Google Relents, Will Hand Over European Wi-Fi Data 214
itwbennett writes "Having previously denied demands from Germany that the company turn over hard drives with data it secretly collected from open wireless networks over the past three years, Google has reversed course. A Google representative said that it will hand over the data to German, French, and Spanish authorities within a matter of days, according to the Financial Times, which first reported this latest development on Wednesday. 'We screwed up. Let's be very clear about that,' Google CEO Eric Schmidt told the newspaper."
Great (Score:4, Insightful)
They're opening up a whole warehouse full of cans of worms by handing the data over to a government with plenty of agendas instead of destroying it.
Meta Screwup? (Score:4, Insightful)
Ok, so which is the screwup, not giving the data, or the giving up of data?
Google screwed up... (Score:4, Insightful)
...so now people's personal data is now in the hands of the relevant governments. I'm not sure this helps the situation.
Re:Great (Score:5, Insightful)
True. But they opened the first can of worms by collecting it in the first place.
Re:Destroy? (Score:3, Insightful)
Only works if you can unsee said information.
at the end of the day... (Score:4, Insightful)
Really i don't see a problem with what google did, apparently it was only open networks etc, having an open wireless device in your house would be like not having curtains on your windows, if your not going to "stop" people from looking in, you've got nothing to complain about. If they were only taking samples, there shouldn't be much of an issue, because you where broadcasting the data to the public anyway...
Re:Google screwed up... (Score:3, Insightful)
I approach the whole thing with a big "meh."
The common Slashdot mindsets of "teh Gubament shouldn't have that data!!" and "if they didn't want anyone to see it, folks should've encrypted it!!" are not mutually exclusive.
Fact is, if the government(s) really wanted to sniff cleartext data broadcast via Wifi, they'd be doing it. In fact, I'd be very surprised if they haven't been sniffing things [wikipedia.org] for a long time.
So if someone else happens to gather up some cleartext data by accident, and the government(s) demand it to be delivered to them, all I can say is this: Gosh, folks. As far as we can tell, WPA2 with AES is plenty safe at the moment, and you're a fool if you're using neither that nor some other form of encryption. And while I don't think that the government(s) should be able to do demand that the data be turned over to them, it is rather in-keeping with the general rule of things: When the government learns that you have a pile of stuff that doesn't belong to you, do they simply ask you to destroy it? No! They take it away.
Meanwhile, I've been doing a lot of wardriving for a while, recording SSIDs, BSSIDs, and GPS coordinates on my Droid, just because it's interesting to me. Even in the short time (half a year, or so) that I've been doing this, I've seen a big increase in encryption usage in my area. This is a Good Thing, An important unintended side-effect of stories about this Google oops is that they will certainly help keep the trend toward encryption moving [wigle.net].
Re:Yea sure (Score:3, Insightful)
Simple: by recording everything without verifying whether said data should be record. Capturing everything is easier than implementing filters, especially if storage space is not an issue.
Why is this still in the news? (Score:4, Insightful)
People kept their networks open, Google gathered some probably useless information about them - presumably no more than 15 seconds worth in most cases (because it's a car driving by). Google has far more information on far more people from saved web searches/e-mails/etc. I'm tired of seeing these stories, I really don't care.
If European Governments are actually pursuing this, shame on them.
Re:The data is potentially court evidence (Score:2, Insightful)
The data is potentially evidence in upcoming court cases.
Yes, well, whether this is okay or not depends entirely on the court case, doesn't it? I think more than a few /.'ers are concerned that it may indeed be used for court cases, but not necessarily just cases against Google....
Re:Whatever for? (Score:2, Insightful)
Usually that would mean sending someone to have a look and see and perhaps sample the data. It's how they go about our IRS equivalent, social services, workplace safety, and about any situation where the Gov't needs to inspect something. TFA says originally Hamburg wanted about that - access to a hard drive and to a Street View car; note the singular. However, now they are talking about giving "the data", not about letting the authorities inspect it. Too fuzzy for my liking.
Funny, by the way, how Google wondered about the legality of having its data inspected by the data protection authority. "We screwed up" is the only adequate and honest thing for them to say after that. It's not without merit, because what other big company would?
Re:at the end of the day... (Score:3, Insightful)
This isn't walking into someone's house through an open door, it's taking photos from the street, and I have no idea why people thing it's different to Street View - as GP said if there's no curtains on your windows people will be able to see in.
