Explain that to a novice user who doesn't understand encryption/WEP/WAP/anything. You keep ignoring this point. You have a burden of proof here. You need to demonstrate that a person with no understanding of tech stuff, *does not expect privacy* when setting up a WiFi router with default (hence unsecured) settings.
I'm not saying they don't expect privacy. They probably do. I'm saying they shouldn't expect privacy, because the technology doesn't provide it. There's a gap between reality and what most people believe, and the law shouldn't be making that gap worse - it should be making the reality clearer. If you expect privacy, turn on encryption. If you don't understand it, do what I do when I need something I don't understand fixed (like my car's brakes). Pay someone.
I get the difference. When it comes to visual images, watching and recording are both okay in public. Publishing requires permission from the subjects. Google didn't publish anything. I'm... not sure what point you're trying to make.
Actually, at least in Germany, it does not matter if you are a company or a private person: If you take a photo, record audio or video, and you record other people in the process, you have to first ask them, or you are committing a crime. (Yes, this includes the creepy guy.)
People keep saying that, but when I search the web (yes, I used Google) the sites all say that, in Germany, I'm perfectly allowed to take photos of people in public, I'm just not allowed to publish them without getting consent. I haven't found anything specific about video.
So if I have the drapes open and am jacking off in my living room, then when you “catch” me, you’re the pervert (peeping tom), and I can sue you for invading my privacy.
I would expect that you would be violating public decency laws. I know that, where I live, it's illegal to perform a sex act (including a solo one) where you can be easily seen from a public place. If I go onto your private property to see you though, or if I use a telephoto lens to see something I couldn't otherwise see from public property, then I'm invading your privacy.
Lots of people where I live have this silly idea that you can't be photographed in public, even if the photo won't be published, as well. It sounds like it's a common misconception in Germany. I have heard that France has laws preventing you from photographing people in public, but perhaps that's as much an urban myth as the German ban is.
Common decency, but not illegal to neglect to. It's common decency to cover my mouth when I yawn too, but half the people I pass on the street in the mornings don't bother.
I've recorded one or two conversations in the past without telling the other party, but only when they were already being far from decent to me (the guy was trying to extort money out of me, and I needed proof to get the cops to arrest the guy). It was nice to be able to defend myself without becoming, technically, a criminal myself. For the record, the cops arrested the guy.
They didn't slurp up all the data that went over them. They grabbed one or two frames from each network, to get the SSID. They just didn't filter the rest of the packet out at the time, so they may have stored some incidental, unencrypted, and publicly broadcast traffic as well. If you had encryption turned on, they respected your apparent desire for privacy and didn't even store the SSID.
Yes, it's probably against the law in most jusridictions to steal cars. Hover, other laws differ from country to country and in the US, where you obviously reside, they differ from state to state, even.
I don't live in the US. And I think it's probably against the law in ALL jurisdictions to steal cars.
Example? Sit onto a bench in central park and drink a beer? Busted! This is perfectly legal in most of Europe. Another example? Drink a beer at the tender age of 17? In most of the US a crime in most of Europe wine and beer can be consumed from 16 up. In Switzerland a 17 year old boy can screw a 15 year old girl (or vice versa) without falling afoul against the law. Something, I would guess, gets you stamped as a felon and a sex offender agains kids for the rest of your life in most states
So, the point you're trying to make is "different places have different laws"? You could just have said "different places have different laws", I don't think anyone would doubt you. Do go on.
There's a whole damn library about privacy legislation throughout the EU.
Those binding directives must be implemented into law in all of the EU countries. You can add Iceland, Norway and Switzerland to the mix. This partially translates to criminal offenses if violated and yes - systematically storing and processing personally identifiable data without permission, reason and safeguards may be a crime depending on circumstances.
So you're saying... what Google did might be a crime, but might not? Depending on whether it's in that "whole damn library" (hint: one or two network frames is extraordinarily unlikely to contain enough information to "uniquely identify a natural person") and whether they met just the right circumstances? I can accept that too.
