Forgot your password?
typodupeerror
Google Privacy Wireless Networking

Google Releases FCC Report On Street View Probe 95

Posted by Soulskill
from the fingers-and-cookie-jars dept.
An anonymous reader writes with news that Google has released the full report of the FCC investigation into the incident in which its Street View cars collected personal data while mapping Wi-Fi networks. They are putting responsibility for the data gathering on a 'rogue engineer' who wrote the code for it without direction from management. "Those working on Street View told the FCC they had no knowledge that the payload data was being collected. Managers of the Street View program said they did not read the October 2006 document [written by the engineer that detailed his work]. A different engineer remembered receiving the document but did not recall any reference to the collection of payload data. An engineer who worked closely with the engineer in question on the project in 2007, reviewing all of the codes line by line for bugs, says he did not notice that the software was designed to capture payload data. A senior manager said he preapproved the document before it was written."
This discussion has been archived. No new comments can be posted.

Google Releases FCC Report On Street View Probe

Comments Filter:
  • by Anonymous Coward on Saturday April 28, 2012 @06:25PM (#39833917)

    was anyone assigned to validate requirements against functionality? compliance? export control? 3rd party software integration copyright and license? was any due diligence done other than to review for technical bugs?

    • Re: (Score:3, Insightful)

      by zidium (2550286)

      Why is this modded -1????

      I would hope Google would do such things regularly!

      • by cdrguru (88047) on Saturday April 28, 2012 @07:01PM (#39834045) Homepage

        Surely you jest! This is the Internet age of development where most of the bleeding-edge companies doing software development have completely bought into a agile development model where the requirements are "flexible" - usually so flexible that the development group is operating with a completely different set of requirements than the analyst or program manager. End result is you have something that works at the end but nobody quite knows what it is supposed to do only what it does do now.

        Probably one of the funniest tales of software development is how FaceBook actually operates. I suspect much of Google is run the same way, only the search engine is probably overseen rather strictly. The rest? I suspect you could ask three people and get four different descriptions of what a particular product's requirements were today and if they were actually being implemented.

        How do you think Android can have two separate email programs (one for Gmail and one for everything else) and the two apps have wildly divergent sets of options and default settings? This stuff just sneaks in, obviously. Did you really think there was a specification?

        I don't think there is time for any thinking about things like compliance, export control or third party copyright considerations in any place that is trying to keep up with the Internet today and operating an agile development environment. These considerations are thought to have died in the 1970s.

        • by zidium (2550286)

          How does "Facebook really operate"?? I'd really like to know. Sounds like it's a mess.

        • How do you think Android can have two separate email programs (one for Gmail and one for everything else) and the two apps have wildly divergent sets of options and default settings? This stuff just sneaks in, obviously. Did you really think there was a specification?

          I don't know, it could be a feature. I rather like having two separate email apps to keep personal and work emails completely separate like it is on the computer. Both apps are great too, but I definitely wouldn't want to swap the accounts between them.

      • I generally have a favorable image of Google but this sounds like pure bullshit. Even the guy reviewing the code line by line didn't notice? Come on!!!

    • by Tharsman (1364603) on Saturday April 28, 2012 @07:05PM (#39834053)

      I got to say, it sounds extremely odd that there were no more eyes. Google is a company that has a price tag on how much every signle web search executed by a user cost them, in energy and equipment degradation. They have specially manufactured cpus that can run hot so they can conserve as much heat as they can. ... but in all those years, even in the initial test run... no one noticed the cars where filling their hard-drives WAY too fast?

      This takes me back about 7 years ago in a contract involving 3 parties. Client, contractor and a sub-contractor. In a meeting, the usually incompetent IT manager employed by the client to run their data center, asks our sub-contractor "why is the database growing at a rate of 1GB per day?" The sub-contractor was clueless and we shocked. Sure, we perhaps should had noticed.... (BTW, reason for the growth: zero normalization. I kid you not, these guys had absolutely no normalized tables at all, and nearly every field indexed.)

      My point is: unexpected bursts in data storage are too easy to notice, because the first time hard drives fill up and windows (or whatever OS they use) shouts for air... well... some one will notice.

      But these are not morons... these are Google engineers... the ones that have quantified the cost of a search to the atomic level. I'm sure more than just an unnamed "rogue engineer" was very aware of this.

