Forgot your password?
typodupeerror
Google Privacy Wireless Networking

Google Releases FCC Report On Street View Probe 95

Posted by Soulskill
from the fingers-and-cookie-jars dept.
An anonymous reader writes with news that Google has released the full report of the FCC investigation into the incident in which its Street View cars collected personal data while mapping Wi-Fi networks. They are putting responsibility for the data gathering on a 'rogue engineer' who wrote the code for it without direction from management. "Those working on Street View told the FCC they had no knowledge that the payload data was being collected. Managers of the Street View program said they did not read the October 2006 document [written by the engineer that detailed his work]. A different engineer remembered receiving the document but did not recall any reference to the collection of payload data. An engineer who worked closely with the engineer in question on the project in 2007, reviewing all of the codes line by line for bugs, says he did not notice that the software was designed to capture payload data. A senior manager said he preapproved the document before it was written."
This discussion has been archived. No new comments can be posted.

Google Releases FCC Report On Street View Probe

Comments Filter:
  • by Anonymous Coward on Saturday April 28, 2012 @06:21PM (#39833905)

    Obama ate a dog.

  • by Anonymous Coward on Saturday April 28, 2012 @06:25PM (#39833917)

    was anyone assigned to validate requirements against functionality? compliance? export control? 3rd party software integration copyright and license? was any due diligence done other than to review for technical bugs?

    • by zidium (2550286) on Saturday April 28, 2012 @06:38PM (#39833947) Homepage

      Why is this modded -1????

      I would hope Google would do such things regularly!

      • by cdrguru (88047) on Saturday April 28, 2012 @07:01PM (#39834045) Homepage

        Surely you jest! This is the Internet age of development where most of the bleeding-edge companies doing software development have completely bought into a agile development model where the requirements are "flexible" - usually so flexible that the development group is operating with a completely different set of requirements than the analyst or program manager. End result is you have something that works at the end but nobody quite knows what it is supposed to do only what it does do now.

        Probably one of the funniest tales of software development is how FaceBook actually operates. I suspect much of Google is run the same way, only the search engine is probably overseen rather strictly. The rest? I suspect you could ask three people and get four different descriptions of what a particular product's requirements were today and if they were actually being implemented.

        How do you think Android can have two separate email programs (one for Gmail and one for everything else) and the two apps have wildly divergent sets of options and default settings? This stuff just sneaks in, obviously. Did you really think there was a specification?

        I don't think there is time for any thinking about things like compliance, export control or third party copyright considerations in any place that is trying to keep up with the Internet today and operating an agile development environment. These considerations are thought to have died in the 1970s.

      • by gmanterry (1141623) on Saturday April 28, 2012 @11:48PM (#39835369) Journal

        I generally have a favorable image of Google but this sounds like pure bullshit. Even the guy reviewing the code line by line didn't notice? Come on!!!

    • by Tharsman (1364603) on Saturday April 28, 2012 @07:05PM (#39834053)

      I got to say, it sounds extremely odd that there were no more eyes. Google is a company that has a price tag on how much every signle web search executed by a user cost them, in energy and equipment degradation. They have specially manufactured cpus that can run hot so they can conserve as much heat as they can. ... but in all those years, even in the initial test run... no one noticed the cars where filling their hard-drives WAY too fast?

      This takes me back about 7 years ago in a contract involving 3 parties. Client, contractor and a sub-contractor. In a meeting, the usually incompetent IT manager employed by the client to run their data center, asks our sub-contractor "why is the database growing at a rate of 1GB per day?" The sub-contractor was clueless and we shocked. Sure, we perhaps should had noticed.... (BTW, reason for the growth: zero normalization. I kid you not, these guys had absolutely no normalized tables at all, and nearly every field indexed.)

      My point is: unexpected bursts in data storage are too easy to notice, because the first time hard drives fill up and windows (or whatever OS they use) shouts for air... well... some one will notice.

      But these are not morons... these are Google engineers... the ones that have quantified the cost of a search to the atomic level. I'm sure more than just an unnamed "rogue engineer" was very aware of this.

    • by Anonymous Coward on Saturday April 28, 2012 @07:23PM (#39834131)

      This is the new "agile"' methodology. There is no design or validation, just furious coding off a prioritized feature list and "code reviews" which amount to little more than some other programmer skimming a check-in and signing off.

      • by icebike (68054) * on Saturday April 28, 2012 @11:31PM (#39835293)

        This is the new "agile"' methodology. There is no design or validation, just furious coding off a prioritized feature list and "code reviews" which amount to little more than some other programmer skimming a check-in and signing off.

        And that s quite sufficient for an in-house tool. They were not selling street view cars, they were simply collecting their own data, which they never intended to sell.

