Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

37 States Join Investigation of Google Street View

samzenpus posted more than 4 years ago | from the loking-into-the-lookers dept.

Google 269

bonch writes "Attorneys General from 37 states have joined the probe into Google's Street View data collection. The investigation seeks more information behind Google's software testing and data archiving practices after it was discovered that their Street View vans scanned private WLANs and recorded users' MAC addresses. Attorney general Richard Blumenthal said, 'Google's responses continue to generate more questions than they answer. Now the question is how it may have used — and secured — all this private information.'"

Sorry! There are no comments related to the filter you selected.

First Post (-1, Offtopic)

viper2110 (886509) | more than 4 years ago | (#32987248)

First Post

it'll help them (-1, Flamebait)

h7 (1855514) | more than 4 years ago | (#32987256)

"Now the question is how it may have used — and secured — all this private information."

Great, and after this investigation is complete, Google will have all the ideas it needs on how to use the info it collected.

Blah (2, Insightful)

dissy (172727) | more than 4 years ago | (#32987262)

*sigh*

That was some really nice street view mapping, location discovery, and concept of 'out in the public' we had there once :/

Re:Blah (3, Insightful)

ultranova (717540) | more than 4 years ago | (#32988412)

That was some really nice street view mapping, location discovery, and concept of 'out in the public' we had there once :/

Yeah, we had such concepts once. That was before everything you did "out in the public" was recorded and followed you everywhere.

"You have no expectation of privacy in the public" was fine when "no privacy" meant that you could be observed, but stops being fine when "no privacy" means "everybody you ever interact with can view a record of everything you've ever done". I, for one, do not wish to live under the Lidless Eye.

Sure, (0)

Anonymous Coward | more than 4 years ago | (#32987268)

Sure, it's fishy. But I can't honestly say I would have done anything differently ('accidentially' or otherwise ;) ) in Google's position... They had the sudden great ability to improve all their geolocation technology and collect some juicy data from people. How couldn't they, ehm, accidentally pass that up?

Or (3, Funny)

Spad (470073) | more than 4 years ago | (#32987270)

37 States jump on Google Street View bandwagon.

Private Info? (5, Insightful)

breser (16790) | more than 4 years ago | (#32987274)

Seriously, who thinks this info is private? We're talking about payload data from unsecured wifi. For that matter we're talking about payload fragments.

Obviously, Google shouldn't have collected this. Obviously, Google shouldn't disclose this information to anyone, including governments.

The data should be destroyed and everyone should move on.

Google didn't collect anything that someone with a wifi card and some easily obtained software couldn't obtain.

Simply put, if you're concerned about privacy secure your wifi because without some encryption you really don't have any privacy.

Re:Private Info? (3, Insightful)

houghi (78078) | more than 4 years ago | (#32987668)

I think this is private. I think that even if I do something in public, there is no reason that it should be legal to record it and use it to cross reference it.

In the past, you are in a public place and people see what you did and had to recollect it from memmory, likely to forget most.

In the present, you are in a public place and machines record and register what you do. Everybody and his little brother is able to see what you did for all of eternety. Also they are able to crossreference it with everthing else.

Just because it is legal to keep all this data, it does not mean it should be.

For me privacy is not about the place, privacy is about the person.

Re:Private Info? (5, Insightful)

silentcoder (1241496) | more than 4 years ago | (#32987764)

>For me privacy is not about the place, privacy is about the person.

Perhaps - but what google did isn't like hiding in a bush behind you recording your conversation with your girlfriend. It's more like you are standing on top of a chair shouting "I love you Jane Fonda will you marry me" and they record it.

Seriously - when you BROADCAST information, without making any attempt to limit who can receive it despite your broadcasting device being equipped with the means to do so you can't expect it to be private afterward.

Or to use an analogy I used in a previous story on this topic: If you shag your girl against the window without closing the blinds you can't blame the neighbours for staring - not even the pervy fat-guy across the road who videotapes it (and then posts on slashdot about privacy concerns).

I can even give you a car analogy. If I take pictures of the highway as you drive by - and thus get a picture of your car showing make, model and registration - how did I invade your privacy ? If I do it in your own front yard I still didn't invade your privacy - especially since, if you really cared, you could easily have draped a car-condom over it.

Information you broadcast without limiting who can receive/understand it - is not private information - your own actions have MADE it public information.

Re:Private Info? (3, Insightful)

Anonymusing (1450747) | more than 4 years ago | (#32987826)

Information you broadcast without limiting who can receive/understand it - is not private information - your own actions have MADE it public information. (emphasis added)

Therein lies the problem. The average consumer does not think of wireless networking as "broadcast" information. They still consider it private. This is partially a lack of understand of the technology, and partially because it does not occur to most people that anyone else might try to snoop.

If I don't want you petting my dog, I can put up a fence around my yard that keeps the dog in and strangers out. But there's no fence I can use to stop wireless signals from going past my physical property, or to keep you from petting my computer... digitally, I mean... hey, stop it.

Re:Private Info? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32987908)

> But there's no fence I can use to stop wireless signals from going past my physical property

Um, Physics 101? There is.

Re:Private Info? (2, Insightful)

DJRumpy (1345787) | more than 4 years ago | (#32988058)

Reasonable means...typical home owners are not going to understand the reasons to create a cage, have the means, or technical knowledge to do this, let alone work around issues like cell signals, radio, etc.

Re:Private Info? (2, Insightful)

HungryHobo (1314109) | more than 4 years ago | (#32988198)

It is reasonable however to expect them to tick that little box when they first set up their router, you know the one, to secure it.
If that isn't enough their computer makes every effort to tell them "warning this connection is unsecured" etc etc etc

If you're too stupid to realise than things written in the margins of a library book are less private than things written in your diary or that "warning, this connection is not secured" means "warning, this connection is not secured" then you've passed bellow the "reasonable" threshold.

