Forgot your password?
typodupeerror
Google Privacy United Kingdom Your Rights Online

Google Didn't Delete All Street View Wi-Fi Data 150

Posted by Soulskill
from the don't-trust-the-recycle-bin dept.
nk497 writes "Google is in more trouble over the Street View Wi-Fi data slurping incident. Two years ago Google admitted it had collected snippets of personal data while sniffing for Wi-Fi connections. The UK's data watchdog, the ICO, didn't fine Google, but did demand it delete the collected data. Following the FCC's investigation, the ICO double-checked with Google that the data was deleted, receiving confirmation that it had. Except... it hadn't all been deleted, Google has now admitted. That breaches the deal between the ICO and Google, and the watchdog has said it's in talks with other regulators about what to do next."
This discussion has been archived. No new comments can be posted.

Google Didn't Delete All Street View Wi-Fi Data

Comments Filter:
  • Don't be evil (Score:2, Insightful)

    by Anonymous Coward

    Sometimes.

  • by Anonymous Coward on Friday July 27, 2012 @01:41PM (#40793047)

    Two years ago Google admitted it had collected snippets of personal data while sniffing for Wi-Fi connections.

    Yes, they admitted after being caught by the German authorities.

    • Re: (Score:2, Funny)

      by NettiWelho (1147351)

      Yes, they admitted after being caught by the German authorities.

      'We have ze ways of making you talk, ja?'

    • Re: (Score:3, Informative)

      by Anonymous Coward

      That's because there wasn't anything to "admit" to. A bunch of bozos left there wifi open and now they smell drama and are crying about it. This is pure torches and pitchfork mentality and Slashdot is falling for it hook line and sinker.

      • Yep. Google was also dumb to admit this mistake in the first place (they weren't caught, they admitted it.) Some testing code was collecting bits of traffic. If they'd just fixed the problem and deleted the data, it would have been no big deal, no harm done.

        • by Anonymous Coward on Friday July 27, 2012 @02:31PM (#40793837)

          This is the joke of the thing.

          "Shit, we collected a lot of data that we probably shouldn't have... we better disclose that."

          Headline: Google Secretly Stealing WiFi Information on Millions of People

          "Well, regulators are going to want to look this over now so we better not destroy it."

          Headline: Google Kept Stolen WiFi Data

          "Ok, ze Germans said we're alright and to delete the data"

          Headline: US Authorities Investigating Google For Destruction of Evidence in WiFi Snooping Controversy

          "Shit, someone screwed up and deleted some, but not all of the data. We better disclose."

          Headline: Google Faces New Street View Data Controversy

          Yeah, they shoulda just kept their mouths shut. If someone spilled the beans afterwards, the response would have been, "Yeah we collected stuff by accident, it was never used anywhere, and we destroyed it." Case closed.

          • by bwintx (813768) on Friday July 27, 2012 @03:15PM (#40794509)

            Yeah, they shoulda just kept their mouths shut.

            1974 version: Yeah, Nixon shoulda just burned those tapes.

            • by Anonymous Coward on Friday July 27, 2012 @03:38PM (#40794875)

              I'd say there's a minor difference between someone in the highest political office in the land destroying evidence of an intentional B&E felony committed against your political rivals, and deleting useless wifi data you realize you collected accidentally.

              But, you know, spin it however you like.

              • by murdocj (543661)

                Ok, Google uses a library that picks up extra data.... not impossible. Google writes all this data to log files without noticing the excess... a little unlikely but lets go with it. Google writes parsers to pick out the info they are interested in... and doesn't notice all of the payload data???? No. No way. There were clearly people within Google who knew damn well they were picking up extra data, personal data, and Google's approach was "We're Google, we can do what we want". That's the part I obje

          • In other words, the media are responsible for Googles bad position since they tell the news in a certain way. You can tell a news that has a certain reaction to your viewers. It does take a certain degree of knowledge in communication but it's been done very well in the media.
          • by Anonymous Coward

            That's not insightful, it's naive. An accident is installing hardware to intercept communications in 1 car. Installing in every car, testing it, and deploying it worldwide is not an accident. It's not a joke. It came from the top down, not from some rogue engineer. They recorded encrypted wifi data as well. It's not hard to decrypt it later and still get the same information you need. And after the feds made a copy, they still haven't destroyed it, none of it. The data will be used on internal serve