Re:Not copies (Score:1, Insightful)
As incompetent as they are ( and I live in Germany), there are actually 2 possible options:
1 - The keep the data in somevaults until it is so outdated it's no use anyway
2 - They analyse the relevant harddrive then have them disposed, just to turn up together with all the data on Ebay a few weeks/months later
Never attribute to malice what can be achieved by pure idocy
Re:Meta Screwup? (Score:5, Insightful)
Re:Great (Score:4, Insightful)
This is not useful information even for Google. Their software was constantly switching frequencies so we're talking about less than a seconds worth of packets for any given network.
What are they gonna do with that?
"Well, Ted, based off this TCP_ACK I'm seeing here, I think we can safely conclude that this Fred Morgan of 123 Anystreet is gay. Wouldn't you agree?"
"Sure is Bob, that's the queerest TCP_ACK I've ever seen."
They don't want this crap. They can't monetize that. They *want* to delete it. They want to have never captured it in the first place, but sadly that ship has sailed. If they delete it, they'll be charged with destroying evidence or whatever the equivalent crime is in the various European jurisdictions in question. One dumb careless mistake has grown a life of it's own.
Re:The data is potentially court evidence (Score:2, Insightful)
Repeat after me: What the government wants, and what is right, are not synonymous. I would much rather a random thief have my diary, and then destroy it, than for the government to ever lay their filthy paws on it.
"It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis
Re:at the end of the day... (Score:4, Insightful)
Wardriving is something people did (and do?) for the fun of it, it's not major corporations doing it on a massive scale to collect data on people,
But other corporations have done this as well.
it's illegal too btw in some countries.
It shouldn't be. If you broadcast unencrypted packet, people shouldn't be thrown in jail for receiving them.
Re:Whatever for? (Score:5, Insightful)
Funny, by the way, how Google wondered about the legality of having its data inspected by the data protection authority.
Nothing "funny" about it; they probably have good lawyers, lawyers who advised them that handing over the data to the "data protection authority" without a court order may itself constitute a violation of German privacy laws.
Usually that would mean sending someone to have a look and see and perhaps sample the data.
Or it might mean that the "data protection authority" goes on a massive data mining quest to identify file sharers, pornographers, and anybody who runs an open WLAN, and then charges all of those people with breaking the law. They couldn't drive around collecting that data themselves, but they can obtain it from Google. Probably it doesn't mean that in this specific case, but it sets a bad precedent.
Think about it: if you were a government intent on violating people's privacy, what would be the best place to do it? That's right: the "data protection authority", armed with a legal right to request and inspect anybody's data without a court order, just to look for more "data protection violations".
Re:Great (Score:5, Insightful)
Few months ago on slashdot someone published a list of every wifi hotspot on their train line. Where was the uproar then? Cops want to reserve the right no to be photographed in public, and people complain (rightfully so) that what they do in public should be recordable with no recourse. Now google drives a car down the streets and collects your publicly visible information (SSID) and you complain again that they should not be collecting private data?
How come every ideal on slashdot is applied so haphazardly? Make a choice people. Should something that anyone can see from your street be private, or public?
As a side note, how many people complaining about Google's collection of wireless information actually bothered to uncheck that little box that says "Broadcast SSID"?
Re:Whatever for? (Score:1, Insightful)
FUCK you and your moronic crap.
Their "wide-area wifi collection" didn't "break into" anyone's network -- not even by the loosest definition of associating to an open AP. They recorded data that was broadcast, but did nothing to cause, incite, or affect its transmission. This obviously puts them in the moral clear, though it doesn't directly speak to the legal situation. After all, many European countries are so fucked up that it's not permitted to own a radio receiver for audio or TV broadcasts without a license from the government, so who the hell knows. But it CERTAINLY doesn't violate any law that can HONESTLY be characterized as "you cannot break into other peoples networks (encrypted or not) and keep the data (small or large amounts)".
Second, note that nobody, not even the German Fucking Government, complained about the original goal, recording BSSID/location data for geolocation. This whole controversy is about the _payload_ data that was stored. Google has claimed this was an accident, and there's not a particularly good reason to disbelieve them -- I'll spend the next three paragraphs spewing forth an explanation of this, even though it does drift astray from any points you may have tried to make.
The way most off-the-shelf tools are setup by default is to record everything, analyse it later. The obvious way to write your own software (from a technical, not legal perspective, because it was written by coders, not lawyers) is to save everything you hear -- on-the-fly filtering is at best an optimization to save disk-space. I'm not clear on whether they're using their own software or an off-the-shelf tool (AFAIK they've not told us), but either way, saving everything is a plausible, even strongly likely, default.