Re:Private Info? (1)

Custard Horse (1527495) | more than 4 years ago | (#32988350)

What is required is some sort of easily implemented workaround to prevent these signals from disappearing into the ether.

I'm working on a project similar to this myself where I have used a simple cable, attached it to my router and used a web browser to shut off the wireless function. It's not elegant but it works.

Maybe other slashdotters have tried something similar?

P.S. If anything, the throughout has *increased* and appears to be *more* stable although I have no way to test this with the limited equipment to which I have access. It might just be a perceived improvement.

Re:Private Info? (2, Interesting)

DJRumpy (1345787) | more than 4 years ago | (#32988038)

From what I've read, it doesn't matter as it was not intended to be public. This relates to the same situation police officers faced attempting to record thermal data by reading the thermals off the side of a person house. They argued that since they were not entering into a private residence, but rather reading the data from the external walls, that there was no invasion of privacy. The supreme court threw the argument out, indicating that there was an expectation of privacy involved, and that it was not legal to collect such data without a warrant.

https://ssd.eff.org/your-computer/govt/privacy [eff.org]

(although the Supreme Court has held that more invasive technological means of obtaining information about the inside of your home, like thermal imaging technology to detect heat sources, is a Fourth Amendment search requiring a warrant).

Re:Private Info? (4, Insightful)

silentcoder (1241496) | more than 4 years ago | (#32988128)

Not even close to the same ballpark... hell it's not even the same damn sport.

If a policeman walking down the road sees you shooting a gun at your girlfriend through the window with the open blinds he will damn sure rush in and intervene. "Plain sight" is not covered by the 4th ammendment and broadcast data is much closer to "plain sight" than thermal imagery from INSIDE the house.
More-over there is no practical way to PREVENT thermal energy if you want to, but it's easy to prevent broadcasting unencrypted wifi. Every damn router on the market has an easy setup wizard that suggests encryption as the RECOMMENDED DEFAULT. That makes disabling it an act of choice. Usually made to avoid the hassle of passwords.
Well the price you pay for that convenience is the choice to make your data public.

Re:Private Info? (0)

Anonymous Coward | more than 4 years ago | (#32988186)

Really? You can see heat. You can't see WiFi.

"Plain sight" is not covered by the 4th ammendment and broadcast data is much closer to "plain sight" than thermal imagery

Re:Private Info? (3, Insightful)

silentcoder (1241496) | more than 4 years ago | (#32988096)

>The average consumer does not think of wireless networking as "broadcast" information

The average consumer also doesn't think drunk driving is such a big deal - we still hold them accountable when they kill somebody.

Failing to recognize the potential consequences of your actions does not absolve you from being responsible for them.

Re:Private Info? (2, Interesting)

drinkypoo (153816) | more than 4 years ago | (#32988108)

Therein lies the problem. The average consumer does not think of wireless networking as "broadcast" information.

I'm sick and tired of hearing this bullshit excuse. If someone doesn't think that running someone down with their car will kill them because they watched too many episodes of Itchy and Scratchy, is that a potential defense for vehicular homicide? What about the Streisand effect? Would it be legitimate to prevent taking pictures of other people's property from the air if they didn't know that photons were reflecting off of it at all times and making it visible? Stop making excuses for the technological ineptitude of the masses of asses. They don't bother to educate themselves because there's no reason to do so. Well, I for one think that there is a reason to try to be up on the basic technologies of your age, and further, I think that you should be held liable for your own [mis]use of same. If you don't want to have to learn about how your AP works, run a fucking wire. Advanced technology requires advanced understanding. The legal standing has never been based on understanding but on one basic premise: the data traveling to the person and not the person traveling to the data. There is absolutely zero difference here, and the broadcaster should be liable for their broadcast, just as you would be liable for interference caused by plugging in an FM transmitter and using it to listen to your mp3s anywhere in your house. It doesn't matter that a person doesn't understand that radio waves aren't blocked by walls.

Re:Private Info? (1)

ElectricTurtle (1171201) | more than 4 years ago | (#32988288)

I hate to agree with drinkypoo... ever... but I concur. Every time somebody drags out the 'but they didn't know what they were doing!' excuse it makes me want to deck somebody. If you have a car and wear the brakes down to nothing to the point where they don't work, you can't then say 'I didn't know that's how brakes worked!' and get out of jail free when you roll over somebody.

Stupidity is not a defense, ignorance is not an excuse. If you don't know how to operate something, don't operate it, because the liability is and should always be the operator's.

Re:Private Info? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32988136)

But there's no fence I can use to stop wireless signals from going past my physical property, or to keep you from petting my computer... digitally, I mean... hey, stop it.

http://en.wikipedia.org/wiki/Faraday_cage

Re:Private Info? (1)

HungryHobo (1314109) | more than 4 years ago | (#32988176)

yes there is. there's that little box you can tick and a password field you can fill in which makes everything you broadcast private. LIKE MAGIC!!!

Re:Private Info? (5, Insightful)

Zironic (1112127) | more than 4 years ago | (#32987914)

What certain geeks like you seem to fail to understand is that normal people don't give a flying fuck about how it works on a technical level.

What a normal reasonable person expects from an open wi-fi is that their neighbors might borrow their internet. What they don't expect is that a random asswank will record all their data. While it's very easy to do it does require you to go out of your way to do it which means you're a dick.

In the same way when you sunbathe in your backyard or fuck your girlfriend in the window you probably don't mind if your neighbors see you, but you have every right to be pissed if someone decides to take photographs.

I for one don't want to live in a world where any information that leaves the 4 walls of my house is public.

Re:Private Info? (0)

silentcoder (1241496) | more than 4 years ago | (#32988026)

>In the same way when you sunbathe in your backyard or fuck your girlfriend in the window you probably don't mind if your neighbors see you, but you have every right to be pissed if someone decides to take photographs.

If you can't be arsed to close the curtains - then you don't have the right to complain if I DO take photos.