You may claim that this is stupid. I for one however rather sip a beer, sitting on a park bench on a sunny day then have my private data (including phone, financial and medical data) splattered around the world and sold to every sleazy marketoid that pays for it.
Your priorities may differ, of course.
I didn't claim any of what you described was stupid. Well, maybe the bit where you think it's only against the law to steal cars in most jurisdictions. And I'm pretty sure none of phone, financial, or medical data came up. I'm not sure what phone, financial, or medical data would be doing unencrypted on someone's open WAP. I know most phone, financial, and medical sites I use which have my details use SSL, so even if I had an open WAP and Google was driving past at just the right time, they wouldn't have got any of it.
What I claimed was stupid was the idea that Google should be in trouble for collecting publicly broadcast data for the purposes of mapping out public AP locations.
My ISP shipped me a wireless router with WPA2 turned on. The key was printed on the bottom of the router. I believe that anybody who buys a device which will broadcast, unencrypted, everything they do on the 'net outside SSL to the whole neighbourhood has an action against the vendor. The people who feel "violated" here should be suing the people who sold them default insecure WAPs.
MasterCard were making me look at any wireless networks in the vicinity, dig deep (look at LOTS of packets, try to identify the people communicating, try to work out the context), and the owners were NOT people who were our customers. My intent was to protect our financial database by knowing as much as possible about any nearby wireless networks. Google's intent was just to store the publicly broadcast SSID.
Where I think this gets people concerned is the level of recording and subsequent exposure.
That's one thing which annoys me. The level of recording? One or two packets from your network. For most people, this was a netbios broadcast packet, or a half a sentence from a public webpage, or a small blotch of red from a frame of a youtube video. It was a very low level of recording, and it's almost inconceivable that it would have been enough to both identify a person AND contain information that they'd want to keep private. The subsequent exposure? None at all. They deleted it. See? Not as bad as you thought.
Add to that the fact that the packet or two they did collect was also available to anyone within a few hundred feet of your house. And anyone but Google would probably have a lot more context, collect a lot more packets, and do a lot more with the information. So they grabbed packets which you shouldn't have expected to be private, took such a tiny amount that it COULDN'T harm your privacy, and then deleted it.
That may be - but if he got caught, he wouldn't be able to hide behind 'by mistake' or any other excuse.
I don't believe he should have to. We're talking about unencrypted information which people are broadcasting to the public. I don't listen in on the conversation of the couple sitting in front of me on the bus, but at the same time, they don't have an expectation of privacy, and I'm not breaking the law if I DO listen. An open, unencrypted AP is a public network space. Anyone who has an understanding of the technology realises that open APs provide no privacy, and so nobody should expect any. It's like pinning personal letters up on the local library noticeboard and being surprised when people read them. If we react to situations like this by saying "no, people SHOULD have privacy" then we reinforce to the un-tech-savvy that they can turn encryption off and expect privacy. It just isn't true.
Also, do not forget, that you and me may know enough about hardware/software and how to configure our WiFis to be encrypted, password-protected,...
But do not assume that most people out on the street would KNOW this, or even be aware of the problems connected with it - the law needs to protect those people, too.
At the risk of a car analogy... If I fail to maintain my brakes, they fail on me, and I kill somebody, the law doesn't car that I don't understand car brake systems. The law expects me (to protect myself and others) to either learn, or pay someone to do it. Anyway, when I signed up for my ISP about two years ago, the WAP they sent me came pre-configured with WPA2. The key was printed on the bottom. The days of needing to understand wireless encryption are (partly? mostly? hopefully?) over. The law shouldn't tell people that they can expect privacy when a 12-year-old with free-off-the-net software can see what they're doing.