          • by datsa (1951424)
            "Shit, we sent hundreds of vans all over the United States and Europe with equipment to collect data that we probably shouldn't have..." FTFY
        • Re: (Score:2, Flamebait)

          by Dishevel (1105119)

          Google can have what ever stupid people decide to send out in the clear.
          A bunch of haters bitching about Google recording them screaming aloud in public.
          Fuck them. What Google should do is put out an Ad showing the data they get just by driving around then show how easy it is and tell people "We are keeping this data just like the thieves will do."
          Fucking governments telling Google they have to delete publicly available, legally attained data.
          And in this instance Fuck Google for rolling over on such a stupi

        • (they weren't caught, they admitted it.)

          They actually first denied it, but when German authorities despite this assurance from Google demanded to audit the collected data, Google came out and admitted it (and would have been caught in the audit anyway). This was covered many places, this is one: http://lastwatchdog.com/googles-wifi-data-harvest-draws-widening-probes/ [lastwatchdog.com]

          "In April, Google admitted to German privacy regulators that vehicles specially-equipped to systematically shoot photos of street scenes for Google Maps also carried gear to collect

        • by Stan92057 (737634)
          How does one code for open WIFI connections and collect data by mistake? They were soposta just be taking pictures not look for open WIFI. It was no mistake
          • It's quite understandable that at some point in development they had the software grab bits of wifi data for testing purposes, that way you can be sure you're actually in broadcast range. They were mapping wifi APs with the intention of making some sort of wifi-assisted GPS substitute. They didn't just take data from the open ones.

          • by Lisias (447563)

            If I order my employee to capture public data, and he with good or bad faith captures more than I demanded, so *I* made a mistake.

            We can argue if my employee make a mistake or a felony, but it's undeniable that what I did was a mistake: I shouldn't had trusted the guy and/or I should spent some money on safeguard measures.
             

      • by Stan92057 (737634)
        I don't agree with you. Google knows better then to assume open WiFi are open on purpose. They have a duty because of their knowledge but they took advantage of people who don't know better. wither they are bozos i will leave to you.
        • by Lisias (447563)

          I don't agree with you. Google knows better then to assume open WiFi are open on purpose. They have a duty because of their knowledge but they took advantage of people who don't know better. wither they are bozos i will leave to you.

          No, they don't have such duty. Neither any other company or enterprise.

          We can argue about they being morally bound to do so (and I'm probably agree with you), but unfortunately, "knowing better" is government duty. It's for this reason sorely that we grant them so many power with our taxes.

      • by murdocj (543661)

        Well, other than violating the law, yeah, Google didn't do anything wrong.

      • by datsa (1951424)
        If people left their front doors open, and Google employees just walked in (because, you know, the door was open), would you be ok with that too?
        • by Lisias (447563)

          Believe or not, in some countries the Law states that if you leave your door unlocked, you had invited anyone wanting to enter in your home.

          Anyway, every law should be take with a grain of salt. If breaking someone else's home is always a felony, the prison population would be consisted mainly by paramedics.

    • by Hatta (162192)

      Recording data that was broadcast in the clear? How dare they! Next you'll be telling me that they're taking pictures of things that can be seen from the street. Scoundrels!

      • by Anonymous Coward

        Recording data that was broadcast in the clear?

        In the UK, recording air traffic control transmissions is illegal. Technically it is even illegal to listen to them.

        They are transmitted in the clear on easliy-monitored frequencies.

        Moral: Not everything that is broadcast is meant for your ears.

        • by Lisias (447563)

          In the UK, recording air traffic control transmissions is illegal. Technically it is even illegal to listen to them.

          Good point. the BBC broadcast signal being another good example.

      • by AmiMoJo (196126)

        When you are out in a public place talking to someone quietly you still have a reasonable expectation of privacy. It would be unacceptable to place hidden or directional microphones everywhere to listen to people's conversations. In fact the ICO just ruled that recording people's conversations in the back of taxis is unacceptable.

        Just because you could pick something up unencrypted with suitable equipment doesn't mean it's okay.