      • I got to say, it sounds extremely odd that there were no more eyes.

        I don't know, it sounds quite Plausible to me.

      • by ColdWetDog (752185) on Saturday April 28, 2012 @07:28PM (#39834165) Homepage

        Multi hundred gigabyte HDs don't fill up that fast.

        Besides, Street View is some tiny little bit of Google with managers and engineers stuck in some corner of the cafeteria. It's not like tons of money is expended on them (eg, the price tag on data center cooling) so multiple levels of review / fine tuning probably just doesn't occur. I saw the Google car in town not too long ago - a DIY dream. Gear strewn over the rear seat with cables everywhere and a what appeared to be big tube of cables running into the trunk.

        And these Google engineers - I'm sure they're smart and all, but they put their pants on one leg a time.

        • ...but they put their pants on one leg a time.

          I've always wondered about this phrase... Sure, you put 'em on one leg at a time if you don't have anything to sit on, or don't feel like sitting, but most of the time I change in my bedroom, which has ready availability of.. a bed.. for sitting. In that case, It's not really much difference in effort to pull 'em on a leg at a time, or all at once.

          Anyway, I'd say that, based on experience of one person - me, most people put their pants on one leg at a time, about 60% of the time.

          Also, I can't be alone in

      • by Fwipp (1473271)

        Logging internet traffic is going to be a drop in the bucket compared to taking 360 photos every twenty feet or so.

    • Google doesn't have customers to gather requirements from. They make up random stuff that sounds okay, and then use A/B testing to see if people like it.

      Keep in mind, Google is not a software company. Popularity is not a way to choose features. Popularity is a way to sell advertisements.

  • Cool! (Score:2, Insightful)

    by marcello_dl (667940)

    The company that holds some million people email and web search and history deploys stuff controlled by on 1 one 1 engineer. But hey, it was only a few tera of data...

    • Re:Cool! (Score:4, Insightful)

      by preaction (1526109) on Saturday April 28, 2012 @06:36PM (#39833943)

      No, one engineer is being thrown under the bus. I wonder if his name was Goldstein...

      • Wait but you can't say that, because Google is "not evil"(tm).
        They have painted themselves into a corner quite well, this time.

        But people forget soon. Heck, they are still buying Windows, praising Jobs, and considering Richard Matthew "Told you so!" Stallman a commie idealist.

        • by beelsebob (529313)

          But people forget soon. Heck, they are still buying Windows, praising Jobs, and considering Richard Matthew "Told you so!" Stallman a commie idealist.

          Nothing to do with forgetting quickly –they just saw through google's "no evil" façade much quicker, and were left with the options "buy nothing, or buy a compromised option"

  • by Anonymous Coward on Saturday April 28, 2012 @06:36PM (#39833945)

    As much as I like google, I would be the first one to complain if I thought they were doing something wrong. But let's think about this:

    1. If they were capturing unencrypted packets from non-secured WiFi networks.... that would be creepy, but probably not illegal. Anyone who sets up an unencrypted network should expect that other people might use it to just listen in. Google would just be picking up information they were already broadcasting in the clear.
    2. If they were capturing encrypted packets then... they have useless data.

    And the car was moving, which means that in case 1, they may have a dozen packets each from millions of different routers. They weren't parking somewhere to capture all of someone'S data, but got lots of random garbage instead. I am sure all they were interested in was the BSSID in order to tag it to a location.

    Now, if they were trying to crack encrypted WLAN packets, then legal or not, there is something very suspicious going on - especially if they kept it secret.

    • by Anonymous Coward

      See, none of this would've happened if Google didn't openly admit to their mistake without prompting like they did when this story first broke. So let this be an important lesson, kids: Never do the right thing, or you'll suffer for it for the rest of your life.

      Oh, and it goes without saying, Google is obviously teh evil for doing the right thing and admitting the problem before anyone asked, blah blah blah, you know how it goes.

    • by Tastecicles (1153671) on Saturday April 28, 2012 @06:59PM (#39834029)

      Well, in an ideal world you'd be right on point #1, but this isn't an ideal world, we (in the UK) have a clause in the Computer Misuse Act 1990 (section 1(a) and 1(b) in fact), that instantly criminalises the capture of (ANY) data by an unauthorised person - which makes wardriving illegal, more than that it makes scanning for local wifi networks illegal - unless you knock all your neighbours and ask them permission first!

