Google Didn't Delete All Street View Wi-Fi Data 150
nk497 writes "Google is in more trouble over the Street View Wi-Fi data slurping incident. Two years ago Google admitted it had collected snippets of personal data while sniffing for Wi-Fi connections. The UK's data watchdog, the ICO, didn't fine Google, but did demand it delete the collected data. Following the FCC's investigation, the ICO double-checked with Google that the data was deleted, receiving confirmation that it had. Except... it hadn't all been deleted, Google has now admitted. That breaches the deal between the ICO and Google, and the watchdog has said it's in talks with other regulators about what to do next."
Don't be evil (Score:2, Insightful)
Sometimes.
Admitted after being caught (Score:4, Informative)
Two years ago Google admitted it had collected snippets of personal data while sniffing for Wi-Fi connections.
Yes, they admitted after being caught by the German authorities.
Re: (Score:2, Funny)
Yes, they admitted after being caught by the German authorities.
'We have ze ways of making you talk, ja?'
Re: (Score:1)
Wusch!
Re: (Score:3, Informative)
That's because there wasn't anything to "admit" to. A bunch of bozos left there wifi open and now they smell drama and are crying about it. This is pure torches and pitchfork mentality and Slashdot is falling for it hook line and sinker.
Re: (Score:2)
Yep. Google was also dumb to admit this mistake in the first place (they weren't caught, they admitted it.) Some testing code was collecting bits of traffic. If they'd just fixed the problem and deleted the data, it would have been no big deal, no harm done.
Re:Admitted after being caught (Score:5, Insightful)
This is the joke of the thing.
"Shit, we collected a lot of data that we probably shouldn't have... we better disclose that."
Headline: Google Secretly Stealing WiFi Information on Millions of People
"Well, regulators are going to want to look this over now so we better not destroy it."
Headline: Google Kept Stolen WiFi Data
"Ok, ze Germans said we're alright and to delete the data"
Headline: US Authorities Investigating Google For Destruction of Evidence in WiFi Snooping Controversy
"Shit, someone screwed up and deleted some, but not all of the data. We better disclose."
Headline: Google Faces New Street View Data Controversy
Yeah, they shoulda just kept their mouths shut. If someone spilled the beans afterwards, the response would have been, "Yeah we collected stuff by accident, it was never used anywhere, and we destroyed it." Case closed.
Re:Admitted after being caught (Score:4, Insightful)
1974 version: Yeah, Nixon shoulda just burned those tapes.
Re:Admitted after being caught (Score:4, Insightful)
I'd say there's a minor difference between someone in the highest political office in the land destroying evidence of an intentional B&E felony committed against your political rivals, and deleting useless wifi data you realize you collected accidentally.
But, you know, spin it however you like.
Re: (Score:2)
Ok, Google uses a library that picks up extra data.... not impossible. Google writes all this data to log files without noticing the excess... a little unlikely but lets go with it. Google writes parsers to pick out the info they are interested in... and doesn't notice all of the payload data???? No. No way. There were clearly people within Google who knew damn well they were picking up extra data, personal data, and Google's approach was "We're Google, we can do what we want". That's the part I obje
Re: (Score:1)
Re: (Score:1)
That's not insightful, it's naive. An accident is installing hardware to intercept communications in 1 car. Installing in every car, testing it, and deploying it worldwide is not an accident. It's not a joke. It came from the top down, not from some rogue engineer. They recorded encrypted wifi data as well. It's not hard to decrypt it later and still get the same information you need. And after the feds made a copy, they still haven't destroyed it, none of it. The data will be used on internal serve
Re: (Score:1)
Re: (Score:2, Flamebait)
Google can have what ever stupid people decide to send out in the clear.
A bunch of haters bitching about Google recording them screaming aloud in public.
Fuck them. What Google should do is put out an Ad showing the data they get just by driving around then show how easy it is and tell people "We are keeping this data just like the thieves will do."
Fucking governments telling Google they have to delete publicly available, legally attained data.
And in this instance Fuck Google for rolling over on such a stupi
Re: (Score:3)
(they weren't caught, they admitted it.)