  • Wait... the UK? (Score:5, Interesting)

    by Kagetsuki (1620613) on Friday July 27, 2012 @01:43PM (#40793097)

    Google is being fined for collecting "public" data... in the UK. The same UK that has cameras everywhere and all sorts of invasive monitoring, line tapping, you-name-it big-brother we're-watching-you technlogy and laws in place?

    I think this ICO organization needs to get their priorities straight.

    • by Anonymous Coward

      Now just calm there, citizen. We're from the government and we're here to help! *snicker*

    • by cpu6502 (1960974)

      The government wants all the power for itself. It wants a monopoly or near-monopoly. And not just for spycams, but also the schools. The trains. The hospitals.....

    • They have them rightful. Their job is to protect the citizens from doubleplusungood businesses that would misuse the data. That is an unissue with the government, since the government needs to protect its citizens by knowing their actions at all times. After all, we've always been at war with Eastasia. You do trust your government, don't you, citizen?

    • Ah the US has them all over now too although most are more undetectable by eye.

      • Well I'm glad I don't live in the US either. Where I live we DO have cameras everywhere but they are mostly private security cameras. In order to get the video from the cameras the police need to have a valid reason and need to make a formal request to the manager of the cameras (and since they usually have a valid reason they are rarely turned down). So if I were to commit a crime and the police were already after me getting a video of me would be trivial, but at the same time they don't just have free acc

    • by anared (2599669)
      Their priorities are straight, Google is a privately owned company in another country. Those cams are in the UK, Google isnt. Data is in the UK, data isnt in the UK, but instead in another country. Not that hard to figure out, eh?
    • by Anonymous Coward

      I love this attempt to distract the discussion. "How could Google be fined for harvesting people's personal data without their knowledge, followed by promising to delete it and then breaking that promise, in the UK where there are vague monitoring laws I won't give any specific examples of?" *instant +5*

      • First hit on Google and at first glance other than the highly topical ICO-Google issue here it's all abuses of privacy by the government: http://www.bigbrotherwatch.org.uk/ [bigbrotherwatch.org.uk] . But really, to say the UK has a government that abuses the rights to privacy of its citizens is like saying "scissors cuts paper". That you don't know it either means you are in denial or have only just now started reading news. Why there's even plenty of articles right here: http://slashdot.org/index2.pl?fhfilter=british+privacy [slashdot.org] .

      • by Hentes (2461350)

        Your "personal data" is only private until you broadcast it to the street. This is like putting up a billboard with your MAC address on it and then suing someone for looking at it.

  • by Anonymous Coward on Friday July 27, 2012 @01:48PM (#40793157)

    This stuff was was broadcast in the clear over public airwaves. That means it has no expectation of privacy. If you want privacy, every WAP I've ever heard of provides encryption. Turn it on, and you DO have an expectation of privacy, so if Google was decrypting it, then they should be punished.

    Must we design the whole world to protect the least competent people from themselves?

    • by cpu6502 (1960974)

      >>>Must we design the whole world to protect the least competent people from themselves?

      Apparently "yes". Maybe the Congressmen who admitted the people are too dumb to rule themselves was correct. They need to be treated like children. (And I agree Google did nothing wrong if they captured data that was being "shouted" from homes without encyrption.)

      • by Lisias (447563)

        Must we design the whole world to protect the least competent people from themselves?

        Apparently "yes". Maybe the Congressmen who admitted the people are too dumb to rule themselves was correct.

        And people complain about that "Idiocracy" crying of mine...

        We get what we voted for. Simply like that.

    • by Anonymous Coward

      Must we design the whole world to protect the least competent people from themselves?

      It seems to work that way already, it's something called welfare state [wikipedia.org].

    • by Genda (560240)

      Apparently so... its already working so well with tort law...

    • This stuff was was broadcast in the clear over public airwaves.

      Using this logic, if you leave the shades of your bedroom open for, say, an inch or two, I am allowed to record from the outside what is happening inside (*), and then put these recordings on the web, index them, etc. After all, those electromagnetic waves are transmitted from your bedroom, and are for everybody to see.

      (*) don't worry, I won't.

      • by thegarbz (1787294)

        Erm you are! Your expectation of privacy is determined by what a normal person can see on the street. If you're climbing a tree with a 400mm lens to peak in through the blinds then you're violating the expectation of privacy. Yet if someone with their iPhone can snap a recording of you from the sidewalk you've given this expectation up.

