Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Avoids Fine Over Street View WiFi Snooping, Ordered To Delete Data

Soulskill posted about a year ago | from the proffer-your-other-wrist-for-a-gentle-slap dept.

Google 115

DW100 writes "Google has avoided a fine from the UK's data protection watchdog over its admission that it had failed to delete all Wi-Fi data from its Street View cars last year — but it must ensure it is deleted within 35 days or face a contempt of court action. 'Its investigation into Google reopened last year after further revelations about the data taken from wi-fi networks. During that inquiry, additional discs containing private data were found.Google had previously pledged to destroy all data it had collected, but admitted last year that it had "accidentally" retained the additional discs. ... [The ICO said], "The detriment caused to individuals by this breach fails to meet the level required to issue a monetary penalty."'"

cancel ×

115 comments

Sorry! There are no comments related to the filter you selected.

Ballmer will be pissed! (2, Funny)

Anonymous Coward | about a year ago | (#44070665)

Stand by to dodge those chairs boys, this will get hairy!

Interesting how many times Google gets away... (-1, Troll)

recoiledsnake (879048) | about a year ago | (#44070831)

Here are two other mighty convenient examples where Google made "innocent" mistakes by vacuuming more data to track users intrusively and show them ads. Not sure if they're evil or just incompetent.

http://www.theregister.co.uk/2010/01/27/google_toolbar_caught_transmitting_data_when_disabled/ [theregister.co.uk]

Google Toolbar caught tracking users when 'disabled'

Google has updated its browser toolbar after the application was caught tracking urls even when specifically "disabled" by the user.

In a Monday blog post, Harvard professor and noted Google critic Ben Edelmen provided video evidence of the Google toolbar transmitting data back to the Mountain View Chocolate Factory after he chose to disable the application in the browser window he was currently using.

The Google toolbar offers two disable options: one is meant to disable the toolbar "permanently," and the other is meant to disable the app "only for this window."

In a statement passed to The Reg, Google has acknowledged the bug. According to the statement, the bug affects Google Toolbar versions 6.3.911.1819 through 6.4.1311.42 for Internet Explorer. An update that fixes the bug is now available here, and the company intends to automatically update users' toolbars sometime today.

The statement also says that the bug does not occur if you open a new tab after disabling the toolbar for a particular window. In the statement, Google goes on to say that the bug disappears if you restart your browser, but this doesn't quite make sense. If you're interested in disabling Google toolbar for a particular window, you aren't going to close that window.

"For that option to work as its name promises, Google Toolbar must cease transmissions immediately," Edelman says. "Fact is, the 'Disable Google Toolbar only for this window' option doesn't work at all: It does not actually disable Google Toolbar for the specified window."

It would appear that in saying the bug is fixed when the browser relaunches, Google is referring to a second bug Edelman uncovered. The Harvard prof also found that the toolbar continued to transmit data when he attempted to disable it through Internet Explorer's "Manage Add-ons" window.

With the Google toolbar, certain "enhanced features" require the transmission of data back to Google servers. These features include the ability to view a website's Google PageRank, essentially a measure of its importance on the web at large, and the new Sidewiki, a means of adding meta-comments to webpages. Using a network monitor, Edelman confirmed that if "enhanced features" are activated, Google collects domain names and associated directories, filenames, URL parameters, and search terms.

The user chooses whether to turn on "enhanced features," but Edelman argues that it's much too easy for a user to do so without completely realizing the consequences. The toolbar's standard installation routine launches a "bubble message" that pushes readers to turn on the features, he says, and it's less than clear about what data is being transmitted.

"The feature is described as 'enhanced' and 'helpful,' and Google chooses to tout it with a prominence that indicates Google views the feature as important," Edelman writes. "Moreover, the accept button features bold type plus a jumbo size (more than twice as large as the button to decline). And the accept button has the focus - so merely pressing Space or Enter (easy to do accidentally) serves to activate Enhanced Features without any further confirmation."

Yes, he continues, the message points out that the toolbar "tells us what site you're visiting by sending Google the url." But he argues this stops short of explaining that it collects everything from directories, filenames, and URL parameters to search keywords.

What's more, Edelman says, turning off "enhanced features" is more difficult than turning them on - especially for the average Joe. It appears that the features can't be turned off unless you uninstall the entire toolbar. Or "disable" it. But that doesn't always work. Or at least it didn't until Edelman noticed it didn't. ®

http://online.wsj.com/article/SB10001424052970204880404577225380456599176.html [wsj.com]

Google's iPhone Tracking

Google Inc. GOOG -1.14% and other advertising companies have been bypassing the
privacy settings of millions of people using Apple Inc.'s AAPL -1.90% Web browser
on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.

he companies used special computer code that tricks Apple's Safari Web-browsing software into letting them monitor many users. Safari, the most widely used browser on mobile devices, is designed to block such tracking by default.

Google disabled its code after being contacted by The Wall Street Journal.

The Google code was spotted by Stanford researcher Jonathan Mayer and independently confirmed by a technical adviser to the Journal, Ashkan Soltani, who found that ads on 22 of the top 100 websites installed the Google tracking code on a test computer, and ads on 23 sites installed it on an iPhone browser.

The technique reaches far beyond those websites, however, because once the coding was activated, it could enable Google tracking across the vast majority of websites. Three other online-ad companies were found using similar techniques: Vibrant Media Inc., WPP WPPGY -1.34% PLC's Media Innovation Group LLC and
Gannett Co.'s GCI -0.38% PointRoll Inc.

In Google's case, the findings appeared to contradict some of Google's own instructions to Safari users on how to avoid tracking. Until recently, one Google site told Safari users they could rely on Safari's privacy settings to prevent tracking by Google. Google removed that language from the site Tuesday night.

In a statement, Google said: "The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."

Google's privacy practices are under intense scrutiny. Last year, as part of a far-reaching legal settlement with the U.S. Federal Trade Commission the company pledged not to "misrepresent" its privacy practices to consumers. The fine for violating the agreement is $16,000 per violation, per day. The FTC declined to comment on the findings.

An Apple official said: "We are working to put a stop" to the circumvention of Safari privacy settings.

Of the ad companies found to be using the technique, Google has by far the largest reach. It delivers Internet ads that were viewed at least once by 93% of U.S. Web users in December, according to comScore Media Metrix.

A Vibrant Media spokesman called its use of the technique a "workaround" to "make Safari work like all the other browsers." Other major Web browsers don't block tracking by default. Vibrant, a top 25 ad network in the U.S. according to comScore Media Metrix, uses the technique "for unique user identification," the spokesman said, but doesn't collect personally identifiable information such as name or financial-account numbers.

WPP declined to comment. A spokeswoman for Gannett described its use of the code as part of a "limited test" to see how many Safari users visited advertisers' sites after seeing an ad.

PointRoll's coding was found in some ads on WSJ.com. "We were unaware this was happening on WSJ.com and are looking into it further," a Journal spokeswoman said.

To test the prevalence of Google's code, the Journal's technology adviser, Mr. Soltani, surveyed the top 100 most popular websites as ranked by Quantcast earlier this month. He found Google placed the code within ads displayed on major sites including movie site Fandango.com, dating site Match.com, AOL.com, TMZ.com and UrbanDictionary.com, among others. These companies either declined to comment or didn't respond. There is no indication that they or any other sites knew of the code.

"We were not aware of this behavior," said Michael Balmoris, AT&T Inc. T -0.54% spokesman. Google's code
was found on AT&T's YellowPages.com. "We would never condone it," he said.