See Pamela Lee Jones vs the Dogging vid (0)

Anonymous Coward | more than 4 years ago | (#32988082)

See Pamela Lee Jones vs the Dogging vid. She complained, judge said "that was a public place you were fucking in, tough shit, sister."

Re:Private Info? (4, Insightful)

HungryHobo (1314109) | more than 4 years ago | (#32988256)

oh it can leave your 4 walls but you have to make at least a symbolic gesture that you wish it to be private.

Encrypt with WEP rather than broadcast it openly.
Seal it in an envelope rather than writing it on a postcard.
Speak it over a private telephone line rather than using a loudspeaker.

Go for a shit in the bathroom and you can expect privacy.
Go for a shit in the middle of the public street and you can expect none. Even if you're deranged or stupid and convinced that you're invisible.

pull the curtain closed in the changing room if you want privacy rather than screaming that passers-by are violating your privacy when you don't.

if people don't know unsecured actually means "unsecured" then they need to learn.it's simple. the world does not need to bend over backwards for them.

Re:Private Info? (1)

HungryHobo (1314109) | more than 4 years ago | (#32988168)

I assume you think videocameras should be outlawed then?
someone can just walk down the street with one and record not just images but snippets of the conversations they pass, owners of video cameras should be prosecuted like the eavesdroppers they are!!!

Re:Private Info? (2, Interesting)

gnasher719 (869701) | more than 4 years ago | (#32987678)

Seriously, who thinks this info is private? We're talking about payload data from unsecured wifi. For that matter we're talking about payload fragments.

On a recent discussion about the data that the iPhone collects and sends to Apple, many people commented that Apple is worse than Google. Apple collects and sends the following data:

1. MAC address

That's it. Apple doesn't collect the SSID which could likely be used to identify you. And Apple most definitely doesn't even look at any payload. Why would Google have any need to look at payload data? They have no legitimate reason whatsoever. I cannot see any technical reason why looking at any payload data would help them with Streetview. And they discarded all encrypted traffic and kept unencrypted traffic, making it very, very clear that this was intentionally nosing into stuff that they have no right to nose into.

Re:Private Info? (1)

profplump (309017) | more than 4 years ago | (#32987760)

First, Google only gets passive captures, so they have to take what they can get and then parse it. They *necessarily* have to look at whole packets to figure out what's going on. They could then, after examining the packets, throw them out and keep only the data they're using in location services, but they had to capture it all in the first place. It seems plausible to me that they just didn't think it was important, or though it was worth saving in case they came up with a new way to process it later to improve their location services.

Second, they didn't keep encrypted data because there's no useful data to keep. There only thing sent in the clear on encrypted network is the MAC address, so there's no possible post processing or extra parsing they could possibly do to extract more information. It also seems plausible that they intentionally decided to exclude encrypted networks from their index as a courtesy to respect the privacy of encrypted networks.

It's possible that they're doing something evil -- though I'm hard pressed to come up with anything useful you could do with a 3-second packet capture -- but I can come up with plenty of plausible explanations for why they didn't immediately destroy the data. And even if the have evil plans, why is this so outrageous? Doesn't Google get like 15x as much useful information from everyone using their search engine and other services? If Google is being evil, shouldn't we be worried about that information much more than these one-time, very short packet captures from broadcast, unencrypted networks?

Re:Private Info? (1)

AlecC (512609) | more than 4 years ago | (#32987910)

Particularly, Google has a reflexive "never destroy data" mentality, Part of what Google does, what it sees as part of its culture, is to store vast amounts of data, Allegedly, it took a real fight to allow there to be a delete function on Gmail: much of the company thought that, since they were storing it for free and with their indexing, there was no reason anybody should ever need to delete anything.

I think they have a real problem in their lack of understanding of people's desire for privacy, and people's desire sometimes to wipe the slate of past mistakes. There is nothing evil here, just the simple fact that people with differing concerns see the same world differently. It is exactly the same as the concerns about big government databases: people whose every working minute is spent worrying about terrorists and criminals really see the world differently from those to whom such threats are a peripheral nuisance.

Re:Private Info? (1)

maxwell demon (590494) | more than 4 years ago | (#32987776)

That's it. Apple doesn't collect the SSID which could likely be used to identify you.

And the MAC address cannot be used to identify you?

Re:Private Info? (1)

silentcoder (1241496) | more than 4 years ago | (#32987786)

I think there is a difference though. Apple collected information - without fully informing users they would be doing so. Information that otherwise would have been quite hard to obtain especially en-mass. (a dhcp server would know it - but you'd still need to know exactly when the phone connected).
Google collected information that was being publicly broadcast by people who CHOSE not to make it private. It's that simple, if you choose not to secure your wifi, you've chosen to make any information travelling over it public. That's what the word "broadcast" means.
Perhaps we should use a different word for using encryption to limit who can receive a broadcast - which makes the information private - narrowcast perhaps ?

Re:Private Info? (3, Informative)

WarJolt (990309) | more than 4 years ago | (#32987746)

Even when connected to secured wifi networks your MAC can be sniffed. MACs are not secure. Try using airodump sometime. ;-)

Re:Private Info? (5, Insightful)

AMindLost (967567) | more than 4 years ago | (#32987952)

So you think your DNA isn't private? You leave it everywhere you go so it's in the public domain. Is it OK for a company to collect it, store it and profile it for its own purposes?

Re:Private Info? (2, Insightful)

Spad (470073) | more than 4 years ago | (#32988130)

Public != Public Domain.

As long as their purposes are legal, then they're not doing anything wrong. They might be acting unethically, you might not *like* them doing it, but that's another issue entirely; this whole Google debacle is about legality.

Re:Private Info? (1)

aGuyNamedJoe (317081) | more than 4 years ago | (#32988264)

How about they patent it? Then they can charge you for using it!

Luckily it takes years for patents to be awarded...

Re:Private Info? (1)

silentcoder (1241496) | more than 4 years ago | (#32988318)

>So you think your DNA isn't private? You leave it everywhere you go so it's in the public domain. Is it OK for a company to collect it, store it and profile it for its own purposes?

