Google Avoids Fine Over Street View WiFi Snooping, Ordered To Delete Data

DW100 writes "Google has avoided a fine from the UK's data protection watchdog over its admission that it had failed to delete all Wi-Fi data from its Street View cars last year — but it must ensure it is deleted within 35 days or face a contempt of court action. 'Its investigation into Google reopened last year after further revelations about the data taken from wi-fi networks. During that inquiry, additional discs containing private data were found.Google had previously pledged to destroy all data it had collected, but admitted last year that it had "accidentally" retained the additional discs. ... [The ICO said], "The detriment caused to individuals by this breach fails to meet the level required to issue a monetary penalty."'"

Ballmer will be pissed!

Stand by to dodge those chairs boys, this will get hairy!

Re:Ballmer will be pissed!

[FirephoxRising]

posting to fix mistaken moderation....

Detriment caused

[Anonymous+Brave+Guy]

From the BBC News article:

The FCC levelled heavy criticism at the company, saying it had "deliberately impeded and delayed" the investigation for months.

Its investigation found that data had been discovered in 30 countries, and included "complete email messages, email headings, instant messages and their content, logging-in credentials, medical listings and legal infractions, information in relation to online dating and visits to pornographic sites".

Assuming the UK was among those countries, if that list of privacy invasions is not sufficient to merit even a token fine from a privacy watchdog, I'm not sure what is. :-(

Re:Detriment caused

Sounds like a lot of people browsing unencrypted websites on open networks. I used to be amazed the crap I would find running WireShark on my university's wireless network. :)

Re:Detriment caused

[msauve]

"list of privacy invasions"

You do realize this was WiFi, so that the collected "private" data was being broadcast in the clear, right? There's a reasonable expectation of privacy if you bother to encrypt your WiFi, but running it wide open?

If you send radio signals off your property, they should be "fair game" for anyone who can receive them.

Re:Detriment caused

[Anonymous+Brave+Guy]

Sounds like a lot of people browsing unencrypted websites on open networks.

I imagine it was, but using that as a defence to systematically invading privacy on a massive scale sounds a lot like arguing that the door was unlocked so there was no expectation of security or the girl was asking for it because she was wearing a short skirt. Failure of a victim to do everything a capable expert might have done to protect themselves should never be accepted as justification for making them a victim in the first place. No-one can protect themselves fully against everything, and having a legal system is a practical recognition of that reality.

Re:Detriment caused

[msauve]

No, it's more like standing naked by your front window, then complaining because someone takes a picture from the street. Setting up minimal WiFi encryption on consumer wireless equipment has never been a task requiring a "capable expert."

Re:Detriment caused

[Qwavel]

No, it said that they weren't fined for this latest chapter (the failure to delete). They have been forced to pay enumerable fines and settle even more class action lawsuits. When you break the law in almost every country in the world, you pay, so people should stop pretending that they just got a slap on the wrist.

You have grabbed the most sensational clips you could find (the data involved was random, so yes, it included anything you can think of), that is actually about a different chapter of this saga (this is about the failure to delete).

Most importantly, you left out the part that distinguishes this from other privacy invasions. None of that data was ever made public. No one has ever established that Google even intended to collect the data. No one has even come up with a plausible use for these random chunks of data. I've seen it written that Google themselves blew the whistle on this issue, but I don't know that for a fact myself (the origins of its discovery are missing details).

So, really you are just muck-raking, and in a rather misleading way.

Re:Detriment caused

...if that list of privacy invasions is not sufficient to merit even a token fine from a privacy watchdog, I'm not sure what is.

Here in the UK, our government is so hopeless it can't even get Google to pay a reasonable amount of tax, let alone something punitive.

Re:Detriment caused

[Todd+Knarr]

My question would be this: if you're standing in your front yard using a bullhorn, do you really have any expectation of privacy about what you're saying? One of the first requirements for an expectation of privacy has to be taking at least some steps to insure what you're doing/saying isn't public.

Re:Detriment caused

Who's privacy was violated. No one is claiming Google looked at any of the data. It's like saying a girl was asking for it by wearing a short skirt when no one even touched her or looked at her. Ask for what? Nothing to happen.

Intent is very important in a legal system. I've yet to see one word of evidence that Google acted in bad faith. No-one can protect themselves from fully obeying every law, and having a legal system that recognizes that fact is a reality you're going to have to deal with.

Re:Detriment caused

[Bill_the_Engineer]

And taking said picture violates the naked person's expectation of privacy. Of course, Arne Svenson will put that to the test with his "Neighbors" exhibit at Chelsea gallery. Interestingly, your assertion associates Svenson to photography like google is to wifi..

Re:Detriment caused

I think you should read this:

https://en.wikipedia.org/wiki/Police_radio

it basically says that whilst such signals are fair game, you cannot act on their contents, so Google using them for commercial benefit is strictly prohibited under the Wireless Telegraphy Acts.

Re:Detriment caused

A better analogy was sitting on your front porch and reading your personal mail through a megaphone.
And then a car drives by and the passenger is recording video & audio; so you come running down the street and have them arrested for "wiretapping" your private mail.

Leaving your wifi open with the SSID broadcasting is the same as building a house that looks exactly like a 7-11 with a sign, automatic doors, & glass front. And then calling the police and having anyone that walks in arrested for burglary/trespassing.

Re:Detriment caused

[msauve]

I suspect that Google was simply working to enhance their location services by mapping Access Point MAC addresses to GPS locations. The simple way to do that is to drive around, collecting and location stamping packets, then process that data later. Nothing nefarious involved, and Google was upfront when they realized that some people were too stupid to set up encryption (or simply didn't care about their privacy). If they'd set up a pcap which grabbed only the headers, there would have been no issue.

Re:Detriment caused

[Anonymous+Brave+Guy]

Setting up minimal WiFi encryption on consumer wireless equipment has never been a task requiring a "capable expert."

Surely you can't really believe that? There are many, many people who use the Internet at home and don't even realise that they have "WiFi". They wouldn't know WEP from WPA if you spelled them out in inch-high letters. It is not at all obvious to such a person that observing what they are doing on a computer inside their home from the street outside is even possible, and certainly not obvious what they should do about it.

Try looking at it this way. By your logic, because it is obvious to me as someone knowledgeable about computer networks that WEP is not an effective means of encryption for wireless traffic, anyone using WEP therefore has no reasonable expectation of privacy because they could have searched for two minutes on Google and discovered this but they still haven't protected themselves better. It should therefore be fair and legal for me to watch whatever is happening on four (as I write this) of my neighbours' wireless connections without any regard for their privacy. Does that sound right to you?