Google has already been facing broader questions about privacy. Last month, Google—which offers many services including YouTube, Gmail and of course, Google search—said it would revise its privacy policy to combine nearly all the information it possesses about its users.

The move prompted an international outcry. European Union privacy officials asked Google to "pause" its changes until it can ensure the privacy of EU citizens. Google said it briefed European officials in the weeks before its announcement and plans to roll out the new privacy policy March 1.

Across the digital landscape, the issue of online privacy is taking center stage. In recent months, large institutions and tiny app-makers alike have been accused of mishandling personal data. Trying to reassure a worried public, lawmakers have introduced more than a dozen privacy bills in Congress. The Obama administration has called for a Privacy Bill of Rights to encourage companies to adopt better privacy practices.

Trade in personal data has emerged as a driver of the digital economy. Many tech companies offer products for free and get income from online ads that are customized using data about customers. These companies compete for ads, in part, based on the quality of the information they possess about users.

Google's tracking of Safari users traces its roots to Google's competition with social-network giant Facebook Inc. FB +0.75% After Facebook launched its "Like" button—
which gives people an easy way to indicate they like various things online—Google followed with a "+1" button offering similar functionality on its rival social network, known as Google+.

Last year, Google added a feature to put the +1 button in ads placed across the Web using Google's DoubleClick ad technology. The idea: If people like the ad, they could click "+1" and post their approval to their Google social-networking profile.

But Google faced a problem: Safari blocks most tracking by default. So Google couldn't use the most common technique—installation of a small file known as a "cookie"—to check if Safari users were logged in to Google.

To get around Safari's default blocking, Google exploited a loophole in the browser's privacy settings. While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way—for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.

The cookie that Google installed on the computer was temporary; it expired in 12 to 24 hours. But it could sometimes result in extensive tracking of Safari users. This is because of a technical quirk in Safari that allows companies to easily add more cookies to a user's computer once the company has installed at least one cookie.

Google said it tried to design the +1 advertising system to protect people's privacy and that the placement of further tracking cookies on Safari browsers wasn't anticipated.

Among some Web programmers, the type of maneuver used by Google appears to have been an open secret for some time. Anant Garg, a 25-year-old Web developer in Mumbai, India, blogged about the technique two years ago.

Mr. Garg said when he developed the Safari workaround he didn't consider the privacy angle. He came up with the idea simply to "ensure a consistent experience" for a group of people accessing a chat system from different Web browsers, he said.

The coding also has a role in some Facebook games and "apps"—particularly if the app wants to store a user's login information or game scores. In fact, a corporate Facebook page for app developers called "Best Practices" includes a link to Mr. Garg's blog post.

"We work to educate our developers on how to deliver a consistent user experience across all browsers," said Facebook spokesman David Swain.

Mr. Mayer, who spotted Google using the code, also noticed variations of Mr. Garg's code at work in ads placed by Vibrant Media and WPP's Media Innovation Group. Mr. Soltani verified those findings, and also found code being used by Gannett's PointRoll. In a test, Mr. Soltani found the PointRoll code present in ads on 10 of the top 100 U.S. sites.

Re:Interesting how many times Google gets away... (4, Interesting)

mystikkman (1487801) | about a year ago | (#44070871)

Here are two other mighty convenient examples where Google made "innocent" mistakes by vacuuming more data to track users intrusively and show them ads. Not sure if they're evil or just incompetent.

Here's an example of them being *both* very competent and evil.

Removing borders and decreasing contrast between ads and results to get more clicks and more money from advertisers and users, especially older people who can't see contrast well. I am sure they employ professional psychologists with PhDs whose sole objective is to increase ad clicks by using A/B testing, even if they user didn't intend to click ads, they must be making billions off these "optimizations".

http://ppcblog.com/fbf0fa-now-you-see-it [ppcblog.com]

http://blumenthals.com/blog/2012/01/31/is-google-intentionally-trying-to-minimize-the-fact-that-these-are-ads/ [blumenthals.com]

Unlike Microsoft, they do have amazing PR though, with making lots of people believe the all the 'do no evil' BS, while slowly taking over the browser market by beating Mozilla to save money on ads.

Re:Interesting how many times Google gets away... (1)

yuhong (1378501) | about a year ago | (#44073961)

I still remember Douglas Bowman's blog post about why he left Google.

Re:Interesting how many times Google gets away... (1)

swillden (191260) | about a year ago | (#44074791)

I still remember Douglas Bowman's blog post about why he left Google.

You mean this one [stopdesign.com] ? While I suppose the data-driven mindset of Google does have its problems (as well as its advantages), I don't really see the relevance to the GP's claim of evilness in choosing a subtler background color for ads.

Re:Interesting how many times Google gets away... (1)

yuhong (1378501) | about a year ago | (#44076353)

It is relevant because the kind of testing seems to be pretty similar.

Re:Interesting how many times Google gets away... (1)

swillden (191260) | about a year ago | (#44076497)

It is relevant because the kind of testing seems to be pretty similar.

Actually, it's not. Unfortunately I can't really explain why. I don't think there would be any harm in it -- might even be some good in it, actually -- and people would definitely find it interesting, but confidential is confidential.

Suffice it to say that Google attempts to maximize the ability of users to distinguish ads from organic results. I can probably say that much.

I'm sure everyone who reads this is going to think "that's such a lame and content-free post, why did he even bother?". Sorry.

Re:Interesting how many times Google gets away... (1)

Runaway1956 (1322357) | about a year ago | (#44071333)

NO ONE installs a toolbar unless they want to be tracked. Seriously - we haven't learned that over the past almost 20 years? Toolbars have one purposed, and one purpose only . That is to make the chump - errrr, consumer - agree to be tracked. If at some later time the chu - CONSUMER says that he doesn't want to be tracked, you surely don't expect him to be taken seriously.

Only if the ch - CONSUMER nukes from orbit then reformats might we take his request to stop tracking him seriously.

Re:Interesting how many times Google gets away... (0)

Anonymous Coward | about a year ago | (#44071561)

It is extremely difficult to vacuum all use of a data. If you owned a massive network, could you fully wipe out all data coming from source X, including all copies of it? Good luck...

Limiting data proliferation is one of the hardest problems there is.

You are running a company with thousands of employees, containing hundreds of projects. Each of these projects needs to constantly log things. Nobody in the company knows about all the ins and outs of the data for every project. How are you going to set things, logistically or otherwise, so that people are prevented from logging stuff they shouldn't?

You can call it "incompetence" that Google makes mistakes. I agree they make mistakes, but I question if other people out there actually do it better. Maybe Google should look to the NSA for guidance, right?

Re:Interesting how many times Google gets away... (1)

plopez (54068) | about a year ago | (#44072731)

Based on my experiences in corporate America, incompentence is the most likely explanation. Remember, the larger anorganization grows the IQ of that organization approachs that of the generalpopulation.

Re:Ballmer will be pissed! (1)

FirephoxRising (2033058) | about a year ago | (#44076289)

posting to fix mistaken moderation....

Detriment caused (2, Insightful)

Anonymous Brave Guy (457657) | about a year ago | (#44070707)

From the BBC News article:

The FCC levelled heavy criticism at the company, saying it had "deliberately impeded and delayed" the investigation for months.

Its investigation found that data had been discovered in 30 countries, and included "complete email messages, email headings, instant messages and their content, logging-in credentials, medical listings and legal infractions, information in relation to online dating and visits to pornographic sites".

