Google Releases FCC Report On Street View Probe 95
An anonymous reader writes with news that Google has released the full report of the FCC investigation into the incident in which its Street View cars collected personal data while mapping Wi-Fi networks. They are putting responsibility for the data gathering on a 'rogue engineer' who wrote the code for it without direction from management.
"Those working on Street View told the FCC they had no knowledge that the payload data was being collected. Managers of the Street View program said they did not read the October 2006 document [written by the engineer that detailed his work]. A different engineer remembered receiving the document but did not recall any reference to the collection of payload data. An engineer who worked closely with the engineer in question on the project in 2007, reviewing all of the codes line by line for bugs, says he did not notice that the software was designed to capture payload data. A senior manager said he preapproved the document before it was written."
Re:Obama ate a dog. (Score:5, Funny)
Obama ate a dog.
That's what happens when times are tough. You order take out. You think the meat is chicken, it's not.
Re: (Score:2)
Obama ate a Kennedy?
"Ich bin ein Berliner" does not mean what a lot of people think it means.
Ergo;
"Ich"=I "bin"=am "ein"=a "Berliner"=sausage. ::takes a bow:: I'm here all week.
Re: (Score:1)
http://amoiltedesco.files.wordpress.com/2011/02/berliner-pfannkuchen.jpg [wordpress.com]
Re: (Score:2)
strange, when I was in Bad Salzig for a week we ate Berliners which were chopped and formed beef and pork cut into slices and smoked.
I guess the Germans must be wrong!
Re: (Score:2)
No [calobonga.com], I'm pretty sure [healthassist.net] I didn't imagine [stiglmeier.com] it.
Re: (Score:2)
Re: (Score:2)
Oh, whatever. Never let facts get in the way of a convenient truth, eh?
Re: (Score:2)
Re: (Score:2)
Oh, namecalling now, is it? You lose.
Re: (Score:1)
you are both COMPLETLY 100% wrong.
JFK said exactly what he meant and all Germans listening to him knew it.
Yes, there is a jelly donut called the berliner.
Yes, there are sausages called berliner.
but what he said was given to him by a professional translater and was correct.
see : http://urbanlegends.about.com/cs/historical/a/jfk_berliner.htm
Re: (Score:2)
However, it is true that the Germans listening understood very well what he meant and appreciated what he said.
Re: (Score:1)
Dog is a summer food.
Re: (Score:1)
Good troll!!
Your **totally off-topic and stupid** post and its children make up 26% of the total comments in this story.
Unbelievable!
what about the rest of the life cycle? (Score:4, Insightful)
was anyone assigned to validate requirements against functionality? compliance? export control? 3rd party software integration copyright and license? was any due diligence done other than to review for technical bugs?
Re: (Score:3, Insightful)
Why is this modded -1????
I would hope Google would do such things regularly!
Re:what about the rest of the life cycle? (Score:5, Interesting)
Surely you jest! This is the Internet age of development where most of the bleeding-edge companies doing software development have completely bought into a agile development model where the requirements are "flexible" - usually so flexible that the development group is operating with a completely different set of requirements than the analyst or program manager. End result is you have something that works at the end but nobody quite knows what it is supposed to do only what it does do now.
Probably one of the funniest tales of software development is how FaceBook actually operates. I suspect much of Google is run the same way, only the search engine is probably overseen rather strictly. The rest? I suspect you could ask three people and get four different descriptions of what a particular product's requirements were today and if they were actually being implemented.
How do you think Android can have two separate email programs (one for Gmail and one for everything else) and the two apps have wildly divergent sets of options and default settings? This stuff just sneaks in, obviously. Did you really think there was a specification?
I don't think there is time for any thinking about things like compliance, export control or third party copyright considerations in any place that is trying to keep up with the Internet today and operating an agile development environment. These considerations are thought to have died in the 1970s.
Re: (Score:1)
How does "Facebook really operate"?? I'd really like to know. Sounds like it's a mess.
Re: (Score:1)
How do you think Android can have two separate email programs (one for Gmail and one for everything else) and the two apps have wildly divergent sets of options and default settings? This stuff just sneaks in, obviously. Did you really think there was a specification?
I don't know, it could be a feature. I rather like having two separate email apps to keep personal and work emails completely separate like it is on the computer. Both apps are great too, but I definitely wouldn't want to swap the accounts between them.
Re: (Score:2)
I generally have a favorable image of Google but this sounds like pure bullshit. Even the guy reviewing the code line by line didn't notice? Come on!!!
Re:what about the rest of the life cycle? (Score:5, Insightful)
I got to say, it sounds extremely odd that there were no more eyes. Google is a company that has a price tag on how much every signle web search executed by a user cost them, in energy and equipment degradation. They have specially manufactured cpus that can run hot so they can conserve as much heat as they can. ... but in all those years, even in the initial test run... no one noticed the cars where filling their hard-drives WAY too fast?
