me if I don't want to have it spread.

But once that data is in the hands of the private company, do you want them to just hand it over to the government without so much as a warrant?

Would you feel better about Facebook privacy if they set up their systems so they could ship all of their logs and other data to the NSA without Facebook themselves being about to view it? Would you want Google (and Bing, etc) encrypt their search history logs customer emails and documents immediately in such a way that only the NSA can decrypt it and feed the data directly over to the NSA for government analysis and safekeeping?

I'd rather that the government had to get a warrant before it's able to obtain any of my data from a private company. Even if the government could be trusted to keep it secure, I don't trust them to use it responsibly. I'm less worried about what Google can do with my data than with what the government can do with it. Google can't legally put me into a secret jail because I'm a threat.

And for all of the fear of companies selling data to everyone, there's no incentive for them to make all of their data available to everyone since they lose competitive advantage. Facebook may be willing to sell some search related data to Google for a high enough price, but they probably aren't going to let Google have their customer social relationship data or Google would use that against them by enhancing Google+. So your complete data will never end up in one place -- unless the government requires that it be turned over to them.

Who cares?

[cigawoot]

Why are people getting their panties in a bunch for collecting information that was being broadcast publicly?

That would be like someone getting upset because something they posted on Twitter was used to deny them a job.

Data content

[DrYak]

It seems to me that a car driving through neighborhoods and past businesses will only capture a very small amount of the traffic from some fraction of the access points which have no (or weak) encryption), and "sensitive" traffic (e.g. unencrypted logins) would be a very small fraction of that. So a fraction of a fraction of a fraction diminishes the value quickly - though I suppose they make it back on scale.

In addition to that, you have to take into account, all the people browsing sensitive information over insecure channels.
Some stupid banks, medical companies, etc. don't systematically encrypt everything over HTTPS.

And Europe is much more privacy conscious. For example Facebook didn't start enforcing HTTPS everywhere only recently. (Remember the whole Firesheep debacle ?) If Google captured unencrypted private message between users, that would also set the EU privacy laws, even if it's not "sensitive" information (no account/session/login information, no banking information, no medical information, etc.)

Same also for E-Mail: Not every user has activated encryption between the server and their machine (not everyone uses STARTTLS or IMAPS etc) nor end-to-end encryption (PGP, etc.) thus e-mail could have been intercepted. Again, even if the mail doesn't contain any sensitive information, its nonetheless private communication.
And recipient's and destinary's coordinate (name, e-mail, etc.) are all subjected to law defining how long they can be retained.

there is an expectation

This stuff was was broadcast in the clear over public airwaves. That means it has no expectation of privacy.

So is your voice inside your home.. that doesn't mean I can use a long range microphone and secretly record conversations of thousands of people. That would be against the law.

Do No Evil

My ass. Sounded good when you started up, Google...now you are your own enemy - all the things you loathe and heap on Microsoft and others. You are no better, plain and simple.

Attempting to distract the discussion

I love this attempt to distract the discussion. "How could Google be fined for harvesting people's personal data without their knowledge, followed by promising to delete it and then breaking that promise, in the UK where there are vague monitoring laws I won't give any specific examples of?" *instant +5*

Re:Attempting to distract the discussion

[Kagetsuki]

First hit on Google and at first glance other than the highly topical ICO-Google issue here it's all abuses of privacy by the government: http://www.bigbrotherwatch.org.uk/ . But really, to say the UK has a government that abuses the rights to privacy of its citizens is like saying "scissors cuts paper". That you don't know it either means you are in denial or have only just now started reading news. Why there's even plenty of articles right here: http://slashdot.org/index2.pl?fhfilter=british+privacy .

Re:Attempting to distract the discussion

[Hentes]

Your "personal data" is only private until you broadcast it to the street. This is like putting up a billboard with your MAC address on it and then suing someone for looking at it.

it's a *radio broadcast*

[Chirs]

Any wireless device (radio, cordless phone, cell phone, wifi, bluetooth, NFC, etc) is basically acting as a radio transmitter. Anyone that cares can listen in on the signal, capture it, and possibly decode it.

If you want to keep your data private, encryption is the only choice.

Nope.

Google did not voluntarily alert authorities. Try again. You fanbois are not going to write history by repeating this lie.