Slashdot Mirror
Google Didn't Delete All Street View Wi-Fi Data
nk497 writes "Google is in more trouble over the Street View Wi-Fi data slurping incident. Two years ago Google admitted it had collected snippets of personal data while sniffing for Wi-Fi connections. The UK's data watchdog, the ICO, didn't fine Google, but did demand it delete the collected data. Following the FCC's investigation, the ICO double-checked with Google that the data was deleted, receiving confirmation that it had. Except... it hadn't all been deleted, Google has now admitted. That breaches the deal between the ICO and Google, and the watchdog has said it's in talks with other regulators about what to do next."
Sometimes.
Two years ago Google admitted it had collected snippets of personal data while sniffing for Wi-Fi connections.
Yes, they admitted after being caught by the German authorities.
Google is being fined for collecting "public" data... in the UK. The same UK that has cameras everywhere and all sorts of invasive monitoring, line tapping, you-name-it big-brother we're-watching-you technlogy and laws in place?
I think this ICO organization needs to get their priorities straight.
This stuff was was broadcast in the clear over public airwaves. That means it has no expectation of privacy. If you want privacy, every WAP I've ever heard of provides encryption. Turn it on, and you DO have an expectation of privacy, so if Google was decrypting it, then they should be punished.
Must we design the whole world to protect the least competent people from themselves?
I'm really not sure why this is an issue. Sure, there are situations where people have an expectation of privacy. But if you are transmitting data through the air in a public space, isn't it fair game? If you don't want people to look at it, shouldn't you encrypt?
If you want news from today, you have to come back tomorrow.
Is there any explanation for this other than pure incompetence on Google's part?
I generally think Google didn't do anything wrong in the first place. People shouldn't be complaining that publicly broadcast unencrypted data is recorded by a third party, and if Google had wanted to fight them on the legality of the issue i would have been behind them. However agreeing to delete the data in some kind of plea bargain and then not actually deleting it is a d*** move. (I'm not quite sure at this point if it's a dick move or just a dumb move, but it's definitely one of them.)
This Space Intentionally Left Blank
The article mentions health records and browsing history among the data. How is that possible from the street view?
Moreover, offenses committed "by mistake" are still offenses.
Lots of evidence here
http://www.googleopoly.net/Googles_Rap_Sheet.pdf
Capturing HTTP "remember me" cookies for seems like it would be dangerous since they might be reused back in the lab to access all the data stored at the social or webmail site.
It would be helpful on this issue to understand the magnitude and makeup of the data, and how much of it is actually valuable / dangerous.
Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
Uh, what?
Don't talk to cops applies to individuals. When it comes to corporations in the US may also be one thing. When it comes to global corporations, that is entirely different.
That's just it. You people are completely ignoring what actually happened. Google voluntarily alerted the authorities that they had gotten the data. The anti-Google PR machine caught wind of it and now you have this mess. The government is mad because Google refused to hand over the data. If you think it is about "protecting peoples' privacy" then you are a fool.
This makes no sense:
“In their letter to the ICO today, Google indicated that they wanted to delete the remaining data and asked for the ICO’s instructions on how to proceed. Our response, which has already been issued, makes clear that Google must supply the data to the ICO immediately, so that we can subject it to forensic analysis before deciding on the necessary course of action.
If the data is so sensitive and worrisome, why doesn't the ICO just insist that it be deleted as agreed upon? If it was ok to delete it earlier, why does it have to be handed over now?
I'd rather have my data in the hands of Google than in the hands of Google *and* some random regulatory body. Many companies have a hard time certifying data destruction with multiple redundant offsite backups and replication, and data stored in the cloud where they may not even know every place their cloud provider stores it.
Though really, why is there no outrage about the fact that plaintext email passwords (and credit card numbers or whatever other personal data they are worried about) are even able to be captured with a simple drive-by Wifi scanner? There is no reason why a Wifi router should default to an open unencrypted mode, and even if it does, there is no reason why personal data should be allowed to be sent in the clear. CPU powerh is cheap, SSL should be used to secure *all* sensitive data.
The fact that Google drove by and captured snippets of data is not the problem... they aren't going to steal your credit card number or hack into your bank account (and there is a good chance that they already host your email) - the problem is when an identify thief does the same thing.
Actually, they were caught, by the French, stashing private user data by mistake. And they were uncooperative during the investigations in the USA ( http://techcrunch.com/2012/04/14/fcc-google-wifi-investigation/ ). And now they even admit they didn't comply with the british regulators' order, still by mistake.