        This is not a development system for launching rockets or writing pay checks. Its not a deliverable in a contract. Its strictly an in-house lash-up where one guy decided to exceed his mandate.

        When your manager asks you to write a quick program to find all the Ford Truck owners that Work in Building B by scanning the parking tag database, you do it the fastest way possible. You don't start with any more of a requirements statement that your boss gave you, you don't send your grep script out for a third party review, you don't run it by legal, you don't hold design meetings, and write memos, because the friggin Black Ford Ranger truck is LEAKING GAS RIGHT NOW, and the police won't tell you who owns it from its license plate number without a subpoena.

        Not every project is a big production. This whole wifi project was a pimple on street view's neck, so that google didn't have to pay Skyhook for its database. It was a cheap expedient, and it was a perfect single engineer project or at most a couple guys to kick the code around an two or three hardware guys to assemble the wifi receiver packaging.

    • by Unoriginal_Nickname (1248894) on Saturday April 28, 2012 @10:54PM (#39835149)

      Google doesn't have customers to gather requirements from. They make up random stuff that sounds okay, and then use A/B testing to see if people like it.

      Keep in mind, Google is not a software company. Popularity is not a way to choose features. Popularity is a way to sell advertisements.

  • Cool! (Score:2, Insightful)

    by marcello_dl (667940) on Saturday April 28, 2012 @06:27PM (#39833925) Homepage Journal

    The company that holds some million people email and web search and history deploys stuff controlled by on 1 one 1 engineer. But hey, it was only a few tera of data...

  • by Anonymous Coward on Saturday April 28, 2012 @06:36PM (#39833945)

    As much as I like google, I would be the first one to complain if I thought they were doing something wrong. But let's think about this:

    1. If they were capturing unencrypted packets from non-secured WiFi networks.... that would be creepy, but probably not illegal. Anyone who sets up an unencrypted network should expect that other people might use it to just listen in. Google would just be picking up information they were already broadcasting in the clear.
    2. If they were capturing encrypted packets then... they have useless data.

    And the car was moving, which means that in case 1, they may have a dozen packets each from millions of different routers. They weren't parking somewhere to capture all of someone'S data, but got lots of random garbage instead. I am sure all they were interested in was the BSSID in order to tag it to a location.

    Now, if they were trying to crack encrypted WLAN packets, then legal or not, there is something very suspicious going on - especially if they kept it secret.

  • by Local ID10T (790134) <ID10T.L.USER@gmail.com> on Saturday April 28, 2012 @06:40PM (#39833951) Homepage

    Actually, this sounds like most managers I know.

    Managers of the Street View program said they did not read the October 2006 document [written by the engineer that detailed his work].

    • by Anonymous Coward on Saturday April 28, 2012 @06:50PM (#39833995)

      That they just didn't bother to read it or that they are trying to cover their ass by feigning ignorance?

    • by war4peace (1628283) on Saturday April 28, 2012 @06:58PM (#39834023)

      Not just what some management people said, but everything in this affair is a classic case of corporate snafu. I'm seeing these things every day.
      About 18 months ago I was requested to build some Excel macro which would parse a pile of structured data from a table and generate a snapshot report based off that. Multiple people in various locations had to run that file every hour, interpret the results and take action if certain thresholds were met. Now thresholds started to be met but action was not taken, so their management asked them "so, what's up, why are you not taking action?". They said "it must be the macro because we run it every hour and it doesn't tell us that thresholds have been met". management came to me and asked me what's up, and I could tell them, because the macro contained a very simple (primitive even) log. Each time the report was run, an entry was stored in the file in a hidden spreadsheet which could be shown by pressing a button on the form and entering a very simple password (which was stored in the VBA code as a plain text string). As I was saying, primitive.
      So I asked for all the files which had been distributed to those people and checked the logs.
      Some of them had never opened the file. Some others had run the script a few times then abandoned it. All others ran it pretty irregularly, the most often run pace being once a day. Nobody ran it every hour.
      So I centralized the logs, went back to management and told them "here's what happens: your guys don't run the reports. That's how I know: I've been logging their activities.". They said "thank you" and nothing changed ever since.

      The above is an example of someone writing extra code which might prove to be illegal and nobody giving a shit, although they have been informed. As I was saying, typical corporate snafu...

      • by Anonymous Coward on Sunday April 29, 2012 @12:41PM (#39838081)

        You need to understand how Google works. It's an engineering company and, as such, a lot of the managers there are engineers. That means those guys are very good at technical tasks but most of the time have little, if any, people's skills and no clue of how to do management work.

