Slashdot Mirror
UK Regulator Did Not Check Google Privacy Claims
judgecorp writes "When Google gathered personal Wi-Fi data through its Street View cars, the UK privacy watchdog, the ICO did not press charges, saying that Google had "contained" the data in "quarantined cages". It has now been revealed that the ICO never checked this assertion. It just took Google's word for it, and never visited Google to try and check on whether the data actually was contained. From TechWeekEurope's correspondence with the ICO it seems that the regulator had a team of three looking into the Google Wi-Fi data scandal. Seeing that it was impossible to check Google's claims in depth, the ICO decided to just take Google's word it had done what it claimed."
The offical budget publication for 2011-2012 http://www.ico.org.uk/about_us/boards_committees_and_minutes/~/media/documents/library/Corporate/Detailed_specialist_guides/ico_budget_2011-12.ashx plus key facts http://www.ico.org.uk/ from offical site.
That's downright Canadian.
Google are smart enough now to know how to give the UK government a hard time if they give them a hard time.
Various schools in the country were rolling out fingerprint readers to replace cash to pay for school meals. This itself is questionable, but it gets worse: When parents objected, the ICO said, I kid you not, that the parents had no say because it was "a matter between the pupils and the school". So much for parents having parental oversight over their children.
This theme oozes through the UK government (like how every internet connection will have a porn filter on it by default, unless you admit to being a pervy pervert and turn it off please, here's my full identity to prove I'm not a child, sir please sir), but that the privacy watchdog doesn't understand how this sort of thing works and thinks nothing of announcing this to the world is a clear indication that not only is the system broken, so are its checks and balances, and it also clearly cannot fix itself.
So that they believe googles word on their trustworthy jolly faces alone doesn't really surprise. Depresses, saddens, and so on, yes. Surprises, no.
The problem isn't what they tell you, it's what they don't tell you - or rather the details behind the "terms of use" that you agree to.
Who are all of Google's partners with whom it shares its data? And what relationship do they have with other entities?
If Google considered the NSA as one of its partners with whom it shares data, where does that leave you now? Or what if one of said companies is a proxy for dealing with the FBI, CIA, NSA, etc?
Ask yourself this question: do you fully understand the implications of giving your data to Google and letting them do with it what they will? Do you know in detail how it is used, where it goes, who sees it, etc?
Because until you can properly answer those last two questions, whilst they may not be misrepresenting what they do they are not presenting the information about what they do do in a manner that lay people can understand.
"Seeing that it was impossible to check Google's claims in depth, the ICO decided to just take Google's word it had done what it claimed."
Well, yeh. It only take a memory stick full of WIFI data to be stuck in the back of a draw, or in someone's pocket. What's the ICO gonna do? Strip search all employees?
Googles word for it, is the best they can do.
Did you understand what that change of privacy actually did?
You visit a site, it has Doubleclick on it, Google sets a tracking cookie and profiles your browser, and notes the IP. Maybe it has use Google analytics, so analytics does the same. Maybe you visit a Google Gmail account, so Gmail does the same, maybe you use Maps with 'maps can access my position' on and Maps does the same plus it gets your GPS location . Maybe you use an Android device with the Google pack, lots of lovely data on you heads off the Google. Youtube? Recording everything you do.
You have maps permission to have your location, so you gave Doubleclick the same, Youtube the same.
By 'simplifying' the privacy policy, they actually gave themselves permission to link all that data together. So you might visit Youtube and it has double click and both profiles are generated, then you visit another site that has only analytics, but you've been profiled and that data is in the bundle.
Where you are, who you email, when you go places, what you search for, what videos you watched.
I find their privacy control panel to be downright misleading. It contains only the data you gave, not the data derived for your interactions with Google. They might pretend they can't identify you, but that's simply disingenuous.
You visit gmail, and it has your Google account, adsense sets a cookies, you visit slashdot and adsense can grab that cookies. Yet they don't report 'you read Slashdot article about UK regulator'! They have it, they tracked it, yet they don't quote it as information they have on you. Even with cookies blocked, the browser profile is more than enough to track you.
Google really are the Obama of search. It's the same oppressive lying s**t as Bush, only with a smiley face and more apologies. More apologies, more promises, but ultimately the nastiest data mining machine on the Internet.
(Well, except for the NSA, but that goes without saying. 800,000 people tracked, means a few thousand slashdot readers are one the list so watch what you say)
Almost every state has laws against electronic eavesdropping.
The problem is that states are vulnerable to attacks from the federal government, which has taken on excessive powers for itself. This particular attack involves being threatened with federal PMITAP if you expose the fact that you're ordered to violate the constitution, and the states are powerless to protect you even on the assumption that they would do so.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
This is one of those things that makes you wonder why governments regulate at all? They pass a law, set up a shill bureaucratic organization to monitor things and then allow those entities being regulated to "self report" or the folks assigned never really do their jobs. Eventually something happens, oh say like something innocuous like bundling home mortgages into securities and the next thing you know the economy is on the skids because the securities were insured by other parties and then you have a huge economic crash. A crisis ensues and shakes the foundations of the whole financial system. Everybody loses confidence and their jobs. Leaders asked where all the Trillians in equity went and everybody shrugs their shoulders and says "I dunno, ask him" pointing back to the regulators who say "We didn't have the tools nor the resources to monitor this properly."
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Since it was already clear that Google committed a grave felony, it was up to Google to prove beyond a doubt that they deleted all data. If Google was not able to do that, they should have been fined a large sum of money for every day they would remain unable to submit proof. It may cost Google millions to prove it, but hey, that's the risk they took and they will have to pay to make things right again.
Google was already proven guilty. It was no longer the legal burden of the ICO to prove anything. It was and is Googles legal burden to prove they have now deleted all data and the ICO failed to have them actually submit irrefutable proof. This makes the ICO lacking and they should make Google submit proof now, even if it's been two years.
Apart from that, the people in the lead at the ICO should be held accountable for this failure and made an example of.
I was promised a flying car. Where is my flying car?
UK is a leading country for CCTV camera ownership. GCHQ had been spying on citizens using data from NSA's PRISM program. I really wonder why they even bother with creating ICO. It is just bureaucracy.
What's the big deal? They collected random Wi-Fi data. Obviously the data they collected was from open Wi-Fi access points. If you leave an access point open, that's an invitation to connect. If that I'd illegal, then the law is unrealistic and needs to be modified. Further, the traffic they collected was little bits of random stuff from lots of different places. Maybe they got 100 packets from your router - and then? What? Nothing, that's what. Your packets should be encrypted by ssl or similar if you don't want people to be reading them anyway. Even if you use wap on your Wi-Fi, the unencrypted traffic goes across the internet anyway! Jeez