Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google's Punishment? Lecture Those They Snooped On

Posted by Unknown on from the sounds-about-right dept.

theodp writes "When Aaron Swartz tapped into MIT's network and scooped up data from one non-profit company, the U.S. Attorney threatened him with 35 years in prison and a $1 million fine. So what kind of jail time did 38 Attorneys General threaten Google with for using its Street View cars to scoop up passwords, e-mail and other personal information by tapping into the networks of their states' unsuspecting citizens? None. In agreeing to settle the case, the NY Times reports, Google is required to police its own employees on privacy issues, lecture the public on how to fend off privacy violations like the one Google perpetrated, and forfeit about 20% of one day's net income. Given the chance, one imagines that Aaron Swartz would have happily jumped at a comparable deal." The fine being $7 million. At least EPIC isn't as cynical and thinks the outcome was positive.

25 of 252 comments (clear)

  1. Seriously now... by Cali+Thalen · · Score: 4, Insightful

    I'm going to submit this submission for the best example of 'comparing apples to oranges'.

    I'll assume the submitter knew nothing about the Google situation in this case, or should I think it's just a bad troll?

    --
    Chaos, panic, disorder...my work here is done.
    1. Re:Seriously now... by Custard+Horse · · Score: 3, Interesting

      The whole Google fiasco was a non-story IMHO. Sure, data was collected and it arguably shouldn't have been.

      Google had its hands slapped and has to pay a fine and suffer the negative publicity. Can we move on now?

    2. Re:Seriously now... by Anonymous Coward · · Score: 4, Insightful

      Seriously...

      - This was a settlement, not what the attorney generals asked for. In Germany, regulators didn't even find anything to press charges with.
      - Also, just a little triviality here, but Google didn't actually violate any laws right?
      - The accusation against Google here is one employee was not supervised properly, not deliberate privacy invasion. Or do we want people to throw the book at this one employee? People here believe in what Aaron Swartz was doing, but it was still willful violation of the law. Pretty darn different.

      One person got screwed by the law. Therefore we should throw the book at everyone!

    3. Re:Seriously now... by phantomfive · · Score: 5, Insightful

      . I have no sympathy for him killing himself.

      Come on, you can still have sympathy for people even if they were stupid. Man, I know some drunk homeless guys on the street, who I have sympathy for, even though it's entirely their fault where they are.

      When someone is in a bad situation, it's ok to have sympathy for them, even if it's their own fault.

      --
      "First they came for the slanderers and i said nothing."
    4. Re:Seriously now... by geekoid · · Score: 5, Insightful

      You have no idea about depression and suicide. So you look like an ignorant asshole

      These situations aren't the same, but I do have Sympathy for Aaron.

      Sadly, asswipe like you are still around who have no clue what depression is like, or what goes on leading up to suicide. Hint: It's not what you think.

      Not that it keeps you from spouting your crap.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    5. Re:Seriously now... by femtobyte · · Score: 3, Insightful

      Oh look, a pseudonymous pro-corporate internet bully telling a dead person to "man up" and "face his accusers with honor." What valiance!

    6. Re:Seriously now... by Anonymous Coward · · Score: 5, Insightful

      I'm going to submit this submission for the best example of 'comparing apples to oranges'.

      I'll assume the submitter knew nothing about the Google situation in this case, or should I think it's just a bad troll?

      Google was collecting random, unencrypted, broadcast data as they plotted wi-fi access point coordinates for building a geolocation database. There was no intent to collect passwords or any other sensitive information, and intent is a huge component of criminality. So yes, this submission is a pretty massive troll. Google was eavesdropping at a party and possibly writing down more than they should have been, and Swartz was tapping phone lines during private conversations and recording all the audio with intent to distribute. Not even remotely close, unless one is blinded by troll-dom. But alas, this is slashdot, so every article must include a "sigh, if only Aaron were alive to see this..."