    • by Qwavel (733416)

      No, it isn't such a big deal.

      Not only did they never do anything with this payload data, there is no record of them ever planning to do anything with it, and it's actually pretty hard to even think of anything they realistically could have done with it (without devolving into paranoid conspiracy theories). Which all supports the theory that collecting the data was not part of the master-plan.

      But there is something wrong with Google only paying $50K penalty for non-cooperation.
      http://finance.yahoo.com/news/ [yahoo.com]

      • by Anonymous Coward

        Bullshit. They have never deleted the data. The data contains all of the MAC addresses either mapped directly to a physical location or at least the general area. Once you know the area Internet traffic is being directed to you will eventually be able to figure out whose whose house it is. e.g. Signal strength was strongest at address A and B. Public records show an old couple lives at address B. Address A is occupied by a single man in his 20s. Which house can we most probably tie the recorded porn

    • by fluffy99 (870997)

      I am sure all they were interested in was the BSSID in order to tag it to a location.

      I would guess they were probably also grabbing the mac address of the router.. This fits in nicely with the recent revelation that Apple and some browser plugins were tracking users by using the mac address of the gateway as a unique ID.

  • by Local ID10T (790134) <ID10T.L.USER@gmail.com> on Saturday April 28, 2012 @06:40PM (#39833951) Homepage

    Actually, this sounds like most managers I know.

    Managers of the Street View program said they did not read the October 2006 document [written by the engineer that detailed his work].

    • by war4peace (1628283) on Saturday April 28, 2012 @06:58PM (#39834023)

      Not just what some management people said, but everything in this affair is a classic case of corporate snafu. I'm seeing these things every day.
      About 18 months ago I was requested to build some Excel macro which would parse a pile of structured data from a table and generate a snapshot report based off that. Multiple people in various locations had to run that file every hour, interpret the results and take action if certain thresholds were met. Now thresholds started to be met but action was not taken, so their management asked them "so, what's up, why are you not taking action?". They said "it must be the macro because we run it every hour and it doesn't tell us that thresholds have been met". management came to me and asked me what's up, and I could tell them, because the macro contained a very simple (primitive even) log. Each time the report was run, an entry was stored in the file in a hidden spreadsheet which could be shown by pressing a button on the form and entering a very simple password (which was stored in the VBA code as a plain text string). As I was saying, primitive.
      So I asked for all the files which had been distributed to those people and checked the logs.
      Some of them had never opened the file. Some others had run the script a few times then abandoned it. All others ran it pretty irregularly, the most often run pace being once a day. Nobody ran it every hour.
      So I centralized the logs, went back to management and told them "here's what happens: your guys don't run the reports. That's how I know: I've been logging their activities.". They said "thank you" and nothing changed ever since.

      The above is an example of someone writing extra code which might prove to be illegal and nobody giving a shit, although they have been informed. As I was saying, typical corporate snafu...

  • by Anonymous Coward on Saturday April 28, 2012 @06:42PM (#39833957)

    They are putting responsibility for the data gathering on a 'rogue engineer' who wrote the code for it without direction from management.

    An engineer who worked closely with the engineer in question on the project in 2007, reviewing all of the codes line by line for bugs, says he did not notice that the software was designed to capture payload data. A senior manager said he preapproved the document before it was written."

    Isn't interesting in Corporate America, when things go great, it's management's brilliance? And when things go bad, it's a rogue employee?

    I'd really like to know management's justification for their obscenely high compensation, for one thing.

    Here's another thing while I'm ranting:That's one of the big differences between managing and leading.

    Leader: it's MY fault and I'll take care of it.

    Manager: it's someone elses fault. You go take care of it.

    • by Tasha26 (1613349)
      This is really a lol situation.