        There's no black line. Most jurisdictions apply a "reasonable person" test to privacy.

        • And you don't think that a google car, filled with recording electronics is comparable to a 400mm lens?

          • by thegarbz (1787294)

            Nope. From what I've read there was nothing out of the ordinary about the wifi equipment used in the car. Just an off the shelf omni direction antenna plugged into their recording computer. Now if it were setup with multiplexers, amplifiers and multiple high gain yagis to try their very best to capture even the faintest signal I would agree with you. But for the most part they didn't record any information that a passer by wouldn't have picked up on their iPhone.

            One of the real problems is people don't quit

            • The issue is not at all a technical one. It is about what people expect to be reasonable.

              This makes it hard to come to a good opinion of whether this is fair or not. But I think most people don't even consider the possibility of their data being used in this particular way, and therefore I think what google has done is unreasonable. If you would like to use people's behavior in a way they didn't consider themselves, then at least inform them about your plans first.

              Perhaps I should give a different example.

              • by thegarbz (1787294)

                Yes. I'm still not sure why a normal person would expect their conversation had out in the open to be private from someone immediately next to them. Now if they crept up with a boom mic and recorded me whispering to someone else that would again be different.

                People don't seem to get it. You can not expect complete privacy in public space. The two are completely opposite. The fact that it's recorded and used in a database does not change that. It reminds me of some country which requested that people's licen

    • by kiwimate (458274)

      This stuff was was broadcast in the clear over public airwaves. That means it has no expectation of privacy. If you want privacy, every WAP I've ever heard of provides encryption. Turn it on, and you DO have an expectation of privacy, so if Google was decrypting it, then they should be punished.

      Sigh.

      1. Same argument applies to me saying "if you go out and don't lock your front door, I have every right to wander through your home".

      2. I really fail to get Slashdot logic. Google grabs data from random people without them knowing about it or even using their services and people are clamoring to defend them. Facebook grabs data from people who sign up for an account and voluntarily hand over their data, and you want to lynch Mark Zuckerberg. How twisted is that?

      3. Regarding that whole "expectation of p

  • Questions... (Score:4, Insightful)

    by Frosty Piss (770223) * on Friday July 27, 2012 @01:51PM (#40793227)

    I'm really not sure why this is an issue. Sure, there are situations where people have an expectation of privacy. But if you are transmitting data through the air in a public space, isn't it fair game? If you don't want people to look at it, shouldn't you encrypt?

    • by Anonymous Coward

      Yes. In fact, the very design of the protocol specifically intends for that to be the case, and it allows for encryption when you want privacy. It's critical that we retain the right to listen to things broadcast in the clear over public airwaves. Losing that right is pure insanity and is one more step towards a police state.

      Unfortunately, most people don't think about the principles involved. They judge based on whether they "like" the party that's listening (or in other cases, copying protected IP).

    • by houghi (78078)

      Sure, there are situations where people have an expectation of privacy.

      It depends on what you want privacy to be.
      For me being in a public place should not mean that all I do is public as well. The thing with technology is that it does not forget and it is available for everybody for ever.

      Imagine I am at a certain place at a certain time. e.g. a protest for or against something. What used to be the case was that some of my friends might know. Some police office might see me. As long as I did nothing wrong, a

      • by cpu6502 (1960974)

        "There is no expectation of privacy in a public arena." - Supreme Court. "Government officials in a public setting have no claim on privacy. The citizens have a first amendment guarantee to record by audio or video capture their police and public officials in the actions of their duties." - 1st U.S. Circuit Court of Appeals

        If you don't want your actions to come back and haunt you 25 years later, then don't do things in public that you will later regret. Don't post messages online with a public name. And

  • This is just dumb (Score:5, Insightful)

    by Daetrin (576516) on Friday July 27, 2012 @01:52PM (#40793239)
    Is there any explanation for this other than pure incompetence on Google's part?

    I generally think Google didn't do anything wrong in the first place. People shouldn't be complaining that publicly broadcast unencrypted data is recorded by a third party, and if Google had wanted to fight them on the legality of the issue i would have been behind them. However agreeing to delete the data in some kind of plea bargain and then not actually deleting it is a d*** move. (I'm not quite sure at this point if it's a dick move or just a dumb move, but it's definitely one of them.)
    • by Kelbear (870538)

      I'm guessing it was just a mistake.