If you enter someone elses house uninvited, but hey - the door was open - and then leave, while taking some fairly private details (copies of receipts,... other information that might be relevant for ID theft). Do you really think, if you got caught, a court would let you get away with "well, the door had been left open...", or do you think, you would still get convicted (it wasn't your premises, you had no right of being there) - you might get some small relief out of the owner of the property not protecting it (by locking the door), but it would still be illegal to enter uninvited.
A wireless network isn't a home. There are lots of wireless networks which the owners are happy for me to use: they send me to a page where I can buy internet access through them with my credit card. There are some consumer-grade WAPs you can buy which do this out of the box! If there are some out there I'm allowed to use, and some I'm not, how do I tell? By looking at whether it's open or requires a key. If it's open, I assume I'm allowed to use it.
The thing I don't get about google, is how they can claim that it was by accident. Sure, it was by accident, we started some software that would take dumps of data-packets and store them, when all they wanted to do was just take photos.
Google provided an explanation of this on day one. They were mapping public (= no key required) APs. Several other companies do this as well! Unfortunately, the library they were using to do it just stored the whole frame containing the SSID. This meant that sometimes it would contain incidental network traffic.
I think we need to keep fighting the privacy war. I'm all for privacy protections. But if we start building an expectation of privacy in things which clearly don't provide privacy, we make things worse. People don't understand technology, by and large, so if it gets ruled that they had an expectation of privacy in an open wireless network, people will continue to keep their wireless networks open, and privacy will suffer. The real culprits here are the companies which sold WAPs which were pre-configured to broadcast traffic unencrypted to the world.
I sometimes have to rely on public APs for 'net access. I need to be able to trust that the open ones are there for people to use (lots of them will take my credit card through a trustworthy gateway and let me on the net!) I shouldn't be risking getting in trouble for invading people's privacy by using a network which is configured for open access.
Sounds like a personal-interest law to me. The people writing the law were doing lots of things wrong, and were terrified of being busted. Thankfully, where I live, we have a sensible law: third-party recordings are illegal, but if you're a party to a conversation, you can record it secretly.
I don't disagree with any of that. I think you're quite right. But I think any law which creates an expectation of privacy in unencrypted wifi data is objectionable, because it criminalises things which people may expect to be legal. For example, surveying an area for public wifi spots.
I'm guessing that you are from America but I might be wrong.
You are. I'm from Australia.
It is different. Whereas the behaviour that you have described is perfectly acceptable in the USA there are laws against this sort of thing in Europe. Some are Europe-wide (http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm) and others are national.
People keep pointing me at the privacy law page, but I honestly can't see an invasion of privacy. My analogy is trying to point that out. If you have a public unencrypted wireless network, it's not private. Just like if you're standing on your front lawn. People keep telling me that it's illegal to photograph people without their permission in Germany, but when I try searching, all of the photography resource pages I can find about Germany tell me that it is, in fact, legal to take photos of people in public; just not to publish them without their permission (and even then, only if they're prominent in the photo).
(a) he uses wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of a message (whether sent by means of wireless telegraphy or not) of which neither he nor a person on whose behalf he is acting is an intended recipient, or
If this is intended to apply to wireless networks and collecting unencrypted frames, that makes any use of a wireless network with more than two connected computers illegal. If you see a frame on the network and you collect it, but it wasn't intended for you, you've committed a crime. If you don't collect it, you don't know whether it's for you or not. Fortunately, the law says "with intent to obtain... blah blah". To be guilty of this, Google would have to have intended to identify the sender, addressee, or contents once they knew it wasn't intended for them, which by all reports they didn't. They were only intending to collect the SSID from networks which broadcast it publicly.
I'm not confusing anything: I'm making a joke at the expense of anyone who thinks WEP is effective. You can buy key recovery dongles off ebay these days which will get a WEP key in about 15 minutes.
The analogy is way too stretched to think I'm suggesting it's not illegal to break WEP encryption.
Its not googles call to say a network was open and to keep the data because they wanted it.