        Many of the old timers have become untouchable so, no matter how big they screw up, someone else down the hierarchy will pay for their mistakes. Google does not understand that you delegate tasks but, as manager, it is your responsibility. A couple of good examples of this are the Real Names fiasco, which had no consequences for Vic Gundotra (he still acts like the big asshole he is) and the shutting down of Google's Atlanta office, which should have resulted in Sundar Pichai's immediate termination, yet no action has been taken to put this stupid clown in the street, where he belongs.

        --
        Looking for a software engineering position in the Atlanta area. Sundar Pichai's incompetence has resulted in me losing my job.

  • by Anonymous Coward on Saturday April 28, 2012 @06:42PM (#39833957)

    They are putting responsibility for the data gathering on a 'rogue engineer' who wrote the code for it without direction from management.

    An engineer who worked closely with the engineer in question on the project in 2007, reviewing all of the codes line by line for bugs, says he did not notice that the software was designed to capture payload data. A senior manager said he preapproved the document before it was written."

    Isn't interesting in Corporate America, when things go great, it's management's brilliance? And when things go bad, it's a rogue employee?

    I'd really like to know management's justification for their obscenely high compensation, for one thing.

    Here's another thing while I'm ranting:That's one of the big differences between managing and leading.

    Leader: it's MY fault and I'll take care of it.

    Manager: it's someone elses fault. You go take care of it.

  • OH PUHLEASSSSEEEE! (Score:4, Insightful)

    by NoNonAlphaCharsHere (2201864) on Saturday April 28, 2012 @06:43PM (#39833959)
    If I had a nickel for every time I've inserted code (especially the "I've got the data in my hand, why don't I save it somewhere" kind) "without direction from management" that I ABSOLUTELY KNEW was useful and/or going to be asked for as soon as they thought of it anyways; well, let's just say I could have retired early. Call me a "rogue".
    • by Anonymous Coward on Saturday April 28, 2012 @07:15PM (#39834099)

      I'll call you a "nethack" instead.

    • by Anonymous Coward on Sunday April 29, 2012 @01:51AM (#39835815)

      If I had a nickel for every time I've inserted code (especially the "I've got the data in my hand, why don't I save it somewhere" kind) "without direction from management" that I ABSOLUTELY KNEW was useful and/or going to be asked for as soon as they thought of it anyways; well, let's just say I could have retired early. Call me a "rogue".

      I work in the medical diagnostic device industry and I've also done the same: insert code to collect useful data on the product and its usage knowing that it was not specified or requested in the product's design but I felt it would be demanded/requested later. This has saved me tons of work in re-releasing later and earned me kudos for forward-thinking. It's a natural phenomenon for many geeks. In my cases, there have never been privacy issues. Perhaps this is similar as well?

  • Managers' Fault (Score:2, Insightful)

    by Anonymous Coward on Saturday April 28, 2012 @06:44PM (#39833965)

    The developer documented his work and sent the documentation out to others on the team (including the managers). It's the managers' jobs to make sure the developers understand the requirements correctly. In fact, the developer was working on the project in order to capture the data and study it to see if it would of use to Google.

    What are the managers doing if they aren't managing the engineers? We might have to stay late writing code, but are they staying late reading documents and getting up to speed on what everyone is doing? Isn't that their job? I'm still in school so please correct me if I'm wrong.

    • Re:Managers' Fault (Score:3, Insightful)

      by busyqth (2566075) on Saturday April 28, 2012 @06:50PM (#39833997)

      What are the managers doing if they aren't managing the engineers? We might have to stay late writing code, but are they staying late reading documents and getting up to speed on what everyone is doing? Isn't that their job? I'm still in school so please correct me if I'm wrong.

      Of course it's their job. And they probably did it.
      However, when the Federal Government comes sniffing around it's very convenient to forget that you read the document.

      • by Anonymous Coward on Saturday April 28, 2012 @07:56PM (#39834289)

        In the government contracts world, we pay about triple due to requiring that soul-crushing level of management oversight on knowledge workers. When I was in the IT world, smart people left companies that did that. This explains both Google's success and NG's miserable failure.

  • by Anonymous Coward on Saturday April 28, 2012 @06:49PM (#39833981)

    My understanding is that Google has a very flat org structure that encourages developer autonomy. There aren't a lot of managers peeking over developer's shoulders. Doesn't that encourage innovation like this?

  • by Anonymous Coward on Saturday April 28, 2012 @06:54PM (#39834011)

    This is nothing but whitewash bullshit.
    Wasn't the previous ruse that it was some unknown feature of the equipment purchased?
    I want names, charges laid, penalty imposed.
    Fuck Google.

  • by Anonymous Coward on Saturday April 28, 2012 @07:06PM (#39834057)

    That most software engineers are not really engineers. If you were working on the design for a bridge, and gave this kind of 'dog ate my homework' answer at the inquest into its collapse, you'd lose your license and never work again.