Assuming the UK was among those countries, if that list of privacy invasions is not sufficient to merit even a token fine from a privacy watchdog, I'm not sure what is. :-(

Re:Detriment caused (1)

Anonymous Coward | about a year ago | (#44070747)

Sounds like a lot of people browsing unencrypted websites on open networks. I used to be amazed the crap I would find running WireShark on my university's wireless network. :)

Re:Detriment caused (1)

Anonymous Brave Guy (457657) | about a year ago | (#44070819)

Sounds like a lot of people browsing unencrypted websites on open networks.

I imagine it was, but using that as a defence to systematically invading privacy on a massive scale sounds a lot like arguing that the door was unlocked so there was no expectation of security or the girl was asking for it because she was wearing a short skirt. Failure of a victim to do everything a capable expert might have done to protect themselves should never be accepted as justification for making them a victim in the first place. No-one can protect themselves fully against everything, and having a legal system is a practical recognition of that reality.

Re:Detriment caused (5, Insightful)

msauve (701917) | about a year ago | (#44070845)

No, it's more like standing naked by your front window, then complaining because someone takes a picture from the street. Setting up minimal WiFi encryption on consumer wireless equipment has never been a task requiring a "capable expert."

Re:Detriment caused (2)

Bill_the_Engineer (772575) | about a year ago | (#44070947)

And taking said picture violates the naked person's expectation of privacy. Of course, Arne Svenson will put that to the test with his "Neighbors" exhibit at Chelsea gallery. Interestingly, your assertion associates Svenson to photography like google is to wifi..

Re:Detriment caused (1)

EasyTarget (43516) | about a year ago | (#44071891)

And taking said picture violates the naked person's expectation of privacy

Errr.. I would hope said photo would be the #1 piece of evidence in court that someone is a pervert who willfully exposes their genitalia to old ladies and little children walking in the street.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44072559)

Unless the exposer happens to be female and the (accidental) viewer male... then all of a sudden the viewer is a pervert and the exposed woman innocent

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44070989)

A better analogy was sitting on your front porch and reading your personal mail through a megaphone.
And then a car drives by and the passenger is recording video & audio; so you come running down the street and have them arrested for "wiretapping" your private mail.

Leaving your wifi open with the SSID broadcasting is the same as building a house that looks exactly like a 7-11 with a sign, automatic doors, & glass front. And then calling the police and having anyone that walks in arrested for burglary/trespassing.

Re:Detriment caused (2)

Anonymous Brave Guy (457657) | about a year ago | (#44071075)

Setting up minimal WiFi encryption on consumer wireless equipment has never been a task requiring a "capable expert."

Surely you can't really believe that? There are many, many people who use the Internet at home and don't even realise that they have "WiFi". They wouldn't know WEP from WPA if you spelled them out in inch-high letters. It is not at all obvious to such a person that observing what they are doing on a computer inside their home from the street outside is even possible, and certainly not obvious what they should do about it.

Try looking at it this way. By your logic, because it is obvious to me as someone knowledgeable about computer networks that WEP is not an effective means of encryption for wireless traffic, anyone using WEP therefore has no reasonable expectation of privacy because they could have searched for two minutes on Google and discovered this but they still haven't protected themselves better. It should therefore be fair and legal for me to watch whatever is happening on four (as I write this) of my neighbours' wireless connections without any regard for their privacy. Does that sound right to you?

What about the fact that although WPA has been presented as being an actual encryption standard, it was cracked long ago, so I could download a tool to break it and be watching another five (as I write this) neighbours' wireless connections five minutes from now? These are people who might have actively chosen to encrypt their traffic, but they also didn't do the two minute Google search, so have their forfeited all right to privacy as well in your eyes?

Incidentally, taking a picture of someone naked inside their home from the street outside could also be illegal in the UK depending on the circumstances. Voyeurism is an offence, for example.

Re:Detriment caused (2)

msauve (701917) | about a year ago | (#44071295)

Decoding a WEP transmission requires a directed effort specific to each WLAN encountered.

We apparently just have different beliefs. I don't think it's the government's role to protect people from their own stupidity. Stupidity should be painful, especially if you can't be bothered to RTFM.

Re:Detriment caused (1)

Anonymous Brave Guy (457657) | about a year ago | (#44071681)

Decoding a WEP transmission requires a directed effort specific to each WLAN encountered.

And picking up signals in the clear requires a vastly greater directed effort to drive a whole damned car down the street within a few metres of the victim's property, equipped with technical equipment not normally present in cars to receive the data in the first place. Decoding a WEP transmission requires negligible additional effort by comparison. WEP is not an encryption protocol. You're just picking a level of acceptability that meets your personal standard for what constitutes "stupid".

We apparently just have different beliefs. I don't think it's the government's role to protect people from their own stupidity.

You're confusing ignorance with stupidity. Everyone is ignorant about something, and can be damaged seriously by someone who is an expert in that field. That is why we have laws.

And those fine manuals for consumer WiFi boxes that you want people to read are frequently full of over-simplified, outdated nonsense when it comes to security. You could follow them to the letter and still have the script kiddie three doors down reading your mail. And it still wouldn't be your fault.

Re:Detriment caused (1)

amazeofdeath (1102843) | about a year ago | (#44072145)

Having a laptop open in your car does that, it's nothing special. My ages-old iBook would connect to any open WiFi network, were I using the default settings. Picking up an unencrypted connection is trivial, whether by purpose or by accident; connecting to a WEP-encrypted WiFi network requires some specific effort. You are building up some ridiculous straw-man here: There's a lot of equipment that will connect to any open WiFi network in out-of-the-box configuration, but there's no such commercial products that'll crack WEP without user configuration.

Re:Detriment caused (1)

Anonymous Brave Guy (457657) | about a year ago | (#44072787)

There's a lot of equipment that will connect to any open WiFi network in out-of-the-box configuration

Equipment that would join an unknown network without any user interaction at all? That sounds like a security problem waiting to happen to me, and I have never seen wireless equipment that actually does that. As a minimum, with any device I have ever seen, you would have to actively choose to join a network from an available list.

there's no such commercial products that'll crack WEP without user configuration

Sure there are, but the people selling them aren't exactly going to advertise them in your local store.

Re:Detriment caused (1)

amazeofdeath (1102843) | about a year ago | (#44072893)

Equipment that would join an unknown network without any user interaction at all?

Yes. You seem to be pretty out-of-date in normal laptop and other WiFi-enabled systems.

there's no such commercial products that'll crack WEP without user configuration

Sure there are, but the people selling them aren't exactly going to advertise them in your local store.

I thought putting up a disclaimer (as there are "commercial" products for pretty much everything), but I thought that it was clear from the context. Your OEM laptop will not crack WEP out-of-the-box.

Re:Detriment caused (1)

Anonymous Brave Guy (457657) | about a year ago | (#44073255)

You seem to be pretty out-of-date in normal laptop and other WiFi-enabled systems.

Computer networking is a significant part of my job, and I spent a fair chunk of today reconfiguring network and security settings on laptops and other wireless devices from diverse vendors running at least four different operating systems.

It is not normal for a newly bought laptop, smartphone, tablet or other wireless-enabled device to connect to an arbitrary network within range without any sort of prompt for confirmation, at least not here in the UK. Show you a list of available networks? Sure. Let you connect to any unsecured one with one click/tap? Probably. Invite you to connect to the one with the strongest signal? Sometimes. Connect without any interaction at all the moment you turn on the box? Extremely unlikely.

If you think otherwise, I'd be interested in specific examples, because the people selling such a device are probably turning their customers into criminals under UK law the moment they turn the machine on, as well as presenting a major security risk to the customers themselves if they connect to the wrong network. Obviously the legal question will vary depending on your jurisdiction, but it's just a dumb policy security-wise wherever you are.