Considering the amount of DNA that /. readers have distributed into socks and keyboards, I think the readership is actively campaigning to make DNA automatically public domain.

Wrong question -- Re:Private Info? (2, Interesting)

beh (4759) | more than 4 years ago | (#32988120)

The question isn't "who thinks this info is private?"... ..the question is "who thinks data shouldn't be private?"...

As is usually the case, the law only begins stepping in AFTER the baby has been poured out with the bath water...

Yes, the data is currently available, because people didn't lock the access points. But - outside of the IT geek/nerd community - how many people do you think have Internet connections and aren't aware how to properly secure their network?

And - even if they can secure them - there is still the question about their awareness of what their data can be used for, when they enter it somewhere. How much of what you enter is actually a legitimate concern of the company in question? And how much is just collected for marketing or other purposes the end user might react negatively to?

The US may be at the technical forefront in areas - but you're behind when it comes to the awareness of data security and particularly data privacy issues. What you consider to be the pesky/narrow-minded rules of European governments as to data security - might one day just save you from companies riding rough shot over what you want and think, because they have the necessary data to do so. Of course, if, say, you're into S&M stuff, it may be great that you get advertising tailored to you on sites that deal with it. But, would you want that data to 'leak' out, and all of a sudden co-workers start raising eyebrows, why you get so many porn related ads while looking at google maps?

What about the 17 year old that proudly blogged how he screwed a neighbours kid out of some stuff or other... It's bad enough for the youth to live it down that time. But would you want potential future employers 20 years later make a call on how trustworthy, how grown-up you are by what you posted back then, and might be indexed by some other service in the future?

Re:Wrong question -- Re:Private Info? (1)

HungryHobo (1314109) | more than 4 years ago | (#32988326)

"properly secure their network?"

There's the rub.
I don't expect people to "properly" secure their network.
I don't expect people to seal their letters inside a safe before posting.
But I do expect a letter rather than a postcard, symbolic security.

what I expect is symbolic security at the very least, you know, the kind which almost all routers use by default which you have to specifically disable(normally with warnings).

"What about the 17 year old that proudly blogged how he screwed a neighbours kid out of some stuff or other... It's bad enough for the youth to live it down that time. But would you want potential future employers 20 years later make a call on how trustworthy, how grown-up you are by what you posted back then, and might be indexed by some other service in the future?"

20 years ago nothing was different, he just had to go on the radio or TV and say it and thousands could record his statements.
In a small town he just had to say it and people would remember.

Devil's Advocate... (4, Insightful)

Manip (656104) | more than 4 years ago | (#32987282)

First off they're scanning public information. This is unencrypted, and broadcast across the airwaves for anyone with a WiFi device to pick up. Secondly they are using this for their location service. By recording the location of the hotspot with the identity they can roughly guess someone's location without the need for GPS. If people want privacy then they should turn off their WiFi or at the very least stop broadcasting the name of the network openly.

As far as Washington goes - just yet another example of idiots in power with no grasp of I.T. and without the wisdom to consult with someone who does.

Re:Devil's Advocate... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32987482)

Give me a break, if this was Microsoft everyone would be screaming bloody murder and how its wrong to collect data even if it is on public airways. Now you fault the government for attempting to advocate privacy and prevent a multi-billion dollar corporation which specializes in information from roaming around in vans vacuuming up data. You are simply playing Google's Advocate, much like 70% of Slashdot, anytime they get their hand caught in the preverbial cookie jar all you find is one excuse after another.

The statement that if you want privacy, lock yourself in a basement, is bullshit. Privacy should be assumed, last time I checked I lived in the US and not in China, so why should I fear for big brother (if its Google or Uncle Sam makes no difference to me)? What excuse would you give if google was catching all of the packets you sent over your land line? Afterall they weren't encrypting it, would you say don't use the internet if you want privacy? What if they recorded every phone call you made over Google Voice? Would you say that you simply should meet face to face? If it was a black van with FBI written on the side and they were recording every public WiFi, I seem to have a hard time believing that you wouldn't get a little nervous.

As far as Washington goes, I expect them to go after corporations and protect my privacy. I expect them to represent the 300 million people in this country and not multi-billion dollar companies which stuff politicians pockets. I expect corporations to have lawyers on retainer which can explain to them what is stupid and what is not. And I expect Google's engineers from not acting like a bunch of idiots.

Re:Devil's Advocate... (0)

Anonymous Coward | more than 4 years ago | (#32987710)

The argument fallback to "you wouldn't support this if it were done by $company_X" is always classic. As a matter of fact, I would. I don't care who's capturing this data. It can be some basement nerd, Apple, Google, Microsoft, the RIAA, KKK, federal authorities, or the Illuminati as far as I'm concerned.

The rest of your argument seems to miss out on one important fact: It's public radio waves. Here, let me spell that out for you. PUBLIC. R.A.D.I.O.

Fuck, you can even capture and record my private encrypted communications over wifi. The propagated signals belong to everyone, not just me. I can't claim ownership over that. Just don't decrypt the packets. At that point, you actually are snooping.

Re:Devil's Advocate... (1)

silentcoder (1241496) | more than 4 years ago | (#32987796)

So by your logic if you place an ad in the new york times I shouldn't be allowed to keep (or perhaps even buy) a copy of the paper as it would invade your "privacy" for me to store information you have CHOSEN to make public ?!?!?!?

Not securing your wifi is CHOOSING to make it public. There is no other logical or reasonable way to look at it.

Re:Devil's Advocate... (1)

maxwell demon (590494) | more than 4 years ago | (#32987924)

Not securing your wifi is CHOOSING to make it public.

No. Just because I forgot to lock my front door doesn't mean I invite everyone to come in.