What about the fact that although WPA has been presented as being an actual encryption standard, it was cracked long ago, so I could download a tool to break it and be watching another five (as I write this) neighbours' wireless connections five minutes from now? These are people who might have actively chosen to encrypt their traffic, but they also didn't do the two minute Google search, so have their forfeited all right to privacy as well in your eyes?

Incidentally, taking a picture of someone naked inside their home from the street outside could also be illegal in the UK depending on the circumstances. Voyeurism is an offence, for example.

Re:Detriment caused

[Score+Whore]

This is going to be a bit inflammatory, but your question and analogy are stupid. Humans have a handful of senses to take in information about the world and those senses have fairly narrow ranges in which they function. Exposing information in those ranges can readily be considered a giving up your privacy. But outside of those ranges it's not honest to say that someone is yielding their rights. Unless of course you have no problem with someone, say the government, driving a huge sheet of film up on one side of your house and a hug x-ray emitter on the other and taking an x-ray of your entire home.

Re:Detriment caused

[Anonymous+Brave+Guy]

One of the first requirements for an expectation of privacy has to be taking at least some steps to insure what you're doing/saying isn't public.

Like searching for details about a medical condition using your personal computer in the privacy of your own home with the curtains drawn rather than from a shared computer in an Internet cafe or library, for example?

Re:Detriment caused

No, it's more like standing naked by your front window, then complaining because someone takes a picture from the street. Setting up minimal WiFi encryption on consumer wireless equipment has never been a task requiring a "capable expert."

No, it is more like a car, that only have 2 doors but still is speeding.

There is no need to invent crazy analogies that says nothing about the actual situation. People encrypting their communication or not isn't even relevant to the case. There are laws regulating how and what data business can collect and aggregate about consumers *even if these are data the consumers are not trying to protect!*

Re:Detriment caused

[Anonymous+Brave+Guy]

You do realize this was WiFi, so that the collected "private" data was being broadcast in the clear, right?

What does "in the clear" mean? If you walked down the street, without the use of any artificial aids (a common standard for distinguishing public from private places), could you see what someone was doing online? No, of course you couldn't. You need to use tools to view the data.

There's a reasonable expectation of privacy if you bother to encrypt your WiFi, but running it wide open?

But what does encryption mean? There is currently no major WiFi standard that has not been compromised under at least some conditions, certainly in the context of a typical home network. Do you have a reasonable expectation of privacy because you were dumb enough to use WPA2 with only a 20 character pre-shared key?

My point is that there is no qualitative difference at all between these cases. People on forums like Slashdot tend to have some degree of technical knowledge, so they are quick to choose a standard of expertise that they are confident they have and assume everyone should meet the same standard or it's their own fault. In reality, it is highly likely that most of them are also vulnerable to something, and would be upset if someone invaded their privacy or otherwise took advantage of that vulnerability.

As I said, this is an argument a lot like saying if you left your door unlocked then you have no expectation of security. Maybe even if you used a lock, it wasn't designed to protect a bank vault and a skilled burglar could pick it and break in anyway. The basic premise is the same in each case: the burglar is still the guy in the wrong, not you as the victim.

Re:Detriment caused

[msauve]

Seriously, I expect much better even from an AC. Pointing to an article about "Police radio," then extrapolating that to private communications and "commercial benefit?"

Are you claiming that if, after I see a TV advertisement for Coca-Cola, I'm a felon if I go out and buy a Coke?

The cited reference to "unauthorized reception" applies only to intent and disclosure of "contents, sender or addressee." Google's intent was to collect the locations of WiFi Access points, to improve their location services. They had no interest in who was sending what, and there's no indication that the collected data was ever disclosed.

Re:Detriment caused

[msauve]

Decoding a WEP transmission requires a directed effort specific to each WLAN encountered.

We apparently just have different beliefs. I don't think it's the government's role to protect people from their own stupidity. Stupidity should be painful, especially if you can't be bothered to RTFM.

Re:Detriment caused

And you know this how?

Do you work for Google? The judge was right in this case, Google didn't have any right to the data.

Re:Detriment caused

So then why didn't they simply delete the collected data if only the location was relevant?

Re:Detriment caused

[Anonymous+Brave+Guy]

They have been forced to pay enumerable fines and settle even more class action lawsuits.

From your reference to class actions, I guess you're in the US, so perhaps you can clarify. Was it the $7M penalty (approximately 1 hour of revenues) they had to pay because of the original 2+ year systematic privacy invasion you meant, or the $25K penalty (approximately 13 seconds of revenues) they had to pay for obstructing the resulting investigation?

You have grabbed the most sensational clips you could find

I was citing a reputable news source. And since as you say the data was probably somewhat random, you know very well that much more damaging things could have been included in some cases.

Most importantly, you left out the part that distinguishes this from other privacy invasions. None of that data was ever made public.

Well that's OK, then. It's not as if large organisations have ever either abused large databases for their own purposes or accidentally and/or deliberately leaked the contents of those databases later. In fact, we might as well fire all the privacy watchdogs and rescind all the data protection laws, because they weren't really introduced for any reason at all.

No one has ever established that Google even intended to collect the data.

And yet, possibly the most advanced data processing organisation in the world systematically drove vehicles around people's homes and workplaces for more than two years, and those vehicles were equipped to receive and record the information, and they were running software that did so.

If you're in a position to store and process personal data then you are subject to the same data protection laws as everyone else. Ignorance is not a defence, particularly for an organisation with a small army of lawyers on retainer that is doing something that is obviously controversial. And doing something negligently may not be as bad as doing it deliberately, but you can still be liable for the consequences.

Re:Detriment caused

[Runaway1956]

"Setting up minimal WiFi encryption on consumer wireless equipment has never been a task requiring a "capable expert.""

I have to agree. The wife and I went to the Hi-Tech department at Wal-Mart to get our router. We read carefully. WEP, WPA, it's all right there in the box. Or, as the geeks like to say, "Out Of the Box" or OOB. Yep - we brought that thing home, plugged it in, and it just worked, as advertised. No fuss, no muss - I have the latest, greatest security, and I didn't have to know anything! /sarcasm

Re:Detriment caused

[Anonymous+Brave+Guy]

Intent is very important in a legal system.

