Slashdot Mirror
Google's Punishment? Lecture Those They Snooped On
theodp writes "When Aaron Swartz tapped into MIT's network and scooped up data from one non-profit company, the U.S. Attorney threatened him with 35 years in prison and a $1 million fine. So what kind of jail time did 38 Attorneys General threaten Google with for using its Street View cars to scoop up passwords, e-mail and other personal information by tapping into the networks of their states' unsuspecting citizens? None. In agreeing to settle the case, the NY Times reports, Google is required to police its own employees on privacy issues, lecture the public on how to fend off privacy violations like the one Google perpetrated, and forfeit about 20% of one day's net income. Given the chance, one imagines that Aaron Swartz would have happily jumped at a comparable deal."
The fine being $7 million. At least EPIC isn't as cynical and thinks the outcome was positive.
I'm going to submit this submission for the best example of 'comparing apples to oranges'.
I'll assume the submitter knew nothing about the Google situation in this case, or should I think it's just a bad troll?
Chaos, panic, disorder...my work here is done.
you shouldn't have any expectations of privacy.
People should take responsibility for their actions. Companies are considered persons, so they need to take responsibility for their actions as well. So far the posters here deny that principle.
Where the comparison is breaking down: It was apparently one guy in the Aaron Swartz household, and one guy in the Google company, who thought it was a good idea to get data that they shouldn't have (although in the Google case, many people ended up collection data that they shouldn't have). If you have a company with 10,000 employees, and one employee costs you 20% of a days profit, that multiplied by 10,000 would be 5000 days profit, which is a lot. (But then again, it _was_ more than one employee collecting data because one guy wrote the code).
Oh god! This is a terrible post. It's like comparing apples and oranges. These are two totally different cases... Slashdot, you are quickly becoming the worst tech news site on the Internet :(
Google's "punishment" seems to me to be about right for the seriousness of the "crime". Swartz's was not. In fact, the penalty Swartz was threatened with was the actual result of "lobbying fees and campaign contributions" (by the MAFIAA and its ilk).
the AG offered a deal for zero (0) prison time, MIT refused to accept it.
How many people computer rooms did Google break into? none.
How many people system did they hook an unauthorized computer to? none.
How many systems did they put unauthorized software on? None.
These two case aren't remotely the same.
The Kruger Dunning explains most post on
Sigh. Google didn't "tap into the networks". They simply recorded packets being broadcast from open wifi points, for the purpose of logging the SIDs. A side-effect of recording the packets was that if they happened to contain fragments of plaint-text communication, they could in theory have logged passwords etc. This was the fault of the developer who had been tasked with writing software to log SIDs. When Google realised that more than that had been logged, they themselves reported it to the authorities.
Bad analogy time: a national birdwatching society has a project to record birdsong in the urban streets of the country. They also end up recording the "private" arguments of couples who are shouting at each other indoors, but with the window on the street side of the house left open.
The Aaron Swartz Story is quickly becoming some new kind of Godwin's Law.
Yes, it was a horrible tragedy that everyone involved probably wishes they could do over again. No, it has nothing to do with this case.
Clearly, collecting data that people broadcast openly into the street as if they were yelling at the top of their lungs in the middle of a crowded arena is actually exactly taking the steps required to visit a website, find a loophole, exploit and download data.
I'm not saying Swartz deserved 35 years in jail (and he wouldn't have gotten that anyway), but to pretend willfully stealing data is the same as overhearing it and recording that ... well that just make you look fucking stupid.
Google's mistake is that they were honest about it what they did by accident. It isn't even actually illegal to do it intentionally contrary to popular belief in most places, regardless of what this court case makes you think. The should have just kept their mouths shut. People who understand the technology don't care about what people did. The only people that care are the ones that heard Google say 'yea, we shouldn't have done that' and then they look for reasons to tear Google apart.