The NYT ad example is besides the point, because you have to do explicit steps to get the ad into NYT, steps which you only do if you want to make that information public. If you don't do anything, your ad does not appear in the NYT (and if it happens to appear there anyway without your consent, AFAIK you do have the right to stop its distribution through the courts). Defaults matter!

Re:Devil's Advocate... (1)

Viol8 (599362) | more than 4 years ago | (#32987964)

Bad example. A better example would be to accuse someone of listening to what you're saying when you're shouting across the street.

Re:Devil's Advocate... (1)

silentcoder (1241496) | more than 4 years ago | (#32988052)

Every router I have seen in at least the last 5 years will suggest encryption as the default setting during the initial setup wizard. You generally have to manually CHOOSE not to secure it, most people who do so choose this to avoid the hassle of a password.

So I think the more common default is in fact to automatically secure wifi. Of course I speak from my own country and experience but I seriously doubt the same companies use such radically different firmware everywhere else.

You are BROADCASTING the information - you probably CHOSE "Use unsecured *WARNING THIS COULD REVEAL YOUR PRIVATE DATA*" - and now you complain because somebody reads it ?

The point is- nobody entered your house here, to use your own analogy. It's more like you left the curtains open and now you're complaining because they could see what color your couch is from the street. In terms of usefulness and level of intrusion of the information - what google took is marginally less important than the color of your couch.

Re:Devil's Advocate... (1)

Asclepius99 (1527727) | more than 4 years ago | (#32988392)

You're door example makes absolutely no sense. If you forget to lock your door your house doesn't walk across the street into my house. If you set up a wireless router and don't set any type of encryption then you're broadcasting insecurely into the surrounding area, so don't complain if your information shows up into my house and I end up grabbing some information from you.

Low hanging lawsuit fruit? (1)

JustinRLynn (831164) | more than 4 years ago | (#32987294)

The allegation that the data they scanned is false. Any unencrypted broadcast wifi data is public, which is all they stored. Not that they need me to help their defense, what with them having billion dollar style lawyering at their disposal.

My Message To Google (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32987302)

Poop dog, baby. Poop-fucking-dog. That's what *I* have to say to Google. Poop dog.

Seriously... (-1, Redundant)

JustinRLynn (831164) | more than 4 years ago | (#32987304)

The allegations that Google collected private data is false. Any unencrypted publicly broadcast information is just that, public. They did nothing technically wrong, but they don't need me to defend them, what with their disposable lawering money and all.

Overblown? (4, Insightful)

profplump (309017) | more than 4 years ago | (#32987318)

Am I the only one who thinks this is overblown? For all the actually invasive data-mining that happens on a daily basis on the web and in real life, are we really concerned that Google captures a few seconds of broadcast, unencrypted network traffic? Is this a more important issue than the online and physical database breaches we see all time from other companies (and governments) -- many of those go entirely unnoticed, and even big stories from that category only get a day or two of news coverage, but people have been whining about this Google thing for weeks.

Even if you assume that Google really wanted to capture this data for some nefarious purpose, exactly what are people worried about? It's not at all clear to me that capturing a random 3 seconds of traffic from someone's open WiFi provides Google with any particularly useful or terribly private information. Ignoring the fact that anyone in the neighborhood could be doing continuous captures of the same AP, or that half of these WiFi networks are connected to broadcast-based uplinks (like cable modems), I just don't understand why this -- even if the intent is evil -- ranks high among the other privacy concerns in modern life.

Re:Overblown? (1)

mr_gorkajuice (1347383) | more than 4 years ago | (#32987458)

I just don't understand why this -- even if the intent is evil -- ranks high among the other privacy concerns in modern life.

I too am hard pressed to figure out exactly *how* this data should aid Google. That being said, if there are no plans what-so-ever to do anything with this data, why was it collected?
More importantly though, I find it scary that Google has earned so much trust that the supposedly reasonably educated crowd of slashdot is going "Oh, it's just Google. Those are the good guys, so can't be anything to see here".
Honestly, if this had been Microsoft or Apple, more creative readers than myself would already have come up with the first 20 potentially evil usecases, and demanded a public apology from either Steve.

Re:Overblown? (1)

BasilBrush (643681) | more than 4 years ago | (#32987604)

I too am hard pressed to figure out exactly *how* this data should aid Google. That being said, if there are no plans what-so-ever to do anything with this data, why was it collected?

1) Perhaps the location data is extracted from the recorded packets off-line. Collect the raw data in the cars, upload it at the end of the day, process it at a data centre.
2) Perhaps logging was done for development/debugging purposes. No one thought to turn it off. The program was never "shipped", it remains internal to Google, and as is Google's way, stayed semi-permanently in beta status.
3) Perhaps sometimes the data throws up errors in the software. A technician could well use the raw data logging to fix the error in the program or data.

Re:Overblown? (2, Interesting)

profplump (309017) | more than 4 years ago | (#32987714)

Why was it collected? My first two guess would be:

A) The system is intended to collect AP MAC addresses and SSIDs. Doing this requires capturing broadcast packets. As it turns out, you only need some of the packets, but because the capture is passive you have to take what you get and parse it to find what you want. So if you stored the data as it came in it's actually *extra* work to remove the parts of the capture you didn't use, and no one wrote that part because it wasn't important.

B) They wanted to collect all available data in case the in-situ processing fails -- then they can just re-run the data set instead of re-driving the route. Variations on this include "we may encounter new packet types we weren't expecting and want to do post-processing on them" or "we may invent new ways to provide location services based on data that we capture but didn't know at the time was useful".

It's also possible that they're doing something evil that we can't think of, or that they're just keeping the data around in case they think of something evil to do with it later. I agree, it is possible. But I don't think I'm giving Google a pass here -- given the very limited amount of data they collected from each network I have trouble imagining what that evil thing might be, or why we should consider it more important than the data mining that goes on in other contexts, like when you actually use Google services.

Re:Overblown? (1)

maxwell demon (590494) | more than 4 years ago | (#32987842)

or why we should consider it more important than the data mining that goes on in other contexts, like when you actually use Google services.