They actually first denied it, but when German authorities despite this assurance from Google demanded to audit the collected data, Google came out and admitted it (and would have been caught in the audit anyway). This was covered many places, this is one: http://lastwatchdog.com/googles-wifi-data-harvest-draws-widening-probes/ [lastwatchdog.com]
"In April, Google admitted to German privacy regulators that vehicles specially-equipped to systematically shoot photos of street scenes for Google Maps also carried gear to collect
Re: (Score:1)
Re: (Score:2)
It's quite understandable that at some point in development they had the software grab bits of wifi data for testing purposes, that way you can be sure you're actually in broadcast range. They were mapping wifi APs with the intention of making some sort of wifi-assisted GPS substitute. They didn't just take data from the open ones.
Re: (Score:2)
If I order my employee to capture public data, and he with good or bad faith captures more than I demanded, so *I* made a mistake.
We can argue if my employee make a mistake or a felony, but it's undeniable that what I did was a mistake: I shouldn't had trusted the guy and/or I should spent some money on safeguard measures.
Re: (Score:1)
Re: (Score:2)
I don't agree with you. Google knows better then to assume open WiFi are open on purpose. They have a duty because of their knowledge but they took advantage of people who don't know better. wither they are bozos i will leave to you.
No, they don't have such duty. Neither any other company or enterprise.
We can argue about they being morally bound to do so (and I'm probably agree with you), but unfortunately, "knowing better" is government duty. It's for this reason sorely that we grant them so many power with our taxes.
Re: (Score:2)
Well, other than violating the law, yeah, Google didn't do anything wrong.
Re: (Score:1)
Re: (Score:2)
Believe or not, in some countries the Law states that if you leave your door unlocked, you had invited anyone wanting to enter in your home.
Anyway, every law should be take with a grain of salt. If breaking someone else's home is always a felony, the prison population would be consisted mainly by paramedics.
Re: (Score:3)
Recording data that was broadcast in the clear? How dare they! Next you'll be telling me that they're taking pictures of things that can be seen from the street. Scoundrels!
Re: (Score:1)
Recording data that was broadcast in the clear?
In the UK, recording air traffic control transmissions is illegal. Technically it is even illegal to listen to them.
They are transmitted in the clear on easliy-monitored frequencies.
Moral: Not everything that is broadcast is meant for your ears.
Re: (Score:2)
In the UK, recording air traffic control transmissions is illegal. Technically it is even illegal to listen to them.
Good point. the BBC broadcast signal being another good example.
Re: (Score:2)
When you are out in a public place talking to someone quietly you still have a reasonable expectation of privacy. It would be unacceptable to place hidden or directional microphones everywhere to listen to people's conversations. In fact the ICO just ruled that recording people's conversations in the back of taxis is unacceptable.
Just because you could pick something up unencrypted with suitable equipment doesn't mean it's okay.
Re: (Score:2)
What balls? [stopdesign.com]
Re: (Score:2)
1. Sources
2. Don't you have eyes in the head?
Wait... the UK? (Score:5, Interesting)
Google is being fined for collecting "public" data... in the UK. The same UK that has cameras everywhere and all sorts of invasive monitoring, line tapping, you-name-it big-brother we're-watching-you technlogy and laws in place?
I think this ICO organization needs to get their priorities straight.
Re: (Score:2)
Now just calm there, citizen. We're from the government and we're here to help! *snicker*
Re: (Score:2)
The government wants all the power for itself. It wants a monopoly or near-monopoly. And not just for spycams, but also the schools. The trains. The hospitals.....
Re: (Score:2)
They have them rightful. Their job is to protect the citizens from doubleplusungood businesses that would misuse the data. That is an unissue with the government, since the government needs to protect its citizens by knowing their actions at all times. After all, we've always been at war with Eastasia. You do trust your government, don't you, citizen?
Re: (Score:2)
At war with Eastasia? ... I'm Japanese...
Re: (Score:2)
See: http://en.wikipedia.org/wiki/Nineteen_Eighty-Four#The_War [wikipedia.org]
Re: (Score:2)
Aaah, I've never read this so that went right over my head. Thanks for clearing my confusion though.
Re: (Score:2)
Ah the US has them all over now too although most are more undetectable by eye.