Yes it is, and that is why murder carries a mandatory life sentence while manslaughter has the widest sentencing discretion of any crime here. But manslaughter is still a crime.

We're talking about privacy and data protection in this case. Many data protection laws are set up as a deterrent, to discourage risking a big leak, because this is an issue where you can't necessarily just make things right after the fact. Hardly any organisation that has leaked lots of personal data in recent years intended to do so, but that doesn't excuse their negligence or help the people who suffered as a consequence.

No-one can protect themselves from fully obeying every law, and having a legal system that recognizes that fact is a reality you're going to have to deal with.

The thing that has many privacy campaigners so irritated is precisely that they clearly were acting in violation of the law. There is no doubt about this. They just aren't being punished for it, as long as they say sorry and pinkie-swear to never never ever do it again.

To a large corporation with a track record of pushing the boundaries of privacy in ways that do make a lot of people unhappy and do test the limits of the law, this is like telling a child who punched another child off for five seconds to keep the other child's parent happy, but then as soon as you're out of sight saying "Never mind, he probably deserved it" and giving them a lollipop.

Re:Detriment caused

[dpidcoe]

By your logic, because it is obvious to me as someone knowledgeable about computer networks that WEP is not an effective means of encryption for wireless traffic, anyone using WEP therefore has no reasonable expectation of privacy because they could have searched for two minutes on Google and discovered this but they still haven't protected themselves better.

No.

An unencrypted network takes no action on the part of the person connecting, and does nothing to indicate that it's intended to be private. People could even inadvertently connect to it depending on how their device is configured (particularly if you have the same ssid of a network they've connected to previously, e.g. "linksys").

By encrypting it with WEP (or even mac address filtering, as retarded of a "security" measure as that is), you're indicating that your network isn't intended to be free to access. Even though both of those methods are potentially worse than no security (WEP can be cracked in the time it takes joe idiot to tap out the password on his iDevice, MAC filtering is circumvented just as easily), they still require specific action on the part of the intruder, and are a clear indication by the owner that they did not intent the network to be public.

To make yet another property analogy: If you live on a corner lot and kids keep walking through your front yard in order to cut the corner on their way home from school, good luck yelling at them for trespassing. If you put up a fence (even if it's a 3 foot high white picket fence that'll fall over at the first breath of wind), you're now clearly indicating that you don't want your yard being used at a cut-through, and are a bit more justified in sitting on your front porch with a shotgun and yelling at the kids to get off your lawn in the event the jump the fence.

Re:Detriment caused

[Anonymous+Brave+Guy]

Decoding a WEP transmission requires a directed effort specific to each WLAN encountered.

And picking up signals in the clear requires a vastly greater directed effort to drive a whole damned car down the street within a few metres of the victim's property, equipped with technical equipment not normally present in cars to receive the data in the first place. Decoding a WEP transmission requires negligible additional effort by comparison. WEP is not an encryption protocol. You're just picking a level of acceptability that meets your personal standard for what constitutes "stupid".

We apparently just have different beliefs. I don't think it's the government's role to protect people from their own stupidity.

You're confusing ignorance with stupidity. Everyone is ignorant about something, and can be damaged seriously by someone who is an expert in that field. That is why we have laws.

And those fine manuals for consumer WiFi boxes that you want people to read are frequently full of over-simplified, outdated nonsense when it comes to security. You could follow them to the letter and still have the script kiddie three doors down reading your mail. And it still wouldn't be your fault.

Re:Detriment caused

[gnasher719]

No, it's more like standing naked by your front window, then complaining because someone takes a picture from the street. Setting up minimal WiFi encryption on consumer wireless equipment has never been a task requiring a "capable expert."

Of course it is. You have to find how to get into the router, you have to know which encryption to choose, then you have to set up your computers in the same way. All that while avoiding the little snag that as soon as you turn on encryption, your WiFi connection to the router will fail, so if you make the slightest mistake you are stuffed. Unless you have a big box full of stuff including an Ethernet cable.

Re:Detriment caused

Are you claiming that if, after I see a TV advertisement for Coca-Cola, I'm a felon if I go out and buy a Coke?

Why would that be a felony? Advertising is only broadcasted on public service frequencies, we're talking about frequencies that are usually reserved for personal use i.e unlicensed spectrum or other licensee signals.

The cited reference to "unauthorized reception" applies only to intent and disclosure of "contents, sender or addressee." Google's intent was to collect the locations of WiFi Access points,

It doesn't matter what Google's intentions were, the previous AC was right, Google shouldn't have been collecting anything further than the MAC addresses and the general locations, full stop.

Anything further was a breach of the law, as par this ruling.

Re:Detriment caused

Doesn't matter, you can't start running around punish people or companies simply because their WiFi is turned and and connects or collects data from unencrypted WiFi networks. Basically you can't punish anyone for something that is simply built into the technology.

Either way, the issue is NOT Google's fault or their job to rectify.

Re:Detriment caused

This isn't just "overhearing because you broadcast it in the clear."

This is "overhearing, then recording and warehousing, because what the fuck, there's probably something useful in there that we'll want to use someday."

When Google essentially "walks down every street in town, looking for naked people in the window, and photographs each and every one it finds to put a copy of the photo in its jack-off log for future reference," then there's a problem - and the problem isn't that a few naked people have to be standing in windows.

If Google wanted to collect and retain the data, they should have *asked* for permission. If they didn't want to go to the trouble of doing so, they have an obligation to not retain that data.

Re:Detriment caused

But what does encryption mean? There is currently no major WiFi standard that has not been compromised under at least some conditions, certainly in the context of a typical home network. Do you have a reasonable expectation of privacy because you were dumb enough to use WPA2 with only a 20 character pre-shared key?

The key here is still that you HAVE to make an effort to break through encrypted WiFi Access Points. Not the case with WiFi APs broadcasting in the clear with no encryption.

Re:Detriment caused

[gnasher719]

Intent is very important in a legal system. I've yet to see one word of evidence that Google acted in bad faith.

In UK law, what matters is not "intent to breach the law" but "intent to do what you did". From some reports, it seems that some engineer at Google had the great idea to add code that would gather a bit of data together with the locations and IDs of routers (that data didn't gather itself), and he _intentionally_ added the code. As we all know, it was a super stupid idea and frankly I cannot even try to follow his thought process. But the intent of an employee turns into intent of the company and Google is legally on the hook.