You're completely right. It's the network owner's call. And when the network owner set it up as a closed network, Google respected that (they could easily have collected that data too and taken it back for decryption: a single home PC is powerful enough to break WEP encryption, I'm sure Google could manage that). When the network owner instead set it up as an open network, Google took a peek. Because, you know. It was set up as open.
These people need to sue the person who sold them a WAP which was set up by default to broadcast unencrypted to the public.
Turns out (reference: a bunch of pages I got by googling "photography laws in germany", which all agreed) that you can take photos of people in public without their consent. You need their consent to publish photos of them, if the person is recognizable and the subject of the image.
Ok, why is this stupid? Because the entire world has grown up to understand the idea that there is a difference between doing something and doing something a lot.
There is a difference between peeking in a magazine and reading it at the store.
There is a difference between listening to music and listening to music at 100dbls in a party.
There is a difference between walking around naked in your house and doing so in your glass house.
There is a difference between selling your old computer in your garage and turning your garage into a used hardware store.
There is a difference between selling your 2 tickets to a concert you won't attend and selling your 100 tickets to the same concert.
In fact the whole RIAA has successfully sold (or rather bought) the idea that it is not the same to share a movie with your friend than sharing it with your other hundred thousand friends.
There is a difference between buying a t-shirt and buying 10,000 t-shirts. There is a difference between running 1km and running 100km. That doesn't make buying 10,000 t-shirts or running 100km illegal. I get that there are differences. But in general, if doing something once is legal, doing it lots is also legal. You need specific laws (noise control, scalping, and so on) to make lots of something illegal when a little bit is okay.
And yet you are unable to understand that there is a difference between broadcasting SSID and MAC addresses to let your equipment interoperate inside your home and volunteering them to a global geolocating database of the entire Internet!
A number of companies have done this before Google, and they're not in trouble. There's an iPhone app.
And yet you are unable to understand that there is a difference to let your neighbors see your face and having an omnipresent and omniscient entity mapping and logging every detail about you!
Hardly every detail about me. Actually, pretty much nothing about me (in this instance). I opted out by turning encryption on. People should be suing the companies that sold them WAPs with encryption off by default and didn't explain to them that they were broadcasting their traffic to the public by using it. Even if my encryption was off, one or two frames of network traffic is far from "every detail about [me]". I think you're panic mongering.
Google is abusing both people's thrust in their neighborhood --who could have known that Google is watching you everywhere?-- and their ignorance. Is it ok to take something from someone just because they didn't knew they had it?
Google basically played "easier to ask forgiveness than ask permission". Are you really so incapable to realize the difference between an individual and a corporation?
Google is not watching you everywhere. Panic monger. Google is driving around taking photos (this shouldn't really surprise anyone) and collecting information about public networks. Not much information, by the way - a little more than they intended to, but when they discovered that they stopped it, and disclosed. I just don't get the big deal. They didn't collect anything that any member of the public couldn't. When they realised they had more than they'd planned to collect, they disclosed and started deleting.
No matter how juicy the invitation? So you're saying that a girl wearing trashy clothes is a juicy invitation to rape? I disagree.
An open WAP, however, is an invitation: in fact, anyone walking past with a Windows laptop with the wrong box ticked in the network settings will automatically connect and start using the network! ipods did this by default when they first came out! The comparison to rape is not valid. Pretty much everyone accepts that rape is a crime. Lots of people don't accept that what Google did was a crime. Further, rape pretty much implies intent. Google has a very plausible explanation showing they didn't intend to do it.
Google were neither degrading nor stealing the service. That would be covered by those laws you're talking about: Unauthorized Access. Google weren't doing that. They were just recording public broadcast data.
Slashdot Mirror
Oh. Thanks. It's just surprising on /. for people to bother replying unless they want to flame on your opinion!
... and being able to post it in a searchable form on the internet are all very different things.
They didn't post it! People keep saying what they did is wrong because of X, when they never did X. Sheesh.