  • by Antonovich (1354565) on Saturday April 28, 2012 @07:10PM (#39834073)
    Sounds a lot like the Jérôme Kerviel fiasco... "Oh no, we had no idea what the person was doing. He may well have talked about it at length during meetings - our jobs are very complicated and we couldn't possible know what all 4 of the people we manage are doing. That would entail us taking an interest in our jobs when there are clearly far more important things to do like playing golf!".
  • by iceperson (582205) on Saturday April 28, 2012 @07:18PM (#39834107)
    I don't understand why this was legal. Had the non-encrypted wireless transmissions they captured been voice wouldn't that have been covered under current wiretapping laws? If so, why is this different? Not trying to troll, just wondering why non-encrypted wireless data communications transmitted over the air are assumed free game.

    Also, what if they were capturing encrypted communications over an open wifi signal (ie, someone browsing an HTTPS site.) Wouldn't they have still captured that data? Does it make a difference now that they are capturing encrypted packets?
  • by Hentes (2461350) on Saturday April 28, 2012 @07:19PM (#39834111)

    Instead of sacrificing a scapegoat Google should man up and tell the FCC to fuck off. Those who broadcast their personal data in every direction have no claim of privacy.

    • by Anonymous Coward on Saturday April 28, 2012 @11:09PM (#39835193)

      Replying to Hentes (2461350)--feel free to post your personal data out in the open, starting from here. After all, you'll have no claim of privacy either.

      What if you won't do it? Then you must have some sort of privacy fear.

      Your statement is part of what sets up a dangerous precident: just because someone's data ends up out in the open does not mean it is free and clear for anyone to capture and do whatever they want with it. I can find anyone's open Wi-fi network using my mobile phone that supports Wi-fi, that does not give me an automatic right to connect to it (the laws require they give me permission) and keeping any data that may be open.

    • by fluffy99 (870997) on Sunday April 29, 2012 @01:41AM (#39835793)

      Instead of sacrificing a scapegoat Google should man up and tell the FCC to fuck off. Those who broadcast their personal data in every direction have no claim of privacy.

      Except they don't. Try telling the FCC you listen in on cell calls and see if they press charges.

      • by Hentes (2461350) on Sunday April 29, 2012 @01:51PM (#39838491)

        While GSM security isn't perfect, it's far from being unencrypted either, if you want to eavesdrop on a phonecall you have to do some hacking for it. This is more like putting up a billboard in your garden with your data written on it, or phoning in into a program telling them your mother's name and then suing everyone with a radio.

  • by Anonymous Coward on Saturday April 28, 2012 @08:13PM (#39834357)
    JOIN THE GNAA!! parties). At THE you are a 5creaming
  • by Anonymous Coward on Saturday April 28, 2012 @08:26PM (#39834427)

    man that nobody sure gets around

  • by dronkert (820667) on Saturday April 28, 2012 @10:38PM (#39835073)
    "Wir haben es nicht gewusst!" (orig.: after 1945)
  • by murdocj (543661) on Saturday April 28, 2012 @10:38PM (#39835075)

    So no one else knew about it? Not the people who wrote the software to parse the data? Not the guy who had to estimate how many terabytes of disk would be required? No one?

    And for those who say "people were broadcasting their information" guess what, that still doesn't make circulating a fleet of vehicle to monitor everything OK. Google's "collect everything that isn't nailed down, apologize later" attitude was just plain wrong.

  • Moderators please note that this post has been pre-approved +5 insightful before it was written

  • by dragisha (788) <dragisha@nOsPAM.m3w.org> on Sunday April 29, 2012 @02:26AM (#39835925)

    I think we were all made to think how right measure of rogueness is what makes good Google engineer.

    Or we just didn't read full specification of what 20%, free initiative time, is allowed to be spent on?

    Like: You are allowed/obliged to spend 20% of time on projects of your choosing as long as it does not result in federal lawsuit?

    IANAL, but something like that...

  • by Anonymous Coward on Sunday April 29, 2012 @09:44AM (#39837249)

    Whenever a Japanese company gets into dark waters, they just force some lowly employee to voluntarily resign.
    If a yakuza clan orders a hit, and the police find out, they let them nick the hitman and deny all involvement.

  • by AdiBean (653963) <bean&advanceddecisions,com> on Sunday April 29, 2012 @09:45AM (#39837253)
    Let me get this straight ... the engineer in question fully documented what he (or she) was doing, and provided that documentation to management. Then there was a code review by another engineer. How, exactly, does this make him a rouge ???
  • by Anonymous Coward on Sunday April 29, 2012 @02:13PM (#39838611)

    Vicarious liability.

Real Users never know what they want, but they always know when your program doesn't deliver it.

Working...