Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK Regulator Did Not Check Google Privacy Claims

samzenpus posted about a year ago | from the taking-their-word-for-it dept.

Google 56

judgecorp writes "When Google gathered personal Wi-Fi data through its Street View cars, the UK privacy watchdog, the ICO did not press charges, saying that Google had "contained" the data in "quarantined cages". It has now been revealed that the ICO never checked this assertion. It just took Google's word for it, and never visited Google to try and check on whether the data actually was contained. From TechWeekEurope's correspondence with the ICO it seems that the regulator had a team of three looking into the Google Wi-Fi data scandal. Seeing that it was impossible to check Google's claims in depth, the ICO decided to just take Google's word it had done what it claimed."

cancel ×

56 comments

Sorry! There are no comments related to the filter you selected.

You get what you pay for. (4, Informative)

auric_dude (610172) | about a year ago | (#44341703)

Re:You get what you pay for. (0)

Anonymous Coward | about a year ago | (#44341803)

We wouldn't expect anything more from politicians. I'm sure they're not happy they actually have to get out of bed in the morning on the days they do show up for work.

Re:You get what you pay for. (0)

Anonymous Coward | about a year ago | (#44342823)

To be fair, would the regulator even know what to look for? It would be insanely easy to hide data like that in plain sight.

Re:You get what you pay for. (0)

Anonymous Coward | about a year ago | (#44344523)

Random audits would find stuff. A guy rocks up, an expert with years of experience in the field. All his paperwork checks out. He wants to know what that is? Who has access to this thing? Where do those go? What prevents that happening? You, what did you just do? That button is labelled "download", what happens if you push it? OK, who makes sure of that? Oh you have a written procedure? I want to see that. Do you do what the procedure says? How if you can't find it when I ask? This step 8 says you do X, but I watched you do Y earlier. Why's that?

This stuff HAS to be random and it HAS to be a surprise, or it will be subverted.

But somebody has to pay for the random audits. And there is no political will. There's no political will to randomly audit our FOOD CHAIN, let alone what companies like Google do with their data.

Re:You get what you pay for. (0)

Anonymous Coward | about a year ago | (#44344565)

BTW _Some_ things are randomly audited. Some industries learned this lesson. If you drive a train in the UK, sometimes when you're done for the day you find, to your surprise, that a guy who doesn't drive trains is there to meet you. He has keys to the black box that watches everything you do, every button pushed, everywhere the train goes, everything that could be seen by the cameras inside and outside the train. You haven't had an accident. Not today. But today is random audit day, and everything you did will be analysed.

So when you drive a train in the UK you stick to the speed limit. You obey the signals. You wait until you're really satisfied things are OK before you move off. You follow the radio procedure and you read things back. Because sometimes at random what you did will be audited, and if you got anything wrong they're going to tell you precisely what it is. No arguing because it's right there in the recording. Here's you, at the corner, the 75mph sign is right there on the video, and you're doing 80mph. That's 5mph too fast. Don't do that.

Re:You get what you pay for. (1)

UpnAtom (551727) | about a year ago | (#44345729)

Spot on. Blair deliberately underfunded ICO as it was a bit of an obstacle in his attempted creation of a New World Order.

The current lot came in with a 12pc deficit to narrow and no great desire to be held to account either.

Damn guys (3, Funny)

Anonymous Coward | about a year ago | (#44341725)

That's downright Canadian.

Re:Damn guys (1)

Mashiki (184564) | about a year ago | (#44344195)

Yeah...it actually is. See the cases of the CRTC vs Rogers and Bell. And doing things like throttling connections, or happily bending over backwards for Usage Based Billing(UBB) against TPIA's(third party internet providers.)

What a great idea! (-1)

Anonymous Coward | about a year ago | (#44341791)

Google just has to say there's no problems, and I'll feel much better about Google Glass! If I wonder if that might be a conflict of interest, they can even just tell me it isn't, and I'll be fine with that.

UK govt can't win no matter what they do (1)

Anonymous Coward | about a year ago | (#44341805)

Google are smart enough now to know how to give the UK government a hard time if they give them a hard time.

I don't like where things seem to be heading... (0)

fred911 (83970) | about a year ago | (#44341855)

with Google's G+ forced migration, but I can't think of anything they have lied about and they have basically always told me what they would do when I opted to use their services. And I don't know of any blatant misrepresentation they have ever made. What other top tier company can this be said about?