      Anon because you trolls are a bunch of touchy little motherfuckers.

    7. Re:Seriously now... by tibit · · Score: 3, Interesting

      Nope. The SSID database is not all that they did. They sniffed the data packets as well. As in: they got the MACs of the machines of the network, even hardwired machines, they also logged the contents of all the IP traffic, mDNS names, NMB names, etc.

      --
      A successful API design takes a mixture of software design and pedagogy.
    8. Re:Seriously now... by femtobyte · · Score: 3, Insightful

      I have nothing against pseudonymity --- just against hypocrisy, like talking about "manning up," "facing accusers," and "honor," while spitting on the deceased (who almost certainly did far more honorable service to humanity in his short life than "Archangel Michael" ever will) over the internet.

    9. Re:Seriously now... by sjames · · Score: 4, Interesting

      Actually, the other way around. Google's 'punishment' was appropriate. The question is "why do you have to be a large corporation to be treated justly?".

      It also reflects poorly on justice in the U.S. If they REALLY believed this sort of thing called for harsh penalties (right or wrong), they would be champing at the bit to throw the book at Google.

    10. Re:Seriously now... by geekoid · · Score: 3, Interesting

      Do you know how those systems work at all? Let me give you na overview.
      System A: Sends out broadcast saying "hey, here i am!"
      System B: "I see you, can I connect?"\
      System A:" can do the following: 1-"sure come on in!" 2-"Sure, just give me a password"
      In these cases, System a chose 1 - "Come on in!"

      Yes, it gets a lot more detailed, especially on the authorization side, but that doesn't matted becasue these system didn't ask for authorization.

      And, in fact, it many places, what they did was not illegal. I would hard pressed to find a place where the scenro is illegal.
      Now if they were using an attack to gather the password, or get around a password that's a different story.

      ". You know, computers communicate with each other,"

      yes, and in this scenario the communication included 'Come on in!'

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    11. Re:Seriously now... by Anonymous Coward · · Score: 3, Insightful

      not really. If you are running an unsecured node it's comparable to walking around naked in front of your open bay window. People might happen to see you naked as they walk by, but really it's your own fault.

    12. Re:Seriously now... by anagama · · Score: 3, Insightful

      not really. If you are running an unsecured node it's comparable to walking around naked in front of your open bay window. People might happen to see you naked as they walk by, but really it's your own fault.

      Maybe for you. For most people who use the internet, this analogy doesn't hold up at all. It is more like they're walking around naked behind solid opaque walls, but unbeknownst to them, someone outside their house has the ability to magically make the walls invisible to himself and other similarly skilled magicians, but the naked person inside the house would still see the walls as solid.

      And before you start saying stuff like "idiots shouldn't use the internet if they don't understand it" -- look around you and ask yourself whether you have anything more than a vague understanding of how the various services you use work, and by that I mean a complete technical picture covering exactly how those services are provided and the potential ways a nefarious individual could harm you by taking advantage of your lack of knowledge. Things, like water, electricity, sewer, mail, garbage collection, etc. etc. Are there ways to violate your privacy via the sewer system? Your health via the water system? I could imagine ways, but really, I wouldn't know because I have merely a general understanding of these things totally lacking in specific details. Doesn't make me stupid. Just makes me a human who can't know everything about everything.

      --
      What changed under Obama? Nothing Good
  2. When you broadcast your personal info unencrypted by Hentes · · Score: 4, Insightful

    you shouldn't have any expectations of privacy.

  3. What about responsibility? by gnasher719 · · Score: 3, Interesting

    People should take responsibility for their actions. Companies are considered persons, so they need to take responsibility for their actions as well. So far the posters here deny that principle.

    Where the comparison is breaking down: It was apparently one guy in the Aaron Swartz household, and one guy in the Google company, who thought it was a good idea to get data that they shouldn't have (although in the Google case, many people ended up collection data that they shouldn't have). If you have a company with 10,000 employees, and one employee costs you 20% of a days profit, that multiplied by 10,000 would be 5000 days profit, which is a lot. (But then again, it _was_ more than one employee collecting data because one guy wrote the code).