(There are specific laws where things are different, for example theft requires intent to deprive another / intent to enrich yourself, depending on the country; not just intent to take the item)

Re:Detriment caused

[Anonymous+Brave+Guy]

An unencrypted network takes no action on the part of the person connecting,

Sure it does. You have to buy specialised technical equipment that implements specialised communications protocols, locate it within range of the network, and choose to connect.

and does nothing to indicate that it's intended to be private.

We're talking about networks that people are running to connect their own devices within their own homes with no intent of sharing them and quite possibly with no understanding that they can even be accessed by other parties.

Besides, where did this presumption that everything is public unless it isn't come from? Why do you feel that you should be entitled to connect to anyone else's network, whether it's secured or not? Would you walk into someone's garden because their gate was open, or follow them into their home if they left the door unlocked?

People could even inadvertently connect to it depending on how their device is configured

Sure, someone who was similarly ignorant of networking might accidentally do that. Do you think arguably the most successful Internet and data mining company in the world is ignorant of computer networking and the fact that WiFi networks they can see as they drive down the street are probably intended for the personal use of their owners?

By encrypting it with WEP (or even mac address filtering, as retarded of a "security" measure as that is), you're indicating that your network isn't intended to be free to access.

As you noted yourself, WEP is not an encryption scheme. It provides no more meaningful security than sending wireless data in the clear, and I don't see why it really makes a clear indication that a network is intended to private where, for example, setting an SSID of "DOE_FAMILY" does not. As I seem to be posting in every other reply to this thread, you're just choosing an arbitrary standard of false security and claimed privacy that fits your chosen position.

If you live on a corner lot and kids keep walking through your front yard in order to cut the corner on their way home from school, good luck yelling at them for trespassing.

You're muddying the waters by involving kids and property with unclear boundaries, both of which make it less reasonable to assign blame to the trespasser and transfer a measure of responsibility to the property owner if, for example, there is something dangerous on the ground and a child hurts themselves on it. It's not really a fair analogy.

Re:Detriment caused

[gnasher719]

I suspect that Google was simply working to enhance their location services by mapping Access Point MAC addresses to GPS locations. The simple way to do that is to drive around, collecting and location stamping packets, then process that data later. Nothing nefarious involved, and Google was upfront when they realized that some people were too stupid to set up encryption (or simply didn't care about their privacy). If they'd set up a pcap which grabbed only the headers, there would have been no issue.

That is not what happened. What they needed was MAC addresses and GPS locations, or better yet MAC addresses + GPS locations + signal strengths. Code to record packet data was _intentionally_ added by a Google engineer who thought it was a good idea (which it wasn't); all the data that Google collected was absolutely not needed for their purposes.

Re:Detriment caused

Why, exactly, did they need to collect all of the actual wireless network traffic, just to mark the location of a Wireless Access Point with a GPS coordinate?

If they had "no interest" in the data - why did they log it in the first place? You don't need to log and archive email traffic, web searches, porn sites, and other crap cited in order to say "WAP with SSID and characteristics x, y, z detected at GPS coords X, Y."

And also "no indication that the collected data was ever disclosed" is a piss-poor justification for somebody collecting whatever data they "think they might be able to get away with."

Stop making excuses for Google - they were wrong to collect & archive the data, and you're wrong to defend them.

Re:Detriment caused

[EasyTarget]

And taking said picture violates the naked person's expectation of privacy

Errr.. I would hope said photo would be the #1 piece of evidence in court that someone is a pervert who willfully exposes their genitalia to old ladies and little children walking in the street.

Re:Detriment caused

[Qwavel]

So you want to convict Google for the stuff that other companies do with private data. I was talking about what Google actual did, not extrapolating from them having the data, and then mixing in what other companies have done with other personal data. That's a remarkable stretch (I refer your 3rd response).

And if you think that what Google did (in your 4th response) was so terrible, you had better break out the tin-foil hat: lots of companies do this. Heck, tons of hobbyists used to do it. Nokia pays courier companies to do it.

I"m not in the U.S. (Canada), and no, I do not have a list, but remember the reports of all the class action lawsuits when this story first got momentum. My point on the others is that you are (again) misrepresenting the penalties. Those settlements you describe are not THE penalty. They are individual settles (the $7m was with a group of US states) in a situation where they were charged in most countries of the world.

As for your final point, that Google should be subject to data protection laws, break those laws. I agree completely and am glad to see them pay for it. But misinformation and sensationalizing of the details of any such case are not helpful.

Re:Detriment caused

[amazeofdeath]

Having a laptop open in your car does that, it's nothing special. My ages-old iBook would connect to any open WiFi network, were I using the default settings. Picking up an unencrypted connection is trivial, whether by purpose or by accident; connecting to a WEP-encrypted WiFi network requires some specific effort. You are building up some ridiculous straw-man here: There's a lot of equipment that will connect to any open WiFi network in out-of-the-box configuration, but there's no such commercial products that'll crack WEP without user configuration.

Re:Detriment caused

[PRMan]

You said it yourself. Any lock is the difference between trespassing and breaking and entering. It doesn't matter how poor the lock is, the lock signifies that the person expects privacy.

In the same way, if your WiFi is completely unlocked, you are signalling to the world that you don't care about privacy. If you put any lock on it (even easily-cracked WEP), you are saying "I expect privacy".

Re:Detriment caused

[Todd+Knarr]

Why should we be ignorant of everything beyond our own senses? Everyone knows radio exists. My grandparents knew about radio, there's no excuse for anyone today to not know about it. Everyone knows it involves broadcasting the signal for anyone with a receiver to pick up, that's why we call them radio broadcasts. And while 15 years ago you might have been excused for not knowing that WiFi worked over radio, today it's common knowledge. You're even told this on Page 1 of the booklet that came with your wireless router or access point.

This is the 21st century, not the 19th.

Re:Detriment caused

You're forgetting that intercepting electronic communications is illegal, even if it's unencrypted. When cordless phones first came out, anyone with a scanner could intercept a phone call, and they made it illegal at that time because the government actually cared about privacy then.

Re:Detriment caused

Unless the exposer happens to be female and the (accidental) viewer male... then all of a sudden the viewer is a pervert and the exposed woman innocent

Re:Detriment caused

[Solandri]

I've seen it written that Google themselves blew the whistle on this issue, but I don't know that for a fact myself (the origins of its discovery are missing details).