Re:I don't like where things seem to be heading... (1)

DFurno2003 (739807) | about a year ago | (#44341911)

This is the reason I use Gmail and other Google services.

Re:I don't like where things seem to be heading... (0)

Anonymous Coward | about a year ago | (#44342243)

G+ forced is the reason I don't use Gmail or Google services.

Re:I don't like where things seem to be heading... (1)

Anonymous Coward | about a year ago | (#44341979)

The problem isn't what they tell you, it's what they don't tell you - or rather the details behind the "terms of use" that you agree to.

Who are all of Google's partners with whom it shares its data? And what relationship do they have with other entities?

If Google considered the NSA as one of its partners with whom it shares data, where does that leave you now? Or what if one of said companies is a proxy for dealing with the FBI, CIA, NSA, etc?

Ask yourself this question: do you fully understand the implications of giving your data to Google and letting them do with it what they will? Do you know in detail how it is used, where it goes, who sees it, etc?

Because until you can properly answer those last two questions, whilst they may not be misrepresenting what they do they are not presenting the information about what they do do in a manner that lay people can understand.

Re:I don't like where things seem to be heading... (0)

Anonymous Coward | about a year ago | (#44342587)

The problem isn't what they tell you, it's what they don't tell you - or rather the details behind the "terms of use" that you agree to.

Who are all of Google's partners with whom it shares its data? And what relationship do they have with other entities?

If Google considered the NSA as one of its partners with whom it shares data, where does that leave you now? Or what if one of said companies is a proxy for dealing with the FBI, CIA, NSA, etc?

Ask yourself this question: do you fully understand the implications of giving your data to Google and letting them do with it what they will? Do you know in detail how it is used, where it goes, who sees it, etc?

Of course I can't tell how the data is used but I don't see what that has to do with the "terms of use".
They can write what the fuck the want in the terms of use, they are still not allowed to share the data with FBI, CIA or NSA according to the laws of my country.
This goes way beyond the terms of use or corporate shadyness. It is clearly a criminal act. The problem is that it isn't punished.

Re:I don't like where things seem to be heading... (0)

Anonymous Coward | about a year ago | (#44342003)

Almost every state has laws against electronic eavesdropping. Google is guilty, they admitted it. It could even fall under the typically state laws that forbid stealing services, from cable, electricity, to Internet connectivity. Fuck Google.

Re:I don't like where things seem to be heading... (1)

drinkypoo (153816) | about a year ago | (#44342427)

Almost every state has laws against electronic eavesdropping.

The problem is that states are vulnerable to attacks from the federal government, which has taken on excessive powers for itself. This particular attack involves being threatened with federal PMITAP if you expose the fact that you're ordered to violate the constitution, and the states are powerless to protect you even on the assumption that they would do so.

I doubt you understood what that did (2, Insightful)

Anonymous Coward | about a year ago | (#44342035)

Did you understand what that change of privacy actually did?

You visit a site, it has Doubleclick on it, Google sets a tracking cookie and profiles your browser, and notes the IP. Maybe it has use Google analytics, so analytics does the same. Maybe you visit a Google Gmail account, so Gmail does the same, maybe you use Maps with 'maps can access my position' on and Maps does the same plus it gets your GPS location . Maybe you use an Android device with the Google pack, lots of lovely data on you heads off the Google. Youtube? Recording everything you do.

You have maps permission to have your location, so you gave Doubleclick the same, Youtube the same.

By 'simplifying' the privacy policy, they actually gave themselves permission to link all that data together. So you might visit Youtube and it has double click and both profiles are generated, then you visit another site that has only analytics, but you've been profiled and that data is in the bundle.
Where you are, who you email, when you go places, what you search for, what videos you watched.

I find their privacy control panel to be downright misleading. It contains only the data you gave, not the data derived for your interactions with Google. They might pretend they can't identify you, but that's simply disingenuous.

You visit gmail, and it has your Google account, adsense sets a cookies, you visit slashdot and adsense can grab that cookies. Yet they don't report 'you read Slashdot article about UK regulator'! They have it, they tracked it, yet they don't quote it as information they have on you. Even with cookies blocked, the browser profile is more than enough to track you.

Google really are the Obama of search. It's the same oppressive lying s**t as Bush, only with a smiley face and more apologies. More apologies, more promises, but ultimately the nastiest data mining machine on the Internet.

