Slashdot Mirror
UK Regulator Did Not Check Google Privacy Claims
judgecorp writes "When Google gathered personal Wi-Fi data through its Street View cars, the UK privacy watchdog, the ICO did not press charges, saying that Google had "contained" the data in "quarantined cages". It has now been revealed that the ICO never checked this assertion. It just took Google's word for it, and never visited Google to try and check on whether the data actually was contained. From TechWeekEurope's correspondence with the ICO it seems that the regulator had a team of three looking into the Google Wi-Fi data scandal. Seeing that it was impossible to check Google's claims in depth, the ICO decided to just take Google's word it had done what it claimed."
The offical budget publication for 2011-2012 http://www.ico.org.uk/about_us/boards_committees_and_minutes/~/media/documents/library/Corporate/Detailed_specialist_guides/ico_budget_2011-12.ashx plus key facts http://www.ico.org.uk/ from offical site.
That's downright Canadian.
Google are smart enough now to know how to give the UK government a hard time if they give them a hard time.
with Google's G+ forced migration, but I can't think of anything they have lied about and they have basically always told me what they would do when I opted to use their services. And I don't know of any blatant misrepresentation they have ever made. What other top tier company can this be said about?
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Many oversight agencies work this way to a large degree (even the FAA and FDA in the U.S.), but they make it a really bad idea to get caught cheating. How else could it work?
Google came into this situation saying that they were going to delete the data, but it was these regulators that forced them to keep it around so they could "examine" it (most likely for spying purposes, I'd guess).
They're practically unfunded, so of course they can't check, that would cost more than they can afford.
The problem being that such offices can only discover companies doing it wrong, and they would do it wrong either because they're incompetent (in which case, the news would damage their profits), malicious (ditto) or cutting costs (in which case, having to start doing it will cut into profits, again).
Therefore they do not want any regulators poking around in "their" business.
Hence they lobby a very compliant political class into paying lip service (and often not even that) to such regulations.
Various schools in the country were rolling out fingerprint readers to replace cash to pay for school meals. This itself is questionable, but it gets worse: When parents objected, the ICO said, I kid you not, that the parents had no say because it was "a matter between the pupils and the school". So much for parents having parental oversight over their children.
This theme oozes through the UK government (like how every internet connection will have a porn filter on it by default, unless you admit to being a pervy pervert and turn it off please, here's my full identity to prove I'm not a child, sir please sir), but that the privacy watchdog doesn't understand how this sort of thing works and thinks nothing of announcing this to the world is a clear indication that not only is the system broken, so are its checks and balances, and it also clearly cannot fix itself.
So that they believe googles word on their trustworthy jolly faces alone doesn't really surprise. Depresses, saddens, and so on, yes. Surprises, no.
"Seeing that it was impossible to check Google's claims in depth, the ICO decided to just take Google's word it had done what it claimed."
Well, yeh. It only take a memory stick full of WIFI data to be stuck in the back of a draw, or in someone's pocket. What's the ICO gonna do? Strip search all employees?
Googles word for it, is the best they can do.
I believe them on there word. Apart from some minor slip-ups they don't do evil, and when they do, they are as open as possible about it. Even when the law prevents them from telling the truth, they have not resorted to lying about it.
That in sharp contract with many politicians and government agencies, that pressed everyone to believe them on there word, and have been found to be doing exactly the opposite for almost everything the ever talked about.
Did you understand what that change of privacy actually did?
You visit a site, it has Doubleclick on it, Google sets a tracking cookie and profiles your browser, and notes the IP. Maybe it has use Google analytics, so analytics does the same. Maybe you visit a Google Gmail account, so Gmail does the same, maybe you use Maps with 'maps can access my position' on and Maps does the same plus it gets your GPS location . Maybe you use an Android device with the Google pack, lots of lovely data on you heads off the Google. Youtube? Recording everything you do.
You have maps permission to have your location, so you gave Doubleclick the same, Youtube the same.