Normally, when you use google services, you do it voluntarily. You explicitly go to Google to search, and you know that whatever you enter will be known by Google, and if there's something you don't want Google to know, you just don't enter it. The same is true for most other Google services: You are in control of the data you give to Google, because you know when you connect to Google (there are some exceptions, though, like Google analytics). This is different in that you don't ask Google to come and record your WLAN data. There's no practical way to evade.

Re:Overblown? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32987966)

There's no practical way to evade.

WEP, WPA, SSL

Re:Overblown? (1)

silentcoder (1241496) | more than 4 years ago | (#32988364)

>There's no practical way to evade.

Every router on the market has supported WPA for years, and generally it's the recommended default in the auto-setup wizard. On the contrary - you have to actively CHOOSE not to be secure before google could collect anything. The practical way to evade is the recommended default !

Re:Overblown? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32987488)

> It's not at all clear to me that capturing a random 3 seconds of traffic from someone's
> open WiFi provides Google with any particularly useful or terribly private information.

So do you upload your traffic logs to Google on a nightly or a weekly basis? And what's the public URL where you also post them? I'd like to have a look.

After all, there's nothing you have to lose.

Re:Overblown? (2, Insightful)

profplump (309017) | more than 4 years ago | (#32987644)

First, Google isn't getting traffic logs. They're getting a couple of seconds of network traffic which may or may not include any useful traffic. Even if you're actively browsing there's a good chance you didn't click on anything in those few seconds, or if you did, that they missed the 1 packet that had the URL in it. Conflating "traffic logs" with a few seconds of packet captures to make Google seem evil speaks more to your character than theirs.

Second, you and everyone else are welcome to circle my house 24/7 and log or otherwise record all of the broadcast, unencrypted data I emit. I'm not making any special exception for Google -- this information is already public by nature of being broadcast in plaintext.

Re:Overblown? (0)

Anonymous Coward | more than 4 years ago | (#32987672)

Would you still think it's overblown if it was Microsoft?

Re:Overblown? (1)

profplump (309017) | more than 4 years ago | (#32987780)

Yes.

I invite anyone and everyone to drive around my house 24/7 and capture whatever broadcast, unencrypted data I emit. (And that's not even what Google did -- they only grabbed a few seconds of data).

Frankly I'm not sure what part of my rant gave you the impression that the identity of the alleged perpetrator had any influence on my opinion of the behavior.

Re:Overblown? (1)

Anonymusing (1450747) | more than 4 years ago | (#32987860)

Exactly. There are serious data breaches every week somewhere in the U.S. and yet suddenly it's Crucifixion Time when Google records a snippet of information that you were already sending out publicly. Just surfing the Internet or searching on Google will give them far more information about you than that little cache of WiFi packets.

And what about Skyhook [skyhookwireless.com] ? Is it okay when they catalog all the WiFi stations in the U.S.? You think they didn't record any info? Oh, but wait, our fancy schmartphones use it for better location accuracy, so it's all good... move along, nothing to sue here.

Re:Overblown? (1)

misexistentialist (1537887) | more than 4 years ago | (#32988222)

suddenly it's Crucifixion Time

Indeed. Headline should read: 37 States Committed To Always Doing Evil Form An Unholy Alliance Against Google, Which Responds Plaintively, "Forgive Them, They Know Not What They Do"

Politicians from 37 states (4, Insightful)

gravos (912628) | more than 4 years ago | (#32987320)

EXTRA! Politicians from 37 states find easy way to make it look like they are doing something useful while ignoring war in Iraq, war on drugs, out of control budgets, ...

Re:Politicians from 37 states (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32987510)

At a minimum, that is most certainly the case. I suspect it's also an attempt to line some pockets with some googlebucks...

Re:Politicians from 37 states (1)

Anonymusing (1450747) | more than 4 years ago | (#32987870)

Wish I had mod points because yeah, that's it exactly.

Re:Politicians from 37 states (1)

HungryHobo (1314109) | more than 4 years ago | (#32988410)

I log ago gave up any hope that politicians give a damn about the greater good or actual harm to the public.

How many times have you heard politicians on the news shouting about gun control/gun regulations/drugs/etc
How many times have you heard politicians on the news shouting about stairwell safety and regulations on handrails?

now go away and look up the figures for all of the above.

if politicians cared even a little about "the greater good" or the real dangers out there rather than whatever is loud and sexy we'd all be a lot safer and more free.

Re:Politicians from 37 states (1)

chowdahhead (1618447) | more than 4 years ago | (#32988430)

It's true. With midterm elections looming, incumbents need to give the appearance that they are working hard for their constituents. They believe voters have poor long term memory. Blumenthal isn't very popular as an AG here in CT--he's quite fond of himself and is particularly aggressive toward issues with little impact on CT voters. He's under scrutiny right now for accepting campaign contributions from tobacco lobbyists again; he was one of the principle figures behind the landmark settlement. Oh, and he's running for a seat in the Senate too.

Google did nothin' wrong. (-1, Redundant)

JustinRLynn (831164) | more than 4 years ago | (#32987328)

The allegations that Google collected private data is false. Any unencrypted publicly broadcast information is just that, public. They did nothing technically wrong (if slightly immoral and creepy, as any data collection by a large corporation can be seen as in this day and age), but they don't need me to defend them, what with their lawering money and all.

Also, stop eating my comments slashdot!

State chooses the side of the general public? (1)

captainpanic (1173915) | more than 4 years ago | (#32987336)

Since when do governments or attorneys general side with the general public rather than with Big Business?

Doesn't Google have a little lobby organisation to prevent this kind of embarrassment? All other large companies would have been able to bribe a few people and lobby against a country-wide investigation. This is bad publicity for Google! How could that happen? Why aren't those attorneys general encouraged to stop writing letters and asking questions after their 1st letter?