(Well, except for the NSA, but that goes without saying. 800,000 people tracked, means a few thousand slashdot readers are one the list so watch what you say)

Re:I don't like where things seem to be heading... (0)

BasilBrush (643681) | about a year ago | (#44343819)

What? Google is the last company I'd trust to be honest with me. They stored every search term I put into the Google search box for years without telling me.

Push Email Bait-And-Switch! (0)

Anonymous Coward | about a year ago | (#44347897)

Well they did a textbook bait-and-switch with their removal of Exchange Activesync. Using that to get all the iPhone (and other non-Android) users to use GMail and then once everybody was entrenched in usage of GMail they removed the ability to do push through activesync and demanded you pay them monthly rent for the feature, use their email application only or switch to their platform (Android).

Only the most blatant Google fanboy apologist would argue that that is ok.

trusting self-reporting (0)

Anonymous Coward | about a year ago | (#44341891)

Many oversight agencies work this way to a large degree (even the FAA and FDA in the U.S.), but they make it a really bad idea to get caught cheating. How else could it work?

This is more damning for the regulator than Google (0)

Anonymous Coward | about a year ago | (#44341907)

Google came into this situation saying that they were going to delete the data, but it was these regulators that forced them to keep it around so they could "examine" it (most likely for spying purposes, I'd guess).

Be fair. (0)

Anonymous Coward | about a year ago | (#44341917)

They're practically unfunded, so of course they can't check, that would cost more than they can afford.

The problem being that such offices can only discover companies doing it wrong, and they would do it wrong either because they're incompetent (in which case, the news would damage their profits), malicious (ditto) or cutting costs (in which case, having to start doing it will cut into profits, again).

Therefore they do not want any regulators poking around in "their" business.

Hence they lobby a very compliant political class into paying lip service (and often not even that) to such regulations.

Re:Be fair. (0)

Anonymous Coward | about a year ago | (#44342983)

They're practically unfunded, so of course they can't check, that would cost more than they can afford.

While I agree that they are underfunded, I don't see how any amount of money would allow them to prove that a copy of some data does not exist somewhere within Google.

Suppose they took every disk in every google data center, office, storage closet, etc, in every country Google operates in, made Google to hand over all keys to all encrypted data, and paid an army of programmers to deconstruct the formats google uses for internal tools. They could not prove some employee somewhere didn't put some data on a flash drive. If Google was guilty and trying to hide it, they could trivially do so by failing to turn over a few disks. If Google is innocent, and the audit finds nothing, the conspiracy nuts will still assume they are guilty.

The only realistic way to catch a company holding data it should not have is to enable wistleblowers.

Not the ICO's first goof (1)

Anonymous Coward | about a year ago | (#44341947)

Various schools in the country were rolling out fingerprint readers to replace cash to pay for school meals. This itself is questionable, but it gets worse: When parents objected, the ICO said, I kid you not, that the parents had no say because it was "a matter between the pupils and the school". So much for parents having parental oversight over their children.

This theme oozes through the UK government (like how every internet connection will have a porn filter on it by default, unless you admit to being a pervy pervert and turn it off please, here's my full identity to prove I'm not a child, sir please sir), but that the privacy watchdog doesn't understand how this sort of thing works and thinks nothing of announcing this to the world is a clear indication that not only is the system broken, so are its checks and balances, and it also clearly cannot fix itself.

So that they believe googles word on their trustworthy jolly faces alone doesn't really surprise. Depresses, saddens, and so on, yes. Surprises, no.

Re:Not the ICO's first goof (1)

davester666 (731373) | about a year ago | (#44343221)

Only the USA is permitted to have broken checks and balances. We must invade the UK!

Re:Not the ICO's first goof (1)

GrumpySteen (1250194) | about a year ago | (#44353477)

And then we'll balance their checks!

Because we've done such a swell job with our own bookkeeping!

The ICO have a point... (3, Insightful)

tonywestonuk (261622) | about a year ago | (#44341985)

"Seeing that it was impossible to check Google's claims in depth, the ICO decided to just take Google's word it had done what it claimed."

Well, yeh. It only take a memory stick full of WIFI data to be stuck in the back of a draw, or in someone's pocket. What's the ICO gonna do? Strip search all employees?

Googles word for it, is the best they can do.

Re:The ICO have a point... (0)

Anonymous Coward | about a year ago | (#44342019)

As a practical matter this would've been impossible for the ICO to verify, because digital data can be freely copied unlike, let's say industrial waste.

I suppose they could've asked to interview engineers who were responsible and gotten signed statements. That's about all.