Re:Detriment caused (0)

dpidcoe (2606549) | about a year ago | (#44071521)

By your logic, because it is obvious to me as someone knowledgeable about computer networks that WEP is not an effective means of encryption for wireless traffic, anyone using WEP therefore has no reasonable expectation of privacy because they could have searched for two minutes on Google and discovered this but they still haven't protected themselves better.

No.

An unencrypted network takes no action on the part of the person connecting, and does nothing to indicate that it's intended to be private. People could even inadvertently connect to it depending on how their device is configured (particularly if you have the same ssid of a network they've connected to previously, e.g. "linksys").

By encrypting it with WEP (or even mac address filtering, as retarded of a "security" measure as that is), you're indicating that your network isn't intended to be free to access. Even though both of those methods are potentially worse than no security (WEP can be cracked in the time it takes joe idiot to tap out the password on his iDevice, MAC filtering is circumvented just as easily), they still require specific action on the part of the intruder, and are a clear indication by the owner that they did not intent the network to be public.

To make yet another property analogy: If you live on a corner lot and kids keep walking through your front yard in order to cut the corner on their way home from school, good luck yelling at them for trespassing. If you put up a fence (even if it's a 3 foot high white picket fence that'll fall over at the first breath of wind), you're now clearly indicating that you don't want your yard being used at a cut-through, and are a bit more justified in sitting on your front porch with a shotgun and yelling at the kids to get off your lawn in the event the jump the fence.

Re:Detriment caused (0)

Anonymous Brave Guy (457657) | about a year ago | (#44071855)

An unencrypted network takes no action on the part of the person connecting,

Sure it does. You have to buy specialised technical equipment that implements specialised communications protocols, locate it within range of the network, and choose to connect.

and does nothing to indicate that it's intended to be private.

We're talking about networks that people are running to connect their own devices within their own homes with no intent of sharing them and quite possibly with no understanding that they can even be accessed by other parties.

Besides, where did this presumption that everything is public unless it isn't come from? Why do you feel that you should be entitled to connect to anyone else's network, whether it's secured or not? Would you walk into someone's garden because their gate was open, or follow them into their home if they left the door unlocked?

People could even inadvertently connect to it depending on how their device is configured

Sure, someone who was similarly ignorant of networking might accidentally do that. Do you think arguably the most successful Internet and data mining company in the world is ignorant of computer networking and the fact that WiFi networks they can see as they drive down the street are probably intended for the personal use of their owners?

By encrypting it with WEP (or even mac address filtering, as retarded of a "security" measure as that is), you're indicating that your network isn't intended to be free to access.

As you noted yourself, WEP is not an encryption scheme. It provides no more meaningful security than sending wireless data in the clear, and I don't see why it really makes a clear indication that a network is intended to private where, for example, setting an SSID of "DOE_FAMILY" does not. As I seem to be posting in every other reply to this thread, you're just choosing an arbitrary standard of false security and claimed privacy that fits your chosen position.

If you live on a corner lot and kids keep walking through your front yard in order to cut the corner on their way home from school, good luck yelling at them for trespassing.

You're muddying the waters by involving kids and property with unclear boundaries, both of which make it less reasonable to assign blame to the trespasser and transfer a measure of responsibility to the property owner if, for example, there is something dangerous on the ground and a child hurts themselves on it. It's not really a fair analogy.

Re:Detriment caused (1)

dpidcoe (2606549) | about a year ago | (#44075409)

You're muddying the waters by involving kids and property with unclear boundaries, both of which make it less reasonable to assign blame to the trespasser and transfer a measure of responsibility to the property owner if, for example, there is something dangerous on the ground and a child hurts themselves on it. It's not really a fair analogy.

It's a completely fair analogy, and I picked it specifically because an unencrypted and wide open wifi signal is an unclear boundary. Placing any kind of restriction on it (however insecure in reality) is what's needed to establish a clear boundary.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44072455)

You're forgetting that intercepting electronic communications is illegal, even if it's unencrypted. When cordless phones first came out, anyone with a scanner could intercept a phone call, and they made it illegal at that time because the government actually cared about privacy then.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44074415)

Which legislation that is?

If you're talking US, I'll just link this [arstechnica.com] comment over from Ars Technica.

TL;DR: It's illegal to intercept phones, everything else broadcasting unencrypted is fair game, as FCC decided when judging on this very case.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44071183)

No, it's more like standing naked by your front window, then complaining because someone takes a picture from the street. Setting up minimal WiFi encryption on consumer wireless equipment has never been a task requiring a "capable expert."

No, it is more like a car, that only have 2 doors but still is speeding.

There is no need to invent crazy analogies that says nothing about the actual situation. People encrypting their communication or not isn't even relevant to the case. There are laws regulating how and what data business can collect and aggregate about consumers *even if these are data the consumers are not trying to protect!*

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44071745)

Doesn't matter, you can't start running around punish people or companies simply because their WiFi is turned and and connects or collects data from unencrypted WiFi networks. Basically you can't punish anyone for something that is simply built into the technology.

Either way, the issue is NOT Google's fault or their job to rectify.

Re:Detriment caused (1)

Anonymous Brave Guy (457657) | about a year ago | (#44073063)

Doesn't matter, you can't start running around punish people or companies simply because their WiFi is turned and and connects or collects data from unencrypted WiFi networks.

In the UK, behaviour involving knowingly accessing someone else's network without authorisation could be a criminal offence under, for example, the Computer Misuse Act (1990) or Communications Act (2003).

That is in addition to any privacy and data protection concerns that may arise depending on the nature of any data collected or stored as a result of that access.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44073929)

Doesn't matter, you can't start running around punish people or companies simply because their WiFi is turned and and connects or collects data from unencrypted WiFi networks. Basically you can't punish anyone for something that is simply built into the technology.

Either way, the issue is NOT Google's fault or their job to rectify.

Of course you can punish companies that collect data illegally. The data doesn't have to be protected for collection and aggregation by *businesses* to be illegal. This is the law. If companies start aggregating other *publicly available* data about you, that might be illegal too. Even Google isn't above the law.

Re:Detriment caused (1)

Runaway1956 (1322357) | about a year ago | (#44071471)

"Setting up minimal WiFi encryption on consumer wireless equipment has never been a task requiring a "capable expert.""

I have to agree. The wife and I went to the Hi-Tech department at Wal-Mart to get our router. We read carefully. WEP, WPA, it's all right there in the box. Or, as the geeks like to say, "Out Of the Box" or OOB. Yep - we brought that thing home, plugged it in, and it just worked, as advertised. No fuss, no muss - I have the latest, greatest security, and I didn't have to know anything! /sarcasm

Re:Detriment caused (1, Interesting)

gnasher719 (869701) | about a year ago | (#44071721)

No, it's more like standing naked by your front window, then complaining because someone takes a picture from the street. Setting up minimal WiFi encryption on consumer wireless equipment has never been a task requiring a "capable expert."

Of course it is. You have to find how to get into the router, you have to know which encryption to choose, then you have to set up your computers in the same way. All that while avoiding the little snag that as soon as you turn on encryption, your WiFi connection to the router will fail, so if you make the slightest mistake you are stuffed. Unless you have a big box full of stuff including an Ethernet cable.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44074489)

The hell are you smoking?

Every home router's box I've seen had an Ethernet cable and a nice step-by-step manual in pictures which starts with "Plug the cable into the router and your PC ... Type 192.168.1.1 into your browsers window ... " and usually includes "Set your WiFi password" and instructions on configuring WiFi on your devices as well.