  4. oh no by clark0r · · Score: 5, Insightful

    Oh god! This is a terrible post. It's like comparing apples and oranges. These are two totally different cases... Slashdot, you are quickly becoming the worst tech news site on the Internet :(

  5. Seems fair to me ... by rjmx · · Score: 4, Insightful

    Google's "punishment" seems to me to be about right for the seriousness of the "crime". Swartz's was not. In fact, the penalty Swartz was threatened with was the actual result of "lobbying fees and campaign contributions" (by the MAFIAA and its ilk).

  6. Not a valid comparison by geekoid · · Score: 3, Informative

    the AG offered a deal for zero (0) prison time, MIT refused to accept it.

    How many people computer rooms did Google break into? none.
    How many people system did they hook an unauthorized computer to? none.
    How many systems did they put unauthorized software on? None.

    These two case aren't remotely the same.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  7. no tapping by Anonymous Coward · · Score: 5, Insightful

    Sigh. Google didn't "tap into the networks". They simply recorded packets being broadcast from open wifi points, for the purpose of logging the SIDs. A side-effect of recording the packets was that if they happened to contain fragments of plaint-text communication, they could in theory have logged passwords etc. This was the fault of the developer who had been tasked with writing software to log SIDs. When Google realised that more than that had been logged, they themselves reported it to the authorities.

    Bad analogy time: a national birdwatching society has a project to record birdsong in the urban streets of the country. They also end up recording the "private" arguments of couples who are shouting at each other indoors, but with the window on the street side of the house left open.

  8. Godwin by Ieshan · · Score: 3, Interesting

    The Aaron Swartz Story is quickly becoming some new kind of Godwin's Law.

    Yes, it was a horrible tragedy that everyone involved probably wishes they could do over again. No, it has nothing to do with this case.

  9. Re:Just because... by Todd+Knarr · · Score: 4, Informative

    If I did that, what law would I be breaking? If I'm not obstructing the sidewalk, not going onto your property and not doing anything to bypass any privacy measures you've put in place (eg. by using a ladder to see over the fence you've put up), exactly what law would I be breaking standing there watching your house?

    I think you'll find if you check that it's not a violation of any law. Only if you've taken some steps to insure privacy can I be touched for bypassing those measures. Celebrities have been fighting this for years. It's how the paparazzi get those candid photos and don't end up in jail.

  10. Bullshit premise is bullshit. by GodInHell · · Score: 3, Informative

    Google grabbed (small bites of) data out of the air that had been broadcast on unencrypted channels, in the process of collecting potentially useful information about networks broadcasting their SSIDs. When confronted by authorities Google investigated the allegations, found them to be true, and cooperated in isolating and destroying the data collected.

    Aaron Schwartz entered onto MIT's property, hiding a laptop under a box, for the express purpose of downloading specific documents which he knew to be offered under a restricted license. When MIT added security measures to stop Mr. Schwartz, he updated his program to adapt to and circumvent the new methods and continued his (admittedly illegal) downloading. When approached by uniformed police, Mr. Schwarz ran in an attempt to avoid arrest.

    Google was offered a penalty a several millions dollars (20% of own days income) and to commit its employee time to . . . what is essentially community service. Google accepted. Google was probably threatened with steeper penalties, but we won't ever know that, because Google did not try to use the press as a weapon against investigators.

    Mr. Schwarz was offered a light sentence of a few months in prison, but refused because he didn't want to be branded a Felon. He was threatened with up to 35 years in prison and a fine of $1 Million dollars. Mr. Schwarz wanted to bring public pressure to bear to force the government not to hold him accountable for his actions, so he made public every offer and threat made by the prosecutors.