Re: (Score:2)
Well I'm glad I don't live in the US either. Where I live we DO have cameras everywhere but they are mostly private security cameras. In order to get the video from the cameras the police need to have a valid reason and need to make a formal request to the manager of the cameras (and since they usually have a valid reason they are rarely turned down). So if I were to commit a crime and the police were already after me getting a video of me would be trivial, but at the same time they don't just have free acc
Re: (Score:1)
Attempting to distract the discussion (Score:1)
I love this attempt to distract the discussion. "How could Google be fined for harvesting people's personal data without their knowledge, followed by promising to delete it and then breaking that promise, in the UK where there are vague monitoring laws I won't give any specific examples of?" *instant +5*
Re: (Score:2)
First hit on Google and at first glance other than the highly topical ICO-Google issue here it's all abuses of privacy by the government: http://www.bigbrotherwatch.org.uk/ [bigbrotherwatch.org.uk] . But really, to say the UK has a government that abuses the rights to privacy of its citizens is like saying "scissors cuts paper". That you don't know it either means you are in denial or have only just now started reading news. Why there's even plenty of articles right here: http://slashdot.org/index2.pl?fhfilter=british+privacy [slashdot.org] .
Re: (Score:2)
Your "personal data" is only private until you broadcast it to the street. This is like putting up a billboard with your MAC address on it and then suing someone for looking at it.
Re:Wait... the UK? (Score:4, Interesting)
Yet I always hear the British apologists saying that so many of the cameras in London are privately owned? Which is it?
Re: (Score:2)
The wifi routers and Google's hotspot were also privately owned. In both cases we're talking about private entities intercepting EM radiation that is public, but not intended for that entity. Either both are OK or neither is OK. Allowing one and not the other is an indefensible double standard.
Re: (Score:2)
. In both cases we're talking about private entities intercepting EM radiation that is public, but not intended for that entity.
Do you mean here visible light that's detected by the cameras? Because people are more aware of their privacy in that EM spectrum.
Re: (Score:2)
Yes, that's exactly what I mean. Why should it be legal to intercept 600nM photons but not 125mM photons? It's the same damn thing.
Re: (Score:2)
This is how it works. A business wants to set up a new shop or apply for a license to sell alcohol etc. The local council and the police make it a condition that they install lots of CCTV both inside the shop and covering the street outside it. The business owners are expected to hand over video on request.
I actually helped install a system like that once.
Re: (Score:2)
So they're privately owned, but accessible to the government.
Yeah, that makes me feel all warm and fuzzy.
Re: (Score:2)
Best of both worlds right? :-(
Re: (Score:2)
THIS!
Re: (Score:2)
Wow, that totally changes the context here and completely validates the ICO action. Had I known this I would not have made the above comment. Does anyone have any links with details?
expectation of privacy (Score:5, Interesting)
This stuff was was broadcast in the clear over public airwaves. That means it has no expectation of privacy. If you want privacy, every WAP I've ever heard of provides encryption. Turn it on, and you DO have an expectation of privacy, so if Google was decrypting it, then they should be punished.
Must we design the whole world to protect the least competent people from themselves?
Re: (Score:2)
>>>Must we design the whole world to protect the least competent people from themselves?
Apparently "yes". Maybe the Congressmen who admitted the people are too dumb to rule themselves was correct. They need to be treated like children. (And I agree Google did nothing wrong if they captured data that was being "shouted" from homes without encyrption.)
Re: (Score:2)
Must we design the whole world to protect the least competent people from themselves?
Apparently "yes". Maybe the Congressmen who admitted the people are too dumb to rule themselves was correct.
And people complain about that "Idiocracy" crying of mine...
We get what we voted for. Simply like that.
Re: (Score:2)
Must we design the whole world to protect the least competent people from themselves?
It seems to work that way already, it's something called welfare state [wikipedia.org].
Re: (Score:2)
Apparently so... its already working so well with tort law...
Re: (Score:2)
This stuff was was broadcast in the clear over public airwaves.
Using this logic, if you leave the shades of your bedroom open for, say, an inch or two, I am allowed to record from the outside what is happening inside (*), and then put these recordings on the web, index them, etc. After all, those electromagnetic waves are transmitted from your bedroom, and are for everybody to see.