I can see you love to bash Google from your comments history, but here you're just making shit up just not to give up a given line of offense.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44071761)

This isn't just "overhearing because you broadcast it in the clear."

This is "overhearing, then recording and warehousing, because what the fuck, there's probably something useful in there that we'll want to use someday."

When Google essentially "walks down every street in town, looking for naked people in the window, and photographs each and every one it finds to put a copy of the photo in its jack-off log for future reference," then there's a problem - and the problem isn't that a few naked people have to be standing in windows.

If Google wanted to collect and retain the data, they should have *asked* for permission. If they didn't want to go to the trouble of doing so, they have an obligation to not retain that data.

Re:Detriment caused (0)

Todd Knarr (15451) | about a year ago | (#44070875)

My question would be this: if you're standing in your front yard using a bullhorn, do you really have any expectation of privacy about what you're saying? One of the first requirements for an expectation of privacy has to be taking at least some steps to insure what you're doing/saying isn't public.

Re:Detriment caused (1)

Score Whore (32328) | about a year ago | (#44071089)

This is going to be a bit inflammatory, but your question and analogy are stupid. Humans have a handful of senses to take in information about the world and those senses have fairly narrow ranges in which they function. Exposing information in those ranges can readily be considered a giving up your privacy. But outside of those ranges it's not honest to say that someone is yielding their rights. Unless of course you have no problem with someone, say the government, driving a huge sheet of film up on one side of your house and a hug x-ray emitter on the other and taking an x-ray of your entire home.

Re:Detriment caused (1)

Todd Knarr (15451) | about a year ago | (#44072419)

Why should we be ignorant of everything beyond our own senses? Everyone knows radio exists. My grandparents knew about radio, there's no excuse for anyone today to not know about it. Everyone knows it involves broadcasting the signal for anyone with a receiver to pick up, that's why we call them radio broadcasts. And while 15 years ago you might have been excused for not knowing that WiFi worked over radio, today it's common knowledge. You're even told this on Page 1 of the booklet that came with your wireless router or access point.

This is the 21st century, not the 19th.

Re:Detriment caused (1)

Score Whore (32328) | about a year ago | (#44072783)

Who said anything about being ignorant? Not me. Going back to my own ridiculous example, everyone knows about x-rays but no one expects to have their house x-rayed and thus we don't live in lead lined homes. The fact that people aren't taking measures to counter every possible information leakage from their life doesn't mean that they consent to that information being gathered, scrutinized or disseminated. Your argument seems to be that anything we don't actively defend against, we consent to. That is absurd.

I can't think of any accepted morality that says it's O.K. to put poison in people's food since a) they know that poison exists and, b) if they didn't want to be poisoned they'd test every thing they put in their mouth. Or feel free to drink and drive because a) we know assholes drink and drive and, b) if we didn't want to be in an accident caused by a drunk we'd not go anywhere a drunk could take a car. The list goes on and on and only a total jerk would argue that the onus lies on the people affected by anti-social behavior rather than on the sociopath engaging in the behavior.

Re:Detriment caused (1)

Todd Knarr (15451) | about a year ago | (#44073137)

True, but then your X-ray example is an example of someone else broadcasting things into your home. WiFi involves the opposite: you broadcasting things out of your home where anyone can pick them up. Your example involves things not done by you, broadcasting is something you do that's under your control.

Re:Detriment caused (1)

Anonymous Brave Guy (457657) | about a year ago | (#44073427)

You're "broadcasting" all kinds of radiation from your home that can be detected outside with the right equipment. With many methods of house construction, for example, it is easily possible for someone to look at thermal images and watch you and your SO having a little personal time. I think most people would still consider it intrusive to do so and would feel more than a little violated if you started talking to them about their favourite positions the following day.

Re:Detriment caused (1)

Todd Knarr (15451) | about a year ago | (#44075011)

Yep. But again, in your example the people inside are taking measures (opaque walls) to keep the activities private, and seeing them requires special equipment that a person wouldn't ordinarily have. The equivalent for WiFi would be putting a Faraday cage around your house to contain radio emissions and having them leak out anyway. I don't think you've posited a Faraday cage being involved, have you?

Re:Detriment caused (1)

Anonymous Brave Guy (457657) | about a year ago | (#44071105)

One of the first requirements for an expectation of privacy has to be taking at least some steps to insure what you're doing/saying isn't public.

Like searching for details about a medical condition using your personal computer in the privacy of your own home with the curtains drawn rather than from a shared computer in an Internet cafe or library, for example?

Re:Detriment caused (1)

Anonymous Coward | about a year ago | (#44070911)

Who's privacy was violated. No one is claiming Google looked at any of the data. It's like saying a girl was asking for it by wearing a short skirt when no one even touched her or looked at her. Ask for what? Nothing to happen.

Intent is very important in a legal system. I've yet to see one word of evidence that Google acted in bad faith. No-one can protect themselves from fully obeying every law, and having a legal system that recognizes that fact is a reality you're going to have to deal with.

Re:Detriment caused (1)

Anonymous Brave Guy (457657) | about a year ago | (#44071515)

Intent is very important in a legal system.

Yes it is, and that is why murder carries a mandatory life sentence while manslaughter has the widest sentencing discretion of any crime here. But manslaughter is still a crime.

We're talking about privacy and data protection in this case. Many data protection laws are set up as a deterrent, to discourage risking a big leak, because this is an issue where you can't necessarily just make things right after the fact. Hardly any organisation that has leaked lots of personal data in recent years intended to do so, but that doesn't excuse their negligence or help the people who suffered as a consequence.

No-one can protect themselves from fully obeying every law, and having a legal system that recognizes that fact is a reality you're going to have to deal with.

The thing that has many privacy campaigners so irritated is precisely that they clearly were acting in violation of the law. There is no doubt about this. They just aren't being punished for it, as long as they say sorry and pinkie-swear to never never ever do it again.

To a large corporation with a track record of pushing the boundaries of privacy in ways that do make a lot of people unhappy and do test the limits of the law, this is like telling a child who punched another child off for five seconds to keep the other child's parent happy, but then as soon as you're out of sight saying "Never mind, he probably deserved it" and giving them a lollipop.

Re:Detriment caused (1)

gnasher719 (869701) | about a year ago | (#44071833)

Intent is very important in a legal system. I've yet to see one word of evidence that Google acted in bad faith.

In UK law, what matters is not "intent to breach the law" but "intent to do what you did". From some reports, it seems that some engineer at Google had the great idea to add code that would gather a bit of data together with the locations and IDs of routers (that data didn't gather itself), and he _intentionally_ added the code. As we all know, it was a super stupid idea and frankly I cannot even try to follow his thought process. But the intent of an employee turns into intent of the company and Google is legally on the hook.

(There are specific laws where things are different, for example theft requires intent to deprive another / intent to enrich yourself, depending on the country; not just intent to take the item)

Re:Detriment caused (3, Insightful)

msauve (701917) | about a year ago | (#44070813)

"list of privacy invasions"

You do realize this was WiFi, so that the collected "private" data was being broadcast in the clear, right? There's a reasonable expectation of privacy if you bother to encrypt your WiFi, but running it wide open?

If you send radio signals off your property, they should be "fair game" for anyone who can receive them.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44070977)

I think you should read this:

https://en.wikipedia.org/wiki/Police_radio

it basically says that whilst such signals are fair game, you cannot act on their contents, so Google using them for commercial benefit is strictly prohibited under the Wireless Telegraphy Acts.