Explain that to a novice user who doesn't understand encryption/WEP/WAP/anything. You keep ignoring this point. You have a burden of proof here. You need to demonstrate that a person with no understanding of tech stuff, *does not expect privacy* when setting up a WiFi router with default (hence unsecured) settings.
I'm not saying they don't expect privacy. They probably do. I'm saying they shouldn't expect privacy, because the technology doesn't provide it. There's a gap between reality and what most people believe, and the law shouldn't be making that gap worse - it should be making the reality clearer. If you expect privacy, turn on encryption. If you don't understand it, do what I do when I need something I don't understand fixed (like my car's brakes). Pay someone.
I get the difference. When it comes to visual images, watching and recording are both okay in public. Publishing requires permission from the subjects. Google didn't publish anything. I'm ... not sure what point you're trying to make.
Actually, at least in Germany, it does not matter if you are a company or a private person: If you take a photo, record audio or video, and you record other people in the process, you have to first ask them, or you are committing a crime. (Yes, this includes the creepy guy.)
People keep saying that, but when I search the web (yes, I used Google) the sites all say that, in Germany, I'm perfectly allowed to take photos of people in public, I'm just not allowed to publish them without getting consent. I haven't found anything specific about video.
So if I have the drapes open and am jacking off in my living room, then when you “catch” me, you’re the pervert (peeping tom), and I can sue you for invading my privacy.
I would expect that you would be violating public decency laws. I know that, where I live, it's illegal to perform a sex act (including a solo one) where you can be easily seen from a public place. If I go onto your private property to see you though, or if I use a telephoto lens to see something I couldn't otherwise see from public property, then I'm invading your privacy.
Lots of people where I live have this silly idea that you can't be photographed in public, even if the photo won't be published, as well. It sounds like it's a common misconception in Germany. I have heard that France has laws preventing you from photographing people in public, but perhaps that's as much an urban myth as the German ban is.
Publishing is different, and there are special laws dealing with it. Google didn't publish anything.
Common decency, but not illegal to neglect to. It's common decency to cover my mouth when I yawn too, but half the people I pass on the street in the mornings don't bother.
I've recorded one or two conversations in the past without telling the other party, but only when they were already being far from decent to me (the guy was trying to extort money out of me, and I needed proof to get the cops to arrest the guy). It was nice to be able to defend myself without becoming, technically, a criminal myself. For the record, the cops arrested the guy.
They didn't slurp up all the data that went over them. They grabbed one or two frames from each network, to get the SSID. They just didn't filter the rest of the packet out at the time, so they may have stored some incidental, unencrypted, and publicly broadcast traffic as well. If you had encryption turned on, they respected your apparent desire for privacy and didn't even store the SSID.
Yes, it's probably against the law in most jusridictions to steal cars. Hover, other laws differ from country to country and in the US, where you obviously reside, they differ from state to state, even.
I don't live in the US. And I think it's probably against the law in ALL jurisdictions to steal cars.
Example? Sit onto a bench in central park and drink a beer? Busted! This is perfectly legal in most of Europe. Another example? Drink a beer at the tender age of 17? In most of the US a crime in most of Europe wine and beer can be consumed from 16 up. In Switzerland a 17 year old boy can screw a 15 year old girl (or vice versa) without falling afoul against the law. Something, I would guess, gets you stamped as a felon and a sex offender agains kids for the rest of your life in most states
So, the point you're trying to make is "different places have different laws"? You could just have said "different places have different laws", I don't think anyone would doubt you. Do go on.
There's a whole damn library about privacy legislation throughout the EU.
Those binding directives must be implemented into law in all of the EU countries. You can add Iceland, Norway and Switzerland to the mix. This partially translates to criminal offenses if violated and yes - systematically storing and processing personally identifiable data without permission, reason and safeguards may be a crime depending on circumstances.
So you're saying ... what Google did might be a crime, but might not? Depending on whether it's in that "whole damn library" (hint: one or two network frames is extraordinarily unlikely to contain enough information to "uniquely identify a natural person") and whether they met just the right circumstances? I can accept that too.