(*) don't worry, I won't.
Re: (Score:3)
Erm you are! Your expectation of privacy is determined by what a normal person can see on the street. If you're climbing a tree with a 400mm lens to peak in through the blinds then you're violating the expectation of privacy. Yet if someone with their iPhone can snap a recording of you from the sidewalk you've given this expectation up.
There's no black line. Most jurisdictions apply a "reasonable person" test to privacy.
Re: (Score:2)
And you don't think that a google car, filled with recording electronics is comparable to a 400mm lens?
Re: (Score:2)
Nope. From what I've read there was nothing out of the ordinary about the wifi equipment used in the car. Just an off the shelf omni direction antenna plugged into their recording computer. Now if it were setup with multiplexers, amplifiers and multiple high gain yagis to try their very best to capture even the faintest signal I would agree with you. But for the most part they didn't record any information that a passer by wouldn't have picked up on their iPhone.
One of the real problems is people don't quit
Re: (Score:2)
The issue is not at all a technical one. It is about what people expect to be reasonable.
This makes it hard to come to a good opinion of whether this is fair or not. But I think most people don't even consider the possibility of their data being used in this particular way, and therefore I think what google has done is unreasonable. If you would like to use people's behavior in a way they didn't consider themselves, then at least inform them about your plans first.
Perhaps I should give a different example.
Re: (Score:2)
Yes. I'm still not sure why a normal person would expect their conversation had out in the open to be private from someone immediately next to them. Now if they crept up with a boom mic and recorded me whispering to someone else that would again be different.
People don't seem to get it. You can not expect complete privacy in public space. The two are completely opposite. The fact that it's recorded and used in a database does not change that. It reminds me of some country which requested that people's licen
Re: (Score:2)
This stuff was was broadcast in the clear over public airwaves. That means it has no expectation of privacy. If you want privacy, every WAP I've ever heard of provides encryption. Turn it on, and you DO have an expectation of privacy, so if Google was decrypting it, then they should be punished.
Sigh.
1. Same argument applies to me saying "if you go out and don't lock your front door, I have every right to wander through your home".
2. I really fail to get Slashdot logic. Google grabs data from random people without them knowing about it or even using their services and people are clamoring to defend them. Facebook grabs data from people who sign up for an account and voluntarily hand over their data, and you want to lynch Mark Zuckerberg. How twisted is that?
3. Regarding that whole "expectation of p
Questions... (Score:4, Insightful)
I'm really not sure why this is an issue. Sure, there are situations where people have an expectation of privacy. But if you are transmitting data through the air in a public space, isn't it fair game? If you don't want people to look at it, shouldn't you encrypt?
Re: (Score:1)
Yes. In fact, the very design of the protocol specifically intends for that to be the case, and it allows for encryption when you want privacy. It's critical that we retain the right to listen to things broadcast in the clear over public airwaves. Losing that right is pure insanity and is one more step towards a police state.
Unfortunately, most people don't think about the principles involved. They judge based on whether they "like" the party that's listening (or in other cases, copying protected IP).
Re: (Score:2)
Re: (Score:3)
"There is no expectation of privacy in a public arena." - Supreme Court. "Government officials in a public setting have no claim on privacy. The citizens have a first amendment guarantee to record by audio or video capture their police and public officials in the actions of their duties." - 1st U.S. Circuit Court of Appeals
If you don't want your actions to come back and haunt you 25 years later, then don't do things in public that you will later regret. Don't post messages online with a public name. And
This is just dumb (Score:5, Insightful)
I generally think Google didn't do anything wrong in the first place. People shouldn't be complaining that publicly broadcast unencrypted data is recorded by a third party, and if Google had wanted to fight them on the legality of the issue i would have been behind them. However agreeing to delete the data in some kind of plea bargain and then not actually deleting it is a d*** move. (I'm not quite sure at this point if it's a dick move or just a dumb move, but it's definitely one of them.)
Re: (Score:2)
I'm guessing it was just a mistake.
Sounds to me like someone tasked with deleting the data must have missed a backup or metadata stored elsewhere, someone else found it later, and instead of just deleting it, legal said they should ask the IOC how they want them to delete it.