Re:Detriment caused (1)

msauve (701917) | about a year ago | (#44071239)

Seriously, I expect much better even from an AC. Pointing to an article about "Police radio," then extrapolating that to private communications and "commercial benefit?"

Are you claiming that if, after I see a TV advertisement for Coca-Cola, I'm a felon if I go out and buy a Coke?

The cited reference to "unauthorized reception" applies only to intent and disclosure of "contents, sender or addressee." Google's intent was to collect the locations of WiFi Access points, to improve their location services. They had no interest in who was sending what, and there's no indication that the collected data was ever disclosed.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44071329)

And you know this how?

Do you work for Google? The judge was right in this case, Google didn't have any right to the data.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44071361)

So then why didn't they simply delete the collected data if only the location was relevant?

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44071731)

Are you claiming that if, after I see a TV advertisement for Coca-Cola, I'm a felon if I go out and buy a Coke?

Why would that be a felony? Advertising is only broadcasted on public service frequencies, we're talking about frequencies that are usually reserved for personal use i.e unlicensed spectrum or other licensee signals.

The cited reference to "unauthorized reception" applies only to intent and disclosure of "contents, sender or addressee." Google's intent was to collect the locations of WiFi Access points,

It doesn't matter what Google's intentions were, the previous AC was right, Google shouldn't have been collecting anything further than the MAC addresses and the general locations, full stop.

Anything further was a breach of the law, as par this ruling.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44071883)

Why, exactly, did they need to collect all of the actual wireless network traffic, just to mark the location of a Wireless Access Point with a GPS coordinate?

If they had "no interest" in the data - why did they log it in the first place? You don't need to log and archive email traffic, web searches, porn sites, and other crap cited in order to say "WAP with SSID and characteristics x, y, z detected at GPS coords X, Y."

And also "no indication that the collected data was ever disclosed" is a piss-poor justification for somebody collecting whatever data they "think they might be able to get away with."

Stop making excuses for Google - they were wrong to collect & archive the data, and you're wrong to defend them.

Re: Detriment caused (0)

Anonymous Coward | about a year ago | (#44072653)

The obvious explanation is that they logged it in the first place because they used Kismet, which defaults to exactly the settings used (log entire unencrypted packets, log only envelope data from encrypted packets). Or it could be because they're so horribly evil they deliberately set it to the default settings...

Hanlon's razor, anyone?

Re: Detriment caused (0)

Anonymous Coward | about a year ago | (#44074809)

The obvious explanation is that they logged it in the first place because they used Kismet, which defaults to exactly the settings used.

Yep, and does Kismet automatically default to "save every scrap of data logged, forever, unless the government forces us to delete it under threat of criminal penalties?"

And does it magically create ample storage for all of the data gathered this way? Because I bet Google had to provision servers and storage and a whole lot of other components to support this effort - if they provisioned from the start to warehouse all this data, then they did it with full knowledge of the contents of the data they were collecting. If they had to scramble and provision multiple terabytes of extra space for warehousing - shouldn't that have clued somebody in that the program was logging and retaining way more stuff than they anticipated, and that they should probably take a look at how this "accidental" warehousing happened?

Hanlon's razor cuts both ways, champ. The BEST you can say about the situation is "they inadvertently collected the data, and then they deliberately chose to keep it around and present a big middle finger to the world, until a court forced them to delete the data under threat of criminal penalties." At some point, Google management became aware of the existence of this accidental warehousing of data. Even if they weren't aware of it from the start, they made a deliberate choice once it was brought to their attention.

Surprise - their deliberate choice was not "oh my gosh, we fucked up, delete that data immediately!"

Also: Hanlon's Razor may suggest mitigating circumstances for criminal and civil penalties -- but it does not exonerate. If you do something illegal because you're too stupid to know not to, that doesn't make what you've done legal.

Re:Detriment caused (1)

Anonymous Brave Guy (457657) | about a year ago | (#44071237)

You do realize this was WiFi, so that the collected "private" data was being broadcast in the clear, right?

What does "in the clear" mean? If you walked down the street, without the use of any artificial aids (a common standard for distinguishing public from private places), could you see what someone was doing online? No, of course you couldn't. You need to use tools to view the data.

There's a reasonable expectation of privacy if you bother to encrypt your WiFi, but running it wide open?

But what does encryption mean? There is currently no major WiFi standard that has not been compromised under at least some conditions, certainly in the context of a typical home network. Do you have a reasonable expectation of privacy because you were dumb enough to use WPA2 with only a 20 character pre-shared key?

My point is that there is no qualitative difference at all between these cases. People on forums like Slashdot tend to have some degree of technical knowledge, so they are quick to choose a standard of expertise that they are confident they have and assume everyone should meet the same standard or it's their own fault. In reality, it is highly likely that most of them are also vulnerable to something, and would be upset if someone invaded their privacy or otherwise took advantage of that vulnerability.

As I said, this is an argument a lot like saying if you left your door unlocked then you have no expectation of security. Maybe even if you used a lock, it wasn't designed to protect a bank vault and a skilled burglar could pick it and break in anyway. The basic premise is the same in each case: the burglar is still the guy in the wrong, not you as the victim.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44071817)

But what does encryption mean? There is currently no major WiFi standard that has not been compromised under at least some conditions, certainly in the context of a typical home network. Do you have a reasonable expectation of privacy because you were dumb enough to use WPA2 with only a 20 character pre-shared key?

The key here is still that you HAVE to make an effort to break through encrypted WiFi Access Points. Not the case with WiFi APs broadcasting in the clear with no encryption.

Re:Detriment caused (1)

PRMan (959735) | about a year ago | (#44072185)

You said it yourself. Any lock is the difference between trespassing and breaking and entering. It doesn't matter how poor the lock is, the lock signifies that the person expects privacy.

In the same way, if your WiFi is completely unlocked, you are signalling to the world that you don't care about privacy. If you put any lock on it (even easily-cracked WEP), you are saying "I expect privacy".

Re:Detriment caused (1)

Anonymous Brave Guy (457657) | about a year ago | (#44072883)

Quite often in the UK, the wireless network will have been set up by the engineer who enabled the ADSL or cable Internet line, using a wireless router provided by the ISP. It's entirely possible that the homeowner doesn't even understand that there are different levels of security for wireless networks or know which level theirs was configured to use, any more than they understand the intricacies of HTTP just because they use Facebook. The argument that several posters here are making that running WiFi in the clear somehow implies consent for anyone else to monitor the network's traffic is based on the premise that the people operating the network made some sort of informed choice to that effect, which is plainly not always the case.

To continue with the door lock analogy, if you buy a new house, you shouldn't need to become a home security expert to make sure everything is properly secured. You expect that the professionals who built the house put locks that work where you need locks that work. If they didn't, and someone "breaks" in and steals your stuff, it's still not your fault just because you bought a house and lived in it.

Re:Detriment caused (3, Insightful)

Qwavel (733416) | about a year ago | (#44070861)

No, it said that they weren't fined for this latest chapter (the failure to delete). They have been forced to pay enumerable fines and settle even more class action lawsuits. When you break the law in almost every country in the world, you pay, so people should stop pretending that they just got a slap on the wrist.

You have grabbed the most sensational clips you could find (the data involved was random, so yes, it included anything you can think of), that is actually about a different chapter of this saga (this is about the failure to delete).

Most importantly, you left out the part that distinguishes this from other privacy invasions. None of that data was ever made public. No one has ever established that Google even intended to collect the data. No one has even come up with a plausible use for these random chunks of data. I've seen it written that Google themselves blew the whistle on this issue, but I don't know that for a fact myself (the origins of its discovery are missing details).