All of these accidents and mistakes, yet we are supposed to believe all of these actions have been unintentional. I call bullshit Google.
Why would Google admit to not deleting the data if they were intentionally trying to hide it? Wouldn't it be easier to hide their supposed illicit activity by saying "yeah, we deleted it all. Here's the pile of destroyed hard drives it used to be on. It's alllll gone now. Yessiree. Ain't no way we copied any of that data to our servers hidden in Albania before "deleting" the data."
And really, what possible use would they have for data they snooped from unencrypted wifi except for the use they've already admitted to?
Fucking lie.
http://www.bbc.co.uk/news/10364073
Yeah, because the FCC says they were "uncooperative" it must be true. After all, the FCC is part of the government. And the government never lies, right? Right?
http://en.wikipedia.org/wiki/Rule_of_law
Outside the U.S. it makes even MORE sense not to talk to cops, since they might throw the management in jail & later execute them. Other countries don't have the same legal protections we have.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
I would rather have my data in hand of governement ONLY (and anyway they almost certainly have it or can subponea it) which is beholden to keep it secure, rather than in the hand in private industry which can sell it to anybody, can be unsecure, and can just snub me if I don't want to have it spread.
Furthermore you can vote a governement out. It may be hard but it is possible. Private company ? Forget it. Once in their hand it is utterly impossible to stop it spreading.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
You said they "tried to hide" something.
I didn't. FCC, if anything, said they "deliberately impeded and delayed the investigation".
Why are people getting their panties in a bunch for collecting information that was being broadcast publicly?
That would be like someone getting upset because something they posted on Twitter was used to deny them a job.
It seems to me that a car driving through neighborhoods and past businesses will only capture a very small amount of the traffic from some fraction of the access points which have no (or weak) encryption), and "sensitive" traffic (e.g. unencrypted logins) would be a very small fraction of that. So a fraction of a fraction of a fraction diminishes the value quickly - though I suppose they make it back on scale.
In addition to that, you have to take into account, all the people browsing sensitive information over insecure channels.
Some stupid banks, medical companies, etc. don't systematically encrypt everything over HTTPS.
And Europe is much more privacy conscious. For example Facebook didn't start enforcing HTTPS everywhere only recently. (Remember the whole Firesheep debacle ?) If Google captured unencrypted private message between users, that would also set the EU privacy laws, even if it's not "sensitive" information (no account/session/login information, no banking information, no medical information, etc.)
Same also for E-Mail: Not every user has activated encryption between the server and their machine (not everyone uses STARTTLS or IMAPS etc) nor end-to-end encryption (PGP, etc.) thus e-mail could have been intercepted. Again, even if the mail doesn't contain any sensitive information, its nonetheless private communication.
And recipient's and destinary's coordinate (name, e-mail, etc.) are all subjected to law defining how long they can be retained.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
They were first investigated by the German authorities for collecting WiFi addresses (not even private data). During that investigation, they accidentally falsely stated that they did not collect private data beyond unique WiFi addresses. http://www.theregister.co.uk/2010/04/22/google_streetview_logs_wlans/
Some time after that, they corrected their accidental false statement with the "admission" you're talking about. http://news.cnet.com/8301-30686_3-20005051-266.html?tag=mncol;txt
So they were "caught" by the German, they accidentally lied to them, then they rectified their statement by saying that they accidentally did store users' data, they were investigated by half world as a result of that, were accused of impeding the investigations by the FCC in the USA, and they were "caught" by the French having stored sensitive data.
Then suggest me a better word for "accidentally storing large quantities of private user data, including (according to the French) e-mail passwords, while saying that they weren't doing that". http://googlepolicyeurope.blogspot.com/2010/04/data-collected-by-google-cars.html
Like Europe that likes to make evil corporations less evil, its a big loss for them.
I love this attempt to distract the discussion. "How could Google be fined for harvesting people's personal data without their knowledge, followed by promising to delete it and then breaking that promise, in the UK where there are vague monitoring laws I won't give any specific examples of?" *instant +5*
Any wireless device (radio, cordless phone, cell phone, wifi, bluetooth, NFC, etc) is basically acting as a radio transmitter. Anyone that cares can listen in on the signal, capture it, and possibly decode it.
If you want to keep your data private, encryption is the only choice.