You may claim that this is stupid. I for one however rather sip a beer, sitting on a park bench on a sunny day then have my private data (including phone, financial and medical data) splattered around the world and sold to every sleazy marketoid that pays for it.
Your priorities may differ, of course.
I didn't claim any of what you described was stupid. Well, maybe the bit where you think it's only against the law to steal cars in most jurisdictions. And I'm pretty sure none of phone, financial, or medical data came up. I'm not sure what phone, financial, or medical data would be doing unencrypted on someone's open WAP. I know most phone, financial, and medical sites I use which have my details use SSL, so even if I had an open WAP and Google was driving past at just the right time, they wouldn't have got any of it.
What I claimed was stupid was the idea that Google should be in trouble for collecting publicly broadcast data for the purposes of mapping out public AP locations.
My ISP shipped me a wireless router with WPA2 turned on. The key was printed on the bottom of the router. I believe that anybody who buys a device which will broadcast, unencrypted, everything they do on the 'net outside SSL to the whole neighbourhood has an action against the vendor. The people who feel "violated" here should be suing the people who sold them default insecure WAPs.
MasterCard were making me look at any wireless networks in the vicinity, dig deep (look at LOTS of packets, try to identify the people communicating, try to work out the context), and the owners were NOT people who were our customers. My intent was to protect our financial database by knowing as much as possible about any nearby wireless networks. Google's intent was just to store the publicly broadcast SSID.
Where I think this gets people concerned is the level of recording and subsequent exposure.
That's one thing which annoys me. The level of recording? One or two packets from your network. For most people, this was a netbios broadcast packet, or a half a sentence from a public webpage, or a small blotch of red from a frame of a youtube video. It was a very low level of recording, and it's almost inconceivable that it would have been enough to both identify a person AND contain information that they'd want to keep private. The subsequent exposure? None at all. They deleted it. See? Not as bad as you thought.
Add to that the fact that the packet or two they did collect was also available to anyone within a few hundred feet of your house. And anyone but Google would probably have a lot more context, collect a lot more packets, and do a lot more with the information. So they grabbed packets which you shouldn't have expected to be private, took such a tiny amount that it COULDN'T harm your privacy, and then deleted it.
That may be - but if he got caught, he wouldn't be able to hide behind 'by mistake' or any other excuse.
I don't believe he should have to. We're talking about unencrypted information which people are broadcasting to the public. I don't listen in on the conversation of the couple sitting in front of me on the bus, but at the same time, they don't have an expectation of privacy, and I'm not breaking the law if I DO listen. An open, unencrypted AP is a public network space. Anyone who has an understanding of the technology realises that open APs provide no privacy, and so nobody should expect any. It's like pinning personal letters up on the local library noticeboard and being surprised when people read them. If we react to situations like this by saying "no, people SHOULD have privacy" then we reinforce to the un-tech-savvy that they can turn encryption off and expect privacy. It just isn't true.
Also, do not forget, that you and me may know enough about hardware/software and how to configure our WiFis to be encrypted, password-protected, ...
But do not assume that most people out on the street would KNOW this, or even be aware of the problems connected with it - the law needs to protect those people, too.
At the risk of a car analogy... If I fail to maintain my brakes, they fail on me, and I kill somebody, the law doesn't car that I don't understand car brake systems. The law expects me (to protect myself and others) to either learn, or pay someone to do it. Anyway, when I signed up for my ISP about two years ago, the WAP they sent me came pre-configured with WPA2. The key was printed on the bottom. The days of needing to understand wireless encryption are (partly? mostly? hopefully?) over. The law shouldn't tell people that they can expect privacy when a 12-year-old with free-off-the-net software can see what they're doing.