Sort of. It went down like this:

Random conspiracy theorists to the EU: Google is eavesdropping on wifi communications while driving around taking Street View pics!
Google: We are not eavesdropping.
EU: Hmm, are you sure you're not eavesdropping?
Google: We're not. See, we can prove it.
Google: ...
Google: Ok, we checked our records and it turns out we did eavesdrop on wifi communications. But it was accidental!
EU: I'm investigating.
US: Me too!

It was a request from German regulators which got Google to do its initial internal investigation. But following that investigation Google self-reported that it had violated EU law, instead of trying to cover it up. That's largely why I don't have a problem with these no-fine or small-fine "don't do it again" judgments against Google. It's not like other violations where the company claims all along that it did nothing wrong. Google already admitted they screwed up; they're just saying that it was an accidental screw-up not an intentionally malicious one.

c.f. Apple which basically did the same thing to build their wifi map database - pulled location and wifi data off of iPhones without notifying iPhone owners. But they just denied everything (the only way you know they did this was because they soon dropped their licensing contract with their wifi map provider), attributing it to an erroneous configuration setting. And pretty much got away with it because they didn't willingly provide regulators with evidence to make a case of it as Google has done.

While you don't want the type of mistake Google made to go unpunished, you also don't want the punishment to be so harsh as to create a big incentive for companies to cover this sort of stuff up in the future. It's easier for everyone if they self-report this stuff.

Re: Detriment caused

The obvious explanation is that they logged it in the first place because they used Kismet, which defaults to exactly the settings used (log entire unencrypted packets, log only envelope data from encrypted packets). Or it could be because they're so horribly evil they deliberately set it to the default settings...

Hanlon's razor, anyone?

Re:Detriment caused

[Anonymous+Brave+Guy]

So you want to convict Google for the stuff that other companies do with private data.

No, I want to see them meaningfully penalised for breaking data protection and privacy laws literally on a global scale.

My point on the others is that you are (again) misrepresenting the penalties. Those settlements you describe are not THE penalty. They are individual settles (the $7m was with a group of US states) in a situation where they were charged in most countries of the world.

The $7M was a settlement with most of the states in the US (38, plus the District of Columbia) and to my knowledge it is (by at least an order of magnitude) the largest financial penalty they have had imposed anywhere in the world for any activity related to the Street View functionality. In real terms, more than two years of illegal behaviour -- and behaviour that was rather offensive in some cultures, such as raising their cameras above normal wall/fence height in Japan for example -- has done them no real damage at all.

But misinformation and sensationalizing of the details of any such case are not helpful.

If you're going to accuse me of misinformation, perhaps you'd have the courtesy to cite anything I've said in this entire Slashdot discussion that is objectively untrue. You're accusing me of sensationalizing, but my arguments are based on verifiable facts.

Re:Detriment caused

[Score+Whore]

Who said anything about being ignorant? Not me. Going back to my own ridiculous example, everyone knows about x-rays but no one expects to have their house x-rayed and thus we don't live in lead lined homes. The fact that people aren't taking measures to counter every possible information leakage from their life doesn't mean that they consent to that information being gathered, scrutinized or disseminated. Your argument seems to be that anything we don't actively defend against, we consent to. That is absurd.

I can't think of any accepted morality that says it's O.K. to put poison in people's food since a) they know that poison exists and, b) if they didn't want to be poisoned they'd test every thing they put in their mouth. Or feel free to drink and drive because a) we know assholes drink and drive and, b) if we didn't want to be in an accident caused by a drunk we'd not go anywhere a drunk could take a car. The list goes on and on and only a total jerk would argue that the onus lies on the people affected by anti-social behavior rather than on the sociopath engaging in the behavior.

Re:Detriment caused

[Anonymous+Brave+Guy]

There's a lot of equipment that will connect to any open WiFi network in out-of-the-box configuration

Equipment that would join an unknown network without any user interaction at all? That sounds like a security problem waiting to happen to me, and I have never seen wireless equipment that actually does that. As a minimum, with any device I have ever seen, you would have to actively choose to join a network from an available list.

there's no such commercial products that'll crack WEP without user configuration

Sure there are, but the people selling them aren't exactly going to advertise them in your local store.

Re:Detriment caused

[Anonymous+Brave+Guy]

Quite often in the UK, the wireless network will have been set up by the engineer who enabled the ADSL or cable Internet line, using a wireless router provided by the ISP. It's entirely possible that the homeowner doesn't even understand that there are different levels of security for wireless networks or know which level theirs was configured to use, any more than they understand the intricacies of HTTP just because they use Facebook. The argument that several posters here are making that running WiFi in the clear somehow implies consent for anyone else to monitor the network's traffic is based on the premise that the people operating the network made some sort of informed choice to that effect, which is plainly not always the case.

To continue with the door lock analogy, if you buy a new house, you shouldn't need to become a home security expert to make sure everything is properly secured. You expect that the professionals who built the house put locks that work where you need locks that work. If they didn't, and someone "breaks" in and steals your stuff, it's still not your fault just because you bought a house and lived in it.

Re:Detriment caused

[amazeofdeath]

Equipment that would join an unknown network without any user interaction at all?

Yes. You seem to be pretty out-of-date in normal laptop and other WiFi-enabled systems.

there's no such commercial products that'll crack WEP without user configuration

Sure there are, but the people selling them aren't exactly going to advertise them in your local store.

I thought putting up a disclaimer (as there are "commercial" products for pretty much everything), but I thought that it was clear from the context. Your OEM laptop will not crack WEP out-of-the-box.

Re:Detriment caused

[Anonymous+Brave+Guy]

Doesn't matter, you can't start running around punish people or companies simply because their WiFi is turned and and connects or collects data from unencrypted WiFi networks.

In the UK, behaviour involving knowingly accessing someone else's network without authorisation could be a criminal offence under, for example, the Computer Misuse Act (1990) or Communications Act (2003).

That is in addition to any privacy and data protection concerns that may arise depending on the nature of any data collected or stored as a result of that access.

Re:Detriment caused

[Todd+Knarr]

True, but then your X-ray example is an example of someone else broadcasting things into your home. WiFi involves the opposite: you broadcasting things out of your home where anyone can pick them up. Your example involves things not done by you, broadcasting is something you do that's under your control.

Re:Detriment caused

[Anonymous+Brave+Guy]

You seem to be pretty out-of-date in normal laptop and other WiFi-enabled systems.

Computer networking is a significant part of my job, and I spent a fair chunk of today reconfiguring network and security settings on laptops and other wireless devices from diverse vendors running at least four different operating systems.