Swartz on the other hand took direct action to steal data for the express purpose of stealing the data. It wasn't an accident, it was intentional. That changes the punishment in and of itself from both a moral and a legal perspective. Swartz sounds (if you think you know the truth about the Swartz case, you're just ignorant) like he probably wasn't doing anything actually wrong either from a moral perspective, but from a legal one there is no question that he violated the most basic federal computer crimes law. Unauthorized access to any computer system is illegal, period, no ifs ands or buts about it. The only exception to that is if the 'access' wasn't your choice and was forced on you, such as say the perfect example ... wifi signals broadcast at you. It is not legal to steal someones data and then say 'look, I stole some of your data, fix it!'
Slashdotters may think this is the moral high ground, but it isn't. What if he'd stolen say ... a confidential database of aids patients in the area ... and then someone stole it from him or he lost his laptop ... and now that aids patient database becomes public ... Would you still be so fucking stupid as to think it was OK for him to steal data he never had any rights too in any way? What if you were in that database? What if your child, who got aids through some shitty accident like the utrarare blood transfusion instances (rare now days anyway) and suddenly he can't go to school anymore because everyone is afraid of the little kid with HIV so your kid gets isolated from everyone and can't go to school ... would it still be OK for Swartz to have stolen the data?
Swartz was unstable and depressed, stop pretending that he was an angel that was trying to protect us from the evil bad code and data leaks.
Google accidently stored and didn't immediately throw packets that BY DEFINITION THEY CAN NOT IGNORE and you act like its the same thing as intentional data theft.
Let me give you a hint, your wifi adapter ... right now ... is listening in on EVERY FREAKING SSID ON YOUR CHANNEL AND PROBABLY THE ONES NEXT TO IT AS WELL. If you have a wifi card the difference between you and Google is that Google wrote down what you threw out.
Google is not evil and Swartz wasn't your fucking hero, grow up.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
If I did that, what law would I be breaking? If I'm not obstructing the sidewalk, not going onto your property and not doing anything to bypass any privacy measures you've put in place (eg. by using a ladder to see over the fence you've put up), exactly what law would I be breaking standing there watching your house?
I think you'll find if you check that it's not a violation of any law. Only if you've taken some steps to insure privacy can I be touched for bypassing those measures. Celebrities have been fighting this for years. It's how the paparazzi get those candid photos and don't end up in jail.
Google grabbed (small bites of) data out of the air that had been broadcast on unencrypted channels, in the process of collecting potentially useful information about networks broadcasting their SSIDs. When confronted by authorities Google investigated the allegations, found them to be true, and cooperated in isolating and destroying the data collected.
Aaron Schwartz entered onto MIT's property, hiding a laptop under a box, for the express purpose of downloading specific documents which he knew to be offered under a restricted license. When MIT added security measures to stop Mr. Schwartz, he updated his program to adapt to and circumvent the new methods and continued his (admittedly illegal) downloading. When approached by uniformed police, Mr. Schwarz ran in an attempt to avoid arrest.
Google was offered a penalty a several millions dollars (20% of own days income) and to commit its employee time to . . . what is essentially community service. Google accepted. Google was probably threatened with steeper penalties, but we won't ever know that, because Google did not try to use the press as a weapon against investigators.
Mr. Schwarz was offered a light sentence of a few months in prison, but refused because he didn't want to be branded a Felon. He was threatened with up to 35 years in prison and a fine of $1 Million dollars. Mr. Schwarz wanted to bring public pressure to bear to force the government not to hold him accountable for his actions, so he made public every offer and threat made by the prosecutors.
Let us compare this to a third group - the civil rights marchers of the 1960s in Selma. There, a group of citizens gathered on the public way and attempted to commit a completely legal act -- walking to their state capital together. The police ordered the crowd to disperse, and then began beating them with clubs, releasing attack dogs on them, and attacking them with water cannons. Many were hospitalized. John Lewis, the march organizer, was beaten with a club - receiving an injury to the head that caused his skull to fracture, then placed in jail and charged with a nuisance offense. This day has been named "bloody Sunday" because of the breadth and severity of the injuries inflicted by the police on law abiding citizens.
See the differences?