If you enter someone elses house uninvited, but hey - the door was open - and then leave, while taking some fairly private details (copies of receipts, ... other information that might be relevant for ID theft). Do you really think, if you got caught, a court would let you get away with "well, the door had been left open...", or do you think, you would still get convicted (it wasn't your premises, you had no right of being there) - you might get some small relief out of the owner of the property not protecting it (by locking the door), but it would still be illegal to enter uninvited.
A wireless network isn't a home. There are lots of wireless networks which the owners are happy for me to use: they send me to a page where I can buy internet access through them with my credit card. There are some consumer-grade WAPs you can buy which do this out of the box! If there are some out there I'm allowed to use, and some I'm not, how do I tell? By looking at whether it's open or requires a key. If it's open, I assume I'm allowed to use it.
The thing I don't get about google, is how they can claim that it was by accident. Sure, it was by accident, we started some software that would take dumps of data-packets and store them, when all they wanted to do was just take photos.
Google provided an explanation of this on day one. They were mapping public (= no key required) APs. Several other companies do this as well! Unfortunately, the library they were using to do it just stored the whole frame containing the SSID. This meant that sometimes it would contain incidental network traffic.
I think we need to keep fighting the privacy war. I'm all for privacy protections. But if we start building an expectation of privacy in things which clearly don't provide privacy, we make things worse. People don't understand technology, by and large, so if it gets ruled that they had an expectation of privacy in an open wireless network, people will continue to keep their wireless networks open, and privacy will suffer. The real culprits here are the companies which sold WAPs which were pre-configured to broadcast traffic unencrypted to the world.
I sometimes have to rely on public APs for 'net access. I need to be able to trust that the open ones are there for people to use (lots of them will take my credit card through a trustworthy gateway and let me on the net!) I shouldn't be risking getting in trouble for invading people's privacy by using a network which is configured for open access.
The person in the van, suv, car running the visual street capture software would have known of the wifi strength?
How? Do you think Google employees have wifi implants in their brains? The guy in the van probably didn't know half of what it was going.
And yes if you break data privacy laws you get sued.
But if you don't, you don't. And I can't see how this broke any privacy laws.
Sounds like a personal-interest law to me. The people writing the law were doing lots of things wrong, and were terrified of being busted. Thankfully, where I live, we have a sensible law: third-party recordings are illegal, but if you're a party to a conversation, you can record it secretly.
I don't disagree with any of that. I think you're quite right. But I think any law which creates an expectation of privacy in unencrypted wifi data is objectionable, because it criminalises things which people may expect to be legal. For example, surveying an area for public wifi spots.
I'm guessing that you are from America but I might be wrong.
You are. I'm from Australia.
It is different. Whereas the behaviour that you have described is perfectly acceptable in the USA there are laws against this sort of thing in Europe. Some are Europe-wide (http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm) and others are national.
People keep pointing me at the privacy law page, but I honestly can't see an invasion of privacy. My analogy is trying to point that out. If you have a public unencrypted wireless network, it's not private. Just like if you're standing on your front lawn. People keep telling me that it's illegal to photograph people without their permission in Germany, but when I try searching, all of the photography resource pages I can find about Germany tell me that it is, in fact, legal to take photos of people in public; just not to publish them without their permission (and even then, only if they're prominent in the photo).
(a) he uses wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of a message (whether sent by means of wireless telegraphy or not) of which neither he nor a person on whose behalf he is acting is an intended recipient, or
If this is intended to apply to wireless networks and collecting unencrypted frames, that makes any use of a wireless network with more than two connected computers illegal. If you see a frame on the network and you collect it, but it wasn't intended for you, you've committed a crime. If you don't collect it, you don't know whether it's for you or not. Fortunately, the law says "with intent to obtain ... blah blah". To be guilty of this, Google would have to have intended to identify the sender, addressee, or contents once they knew it wasn't intended for them, which by all reports they didn't. They were only intending to collect the SSID from networks which broadcast it publicly.