      Google: Sure, we pay people good money to review code and sign on it, but who actually has time to do what they are paid to do? TBH we're all saints except for that one guy. We believe he worked for the chinese government!
  • OH PUHLEASSSSEEEE! (Score:4, Insightful)

    by NoNonAlphaCharsHere (2201864) on Saturday April 28, 2012 @06:43PM (#39833959)
    If I had a nickel for every time I've inserted code (especially the "I've got the data in my hand, why don't I save it somewhere" kind) "without direction from management" that I ABSOLUTELY KNEW was useful and/or going to be asked for as soon as they thought of it anyways; well, let's just say I could have retired early. Call me a "rogue".
  • Managers' Fault (Score:2, Insightful)

    by Anonymous Coward

    The developer documented his work and sent the documentation out to others on the team (including the managers). It's the managers' jobs to make sure the developers understand the requirements correctly. In fact, the developer was working on the project in order to capture the data and study it to see if it would of use to Google.

    What are the managers doing if they aren't managing the engineers? We might have to stay late writing code, but are they staying late reading documents and getting up to speed o

    • Re: (Score:3, Insightful)

      by busyqth (2566075)

      What are the managers doing if they aren't managing the engineers? We might have to stay late writing code, but are they staying late reading documents and getting up to speed on what everyone is doing? Isn't that their job? I'm still in school so please correct me if I'm wrong.

      Of course it's their job. And they probably did it.
      However, when the Federal Government comes sniffing around it's very convenient to forget that you read the document.

  • by Anonymous Coward

    My understanding is that Google has a very flat org structure that encourages developer autonomy. There aren't a lot of managers peeking over developer's shoulders. Doesn't that encourage innovation like this?

  • Sounds a lot like the Jérôme Kerviel fiasco... "Oh no, we had no idea what the person was doing. He may well have talked about it at length during meetings - our jobs are very complicated and we couldn't possible know what all 4 of the people we manage are doing. That would entail us taking an interest in our jobs when there are clearly far more important things to do like playing golf!".
  • by iceperson (582205) on Saturday April 28, 2012 @07:18PM (#39834107)
    I don't understand why this was legal. Had the non-encrypted wireless transmissions they captured been voice wouldn't that have been covered under current wiretapping laws? If so, why is this different? Not trying to troll, just wondering why non-encrypted wireless data communications transmitted over the air are assumed free game.

    Also, what if they were capturing encrypted communications over an open wifi signal (ie, someone browsing an HTTPS site.) Wouldn't they have still captured that data? Does it make a difference now that they are capturing encrypted packets?
    • by Anonymous Coward
      IANOL, but most 'wiretapping' laws don't apply, at all, to wireless communications. It's even in the name. From a common-sense perspective it's utterly insane to criminalize the act of recording or interpreting radio waves received in a public space.
  • Instead of sacrificing a scapegoat Google should man up and tell the FCC to fuck off. Those who broadcast their personal data in every direction have no claim of privacy.

    • by fluffy99 (870997)

      Instead of sacrificing a scapegoat Google should man up and tell the FCC to fuck off. Those who broadcast their personal data in every direction have no claim of privacy.

      Except they don't. Try telling the FCC you listen in on cell calls and see if they press charges.

      • by Hentes (2461350)

        While GSM security isn't perfect, it's far from being unencrypted either, if you want to eavesdrop on a phonecall you have to do some hacking for it. This is more like putting up a billboard in your garden with your data written on it, or phoning in into a program telling them your mother's name and then suing everyone with a radio.

  • "Wir haben es nicht gewusst!" (orig.: after 1945)
  • So no one else knew about it? Not the people who wrote the software to parse the data? Not the guy who had to estimate how many terabytes of disk would be required? No one?

    And for those who say "people were broadcasting their information" guess what, that still doesn't make circulating a fleet of vehicle to monitor everything OK. Google's "collect everything that isn't nailed down, apologize later" attitude was just plain wrong.

  • Moderators please note that this post has been pre-approved +5 insightful before it was written

  • I think we were all made to think how right measure of rogueness is what makes good Google engineer.

    Or we just didn't read full specification of what 20%, free initiative time, is allowed to be spent on?

    Like: You are allowed/obliged to spend 20% of time on projects of your choosing as long as it does not result in federal lawsuit?

    IANAL, but something like that...

  • Let me get this straight ... the engineer in question fully documented what he (or she) was doing, and provided that documentation to management. Then there was a code review by another engineer. How, exactly, does this make him a rouge ???

The IQ of the group is the lowest IQ of a member of the group divided by the number of people in the group.

Working...