Re:The ICO have a point... (1)

hawguy (1600213) | about a year ago | (#44342393)

"Seeing that it was impossible to check Google's claims in depth, the ICO decided to just take Google's word it had done what it claimed."

Well, yeh. It only take a memory stick full of WIFI data to be stuck in the back of a draw, or in someone's pocket. What's the ICO gonna do? Strip search all employees?

Googles word for it, is the best they can do.

Yeah, I really don't understand what other choice they had. Even if they did a site visit and someone pointed to a hard drive locked in a safe and said "Here's the data, locked up securely, Sergey is the only one with the key to the safe and he wears it around his neck", what is the ICO supposed to do? Audit every single storage device Google owns to see if there's another copy of the data somewhere?

It's not even clear what they mean by "quarantined cages", are they talking about physical cages, or some logical storage segment with additional access controls?

Re:The ICO have a point... (0)

Anonymous Coward | about a year ago | (#44343307)

The could, I suppose, use Google's search engine to search for some data that ought to have been destroyed,
Not a perfect solution, but ...

Re:The ICO have a point... (-1, Offtopic)

BasilBrush (643681) | about a year ago | (#44343865)

It's not even clear what they mean by "quarantined cages", are they talking about physical cages, or some logical storage segment with additional access controls?

It's a fiction. So does it really matter?

Re:The ICO have a point... (0)

Anonymous Coward | about a year ago | (#44348581)

Yeah, I really don't understand what other choice they had. Even if they did a site visit and someone pointed to a hard drive locked in a safe and said "Here's the data, locked up securely, Sergey is the only one with the key to the safe and he wears it around his neck", what is the ICO supposed to do? Audit every single storage device Google owns to see if there's another copy of the data somewhere?

Or, you know, get them to sign enough legal documents that every one of them will face serious jail time if they are lying through their teeth.

Sometimes you have to trust people but that doesn't mean that you have to give them so much slack that you can't get to them if they abuse that trust.

Re:The ICO have a point... (0)

Anonymous Coward | about a year ago | (#44343481)

to be stuck in the back of a draw

a "draw"? You know that's not the word, right?

Re:The ICO have a point... (-1, Flamebait)

BasilBrush (643681) | about a year ago | (#44343841)

Due diligence does not require exploring every possibility. But it requires more than taking the perpetrator's word for it.

Re:The ICO have a point... (0)

Anonymous Coward | about a year ago | (#44350037)

Due diligence does not require exploring every possibility. But it requires more than taking the perpetrator's word for it.

This got modded Flamebait?! Seems like Google fanbois are out in force to defend their idol.

Not they don't. See inside posting why (1)

dutchwhizzman (817898) | about a year ago | (#44345203)

Since it was already clear that Google committed a grave felony, it was up to Google to prove beyond a doubt that they deleted all data. If Google was not able to do that, they should have been fined a large sum of money for every day they would remain unable to submit proof. It may cost Google millions to prove it, but hey, that's the risk they took and they will have to pay to make things right again.

Google was already proven guilty. It was no longer the legal burden of the ICO to prove anything. It was and is Googles legal burden to prove they have now deleted all data and the ICO failed to have them actually submit irrefutable proof. This makes the ICO lacking and they should make Google submit proof now, even if it's been two years.

Apart from that, the people in the lead at the ICO should be held accountable for this failure and made an example of.

Re:Not they don't. See inside posting why (0)

Anonymous Coward | about a year ago | (#44346203)

You think you said something smart, but it was actually exceedingly stupid.

What do you imagine such a proof to look like, pray tell? Do words "proving the negative" sound familiar?

Even if they did provide all the copies of all the data they have in all their data centers to check there are no remaining copies of that data, how about you prove you didn't receive the copy of that data from Google, eh?

I mean, someone from Google might have just copied it and gave it to you - and of course you will deny it. I demand your arrest and progressive fines until you prove Larry Page didn't give those hard drives to you.

Re:The ICO have a point... (1)

AmiMoJo (196126) | about a year ago | (#44347973)

They could demand that Google employs an external data destruction specialist to audit their work. They could fine them for not keeping control of the data if it turns out someone could have copied it onto a memory stick.

Re:The ICO have a point... (0)

Anonymous Coward | about a year ago | (#44348189)

Mod parent up!

Re:The ICO have a point... (0)

Anonymous Coward | about a year ago | (#44348731)

*an external ESP specialist to audit their work

The real question is not whether they did run rm or not, it's whether they ran cp or not before that.