I'm not confusing anything: I'm making a joke at the expense of anyone who thinks WEP is effective. You can buy key recovery dongles off ebay these days which will get a WEP key in about 15 minutes.
The analogy is way too stretched to think I'm suggesting it's not illegal to break WEP encryption.
Its not googles call to say a network was open and to keep the data because they wanted it.
You're completely right. It's the network owner's call. And when the network owner set it up as a closed network, Google respected that (they could easily have collected that data too and taken it back for decryption: a single home PC is powerful enough to break WEP encryption, I'm sure Google could manage that). When the network owner instead set it up as an open network, Google took a peek. Because, you know. It was set up as open.
These people need to sue the person who sold them a WAP which was set up by default to broadcast unencrypted to the public.
Turns out (reference: a bunch of pages I got by googling "photography laws in germany", which all agreed) that you can take photos of people in public without their consent. You need their consent to publish photos of them, if the person is recognizable and the subject of the image.
Ok, why is this stupid? Because the entire world has grown up to understand the idea that there is a difference between doing something and doing something a lot.
There is a difference between peeking in a magazine and reading it at the store. There is a difference between listening to music and listening to music at 100dbls in a party. There is a difference between walking around naked in your house and doing so in your glass house. There is a difference between selling your old computer in your garage and turning your garage into a used hardware store. There is a difference between selling your 2 tickets to a concert you won't attend and selling your 100 tickets to the same concert. In fact the whole RIAA has successfully sold (or rather bought) the idea that it is not the same to share a movie with your friend than sharing it with your other hundred thousand friends.
There is a difference between buying a t-shirt and buying 10,000 t-shirts. There is a difference between running 1km and running 100km. That doesn't make buying 10,000 t-shirts or running 100km illegal. I get that there are differences. But in general, if doing something once is legal, doing it lots is also legal. You need specific laws (noise control, scalping, and so on) to make lots of something illegal when a little bit is okay.
And yet you are unable to understand that there is a difference between broadcasting SSID and MAC addresses to let your equipment interoperate inside your home and volunteering them to a global geolocating database of the entire Internet!
A number of companies have done this before Google, and they're not in trouble. There's an iPhone app.
And yet you are unable to understand that there is a difference to let your neighbors see your face and having an omnipresent and omniscient entity mapping and logging every detail about you!
Hardly every detail about me. Actually, pretty much nothing about me (in this instance). I opted out by turning encryption on. People should be suing the companies that sold them WAPs with encryption off by default and didn't explain to them that they were broadcasting their traffic to the public by using it. Even if my encryption was off, one or two frames of network traffic is far from "every detail about [me]". I think you're panic mongering.
Google is abusing both people's thrust in their neighborhood --who could have known that Google is watching you everywhere?-- and their ignorance. Is it ok to take something from someone just because they didn't knew they had it?
Google basically played "easier to ask forgiveness than ask permission". Are you really so incapable to realize the difference between an individual and a corporation?
Google is not watching you everywhere. Panic monger. Google is driving around taking photos (this shouldn't really surprise anyone) and collecting information about public networks. Not much information, by the way - a little more than they intended to, but when they discovered that they stopped it, and disclosed. I just don't get the big deal. They didn't collect anything that any member of the public couldn't. When they realised they had more than they'd planned to collect, they disclosed and started deleting.
No matter how juicy the invitation? So you're saying that a girl wearing trashy clothes is a juicy invitation to rape? I disagree.
An open WAP, however, is an invitation: in fact, anyone walking past with a Windows laptop with the wrong box ticked in the network settings will automatically connect and start using the network! ipods did this by default when they first came out! The comparison to rape is not valid. Pretty much everyone accepts that rape is a crime. Lots of people don't accept that what Google did was a crime. Further, rape pretty much implies intent. Google has a very plausible explanation showing they didn't intend to do it.
Google were neither degrading nor stealing the service. That would be covered by those laws you're talking about: Unauthorized Access. Google weren't doing that. They were just recording public broadcast data.