It is not normal for a newly bought laptop, smartphone, tablet or other wireless-enabled device to connect to an arbitrary network within range without any sort of prompt for confirmation, at least not here in the UK. Show you a list of available networks? Sure. Let you connect to any unsecured one with one click/tap? Probably. Invite you to connect to the one with the strongest signal? Sometimes. Connect without any interaction at all the moment you turn on the box? Extremely unlikely.

If you think otherwise, I'd be interested in specific examples, because the people selling such a device are probably turning their customers into criminals under UK law the moment they turn the machine on, as well as presenting a major security risk to the customers themselves if they connect to the wrong network. Obviously the legal question will vary depending on your jurisdiction, but it's just a dumb policy security-wise wherever you are.

Re:Detriment caused

[Anonymous+Brave+Guy]

You're "broadcasting" all kinds of radiation from your home that can be detected outside with the right equipment. With many methods of house construction, for example, it is easily possible for someone to look at thermal images and watch you and your SO having a little personal time. I think most people would still consider it intrusive to do so and would feel more than a little violated if you started talking to them about their favourite positions the following day.

Re:Detriment caused

Doesn't matter, you can't start running around punish people or companies simply because their WiFi is turned and and connects or collects data from unencrypted WiFi networks. Basically you can't punish anyone for something that is simply built into the technology.

Either way, the issue is NOT Google's fault or their job to rectify.

Of course you can punish companies that collect data illegally. The data doesn't have to be protected for collection and aggregation by *businesses* to be illegal. This is the law. If companies start aggregating other *publicly available* data about you, that might be illegal too. Even Google isn't above the law.

Re:Detriment caused

Which legislation that is?

If you're talking US, I'll just link this comment over from Ars Technica.

TL;DR: It's illegal to intercept phones, everything else broadcasting unencrypted is fair game, as FCC decided when judging on this very case.

Re:Detriment caused

The hell are you smoking?

Every home router's box I've seen had an Ethernet cable and a nice step-by-step manual in pictures which starts with "Plug the cable into the router and your PC ... Type 192.168.1.1 into your browsers window ... " and usually includes "Set your WiFi password" and instructions on configuring WiFi on your devices as well.

I can see you love to bash Google from your comments history, but here you're just making shit up just not to give up a given line of offense.

Re:Detriment caused

[swillden]

Code to record packet data was _intentionally_ added by a Google engineer

Cite?

Re: Detriment caused

The obvious explanation is that they logged it in the first place because they used Kismet, which defaults to exactly the settings used.

Yep, and does Kismet automatically default to "save every scrap of data logged, forever, unless the government forces us to delete it under threat of criminal penalties?"

And does it magically create ample storage for all of the data gathered this way? Because I bet Google had to provision servers and storage and a whole lot of other components to support this effort - if they provisioned from the start to warehouse all this data, then they did it with full knowledge of the contents of the data they were collecting. If they had to scramble and provision multiple terabytes of extra space for warehousing - shouldn't that have clued somebody in that the program was logging and retaining way more stuff than they anticipated, and that they should probably take a look at how this "accidental" warehousing happened?

Hanlon's razor cuts both ways, champ. The BEST you can say about the situation is "they inadvertently collected the data, and then they deliberately chose to keep it around and present a big middle finger to the world, until a court forced them to delete the data under threat of criminal penalties." At some point, Google management became aware of the existence of this accidental warehousing of data. Even if they weren't aware of it from the start, they made a deliberate choice once it was brought to their attention.

Surprise - their deliberate choice was not "oh my gosh, we fucked up, delete that data immediately!"

Also: Hanlon's Razor may suggest mitigating circumstances for criminal and civil penalties -- but it does not exonerate. If you do something illegal because you're too stupid to know not to, that doesn't make what you've done legal.

Re:Detriment caused

[Todd+Knarr]

Yep. But again, in your example the people inside are taking measures (opaque walls) to keep the activities private, and seeing them requires special equipment that a person wouldn't ordinarily have. The equivalent for WiFi would be putting a Faraday cage around your house to contain radio emissions and having them leak out anyway. I don't think you've posited a Faraday cage being involved, have you?

Re:Detriment caused

[dpidcoe]

You're muddying the waters by involving kids and property with unclear boundaries, both of which make it less reasonable to assign blame to the trespasser and transfer a measure of responsibility to the property owner if, for example, there is something dangerous on the ground and a child hurts themselves on it. It's not really a fair analogy.

It's a completely fair analogy, and I picked it specifically because an unencrypted and wide open wifi signal is an unclear boundary. Placing any kind of restriction on it (however insecure in reality) is what's needed to establish a clear boundary.

Re:Detriment caused

[Anonymous+Brave+Guy]

At this point I come back to what I've said several times elsewhere in this discussion: if everyone involved understood the implications of WiFi, I might agree with your position, but since a lot of people don't realise they aren't putting that "wall" around it when they create their own home network, I don't think it is fair to blame the victims here. I see it as more like drawing the curtains but leaving them slightly open without realising: the householders probably thought and intended that their activities would be private, and we should (and in the UK the law does) take a dim view of people who go prying anyway.

Re:Detriment caused

[Anonymous+Brave+Guy]

What's unclear about "It's not your network, so don't try to join it without permission?"

The law is pretty straightforward in this area, and the underlying principle doesn't admit much ambiguity.

Even if you inadvertently monitored data that was broadcast in the clear -- and knowing how the protocols, equipment and signalling standards involved actually work, I think it would be quite a stretch for an organisation like Google that was using specially-equipped vehicles to claim ignorance here -- there's still the matter of recording them afterwards, and then the further matter of not deleting them even once you've become aware of them.

Re:Detriment caused

[Plumpaquatsch]

The cited reference to "unauthorized reception" applies only to intent and disclosure of "contents, sender or addressee." Google's intent was to collect the locations of WiFi Access points, to improve their location services. They had no interest in who was sending what, and there's no indication that the collected data was ever disclosed.

So why did they a) store it, b) for years, c) lie about even collecting it, d) lie about deleting it?

Re:Detriment caused

[Plumpaquatsch]

So you want to convict Google for the stuff that other companies do with private data. I was talking about what Google actual did, not extrapolating from them having the data, and then mixing in what other companies have done with other personal data. That's a remarkable stretch (I refer your 3rd response).