As for the notion "they'd have realized it was filling up the disk with too much data -- what would you do? In the absence of some suspicion of a problem, would you count the SSIDs recorded, figure out how many bytes they should each take, add a reasonable percentage for db overhead, and crap out an expected storage space, just to check? Or would you take it for a run the first day, measure the space used, and call that "typical"? Hint: the latter is not necessarily right, but it's not really wrong, and is certainly what most people would do.
Unless they had a lawyer, or other legal-minded individual, involved to the point of asking probing questions about the _implementation_ (not just signing off on the plan), or otherwise were prompted to an actual suspicion of a problem, it's quite plausible that they did in fact inadvertently capture the data, and remained unaware of it for quite some time. Given that what they say is perfectly plausible, and I have yet to hear ONE SHRED of evidence to the contrary, I guess I'm inclined to believe them.
Re:RTFA (Score:4, Insightful)
Re:Great (Score:1, Insightful)
Cops want to reserve the right no to be photographed in public, and people complain (rightfully so) that what they do in public should be recordable with no recourse. Now google drives a car down the streets and collects your publicly visible information (SSID) and you complain again that they should not be collecting private data?
Regarding the "cops" example, the important part which you left out is that people were only really talking about cops ON DUTY.
If a police officer is acting in their official capacity, they've got quite a few powers that are not available to ordinary citizens. But with power comes responsibility - and of course, the police should be the servants of the people, anyway, not their masters. Therefore, it's entirely reasonable that the actions of police officers ON DUTY should be possible to scrutinize.
Police officers OFF DUTY are a very different story, on the other hand. They're private individuals just like everyone else, and they deserve their privacy.
Re:Great (Score:3, Insightful)
I swear, I hate when people like you try to be so clever...."so inadvertant that they even applied for a patent on it". Try not to get involved in the discussion if you haven't an understanding of what you are talking about, because you sound like you are just trolling. Google's patent is all about identifying devices and their location. That can be based off of some very simple data which is broadcast by the access point and does NOT require looking at full TCP/IP communications of connected users.
On my ipod touch, I used to have an app call WiFinder (until the Apple bastards started rejecting the app and it stopped working with the new OS). It would show you all of the wireless networks nearby and display a signal strength for each one. Just by simply walking from one end of my house to the other and checking the signal strength, I was able to get a rough estimate about which direction each signal was coming from. Had I repeated this process up and down the street I could have probably determined with a decent level of accuracy where each wifi network was originating. And all that was without me snooping in on peoples HTTP sessions and such. In fact, snooping on such data would be virtually useless to the goal of locating the access point (unless you just happened to snoop on somebody filling out a non-SSL form that contained address info or something)
Re:Great (Score:4, Insightful)
Not in Germany.
Yes, even in Germany taking street photographs and collecting packet radio data was legal in the past.
Whether recording unencrypted WLAN packets is or is not legal today has been a legally gray area. It depends on whether one considers such data "private" or not. That question is now being settled in a wave of anti-Google and anti-American hysteria.
What purpose is being served by this is unclear. If you run an unprotected WLAN in Germany, you are probably running afoul of both data protection and copyright laws already.
Google is large enough to be able to get legal advice for other countries before running a massive data collection operation there.
They did. The data they actually intended to collect conforms with German law. They spent months talking to German data protection czars about that.
They simply screwed up and unintentionally collected additional data, and for that they are being crucified.
The whole uproar has nothing to do with privacy or data protection, it's simple hysteria and political and corporate opportunism. Actual German data protection is atrocious.
Re:Great (Score:3, Insightful)
I'm sure the whole "being forced to hand it over to the government" thing is being blown out of all proportion, too. More likely Google realised their mistake (or had it pointed out to them), offered to destroy the data to which the government informed them the standard procedure is that they have to hand the data over to ensure it is properly dealt with, then Google go off, check the legal position, come back and agree. But of course, such a reasonable state of affairs wouldn't sell clicks on news sites or provide fodder for conspiracy theorists...
But it is not reasonable for a supposedly democratic government to be able to obtain 600 Gbytes of private data just because some government bureaucrat says that it is "standard procedure". Private data should only be handed to the government based on a court order, for specific, well-defined, well-articulated purposes.
This is a big deal and it is unacceptable; it's the kind of thing that happens in police states.
I suspect both the German data protection official and Google will face legal problems over this transfer of data.