By 'simplifying' the privacy policy, they actually gave themselves permission to link all that data together. So you might visit Youtube and it has double click and both profiles are generated, then you visit another site that has only analytics, but you've been profiled and that data is in the bundle.
Where you are, who you email, when you go places, what you search for, what videos you watched.
I find their privacy control panel to be downright misleading. It contains only the data you gave, not the data derived for your interactions with Google. They might pretend they can't identify you, but that's simply disingenuous.
You visit gmail, and it has your Google account, adsense sets a cookies, you visit slashdot and adsense can grab that cookies. Yet they don't report 'you read Slashdot article about UK regulator'! They have it, they tracked it, yet they don't quote it as information they have on you. Even with cookies blocked, the browser profile is more than enough to track you.
Google really are the Obama of search. It's the same oppressive lying s**t as Bush, only with a smiley face and more apologies. More apologies, more promises, but ultimately the nastiest data mining machine on the Internet.
(Well, except for the NSA, but that goes without saying. 800,000 people tracked, means a few thousand slashdot readers are one the list so watch what you say)
at the end of "series of" big fat "tubes", I bet
This is one of those things that makes you wonder why governments regulate at all? They pass a law, set up a shill bureaucratic organization to monitor things and then allow those entities being regulated to "self report" or the folks assigned never really do their jobs. Eventually something happens, oh say like something innocuous like bundling home mortgages into securities and the next thing you know the economy is on the skids because the securities were insured by other parties and then you have a huge economic crash. A crisis ensues and shakes the foundations of the whole financial system. Everybody loses confidence and their jobs. Leaders asked where all the Trillians in equity went and everybody shrugs their shoulders and says "I dunno, ask him" pointing back to the regulators who say "We didn't have the tools nor the resources to monitor this properly."
Harrison's Postulate - "For every action there is an equal and opposite criticism"
How exactly might they be expected to check whether the data was contained? Were they supposed to poke through all of Google's data? Or just show up and ask a different set of Google employees to repeat the company's story to them? Neither of those methods seems like it would be particularly effective.
Since it was already clear that Google committed a grave felony, it was up to Google to prove beyond a doubt that they deleted all data. If Google was not able to do that, they should have been fined a large sum of money for every day they would remain unable to submit proof. It may cost Google millions to prove it, but hey, that's the risk they took and they will have to pay to make things right again.
Google was already proven guilty. It was no longer the legal burden of the ICO to prove anything. It was and is Googles legal burden to prove they have now deleted all data and the ICO failed to have them actually submit irrefutable proof. This makes the ICO lacking and they should make Google submit proof now, even if it's been two years.
Apart from that, the people in the lead at the ICO should be held accountable for this failure and made an example of.
I was promised a flying car. Where is my flying car?
Seeing that it was impossible to check #@@%^&'s claims in depth, the ICO decided to just take @**%#&'s word it had done what it claimed.
Its cheaper to trust what can't be trusted now adays? That certainly is understandable.
UK is a leading country for CCTV camera ownership. GCHQ had been spying on citizens using data from NSA's PRISM program. I really wonder why they even bother with creating ICO. It is just bureaucracy.
Well they did a textbook bait-and-switch with their removal of Exchange Activesync. Using that to get all the iPhone (and other non-Android) users to use GMail and then once everybody was entrenched in usage of GMail they removed the ability to do push through activesync and demanded you pay them monthly rent for the feature, use their email application only or switch to their platform (Android).
Only the most blatant Google fanboy apologist would argue that that is ok.
What's the big deal? They collected random Wi-Fi data. Obviously the data they collected was from open Wi-Fi access points. If you leave an access point open, that's an invitation to connect. If that I'd illegal, then the law is unrealistic and needs to be modified. Further, the traffic they collected was little bits of random stuff from lots of different places. Maybe they got 100 packets from your router - and then? What? Nothing, that's what. Your packets should be encrypted by ssl or similar if you don't want people to be reading them anyway. Even if you use wap on your Wi-Fi, the unencrypted traffic goes across the internet anyway! Jeez