    Let us compare this to a third group - the civil rights marchers of the 1960s in Selma. There, a group of citizens gathered on the public way and attempted to commit a completely legal act -- walking to their state capital together. The police ordered the crowd to disperse, and then began beating them with clubs, releasing attack dogs on them, and attacking them with water cannons. Many were hospitalized. John Lewis, the march organizer, was beaten with a club - receiving an injury to the head that caused his skull to fracture, then placed in jail and charged with a nuisance offense. This day has been named "bloody Sunday" because of the breadth and severity of the injuries inflicted by the police on law abiding citizens.

    See the differences?

  11. Tired of This Case by organgtool · · Score: 4, Insightful

    I am so sick of hearing how evil Google was for recording information that other people forcefully put out into public airwaves. I know there are going to be plenty of bad analogies, so let me attempt to preempt them with a good analogy. If you go through the effort of acquiring a bullhorn to communicate with other members in your household and then proceed to pollute public airwaves with your personal information using this bullhorn, you have absolutely zero expectations of privacy. It really is as simple as that. If you don't like this, then you have many options: takes 30 seconds to set up a damn password, use https connections when possible, or use a wired connection! Once you put something out there, you can't take it back, so exercise some damn personal responsibility if you hold any expectations of privacy.

  12. Re:When you broadcast your personal info unencrypt by fermion · · Score: 4, Insightful
    The point is if a private citizen or smaller company had done what data did, which is to collect this 'public' information, and in some form potentially put it to use, which we have no evidence google did not do, the feds might have worked harder at finding a punishment. There is a bit of unequal justice going on.

    Here is a couple of further examples. HSBC almost certainly laundered terrorist money. They were fined 1.9 billion dollars. That is like 1% of market cap. OTOH, a few years ago the leaders of Holy Land Foundation for Relief and Development were put in jail for a long time and had to forfeit most of their money, the prosecutor saying money is the lifeblood of terrorist organization. By this logic HSBC is responsible of countless murders of US citizens, yet they get off pretty much scott free.

    Allegiance to a dominant group is also beneficial. Eric Rudolph committed a terrorist act by bombing the olympics and other premeditated and unprovoked murders. He was a fugitive for five years. He was arrested, did not turn himself in. One might think he would be charged as a terrorist, but because he was a major element in the Christian Movement, he was merely give consecutive life sentence,which allows him to spew his hate of persons who do not agree with him. OTOH, on of the beltway snipers who were not so politically motivated and were not kept hidden and supported by the Christian terrorist movement, were put to death.

    Powerful friends, and good lawyers, will tend to minimize the consequences of your actions.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  13. Yes, it's legal, since 1934. Here's why by raymorris · · Score: 5, Informative

    One time I was setting up a microphone to record someone giving a speech. The long (and broken) microphone cable acted like an antenna, picking up wireless signals, so I was recording local radio traffic instead of the speech I was trying to record. Note there was no radio receiver hooked up - just a long cord plugged into a recorder. You can even hear wireless transmissions sometimes by just having a coiled cord connected to headphones. The cord serves as antenna and the coiling of the cord tunes it to a particular frequency.

    If you've ever recorded static, you've recorded someone's wireless transmission. That's why in 1934 it was explicitly made legal to receive anything broadcast - because we've all done it on accident. If it were illegal to receive what someone is transmitting, it would be illegal to connect a long cord to headphones, because that will pick up "static", which is someone's transmission (your neighbor's wifi sounds like an intermittent buzzing). So it was perfectly legal for Google to receive wifi simply because it's unavoidable. Using an answering machine according to the instructions can record your neighbor's wifi as buzzing - the telephone wiring is the antenna.

    Note that the long established law does NOT allow you to DECRYPT an encrypted transmission once you receive it. That would be "circumventing technical measures" under DMCA etc. In 2001, an attempt was made to make it illegal to DISCLOSE the content of certain transmissions. Last I heard, that was being challenged at the Supreme Court.