And if you think that what Google did (in your 4th response) was so terrible, you had better break out the tin-foil hat: lots of companies do this. Heck, tons of hobbyists used to do it. Nokia pays courier companies to do it.

Okay, simply explain why they didn't delete it after being ordered to. Why the hell would they keep data they don't need - unless they want to use it.

Re:Detriment caused

[Plumpaquatsch]

c.f. Apple which basically did the same thing to build their wifi map database

Sure, but unlike Google they aren't basically just like Nazis.

Dat logic

The UK... that supports what the US is doing and doesn't support Snowden... is bashing Google for wifi data?

google delete data?

hahahahhah ya right. they never do or will.

Re:So unfair

[Saethan]

Hate to break it to you, but lots of people do this. Just go wardriving with a packet analyzer.

So the NSA has this data now too?

... despite the very CAREFULLY worded denials that NSA has 'cooperative' access to Google data.

Re:So the NSA has this data now too?

[Bryan+Bytehead]

Yep. Exactly what I was thinking of saying.

Horse shit

[fnj]

So people are running UNSECURED wi-fi? That's fine, I personally don't see anything wrong with that so far.

And people are concerned and upset that their wi-fi is noted in a database? I can see why they might be ... however ...

But the same person is running UNSECURED wi-fi AND at the same time is concerned and upset that their wi-fi is noted in a database? That's horse shit. That is real stupidity.

Re:Horse shit

I disagree.

Just because I'm running an open wifi doesn't give a company the legal right to collect and catalog the information traversing it.
Just because you _can_ take something doesn't mean it is legal to do so.

 

Re:Horse shit

[dpidcoe]

I don't think he's arguing that that makes it ok, he's arguing that the subset of people who are technologically impaired to the point that they can't encrypt their wifi (most routers have a button on the front that does it in one step for crying out loud) aren't tech savvy enough to know/understand/care that their unsecured wifi is in a database.

Re:Horse shit

[interkin3tic]

Hey now, look at it from their perspective. There's a magic computer box and a magic internet box which talk to each other through magic. Google is a wizard that seems to have the answer to any question they ask of it. But sometimes, the wizard is an asshole. Why can't it find that picture of that cat my friend sent me the other day? IT'S ON THE INTERNET! So Google wizard is evil. AND NOW google wizard appears to be STEALING magic from one or both of their magic boxes. What would you do in that situation?

(I never said it was a good perspective.)

Re:Horse shit

[MozeeToby]

If you're running an open WiFi you are standing on the porch with a bullhorn yelling your personal information. I don't see how you can reasonably be upset about someone walking by with a notepad and writing down what you're saying.

Enforcement?

[Anon,+Not+Coward+D]

I'm a bit curious.... how can they tell if google really deleted the data?

Re:Interesting how many times Google gets away...

[mystikkman]

Here are two other mighty convenient examples where Google made "innocent" mistakes by vacuuming more data to track users intrusively and show them ads. Not sure if they're evil or just incompetent.

Here's an example of them being *both* very competent and evil.

Removing borders and decreasing contrast between ads and results to get more clicks and more money from advertisers and users, especially older people who can't see contrast well. I am sure they employ professional psychologists with PhDs whose sole objective is to increase ad clicks by using A/B testing, even if they user didn't intend to click ads, they must be making billions off these "optimizations".

http://ppcblog.com/fbf0fa-now-you-see-it

http://blumenthals.com/blog/2012/01/31/is-google-intentionally-trying-to-minimize-the-fact-that-these-are-ads/

Unlike Microsoft, they do have amazing PR though, with making lots of people believe the all the 'do no evil' BS, while slowly taking over the browser market by beating Mozilla to save money on ads.

We'll destroy your data for you...

[CheckeredFlag]

Eric,

Just send us your hard drives, we'll gladly save you the trouble of thoroughly deleting your data at no charge!

Regards,

Keith B. Alexander
National Security Agency Director

Deleted

SET deleted=true

Done.

Data cannot be totally destroyed!

Data cannot be totally destroyed, so Google have been ordered to do something they cannot possibly achieve.

Unless they happen to have a Black Hole handy.

That'll Learn 'Em

[FuzzNugget]

Only the government is allowed to invade your privacy.

Re:That'll Learn 'Em

[EasyTarget]

My thoughts exactly. I'm sure there has been something in the news about this recently. But in that case the BBC almost totally failed to mention it.. I wonder why?

I'll bet that...

[cjjjer]

Google would have rather paid a fine and been able to keep the data me thinks. Maybe that is how we punish Google for being evil, make them delete the data...

Re:I'll bet that...

[xaxa]

Google would have rather paid a fine and been able to keep the data me thinks. Maybe that is how we punish Google for being evil, make them delete the data...

They are not supposed to keep the data, fine or not.

If they don't delete the data this time, the summary says they will be held in contempt of court. That's bad.

Re:I'll bet that...

[close_wait]

Google never wanted the data. They would have deleted it immediately when they discovered that bits of random traffic data had been logged along with the SSIDs (which was the bit they were after), except that would have been regarded as destroying evidence. So instead they notified all the relevant authorities and waited for permission and/or orders to delete the data.

Re:I'll bet that...

It takes much more effort in code and storage space to capture data packets rather than capturing SSIDs. It would have been extremely incompetent for them to "mistakenly" capture that data. They absolutely wanted it.

Re:I'll bet that...

[Plumpaquatsch]

Google never wanted the data. They would have deleted it immediately when they discovered that bits of random traffic data had been logged along with the SSIDs (which was the bit they were after), except that would have been regarded as destroying evidence. So instead they notified all the relevant authorities and waited for permission and/or orders to delete the data.

Yeah, right. They kept the data only as evidence - but denied they had it. And after the whole thing was settled, and they were told to delete the data "they never wanted" - they didn't. And you think that makes sense?

Re:I'll bet that...

[close_wait]

Of course they didn't deny they had it. *They* were the ones who told the authorities they had it.

Re:I'll bet that...

[Plumpaquatsch]

Of course they didn't deny they had it. *They* were the ones who told the authorities they had it.

Yeah, in La-La-Land. Time for a reality check - http://lmgtfy.com/?q=google+denies+collecting+wifi+data

One more thing...

[Culture20]

The government also needs access to all your computers in perpetuity to make sure it stays deleted.

Re:Interesting how many times Google gets away...

