Germany Fines Google Over Street View - But Says €145k Is Too Small

judgecorp writes "Germany's privacy regulator has fined Google €145,000 over its Street View cars' harvesting of private data — but the official has complained that the size of the fine is too small, because of limits to the fines regulators can impose. German data protection commissioner Johannes Caspar said the fine was too low, for 'one of the largest known data breachers ever,' saying, 'as long as privacy violations can be punished only at discount prices, enforcement of data protection law in the digital world with its high abuse potential is hardly possible.' In 2010 it emerged that Google's Street View cars captured personal data from Wi-Fi networks as well as taking pictures — since then regulators have imposed a series of fines — the largest being $7 million reportedly paid to settle a U.S. government probe."

Why?

[Frosty+Piss]

How is it a "data breach" â" or at least how is such a "breach" Google's issue when it's on the user's side? How can it be illegal to acquire signals "floating freely" through the air? Did Google "crack" anythingâ? Use any "back doors"? I'm sure we'll see a lot of "unlocked door" analogies and perhaps a "car analogy" or two, but this is a "left a Euro on the sidewalk" type deal here...

I know, Google is the new boogieman after Apple and Microsoft...

Re:Why?

[imbusy]

Using the same logic your mobile phone call data can be acquired freely to listen to your calls just because it's floating through the air. Why would that be a breach of privacy?

Re:Why?

[slashmydots]

I think Apple and Microsoft are the new boogiemen after Microsoft and Apple and I do mean in that exact order, lol. Anyway, did you notice how it's funny that if I drove my car around and recorded a couple packets of unencrypted wifi data and got a 140,000 euro fine, people would be outraged. Since it's a billion dollar company, now all of a sudden the fine should go up. And yet, it's the same "crime." That's right up there with fines being higher for blacks because they're black.

Re:Why?

Mobile phone calls are encrypted. Maybe not very well, but a lock is a lock even if the door is made of cardboard. So that's different.

Re:Why?

[ShanghaiBill]

but this is a "left a Euro on the sidewalk" type deal here...

It is not even that, since someone would have to lose a Euro for someone else to find it, and nobody "lost" anything. This is more like someone walking down the street and recording your house number. This is a classic case of manufactured outrage.

Re:Why?

[5KVGhost]

Using your same logic, your conversation with your friend across the room can be heard by any random person passing nearby, just because it's floating through the air. Why would that be a breach of privacy?

It would not be. And neither is intercepting unencrypted wifi traffic. Because you've deliberately chosen a means of communication which you know can be easily overheard.

This case is just an example of self-serving bureaucratic pandering. It makes just as much sense as the government demanding that everyone wear earplugs in public lest we overhear "private" information being shouted from the rooftops.

the general problem with fixed-size fines

[Trepidity]

If fines are intended as compensation, then fixed-size fines make sense. But if they're intended as a deterrent, they end up being completely ineffective for people or companies with a lot of money. A $10k fine might deter a small business, and a $100k fine will truly scare them, but for a Google-sized company those numbers are all noise, lost somewhere in the sushi budget.

If you really want to have effective deterrence, fines based on a percentage of annual income would be more effective. Some countries already do this with traffic tickets, to ensure that rich people have to care about getting a speeding ticket, rather than just laughing at the (to them) paltry amount.

Re:the general problem with fixed-size fines

[gnasher719]

If you really want to have effective deterrence, fines based on a percentage of annual income would be more effective. Some countries already do this with traffic tickets, to ensure that rich people have to care about getting a speeding ticket, rather than just laughing at the (to them) paltry amount.

These are different situations. Someone who makes 100 times more money than I will be driving about as much as I do and should get statistically the same number of parking tickets that I do. To make us both avoid parking tickets, we should get different fines.