This takes me back about 7 years ago in a contract involving 3 parties. Client, contractor and a sub-contractor. In a meeting, the usually incompetent IT manager employed by the client to run their data center, asks our sub-contractor "why is the database growing at a rate of 1GB per day?" The sub-contractor was clueless and we shocked. Sure, we perhaps should had noticed.... (BTW, reason for the growth: zero normalization. I kid you not, these guys had absolutely no normalized tables at all, and nearly every field indexed.)
My point is: unexpected bursts in data storage are too easy to notice, because the first time hard drives fill up and windows (or whatever OS they use) shouts for air... well... some one will notice.
But these are not morons... these are Google engineers... the ones that have quantified the cost of a search to the atomic level. I'm sure more than just an unnamed "rogue engineer" was very aware of this.
Re: (Score:2)
I got to say, it sounds extremely odd that there were no more eyes.
I don't know, it sounds quite Plausible to me.
Re:what about the rest of the life cycle? (Score:4, Insightful)
Multi hundred gigabyte HDs don't fill up that fast.
Besides, Street View is some tiny little bit of Google with managers and engineers stuck in some corner of the cafeteria. It's not like tons of money is expended on them (eg, the price tag on data center cooling) so multiple levels of review / fine tuning probably just doesn't occur. I saw the Google car in town not too long ago - a DIY dream. Gear strewn over the rear seat with cables everywhere and a what appeared to be big tube of cables running into the trunk.
And these Google engineers - I'm sure they're smart and all, but they put their pants on one leg a time.
Re: (Score:3)
...but they put their pants on one leg a time.
I've always wondered about this phrase... Sure, you put 'em on one leg at a time if you don't have anything to sit on, or don't feel like sitting, but most of the time I change in my bedroom, which has ready availability of.. a bed.. for sitting. In that case, It's not really much difference in effort to pull 'em on a leg at a time, or all at once.
Anyway, I'd say that, based on experience of one person - me, most people put their pants on one leg at a time, about 60% of the time.
Also, I can't be alone in
Re: (Score:3)
Logging internet traffic is going to be a drop in the bucket compared to taking 360 photos every twenty feet or so.
Re: (Score:2)
Doh. Meant 360 degree photos.
Re:what about the rest of the life cycle? (Score:5, Informative)
This is the new "agile"' methodology. There is no design or validation, just furious coding off a prioritized feature list and "code reviews" which amount to little more than some other programmer skimming a check-in and signing off.
And that s quite sufficient for an in-house tool. They were not selling street view cars, they were simply collecting their own data, which they never intended to sell.
This is not a development system for launching rockets or writing pay checks. Its not a deliverable in a contract. Its strictly an in-house lash-up where one guy decided to exceed his mandate.
When your manager asks you to write a quick program to find all the Ford Truck owners that Work in Building B by scanning the parking tag database, you do it the fastest way possible. You don't start with any more of a requirements statement that your boss gave you, you don't send your grep script out for a third party review, you don't run it by legal, you don't hold design meetings, and write memos, because the friggin Black Ford Ranger truck is LEAKING GAS RIGHT NOW, and the police won't tell you who owns it from its license plate number without a subpoena.
Not every project is a big production. This whole wifi project was a pimple on street view's neck, so that google didn't have to pay Skyhook for its database. It was a cheap expedient, and it was a perfect single engineer project or at most a couple guys to kick the code around an two or three hardware guys to assemble the wifi receiver packaging.
Re: (Score:1)
Google doesn't have customers to gather requirements from. They make up random stuff that sounds okay, and then use A/B testing to see if people like it.
Keep in mind, Google is not a software company. Popularity is not a way to choose features. Popularity is a way to sell advertisements.
Cool! (Score:2, Insightful)
The company that holds some million people email and web search and history deploys stuff controlled by on 1 one 1 engineer. But hey, it was only a few tera of data...
Re:Cool! (Score:4, Insightful)
No, one engineer is being thrown under the bus. I wonder if his name was Goldstein...
Re: (Score:3)
Wait but you can't say that, because Google is "not evil"(tm).
They have painted themselves into a corner quite well, this time.
But people forget soon. Heck, they are still buying Windows, praising Jobs, and considering Richard Matthew "Told you so!" Stallman a commie idealist.
Re: (Score:2)
But people forget soon. Heck, they are still buying Windows, praising Jobs, and considering Richard Matthew "Told you so!" Stallman a commie idealist.
Nothing to do with forgetting quickly –they just saw through google's "no evil" façade much quicker, and were left with the options "buy nothing, or buy a compromised option"
Re: (Score:2)
>It was a few tera that was broadcast in public
Because it needed to travel from hotspot to PC.
