Google Releases FCC Report On Street View Probe 95
An anonymous reader writes with news that Google has released the full report of the FCC investigation into the incident in which its Street View cars collected personal data while mapping Wi-Fi networks. They are putting responsibility for the data gathering on a 'rogue engineer' who wrote the code for it without direction from management.
"Those working on Street View told the FCC they had no knowledge that the payload data was being collected. Managers of the Street View program said they did not read the October 2006 document [written by the engineer that detailed his work]. A different engineer remembered receiving the document but did not recall any reference to the collection of payload data. An engineer who worked closely with the engineer in question on the project in 2007, reviewing all of the codes line by line for bugs, says he did not notice that the software was designed to capture payload data. A senior manager said he preapproved the document before it was written."
Re:Didn't bother to read the memo... (Score:5, Interesting)
Not just what some management people said, but everything in this affair is a classic case of corporate snafu. I'm seeing these things every day.
About 18 months ago I was requested to build some Excel macro which would parse a pile of structured data from a table and generate a snapshot report based off that. Multiple people in various locations had to run that file every hour, interpret the results and take action if certain thresholds were met. Now thresholds started to be met but action was not taken, so their management asked them "so, what's up, why are you not taking action?". They said "it must be the macro because we run it every hour and it doesn't tell us that thresholds have been met". management came to me and asked me what's up, and I could tell them, because the macro contained a very simple (primitive even) log. Each time the report was run, an entry was stored in the file in a hidden spreadsheet which could be shown by pressing a button on the form and entering a very simple password (which was stored in the VBA code as a plain text string). As I was saying, primitive.
So I asked for all the files which had been distributed to those people and checked the logs.
Some of them had never opened the file. Some others had run the script a few times then abandoned it. All others ran it pretty irregularly, the most often run pace being once a day. Nobody ran it every hour.
So I centralized the logs, went back to management and told them "here's what happens: your guys don't run the reports. That's how I know: I've been logging their activities.". They said "thank you" and nothing changed ever since.
The above is an example of someone writing extra code which might prove to be illegal and nobody giving a shit, although they have been informed. As I was saying, typical corporate snafu...
Re:IS this really such a big deal? (Score:5, Interesting)
Well, in an ideal world you'd be right on point #1, but this isn't an ideal world, we (in the UK) have a clause in the Computer Misuse Act 1990 (section 1(a) and 1(b) in fact), that instantly criminalises the capture of (ANY) data by an unauthorised person - which makes wardriving illegal, more than that it makes scanning for local wifi networks illegal - unless you knock all your neighbours and ask them permission first!
Re:what about the rest of the life cycle? (Score:5, Interesting)
Surely you jest! This is the Internet age of development where most of the bleeding-edge companies doing software development have completely bought into a agile development model where the requirements are "flexible" - usually so flexible that the development group is operating with a completely different set of requirements than the analyst or program manager. End result is you have something that works at the end but nobody quite knows what it is supposed to do only what it does do now.
Probably one of the funniest tales of software development is how FaceBook actually operates. I suspect much of Google is run the same way, only the search engine is probably overseen rather strictly. The rest? I suspect you could ask three people and get four different descriptions of what a particular product's requirements were today and if they were actually being implemented.
How do you think Android can have two separate email programs (one for Gmail and one for everything else) and the two apps have wildly divergent sets of options and default settings? This stuff just sneaks in, obviously. Did you really think there was a specification?
I don't think there is time for any thinking about things like compliance, export control or third party copyright considerations in any place that is trying to keep up with the Internet today and operating an agile development environment. These considerations are thought to have died in the 1970s.