Duh ... (-1, Flamebait)

daveime (1253762) | more than 4 years ago | (#32987346)

Well what do you THINK they were doing ... what they always do, seek as much information as possible without consent ... everything they do is opt-out, rather than opt-in, much to the ire of Rupert Murdoch.

No one "accidentally" either scans or records WLAN or MAC addresses ... anymore than a spammer would "accidentally" send Viagra e-mails to 6 billion people.

They were mining, nothing more to say.

Re:Duh ... (1)

BenevolentP (1220914) | more than 4 years ago | (#32987872)

Most slashdot geeks say they're non-religious, though they still have the urge to believe in a greater entity that is "good" without any doubt. Currently it's google, and like most religious people, they will defend their deity even against their own beliefs and technical knowledge. Would you believe anyone would have modded this post flamebait if the story was about MS doing the same thing? Or any other company, for that matter?

What private information? (0)

Anonymous Coward | more than 4 years ago | (#32987354)

In what way is a publically broadcast radio signal "private information"? Every wifi device receives all broadcast signals, and must filter, process and learn MAC addresses and AP names.

If it's private it should be encrypted - I don't see any suggestion that google were cracking WEP or WPA keys. Stupid public.

Re:What private information? (1)

profplump (309017) | more than 4 years ago | (#32987670)

I also don't see how, given only a few seconds of passive signal capture, Google or anyone else *could* crack WEP or WPA keys, either in situ or via post-processing (other than pure brute force).

Re:What private information? (1)

ledow (319597) | more than 4 years ago | (#32987898)

Where you walk is public information too. Maybe I should write that down, then publish it on a major search engine for everyone to see, with times, dates, locations, what buildings you entered, who you were with, whether they have known allegiances to other people, etc.

Information that's publicly available is not secure, obviously, but that doesn't mean that you can just collate it and publish it at will. That's why data protection laws exist and why this is most likely what Google will fall foul of (they already did in Germany). Nobody cared that the information was "public" - everything that happens once you step outside your front door is "public". Hell, the brand of condom that I use, or the woman I was last seen in public with, or even what porno mags someone buys in a newsagent is "public" information. It doesn't mean that corporations (or even private individuals) can then publish that online, en masse, without good reason.

Unlike some places, the EU holds dear its data protection laws. The MAC could very well be classed as personal information, seeing as it uniquely identifies a device that I have in my possession and its location and various settings on the device. Just because the next door neighbours can sniff that doesn't mean you can just collate that information en masse. Especially when it's trivial to connect that information with, say, a list of addresses. Hell, phones have MAC's nowadays - how easy would it be to go hunting for Apple-branded MAC addresses (e.g. iPhones) and then raid the houses that show up on Google maps as having one inside?

Publicly collectable information does not imply publicly distributable.

Blame (-1, Redundant)

JustinRLynn (831164) | more than 4 years ago | (#32987358)

The allegations that Google collected private data is false. Any unencrypted publicly broadcast information is just that, public. They did nothing technically wrong (if slightly immoral and creepy, as any data collection by a large corporation can be seen as in this day and age), but they don't need me to defend them, what with their lawering money and all.

Also, stop eating my comments slashdot! If this post shows up like 30 times its cuz the submit button seems to work, then fail.

Hmm. (2, Funny)

Anonymous Coward | more than 4 years ago | (#32987366)

As I see it, your MAC and SSID are never private. If PBS has ever taught me anything, it's that the data on public access points such as the one I just connected to were brought to me by neighbors such as you.

-Posted from next door.

Re:Hmm. (0, Troll)

Lars T. (470328) | more than 4 years ago | (#32987636)

As I see it, your MAC and SSID are never private.

I agree - but that wasn't all they scanned and stored. Which, what the summary fails to mention but the article makes quite clear, is the actual issue: "the unwarranted collection of e-mails, passwords and other personal data of those who failed to protect their networks with passwords."

Sure, the data wasn't protected in any way, and it was broadcast in public - but why store it, if all you want is the MAC Address and the SSID. And why would you then claim that all you stored is exactly that and nothing more until it comes out that wasn't the case?

Re:Hmm. (2, Interesting)

HungryHobo (1314109) | more than 4 years ago | (#32988426)

if you shout your username and password at your friend out on a public street while I'm walking past with a video camera is it my fault or yours?
should I then blank my recordings for the sake of your fuckup and that you only wanted your friend to hear?

what a waste of time and money (4, Interesting)

PhrostyMcByte (589271) | more than 4 years ago | (#32987390)

Someone needs to make an Android app that does the exact same thing these vans did, and publish all the captured data online, free and open. Maybe then the govt. could take their eyes off Google for long enough to realize the real problem here isn't Google -- it's the silly politicians who think recording SSIDs is malicious (the same politicians who'd start training a multi-million-man army for the coming "cyber war" apocalypse if they could), and the stupid networking (hardware or ISP) companies who don't default to secure settings, and don't educate their customers how to maintain their security.

Maybe this is good news (4, Insightful)

davmoo (63521) | more than 4 years ago | (#32987532)

We should look at the positive side of this. Since the states have so little to do now that they can waste time and money on bullshit like this, that must mean that the economy is fixed, everyone has jobs, there is no poverty or hunger, and crime and violence is a thing of the past.

but if i.... (1)

metalmaster (1005171) | more than 4 years ago | (#32987696)

secure my wifi i'll just get bitched at when little jimmy wants to use his new $wifi_gadget

Re:but if i.... (1)

lxs (131946) | more than 4 years ago | (#32988048)

Yeah don't secure your Wifi. I would hate to go back to paying for internet access.

Sincerely,
Your neighbor.

I can see a perfectly good use for this (1)

mrjb (547783) | more than 4 years ago | (#32987720)

Anyone want to bet that they collected this info to try to set up a more accurate geolocation service than anyone else?

Or just a map of open APs (0)

Anonymous Coward | more than 4 years ago | (#32988178)

Or just a map of open APs. Which would be useful. OR would it be better for Google to go phoning every telephone asking if they have an open AP and what its details are..?