So, really you are just muck-raking, and in a rather misleading way.

Re:Detriment caused (2)

msauve (701917) | about a year ago | (#44071005)

I suspect that Google was simply working to enhance their location services by mapping Access Point MAC addresses to GPS locations. The simple way to do that is to drive around, collecting and location stamping packets, then process that data later. Nothing nefarious involved, and Google was upfront when they realized that some people were too stupid to set up encryption (or simply didn't care about their privacy). If they'd set up a pcap which grabbed only the headers, there would have been no issue.

Re:Detriment caused (1)

gnasher719 (869701) | about a year ago | (#44071873)

I suspect that Google was simply working to enhance their location services by mapping Access Point MAC addresses to GPS locations. The simple way to do that is to drive around, collecting and location stamping packets, then process that data later. Nothing nefarious involved, and Google was upfront when they realized that some people were too stupid to set up encryption (or simply didn't care about their privacy). If they'd set up a pcap which grabbed only the headers, there would have been no issue.

That is not what happened. What they needed was MAC addresses and GPS locations, or better yet MAC addresses + GPS locations + signal strengths. Code to record packet data was _intentionally_ added by a Google engineer who thought it was a good idea (which it wasn't); all the data that Google collected was absolutely not needed for their purposes.

Re:Detriment caused (1)

swillden (191260) | about a year ago | (#44074799)

Code to record packet data was _intentionally_ added by a Google engineer

Cite?

Re:Detriment caused (1)

Anonymous Brave Guy (457657) | about a year ago | (#44071399)

They have been forced to pay enumerable fines and settle even more class action lawsuits.

From your reference to class actions, I guess you're in the US, so perhaps you can clarify. Was it the $7M penalty (approximately 1 hour of revenues) they had to pay because of the original 2+ year systematic privacy invasion you meant, or the $25K penalty (approximately 13 seconds of revenues) they had to pay for obstructing the resulting investigation?

You have grabbed the most sensational clips you could find

I was citing a reputable news source. And since as you say the data was probably somewhat random, you know very well that much more damaging things could have been included in some cases.

Most importantly, you left out the part that distinguishes this from other privacy invasions. None of that data was ever made public.

Well that's OK, then. It's not as if large organisations have ever either abused large databases for their own purposes or accidentally and/or deliberately leaked the contents of those databases later. In fact, we might as well fire all the privacy watchdogs and rescind all the data protection laws, because they weren't really introduced for any reason at all.

No one has ever established that Google even intended to collect the data.

And yet, possibly the most advanced data processing organisation in the world systematically drove vehicles around people's homes and workplaces for more than two years, and those vehicles were equipped to receive and record the information, and they were running software that did so.

If you're in a position to store and process personal data then you are subject to the same data protection laws as everyone else. Ignorance is not a defence, particularly for an organisation with a small army of lawyers on retainer that is doing something that is obviously controversial. And doing something negligently may not be as bad as doing it deliberately, but you can still be liable for the consequences.

Re:Detriment caused (1)

Qwavel (733416) | about a year ago | (#44071941)

So you want to convict Google for the stuff that other companies do with private data. I was talking about what Google actual did, not extrapolating from them having the data, and then mixing in what other companies have done with other personal data. That's a remarkable stretch (I refer your 3rd response).

And if you think that what Google did (in your 4th response) was so terrible, you had better break out the tin-foil hat: lots of companies do this. Heck, tons of hobbyists used to do it. Nokia pays courier companies to do it.

I"m not in the U.S. (Canada), and no, I do not have a list, but remember the reports of all the class action lawsuits when this story first got momentum. My point on the others is that you are (again) misrepresenting the penalties. Those settlements you describe are not THE penalty. They are individual settles (the $7m was with a group of US states) in a situation where they were charged in most countries of the world.

As for your final point, that Google should be subject to data protection laws, break those laws. I agree completely and am glad to see them pay for it. But misinformation and sensationalizing of the details of any such case are not helpful.

Re:Detriment caused (1)

Anonymous Brave Guy (457657) | about a year ago | (#44072743)

So you want to convict Google for the stuff that other companies do with private data.

No, I want to see them meaningfully penalised for breaking data protection and privacy laws literally on a global scale [epic.org] .

My point on the others is that you are (again) misrepresenting the penalties. Those settlements you describe are not THE penalty. They are individual settles (the $7m was with a group of US states) in a situation where they were charged in most countries of the world.

The $7M was a settlement with most of the states in the US (38, plus the District of Columbia) and to my knowledge it is (by at least an order of magnitude) the largest financial penalty they have had imposed anywhere in the world for any activity related to the Street View functionality. In real terms, more than two years of illegal behaviour -- and behaviour that was rather offensive in some cultures, such as raising their cameras above normal wall/fence height in Japan for example -- has done them no real damage at all.

But misinformation and sensationalizing of the details of any such case are not helpful.

If you're going to accuse me of misinformation, perhaps you'd have the courtesy to cite anything I've said in this entire Slashdot discussion that is objectively untrue. You're accusing me of sensationalizing, but my arguments are based on verifiable facts.

Re:Detriment caused (1)

Solandri (704621) | about a year ago | (#44072643)

I've seen it written that Google themselves blew the whistle on this issue, but I don't know that for a fact myself (the origins of its discovery are missing details).

Sort of. It went down like this:

Random conspiracy theorists to the EU: Google is eavesdropping on wifi communications while driving around taking Street View pics!
Google: We are not eavesdropping.
EU: Hmm, are you sure you're not eavesdropping?
Google: We're not. See, we can prove it.
Google: ...
Google: Ok, we checked our records and it turns out we did eavesdrop on wifi communications. But it was accidental!
EU: I'm investigating.
US: Me too!

It was a request from German regulators which got Google to do its initial internal investigation [blogspot.com] . But following that investigation Google self-reported that it had violated EU law, instead of trying to cover it up. That's largely why I don't have a problem with these no-fine or small-fine "don't do it again" judgments against Google. It's not like other violations where the company claims all along that it did nothing wrong. Google already admitted they screwed up; they're just saying that it was an accidental screw-up not an intentionally malicious one.

c.f. Apple which basically did the same thing to build their wifi map database - pulled location and wifi data off of iPhones without notifying iPhone owners. But they just denied everything (the only way you know they did this was because they soon dropped their licensing contract with their wifi map provider [f-secure.com] ), attributing it to an erroneous configuration setting. And pretty much got away with it because they didn't willingly provide regulators with evidence to make a case of it as Google has done.

While you don't want the type of mistake Google made to go unpunished, you also don't want the punishment to be so harsh as to create a big incentive for companies to cover this sort of stuff up in the future. It's easier for everyone if they self-report this stuff.

Re:Detriment caused (0)

Anonymous Coward | about a year ago | (#44070867)

...if that list of privacy invasions is not sufficient to merit even a token fine from a privacy watchdog, I'm not sure what is.

Here in the UK, our government is so hopeless it can't even get Google to pay a reasonable amount of tax, let alone something punitive.

Dat logic (0)

Anonymous Coward | about a year ago | (#44070719)

The UK... that supports what the US is doing and doesn't support Snowden... is bashing Google for wifi data?

So unfair (-1)

Anonymous Coward | about a year ago | (#44070757)

Of course they dodged the fines. They have the money and the clout to avoid just about anything. If you or I did something like this, we would be finsihed. We have become slaves to the fascist-corporate masters.