I am so sick of hearing how evil Google was for recording information that other people forcefully put out into public airwaves. I know there are going to be plenty of bad analogies, so let me attempt to preempt them with a good analogy. If you go through the effort of acquiring a bullhorn to communicate with other members in your household and then proceed to pollute public airwaves with your personal information using this bullhorn, you have absolutely zero expectations of privacy. It really is as simple as that. If you don't like this, then you have many options: takes 30 seconds to set up a damn password, use https connections when possible, or use a wired connection! Once you put something out there, you can't take it back, so exercise some damn personal responsibility if you hold any expectations of privacy.
Here is a couple of further examples. HSBC almost certainly laundered terrorist money. They were fined 1.9 billion dollars. That is like 1% of market cap. OTOH, a few years ago the leaders of Holy Land Foundation for Relief and Development were put in jail for a long time and had to forfeit most of their money, the prosecutor saying money is the lifeblood of terrorist organization. By this logic HSBC is responsible of countless murders of US citizens, yet they get off pretty much scott free.
Allegiance to a dominant group is also beneficial. Eric Rudolph committed a terrorist act by bombing the olympics and other premeditated and unprovoked murders. He was a fugitive for five years. He was arrested, did not turn himself in. One might think he would be charged as a terrorist, but because he was a major element in the Christian Movement, he was merely give consecutive life sentence,which allows him to spew his hate of persons who do not agree with him. OTOH, on of the beltway snipers who were not so politically motivated and were not kept hidden and supported by the Christian terrorist movement, were put to death.
Powerful friends, and good lawyers, will tend to minimize the consequences of your actions.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Because it takes an active effort to get that data
You apparently have no idea how promiscuous sniffing works. You set your wireless device to receive, fire up your sniffer, and anyone in range will be recorded-- kind of like if you turned on a tape recorder in the park, and someone happens to be hollering private details in the vicinity.
One time I was setting up a microphone to record someone giving a speech. The long (and broken) microphone cable acted like an antenna, picking up wireless signals, so I was recording local radio traffic instead of the speech I was trying to record. Note there was no radio receiver hooked up - just a long cord plugged into a recorder. You can even hear wireless transmissions sometimes by just having a coiled cord connected to headphones. The cord serves as antenna and the coiling of the cord tunes it to a particular frequency.
If you've ever recorded static, you've recorded someone's wireless transmission. That's why in 1934 it was explicitly made legal to receive anything broadcast - because we've all done it on accident. If it were illegal to receive what someone is transmitting, it would be illegal to connect a long cord to headphones, because that will pick up "static", which is someone's transmission (your neighbor's wifi sounds like an intermittent buzzing). So it was perfectly legal for Google to receive wifi simply because it's unavoidable. Using an answering machine according to the instructions can record your neighbor's wifi as buzzing - the telephone wiring is the antenna.
Note that the long established law does NOT allow you to DECRYPT an encrypted transmission once you receive it. That would be "circumventing technical measures" under DMCA etc. In 2001, an attempt was made to make it illegal to DISCLOSE the content of certain transmissions. Last I heard, that was being challenged at the Supreme Court.
but personally I think that anything being broadcast over a radio transmitter in the clear is fair game to receive, and shouldn't even count as "sniffing".
Next you're going to say I'm committing a crime by overhearing the conversation of the people sitting at the next table in a restaurant.
I am going to get naked and stand in my yard until someone looks at me. Then I am going to sue them for invading my privacy. Profit!
...I have my blinds up doesn't make it legal for you to stand in the street and watch my family dress ot bathe.
Actually, it does.
"about" has a specific legal meaning here, and it isn't merely "in the vicinity of". If you were up a tree trying to gain a view over a fence, they could ding you. If you were peering through a small hole in a fence to see what you normally wouldn't be able to, they could ding you. Standing on the sidewalk where everyone normally walks? The cops might hassle you, but even they know the DA won't charge you (and if one did, any competent lawyer could get the charges dismissed in 5 minutes and get the DA a good chewing-out by the judge which is why the DA won't charge you in the first place) without something beyond just standing there.
If you don't take any steps to give yourself privacy, the law isn't going to make everyone else go out of their way to give you privacy.