At first I wondered why they didn't just delete it without reporting them to save them the extra grief and bad press, but I guess multiple staff were already involved in the discovery and legal told them to just disclose ASAP rather tha
Re: (Score:3, Insightful)
Most people don't even realize that wireless transmissions are being recorded and associated with an address. This came as news to me. I disagree that people shouldn't be complaining.
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
>>>Most people don't even realize that wireless transmissions are being recorded and associated with an address
Then they must be fucking stupid. Anyone with sense knows if you pick-up a walkie-talkie or cordless phone and start speaking into it, then somebody else can hear what is being said with a 2nd walkie-talking or phone, and locate its source. Wifi is no different..... it is broadcasting to everyone.
Re: (Score:2)
>>>Google has no right to snoop on them. You Google shills are fucking annoying..
If some guy is standing inside his house and shouting at his wife, then you don't have to "listen" to hear it. You can pick it up just by walking by... you hear it anyway Same with radio broadcast (hence the term "broad" cast). Just as people realize if they yell the neighbors will hear it, they should also realize that broadcasting can be heard too.
Re: (Score:2)
>>>Nobody is shouting anything. Wi-fi packets are being sent by a person's laptop/phone intended to be received by the home router.
Broadcasting at 1/4 watt is the radio equivalent of shouting, which is why the neighbors (or google) can see your signal on their PC screen upto a block away. As long as you are shouting you should not be surprised that others hear it. So encrypt it.
it's a *radio broadcast* (Score:2)
Any wireless device (radio, cordless phone, cell phone, wifi, bluetooth, NFC, etc) is basically acting as a radio transmitter. Anyone that cares can listen in on the signal, capture it, and possibly decode it.
If you want to keep your data private, encryption is the only choice.
Health records/browsing history? (Score:1)
The article mentions health records and browsing history among the data. How is that possible from the street view?
Re: (Score:3)
The street view vans were basically wardriving to create a map of wifi hotspots. There was also some testing code left in that would grab bits of raw traffic. Some of that raw traffic was unencrypted, and some of that unencrypted raw traffic happened to be browsing history and health records.
Just be evil. (Score:1)
I'm kinda surprised Google admitted it did wrong. I was just as surprised Microsoft admitted it didn't install the browser choice screen on some Win7 computers. The corporation ought to keep its mouth shut. (See Don't Talk to Cops on youtube.)
Re: (Score:2)
Uh, what?
Don't talk to cops applies to individuals. When it comes to corporations in the US may also be one thing. When it comes to global corporations, that is entirely different.
Re: (Score:2)
Outside the U.S. it makes even MORE sense not to talk to cops, since they might throw the management in jail & later execute them. Other countries don't have the same legal protections we have.
Re: (Score:1)
What is the magnitude and makeup of the data? (Score:2)
Capturin
Data content (Score:2)
It seems to me that a car driving through neighborhoods and past businesses will only capture a very small amount of the traffic from some fraction of the access points which have no (or weak) encryption), and "sensitive" traffic (e.g. unencrypted logins) would be a very small fraction of that. So a fraction of a fraction of a fraction diminishes the value quickly - though I suppose they make it back on scale.
In addition to that, you have to take into account, all the people browsing sensitive information over insecure channels.
Some stupid banks, medical companies, etc. don't systematically encrypt everything over HTTPS.
And Europe is much more privacy conscious. For example Facebook didn't start enforcing HTTPS everywhere only recently. (Remember the whole Firesheep debacle ?) If Google captured unencrypted private message between users, that would also set the EU privacy laws, even if it's not "sensitive" infor
Handed over to the ICO? (Score:5, Insightful)
This makes no sense:
“In their letter to the ICO today, Google indicated that they wanted to delete the remaining data and asked for the ICO’s instructions on how to proceed. Our response, which has already been issued, makes clear that Google must supply the data to the ICO immediately, so that we can subject it to forensic analysis before deciding on the necessary course of action.
If the data is so sensitive and worrisome, why doesn't the ICO just insist that it be deleted as agreed upon? If it was ok to delete it earlier, why does it have to be handed over now?
I'd rather have my data in the hands of Google than in the hands of Google *and* some random regulatory body. Many companies have a hard time certifying data destruction with multiple redundant offsite backups and replication, and data stored in the cloud where they may not even know every place their cloud provider stores it.