But a company with 100 times more employees than another will statistically do things that are wrong 100 times more often than the smaller company. so for small offenses (like one employee cheating a customer) they shouldn't be fined more. It will happen 100 times more often, so they will be 100 times more because of that. Only for big offenses where the offense is big due to the size of the company they should be charged more. If the boss ordered all employees to cheat their customers, that's 100 times worse if the company is 100 times bigger and should be fined 100 times more.

Re:the general problem with fixed-size fines

[bickerdyke]

According to German news sources, this IS the fine for accidental collection of personal data.

Fines

[fredprado]

That is a generic problem with fines and big corporations, not only something related with privacy issues. As long as fines are applied at absolute values corporations will only laugh at them and keep doing what they want. Fines should be applied at amounts proportionally to a company's value.

I Still Don't Get It

[StoneyMahoney]

Every article I see about this always wails about Google's capture of personal data from wifi networks. Are they cracking the encryption? No? So why is it their fault if people are sending their data over unencrypted links? If people don't want their data read by strangers, they shouldn't be broadcasting it into the street in the clear! I wish someone would force Google to delete all the data they took. Instantly Google Street View would cease to function, as would the Wifi triangulation location system that so many people probably don't realise they use. I bet there would be a far bigger outcry over that than the original "privacy" issues ever raised.

I'm not sure I entirely sympathise with the photo privacy issue either. They haven't put online anything I couldn't have seen myself by standing on top of a car. Or a wheelie bin. Or a bench. Or a phone box. Or a post box. We seem to have very strange ideas of what "privacy" really entails.

Re:I Still Don't Get It

[Trepidity]

Europe has privacy laws that regulate what kinds of databases of user data you can compile. It's not an issue of cracking encryption, but that you simply cannot collect certain kinds of information, and the information you do collect has to be used in certain ways. The goal is to keep companies like Google or Facebook from doing what amounts to surveillance of the population.

Re:I Still Don't Get It

[LordLimecat]

The problem is that, IIRC, Google was essentially driving around with a wifi adapter set to "sniff" in order to gather SSID beacons, to compile a geolocation-by-SSID database. In the process, they also grabbed a bunch of unencrypted data.

Its essentially as if they had driven around New York with an off-the-shelf recorder grabbing "sounds of the city" for some research project, and managed to pick up a bunch of people discussing their social security number on their cellphones. Technically youre not supposed to do that, but the problem is that people were discussing sensitive details in public.

Google definately should have taken better precautions, but this isnt them being bad guys (what on earth do they want with random people's network captures? Problems of of "too much noise", "not useful", and "its illegal, to boot" apply here); its an issue of simply not thinking things through. I cant imagine what motivation people are assuming Google might have had when they assume this was an intentional action of an evil corporation; do you suppose Google has infrastructure set up to analyze and use illicit network dumps to somehow generate ad revenue?

Re:I Still Don't Get It

[Bigby]

Ironically, private companies like Google aren't allowed to listen, but the government can listen all they want without a warrant. Quite the opposite of what the Constitution states...

Re:They need to shut up and get over it.

[rtfa-troll]

Google came out themselves about the issue. If anything, these years of fighting over the issue should make companies not want to disclose voluntarily.

This article from Tech Eye says that it the admission was forced by a request to audit from the German authorities. Do you have a more specific time line for this?

Re:They need to shut up and get over it.

Google came out themselves about the issue. If anything, these years of fighting over the issue should make companies not want to disclose voluntarily.

This is not correct, and I don't know why this re-written history keeps getting repeated on geek sites like Slashdot.

Google actually first guaranteed the German authorities that they were not collecting anything. And first after the German authorities despite this assurance still demanded a full audit of the data anyway, did Google do their disclosure (source: see link below).

This sequence of events was covered extensively in European press (one of many sources), and I don't know how mostly US geek sites ended up with and keep repeating an alternative version.

Why were they only capturing the start of frames?

[Branciforte]

The data that was collected consisted of only the beginnings of packets, by an antenna that randomly switched between many different frequencies.

If Google was really trying to collect personal data, why didn't they collect entire packets on all the frequencies? They certainly have the resources to do it right.