[Runaway1956]

NO ONE installs a toolbar unless they want to be tracked. Seriously - we haven't learned that over the past almost 20 years? Toolbars have one purposed, and one purpose only . That is to make the chump - errrr, consumer - agree to be tracked. If at some later time the chu - CONSUMER says that he doesn't want to be tracked, you surely don't expect him to be taken seriously.

Only if the ch - CONSUMER nukes from orbit then reformats might we take his request to stop tracking him seriously.

Re:Interesting how many times Google gets away...

It is extremely difficult to vacuum all use of a data. If you owned a massive network, could you fully wipe out all data coming from source X, including all copies of it? Good luck...

Limiting data proliferation is one of the hardest problems there is.

You are running a company with thousands of employees, containing hundreds of projects. Each of these projects needs to constantly log things. Nobody in the company knows about all the ins and outs of the data for every project. How are you going to set things, logistically or otherwise, so that people are prevented from logging stuff they shouldn't?

You can call it "incompetence" that Google makes mistakes. I agree they make mistakes, but I question if other people out there actually do it better. Maybe Google should look to the NSA for guidance, right?

What is everyone worked up about?

Don't get me wrong, Google should most definitely not be doing this. However, why is everyone so outraged about it? If you used WPA, like all routers come with, they would not be able to view or access your data at all. And if you leave your WiFi unprotected, anybody can use it, not just Google. You would have much more to fear from the guy taking his daily morning walk than a van that comes once. Besides, WPA is really easy to setup, most routers come with it on.

Re:So unfair

[EasyTarget]

Shhhhh... Googles competitors and their pet nutters are here in force, you might make them upset by pointing out that their neighbours kid has the ability to monitor their wifi permanently (instead of for a few seconds on a couple of random occasions).

Meanwhile, since I'm not american, that bunch or right-wing loons and sociopaths they laughingly call a Government is systematically and far, far, more comprehensively spying on everything I do.

Interesting to see the BBC arse-licking their cause by trying to deflect peoples anger from the worst offenders to the least.

Dont worry, they have a backup

[edrawr]

I am fairly confident that the NSA has been keeping a copy for them.

Re:So unfair

[gnasher719]

Shhhhh... Googles competitors and their pet nutters are here in force,

I expected no less than your comment on Slashdot. What you are doing here is called an ad hominem attack, which is generally considered the vilest method to try to get the upper hand in a discussion, by attacking everyone having a different opinion than yours. Usually fails.

Is what they did really wrong?

Am I the only one that thinks that what Google did wasn't wrong?

All Google did was log data that was broadcast in the open on public frequencies. Any time anyone uses an unsecured wifi connection, they can be eavesdropped on unless they are otherwise using a secure data stream (HTTPS will do). Someone not securing their wireless signals should expect to be observed in that transmission. It's so easy to do that Google managed to do it accidentally!

There are likely lots of people/organizations that are doing exactly that for less-than-benign reasons. You never hear about it because they keep quiet about it. If Google hadn't said anything, nobody would have ever known, but because they did it has gotten significantly more attention just how easy it is to spy on an unsecured wifi network, encouraging people to enable encryption. In other words, good has come of it.

I don't think Google did anything wrong in this. They certainly shouldn't be vilified for it.

Re:Interesting how many times Google gets away...

[plopez]

Based on my experiences in corporate America, incompentence is the most likely explanation. Remember, the larger anorganization grows the IQ of that organization approachs that of the generalpopulation.

Re:Interesting how many times Google gets away...

[yuhong]

I still remember Douglas Bowman's blog post about why he left Google.

Re:So unfair

[Anonymous+Brave+Guy]

Hate to break it to you, but lots of people do this. Just go wardriving

And in the UK, there have been arrests and even the occasional fine as a result of doing that.

Re:Interesting how many times Google gets away...

[swillden]

I still remember Douglas Bowman's blog post about why he left Google.

You mean this one? While I suppose the data-driven mindset of Google does have its problems (as well as its advantages), I don't really see the relevance to the GP's claim of evilness in choosing a subtler background color for ads.

Re:Interesting how many times Google gets away...

[yuhong]

It is relevant because the kind of testing seems to be pretty similar.

Re:Interesting how many times Google gets away...

[swillden]

It is relevant because the kind of testing seems to be pretty similar.

Actually, it's not. Unfortunately I can't really explain why. I don't think there would be any harm in it -- might even be some good in it, actually -- and people would definitely find it interesting, but confidential is confidential.

Suffice it to say that Google attempts to maximize the ability of users to distinguish ads from organic results. I can probably say that much.

I'm sure everyone who reads this is going to think "that's such a lame and content-free post, why did he even bother?". Sorry.

Re:Interesting how many times Google gets away...

[yuhong]

20 years? But personally I used the Google Toolbar before, but stopped using it when browsers added a built-in search box.

Re:Interesting how many times Google gets away...

[thegarbz]

Here's an example of them being *both* very competent and evil.

Removing borders and decreasing contrast between ads and results to get more clicks and more money from advertisers and users

My god the word evil has been completely diluted these days hasn't it. Yep Google and their advert contrast reduction are right up there with Monsanto, Chinese industrialists, and porn popups.

Lets not mention that the ads are very carefully crafted and scanned for malware so often they are actually relevant to what you are searching anyway.

Re: Interesting how many times Google gets away...

"Google attempts to maximize the ability of users to distinguish ads from organic results"
What a ridiculous statement.

Re: Interesting how many times Google gets away...

[swillden]

"Google attempts to maximize the ability of users to distinguish ads from organic results" What a ridiculous statement.

Like I said, I can't really go into the details that would support it, so I'm not surprised you find it ridiculous. It's not, though.

Google arrogance

[SputnikDave]

If anyone here seriously believes that Google didn't intend to collect that data then they are deluded. Those vans were manned by guys who knew exactly what they were doing. Again, if you seriously believe that Google 'forgot' they still had the UK data then you are very very naive. They think they can do what they like, say 'oops-sorry' and just carry on. They deserve to be hammered with a huge fine because they blatantly and pretty unapologetically broke UK Law. The really sad thing is that no one in the UK Government has the balls to stick it to them And don't even start to talk about taxes!

Re: Interesting how many times Google gets away...

[mystikkman]

Then why is there no border between the ads and results? You do know that contrast perception decreases with age and that on some monitors you can't distinguish the last ad and the first organic result?

Re:So unfair

[Plumpaquatsch]

Hate to break it to you, but lots of people do this. Just go wardriving with a packet analyzer.

So does anyone but Google still have every byte they ever collected during wardriving stored and readily available?