Though really, why is there no outrage about the fact that plaintext email passwords (and credit card numbers or whatever other personal data they are worried about) are even able to be captured with a simple drive-by Wifi scanner? There is no reason why a Wifi router should default to an open unencrypted mode, and even if it does, there is no reason why personal data should be allowed to be sent in the clear. CPU powerh is cheap, SSL should be used to secure *all* sensitive data.
The fact that Google drove by and captured snippets of data is not the problem... they aren't going to steal your credit card number or hack into your bank account (and there is a good chance that they already host your email) - the problem is when an identify thief does the same thing.
That's a culture question (Score:2)
Furthermore you can vote a governement out. It may be hard but it is possible. Private company ? Forget it. Once in their hand it is utterly impossible to stop it spreading.
Re: (Score:2)
Furthermore you can vote a governement out. It may be hard but it is possible.
You can sometimes vote A government out but it's not clear that you can vote THIS government out. Vote fraud is rampant. Our votes don't really matter.
Re: (Score:2)
I would rather have my data in hand of governement ONLY (and anyway they almost certainly have it or can subponea it) which is beholden to keep it secure, rather than in the hand in private industry which can sell it to anybody, can be unsecure, and can just snub me if I don't want to have it spread.
"Your data" in this case is a few seconds you were transmitting in the open as a car drove by.
Re: (Score:2)
I would rather have my data in hand of governement ONLY (and anyway they almost certainly have it or can subponea it) which is beholden to keep it secure, rather than in the hand in private industry which can sell it to anybody, can be unsecure, and can just snub me if I don't want to have it spread.
But once that data is in the hands of the private company, do you want them to just hand it over to the government without so much as a warrant?
Would you feel better about Facebook privacy if they set up their systems so they could ship all of their logs and other data to the NSA without Facebook themselves being about to view it? Would you want Google (and Bing, etc) encrypt their search history logs customer emails and documents immediately in such a way that only the NSA can decrypt it and feed the data
Who cares? (Score:1)
Why are people getting their panties in a bunch for collecting information that was being broadcast publicly?
That would be like someone getting upset because something they posted on Twitter was used to deny them a job.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Fucking lie.
http://www.bbc.co.uk/news/10364073 [bbc.co.uk]
Yeah, because the FCC says they were "uncooperative" it must be true. After all, the FCC is part of the government. And the government never lies, right? Right?
http://en.wikipedia.org/wiki/Rule_of_law [wikipedia.org]
Re: (Score:1)
Re: (Score:1)
They were first investigated by the German authorities for collecting WiFi addresses (not even private data). During that investigation, they accidentally falsely stated that they did not collect private data beyond unique WiFi addresses. http://www.theregister.co.uk/2010/04/22/google_streetview_logs_wlans/ [theregister.co.uk]
Some time after that, they corrected their accidental false statement with the "admission" you're talking about. http://news.cne [cnet.com]
Re: (Score:1)
You said they "tried to hide" something.
I didn't. FCC, if anything, said they "deliberately impeded and delayed the investigation".
Re: (Score:1)
Re: (Score:2)
All of these accidents and mistakes, yet we are supposed to believe all of these actions have been unintentional. I call bullshit Google.
Why would Google admit to not deleting the data if they were intentionally trying to hide it? Wouldn't it be easier to hide their supposed illicit activity by saying "yeah, we deleted it all. Here's the pile of destroyed hard drives it used to be on. It's alllll gone now. Yessiree. Ain't no way we copied any of that data to our servers hidden in Albania before "deleting" the data."
And really, what possible use would they have for data they snooped from unencrypted wifi except for the use they've already adm
Re: (Score:2, Informative)
Lots of evidence here
http://www.googleopoly.net/Googles_Rap_Sheet.pdf [googleopoly.net]
Re: (Score:2, Interesting)
That's just it. You people are completely ignoring what actually happened. Google voluntarily alerted the authorities that they had gotten the data. The anti-Google PR machine caught wind of it and now you have this mess. The government is mad because Google refused to hand over the data. If you think it is about "protecting peoples' privacy" then you are a fool.