This "specialist" can watch a hard drive containing this data passing through a shredder, but to know this is not a copy prepared specially for him, he'd have to audit everything and everyone - IOW, back to square one.

Re:The ICO have a point... (0)

Anonymous Coward | about a year ago | (#44354883)

drawER

I believe them on there word. (0)

Anonymous Coward | about a year ago | (#44341987)

I believe them on there word. Apart from some minor slip-ups they don't do evil, and when they do, they are as open as possible about it. Even when the law prevents them from telling the truth, they have not resorted to lying about it.

That in sharp contract with many politicians and government agencies, that pressed everyone to believe them on there word, and have been found to be doing exactly the opposite for almost everything the ever talked about.

"contained" the data in "quarantined cages" (0)

Anonymous Coward | about a year ago | (#44342177)

at the end of "series of" big fat "tubes", I bet

Wads of Cash exchanged (1)

Virtucon (127420) | about a year ago | (#44342519)

This is one of those things that makes you wonder why governments regulate at all? They pass a law, set up a shill bureaucratic organization to monitor things and then allow those entities being regulated to "self report" or the folks assigned never really do their jobs. Eventually something happens, oh say like something innocuous like bundling home mortgages into securities and the next thing you know the economy is on the skids because the securities were insured by other parties and then you have a huge economic crash. A crisis ensues and shakes the foundations of the whole financial system. Everybody loses confidence and their jobs. Leaders asked where all the Trillians in equity went and everybody shrugs their shoulders and says "I dunno, ask him" pointing back to the regulators who say "We didn't have the tools nor the resources to monitor this properly."

Re:Wads of Cash exchanged (-1)

BasilBrush (643681) | about a year ago | (#44343881)

The answer to failed or insufficient regulation is not to stop regulating completely. It's to regulate better.

Re:Wads of Cash exchanged (1)

Virtucon (127420) | about a year ago | (#44344003)

In the end, cut out the middle man and have anarchy reign then you know what the rules are.

Re:Wads of Cash exchanged (-1, Flamebait)

BasilBrush (643681) | about a year ago | (#44344095)

Knowing the rules (or rather the lack of them) won't help you when only the oligarchs and the warlords have a decent life. Anarchy is survival of the most ruthless.

Re:Wads of Cash exchanged (1)

Virtucon (127420) | about a year ago | (#44344205)

So you do know the rules then. LOL

Re:Wads of Cash exchanged (-1, Troll)

BasilBrush (643681) | about a year ago | (#44344339)

I know that imperfect as this system and any other is, it beats the fuck-you-buddy world of anarchy.

Re:Wads of Cash exchanged (1)

Virtucon (127420) | about a year ago | (#44346149)

I dunno, a piece of steel pipe can do wonders for your physical and emotional help better than a gym or a therapist.

Yuo faIl 1t (-1)

Anonymous Coward | about a year ago | (#44343157)

YES! Due t0 the troubles

How? (0)

Anonymous Coward | about a year ago | (#44343503)

How exactly might they be expected to check whether the data was contained? Were they supposed to poke through all of Google's data? Or just show up and ask a different set of Google employees to repeat the company's story to them? Neither of those methods seems like it would be particularly effective.

Driveby Password Downloads Wardriving for Fun (0)

Anonymous Coward | about a year ago | (#44345753)

Seeing that it was impossible to check #@@%^&'s claims in depth, the ICO decided to just take @**%#&'s word it had done what it claimed.

Its cheaper to trust what can't be trusted now adays? That certainly is understandable.

Privacy in UK?! Is this some kind of joke? (1)

fufufang (2603203) | about a year ago | (#44346823)

UK is a leading country for CCTV camera ownership. GCHQ had been spying on citizens using data from NSA's PRISM program. I really wonder why they even bother with creating ICO. It is just bureaucracy.

I really don't get it (1)

Site Administrator (2944749) | about a year ago | (#44350457)

What's the big deal? They collected random Wi-Fi data. Obviously the data they collected was from open Wi-Fi access points. If you leave an access point open, that's an invitation to connect. If that I'd illegal, then the law is unrealistic and needs to be modified. Further, the traffic they collected was little bits of random stuff from lots of different places. Maybe they got 100 packets from your router - and then? What? Nothing, that's what. Your packets should be encrypted by ssl or similar if you don't want people to be reading them anyway. Even if you use wap on your Wi-Fi, the unencrypted traffic goes across the internet anyway! Jeez
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>