The only problem is making sure that Google delete the data once they've found the SSID/channel/etc of any open access points they found.

TUBGIRL (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32987928)

How is collecting unsecured wifi data different... (1)

Viol8 (599362) | more than 4 years ago | (#32987974)

... to people listening to someone shouting across the street? Would the government charge these people for listening in to a "private" conversation of 2 people were shouting at each other loud enough to be heard?

I sometimes wonder if theres an IQ test politicians have to take and anyone who makes it into 3 digits can't become one.

Re:How is collecting unsecured wifi data different (1)

silentcoder (1241496) | more than 4 years ago | (#32988396)

>I sometimes wonder if theres an IQ test politicians have to take and anyone who makes it into 3 digits can't become one.

Close, it's more like everybody who doesn't make it into 2 digits are destined to be one.

Re:How is collecting unsecured wifi data different (1)

selven (1556643) | more than 4 years ago | (#32988400)

I sometimes wonder if theres an IQ test politicians have to take and anyone who makes it into 3 digits can't become one.

George Bush has an IQ of 125.

Given that the average IQ is (by definition) 100, that should say something about the people who vote these politicians in.

Google is creepy, Congress is inept (1)

wazzzup (172351) | more than 4 years ago | (#32987990)

So if a person had never bothered to put up any curtains and failed to install doors in their house and Google snapped a photo of the street in which you can see inside the house should Google be tried for invasion of privacy? Can such a person who leaves his or her house in that state have a reasonable expectation of privacy? Do people that can't be bothered to put up electronic versions of curtains and doors for their wireless networks have a reasonable expectation of privacy?

If you throw out incriminating evidence in the garbage, took it to the curb and investigators went through to get it and used it against you do you have any expectation that they shouldn't be able to use that evidence?

Seriously, if you make your life available to the public, whether it be failing to install curtains and doors in your home, putting sensitive documents in the trash and taking it out to the curb, posting your marital indiscretions on Facebook or allowing the public to connect to your publicly broadcasted and open network you have no reasonable expectation of privacy at those points.

At worst, Google can be accused of being creepy for picking through the "virtual" trash left at the curb and snapping photos of your doorless and curtainless home.

What is scary is that congresspersons involved with this investigation had no clue about securing consumer routers and are currently making decisions guiding the Department of Homeland Security . If there's anything alarming and scary to take away from this story that would be that, not Google.

Re:Google is creepy, Congress is inept (0)

Anonymous Coward | more than 4 years ago | (#32988064)

What is scary is that congresspersons involved with this investigation had no clue about securing consumer routers and are currently making decisions guiding the Department of Homeland Security . If there's anything alarming and scary to take away from this story that would be that, not Google.

I wonder about topology and how all the systems are connected to other goverment systems? When Gary McKinnon hacked a university server, he could gain access eventually to the Pentagon, which seems rediculous to me but hey im only an IT Professional, not a goverment official. It only takes a weak link...or unsecured network (that may not be wi-fi) to grant access to strangers and once a system is conpromised you can't trust the data.

Information Storage (1)

helix2301 (1105613) | more than 4 years ago | (#32988062)

Well I think the general problem with this is not that they collected it because anyone can collect this data with a wifi card and few pieces of software. The issue is Google stores all there information and never gets rid of it and if there was every a security breach that's a lot of information that can be dangerous in the wrong hands.

Last line in article (1)

oDDmON oUT (231200) | more than 4 years ago | (#32988088)

"Google said it mistakenly picked up 600 gigabytes of data from unsecured networks over the last three years."

Six.Hundred.GIGS?!?

If all Google was logging was the SSID and MAC addresses from unsecured WAPs as flat ASCII, worldwide, I'd wager that data would amount to a small fraction of that amount.

Which begs the question, just what *did* they log? (It also makes me reeeeally glad I heavily secured my WAP years ago).

Re:Last line in article (1)

Spad (470073) | more than 4 years ago | (#32988150)

I think we've been through this every time the story has come up; Google were passively scanning all available wireless networks and in doing so were capturing data that was being broadcast on unsecured networks. The real issue here isn't that they did that (you kind of have to if you're going to catalog wireless access points) but that they didn't have a process in place to automatically discard all the additional data once they'd established the SSID, MAC, Channel, Signal Strength, Location, etc that they wanted to record.

Linksys (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32988124)

This is your WiFi...

Scanning...

Linksys(unsecured)
Linksys(unsecured)
Linksys(unsecured)
Linksys(WEP)
Belkin(WEP)
DD-WRT(WPA2)
2Wire(unsecured)
846fork14(unsecured)

8 APs found. ...and this is your WiFi being managed by the same people who have their windows update set to 3AM, never install them, and are still worried about viruses and people getting into their items while running Windows XP SP1 and vista gold. Also, all of these access points have log in pair (Admin/password), (blank,blank), (blank, admin), (admin, blank). The only grace of that is you can play WiFi conductor for the betterment of everyone in an apartment complex when twenty people around you think it is a good idea to pile on channel 6.

Welcome to my WLAN (0)

Anonymous Coward | more than 4 years ago | (#32988274)

If I'm broadcasting unencrypted WiFi, it is because I want to broadcast or too stupid to know better. In either event it is a public disclosure using that fine spectrum delivered for this purpose by the kind folks at the FCC. Have at it!

Wifi Hotspot map (1)

Andypcguy (1052300) | more than 4 years ago | (#32988338)

I don't see what wrong with them recording this. It's like driving through a neighborhood in the next state over and scanning to see what radio stations they have. Maybe Google was going to include the location of free Wifi Hotspots on the map. This would be a nice feature. They would have to filter the private netowrks from free services and this would be difficult. Maybe that is why it never happened.

can we... (1)

Charliemopps (1157495) | more than 4 years ago | (#32988422)

Can we get a list of their names, brand their foreheads with "I don't know nothin about no internets!" and then never let them vote on anything relating to technology ever again.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?