Let's say you go to work every day. You have to appear in public. Everybody does it minds its own business. Problem, none.
Somebody starts tracking everybody's movement and puts it in a database: RED ALERT. No matter what the justification.
IS this really such a big deal? (Score:5, Informative)
As much as I like google, I would be the first one to complain if I thought they were doing something wrong. But let's think about this:
1. If they were capturing unencrypted packets from non-secured WiFi networks.... that would be creepy, but probably not illegal. Anyone who sets up an unencrypted network should expect that other people might use it to just listen in. Google would just be picking up information they were already broadcasting in the clear.
2. If they were capturing encrypted packets then... they have useless data.
And the car was moving, which means that in case 1, they may have a dozen packets each from millions of different routers. They weren't parking somewhere to capture all of someone'S data, but got lots of random garbage instead. I am sure all they were interested in was the BSSID in order to tag it to a location.
Now, if they were trying to crack encrypted WLAN packets, then legal or not, there is something very suspicious going on - especially if they kept it secret.
Re: (Score:1)
See, none of this would've happened if Google didn't openly admit to their mistake without prompting like they did when this story first broke. So let this be an important lesson, kids: Never do the right thing, or you'll suffer for it for the rest of your life.
Oh, and it goes without saying, Google is obviously teh evil for doing the right thing and admitting the problem before anyone asked, blah blah blah, you know how it goes.
Re:IS this really such a big deal? (Score:5, Interesting)
Well, in an ideal world you'd be right on point #1, but this isn't an ideal world, we (in the UK) have a clause in the Computer Misuse Act 1990 (section 1(a) and 1(b) in fact), that instantly criminalises the capture of (ANY) data by an unauthorised person - which makes wardriving illegal, more than that it makes scanning for local wifi networks illegal - unless you knock all your neighbours and ask them permission first!
Re: (Score:2)
technically - yes!
Re: (Score:2)
I challenge you to find one case where someone got sentenced for scanning for open Wifi networks, or just took a plea bargain. Scanning for SSIDs is the same as scanning for an FM radio.
Re: (Score:3)
I accept your challenge.
http://www.techspot.com/news/22178-wardriving-credit-card-thief-gets-9-years-in-jail.html [techspot.com]
http://www.crn.com/news/security/26806554/wardrivers-plead-guilty-sentenced-to-jail-time.htm [crn.com]
and one from the UK:
http://news.bbc.co.uk/1/hi/england/hereford/worcs/6565079.stm [bbc.co.uk]
Re: (Score:2)
Well, we do have a written Constitution - although you're taught in school that we don't. From the lies we're told in school, this is the one thing that follows through adulthood - if it's not specifically allowed, then it's illegal. As opposed to the sane way of doing things - if it's not specifically prohibited then it's legal.
Follows (and this is one of my favourite phrases): any activity which requires a license* to be legal, must be fundamentally LAWFUL.
*read: permission slip. Are you children? Do you
Re: (Score:3)
No, it isn't such a big deal.
Not only did they never do anything with this payload data, there is no record of them ever planning to do anything with it, and it's actually pretty hard to even think of anything they realistically could have done with it (without devolving into paranoid conspiracy theories). Which all supports the theory that collecting the data was not part of the master-plan.
But there is something wrong with Google only paying $50K penalty for non-cooperation.
http://finance.yahoo.com/news/ [yahoo.com]
Re: (Score:1)
Bullshit. They have never deleted the data. The data contains all of the MAC addresses either mapped directly to a physical location or at least the general area. Once you know the area Internet traffic is being directed to you will eventually be able to figure out whose whose house it is. e.g. Signal strength was strongest at address A and B. Public records show an old couple lives at address B. Address A is occupied by a single man in his 20s. Which house can we most probably tie the recorded porn
Re: (Score:3)
I am sure all they were interested in was the BSSID in order to tag it to a location.
I would guess they were probably also grabbing the mac address of the router.. This fits in nicely with the recent revelation that Apple and some browser plugins were tracking users by using the mac address of the gateway as a unique ID.
Didn't bother to read the memo... (Score:4, Insightful)
Actually, this sounds like most managers I know.
Managers of the Street View program said they did not read the October 2006 document [written by the engineer that detailed his work].
Re:Didn't bother to read the memo... (Score:4, Funny)
I don't remember.
Re:Didn't bother to read the memo... (Score:5, Interesting)
Not just what some management people said, but everything in this affair is a classic case of corporate snafu. I'm seeing these things every day.