Re:So unfair (5, Informative)

Saethan (2725367) | about a year ago | (#44070805)

Hate to break it to you, but lots of people do this. Just go wardriving [wikipedia.org] with a packet analyzer [wikipedia.org] .

Re:So unfair (1, Interesting)

EasyTarget (43516) | about a year ago | (#44071801)

Shhhhh... Googles competitors and their pet nutters are here in force, you might make them upset by pointing out that their neighbours kid has the ability to monitor their wifi permanently (instead of for a few seconds on a couple of random occasions).

Meanwhile, since I'm not american, that bunch or right-wing loons and sociopaths they laughingly call a Government is systematically and far, far, more comprehensively spying on everything I do.

Interesting to see the BBC arse-licking their cause by trying to deflect peoples anger from the worst offenders to the least.

Re:So unfair (1)

gnasher719 (869701) | about a year ago | (#44071927)

Shhhhh... Googles competitors and their pet nutters are here in force,

I expected no less than your comment on Slashdot. What you are doing here is called an ad hominem attack, which is generally considered the vilest method to try to get the upper hand in a discussion, by attacking everyone having a different opinion than yours. Usually fails.

Re:So unfair (1)

Anonymous Brave Guy (457657) | about a year ago | (#44074225)

Hate to break it to you, but lots of people do this. Just go wardriving

And in the UK, there have been arrests and even the occasional fine as a result of doing that.

google delete data? (0)

Anonymous Coward | about a year ago | (#44070793)

hahahahhah ya right. they never do or will.

So the NSA has this data now too? (1, Informative)

Anonymous Coward | about a year ago | (#44070811)

... despite the very CAREFULLY worded denials that NSA has 'cooperative' access to Google data.

Re:So the NSA has this data now too? (1)

Bryan Bytehead (9631) | about a year ago | (#44074945)

Yep. Exactly what I was thinking of saying.

Horse shit (2, Insightful)

fnj (64210) | about a year ago | (#44070827)

So people are running UNSECURED wi-fi? That's fine, I personally don't see anything wrong with that so far.

And people are concerned and upset that their wi-fi is noted in a database? I can see why they might be ... however ...

But the same person is running UNSECURED wi-fi AND at the same time is concerned and upset that their wi-fi is noted in a database? That's horse shit. That is real stupidity.

Re:Horse shit (0)

Anonymous Coward | about a year ago | (#44071247)

I disagree.

Just because I'm running an open wifi doesn't give a company the legal right to collect and catalog the information traversing it.
Just because you _can_ take something doesn't mean it is legal to do so.

 

Re:Horse shit (1)

dpidcoe (2606549) | about a year ago | (#44071569)

I don't think he's arguing that that makes it ok, he's arguing that the subset of people who are technologically impaired to the point that they can't encrypt their wifi (most routers have a button on the front that does it in one step for crying out loud) aren't tech savvy enough to know/understand/care that their unsecured wifi is in a database.

Re:Horse shit (1)

MozeeToby (1163751) | about a year ago | (#44073709)

If you're running an open WiFi you are standing on the porch with a bullhorn yelling your personal information. I don't see how you can reasonably be upset about someone walking by with a notepad and writing down what you're saying.

Re:Horse shit (1)

interkin3tic (1469267) | about a year ago | (#44073605)

Hey now, look at it from their perspective. There's a magic computer box and a magic internet box which talk to each other through magic. Google is a wizard that seems to have the answer to any question they ask of it. But sometimes, the wizard is an asshole. Why can't it find that picture of that cat my friend sent me the other day? IT'S ON THE INTERNET! So Google wizard is evil. AND NOW google wizard appears to be STEALING magic from one or both of their magic boxes. What would you do in that situation?

(I never said it was a good perspective.)

Enforcement? (1)

Anon, Not Coward D (2797805) | about a year ago | (#44070839)

I'm a bit curious.... how can they tell if google really deleted the data?

We'll destroy your data for you... (1)

CheckeredFlag (950001) | about a year ago | (#44070913)

Eric,

Just send us your hard drives, we'll gladly save you the trouble of thoroughly deleting your data at no charge!

Regards,

Keith B. Alexander
National Security Agency Director

Deleted (0)

Anonymous Coward | about a year ago | (#44070943)

SET deleted=true

Done.

Data cannot be totally destroyed! (0)

Anonymous Coward | about a year ago | (#44070955)

Data cannot be totally destroyed, so Google have been ordered to do something they cannot possibly achieve.

Unless they happen to have a Black Hole [wikipedia.org] handy.

That'll Learn 'Em (1)

FuzzNugget (2840687) | about a year ago | (#44070959)

Only the government is allowed to invade your privacy.

Re:That'll Learn 'Em (1)

EasyTarget (43516) | about a year ago | (#44071667)

My thoughts exactly. I'm sure there has been something in the news about this recently. But in that case the BBC almost totally failed to mention it.. I wonder why?

I'll bet that... (1)

cjjjer (530715) | about a year ago | (#44071117)

Google would have rather paid a fine and been able to keep the data me thinks. Maybe that is how we punish Google for being evil, make them delete the data...

Re:I'll bet that... (1)

xaxa (988988) | about a year ago | (#44072257)

Google would have rather paid a fine and been able to keep the data me thinks. Maybe that is how we punish Google for being evil, make them delete the data...

They are not supposed to keep the data, fine or not.

If they don't delete the data this time, the summary says they will be held in contempt of court. That's bad.

Re:I'll bet that... (1)

close_wait (697035) | about a year ago | (#44072377)

Google never wanted the data. They would have deleted it immediately when they discovered that bits of random traffic data had been logged along with the SSIDs (which was the bit they were after), except that would have been regarded as destroying evidence. So instead they notified all the relevant authorities and waited for permission and/or orders to delete the data.

Re:I'll bet that... (0)

Anonymous Coward | about a year ago | (#44072495)

It takes much more effort in code and storage space to capture data packets rather than capturing SSIDs. It would have been extremely incompetent for them to "mistakenly" capture that data. They absolutely wanted it.

One more thing... (1)

Culture20 (968837) | about a year ago | (#44071285)

The government also needs access to all your computers in perpetuity to make sure it stays deleted.

What is everyone worked up about? (0)

Anonymous Coward | about a year ago | (#44071735)

Don't get me wrong, Google should most definitely not be doing this. However, why is everyone so outraged about it? If you used WPA, like all routers come with, they would not be able to view or access your data at all. And if you leave your WiFi unprotected, anybody can use it, not just Google. You would have much more to fear from the guy taking his daily morning walk than a van that comes once. Besides, WPA is really easy to setup, most routers come with it on.

Dont worry, they have a backup (1)

edrawr (1572199) | about a year ago | (#44071919)

I am fairly confident that the NSA has been keeping a copy for them.

Is what they did really wrong? (0)

Anonymous Coward | about a year ago | (#44072077)

Am I the only one that thinks that what Google did wasn't wrong?

All Google did was log data that was broadcast in the open on public frequencies. Any time anyone uses an unsecured wifi connection, they can be eavesdropped on unless they are otherwise using a secure data stream (HTTPS will do). Someone not securing their wireless signals should expect to be observed in that transmission. It's so easy to do that Google managed to do it accidentally!

There are likely lots of people/organizations that are doing exactly that for less-than-benign reasons. You never hear about it because they keep quiet about it. If Google hadn't said anything, nobody would have ever known, but because they did it has gotten significantly more attention just how easy it is to spy on an unsecured wifi network, encouraging people to enable encryption. In other words, good has come of it.

I don't think Google did anything wrong in this. They certainly shouldn't be vilified for it.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?