About 18 months ago I was requested to build some Excel macro which would parse a pile of structured data from a table and generate a snapshot report based off that. Multiple people in various locations had to run that file every hour, interpret the results and take action if certain thresholds were met. Now thresholds started to be met but action was not taken, so their management asked them "so, what's up, why are you not taking action?". They said "it must be the macro because we run it every hour and it doesn't tell us that thresholds have been met". management came to me and asked me what's up, and I could tell them, because the macro contained a very simple (primitive even) log. Each time the report was run, an entry was stored in the file in a hidden spreadsheet which could be shown by pressing a button on the form and entering a very simple password (which was stored in the VBA code as a plain text string). As I was saying, primitive.
So I asked for all the files which had been distributed to those people and checked the logs.
Some of them had never opened the file. Some others had run the script a few times then abandoned it. All others ran it pretty irregularly, the most often run pace being once a day. Nobody ran it every hour.
So I centralized the logs, went back to management and told them "here's what happens: your guys don't run the reports. That's how I know: I've been logging their activities.". They said "thank you" and nothing changed ever since.
The above is an example of someone writing extra code which might prove to be illegal and nobody giving a shit, although they have been informed. As I was saying, typical corporate snafu...
Management's justifications (Score:5, Insightful)
They are putting responsibility for the data gathering on a 'rogue engineer' who wrote the code for it without direction from management.
An engineer who worked closely with the engineer in question on the project in 2007, reviewing all of the codes line by line for bugs, says he did not notice that the software was designed to capture payload data. A senior manager said he preapproved the document before it was written."
Isn't interesting in Corporate America, when things go great, it's management's brilliance? And when things go bad, it's a rogue employee?
I'd really like to know management's justification for their obscenely high compensation, for one thing.
Here's another thing while I'm ranting:That's one of the big differences between managing and leading.
Leader: it's MY fault and I'll take care of it.
Manager: it's someone elses fault. You go take care of it.
Re: (Score:2)
Google: Sure, we pay people good money to review code and sign on it, but who actually has time to do what they are paid to do? TBH we're all saints except for that one guy. We believe he worked for the chinese government!
OH PUHLEASSSSEEEE! (Score:4, Insightful)
Managers' Fault (Score:2, Insightful)
The developer documented his work and sent the documentation out to others on the team (including the managers). It's the managers' jobs to make sure the developers understand the requirements correctly. In fact, the developer was working on the project in order to capture the data and study it to see if it would of use to Google.
What are the managers doing if they aren't managing the engineers? We might have to stay late writing code, but are they staying late reading documents and getting up to speed o
Re: (Score:3, Insightful)
What are the managers doing if they aren't managing the engineers? We might have to stay late writing code, but are they staying late reading documents and getting up to speed on what everyone is doing? Isn't that their job? I'm still in school so please correct me if I'm wrong.
Of course it's their job. And they probably did it.
However, when the Federal Government comes sniffing around it's very convenient to forget that you read the document.
Symptom of a flat org? (Score:1)
My understanding is that Google has a very flat org structure that encourages developer autonomy. There aren't a lot of managers peeking over developer's shoulders. Doesn't that encourage innovation like this?
Sounds familiar (Score:1)
What if they were capturing voice communications? (Score:3)
Also, what if they were capturing encrypted communications over an open wifi signal (ie, someone browsing an HTTPS site.) Wouldn't they have still captured that data? Does it make a difference now that they are capturing encrypted packets?
Re: (Score:1)
Google should grow some balls (Score:2)
Instead of sacrificing a scapegoat Google should man up and tell the FCC to fuck off. Those who broadcast their personal data in every direction have no claim of privacy.
Re: (Score:2)
Instead of sacrificing a scapegoat Google should man up and tell the FCC to fuck off. Those who broadcast their personal data in every direction have no claim of privacy.
Except they don't. Try telling the FCC you listen in on cell calls and see if they press charges.
Re: (Score:2)
While GSM security isn't perfect, it's far from being unencrypted either, if you want to eavesdrop on a phonecall you have to do some hacking for it. This is more like putting up a billboard in your garden with your data written on it, or phoning in into a program telling them your mother's name and then suing everyone with a radio.
Reminds me of a certain German saying: (Score:1)
This pretty much defines thrown under the bus. (Score:2)
So no one else knew about it? Not the people who wrote the software to parse the data? Not the guy who had to estimate how many terabytes of disk would be required? No one?
And for those who say "people were broadcasting their information" guess what, that still doesn't make circulating a fleet of vehicle to monitor everything OK. Google's "collect everything that isn't nailed down, apologize later" attitude was just plain wrong.
Management pre-approval (Score:2)
Moderators please note that this post has been pre-approved +5 insightful before it was written
20% rogue or more than that? (Score:2)
I think we were all made to think how right measure of rogueness is what makes good Google engineer.
Or we just didn't read full specification of what 20%, free initiative time, is allowed to be spent on?
Like: You are allowed/obliged to spend 20% of time on projects of your choosing as long as it does not result in federal lawsuit?
IANAL, but something like that...
Wait a minute ... (Score:1)