      Sounds to me like someone tasked with deleting the data must have missed a backup or metadata stored elsewhere, someone else found it later, and instead of just deleting it, legal said they should ask the IOC how they want them to delete it.

      At first I wondered why they didn't just delete it without reporting them to save them the extra grief and bad press, but I guess multiple staff were already involved in the discovery and legal told them to just disclose ASAP rather tha

    • Re: (Score:3, Insightful)

      Most people don't even realize that wireless transmissions are being recorded and associated with an address. This came as news to me. I disagree that people shouldn't be complaining.

      • by Daetrin (576516)
        The correct response should be "holy crap, perhaps i shouldn't be publicly transmitting unencrypted information i don't want other people to see!" not complaining about Google collecting it for what seems to be non-nefarious purposes. You really ought to be thanking Google for cluing you in, because i guarantee the people who _are_ collecting it for nefarious purposes aren't going to tell you.
      • by cpu6502 (1960974)

        >>>Most people don't even realize that wireless transmissions are being recorded and associated with an address

        Then they must be fucking stupid. Anyone with sense knows if you pick-up a walkie-talkie or cordless phone and start speaking into it, then somebody else can hear what is being said with a 2nd walkie-talking or phone, and locate its source. Wifi is no different..... it is broadcasting to everyone.

      • Any wireless device (radio, cordless phone, cell phone, wifi, bluetooth, NFC, etc) is basically acting as a radio transmitter. Anyone that cares can listen in on the signal, capture it, and possibly decode it.

        If you want to keep your data private, encryption is the only choice.

  • The article mentions health records and browsing history among the data. How is that possible from the street view?

    • The street view vans were basically wardriving to create a map of wifi hotspots. There was also some testing code left in that would grab bits of raw traffic. Some of that raw traffic was unencrypted, and some of that unencrypted raw traffic happened to be browsing history and health records.

  • I'm kinda surprised Google admitted it did wrong. I was just as surprised Microsoft admitted it didn't install the browser choice screen on some Win7 computers. The corporation ought to keep its mouth shut. (See Don't Talk to Cops on youtube.)

    • by poetmatt (793785)

      Uh, what?

      Don't talk to cops applies to individuals. When it comes to corporations in the US may also be one thing. When it comes to global corporations, that is entirely different.

      • by cpu6502 (1960974)

        Outside the U.S. it makes even MORE sense not to talk to cops, since they might throw the management in jail & later execute them. Other countries don't have the same legal protections we have.

        • by anared (2599669)
          Like Europe that likes to make evil corporations less evil, its a big loss for them.
  • Honest question: I am curious about how much (sensitive) data they were able to capture. It seems to me that a car driving through neighborhoods and past businesses will only capture a very small amount of the traffic from some fraction of the access points which have no (or weak) encryption), and "sensitive" traffic (e.g. unencrypted logins) would be a very small fraction of that. So a fraction of a fraction of a fraction diminishes the value quickly - though I suppose they make it back on scale.

    Capturin

    • It seems to me that a car driving through neighborhoods and past businesses will only capture a very small amount of the traffic from some fraction of the access points which have no (or weak) encryption), and "sensitive" traffic (e.g. unencrypted logins) would be a very small fraction of that. So a fraction of a fraction of a fraction diminishes the value quickly - though I suppose they make it back on scale.

      In addition to that, you have to take into account, all the people browsing sensitive information over insecure channels.
      Some stupid banks, medical companies, etc. don't systematically encrypt everything over HTTPS.

      And Europe is much more privacy conscious. For example Facebook didn't start enforcing HTTPS everywhere only recently. (Remember the whole Firesheep debacle ?) If Google captured unencrypted private message between users, that would also set the EU privacy laws, even if it's not "sensitive" infor

  • by hawguy (1600213) on Friday July 27, 2012 @02:20PM (#40793671)

    This makes no sense:

    “In their letter to the ICO today, Google indicated that they wanted to delete the remaining data and asked for the ICO’s instructions on how to proceed. Our response, which has already been issued, makes clear that Google must supply the data to the ICO immediately, so that we can subject it to forensic analysis before deciding on the necessary course of action.

    If the data is so sensitive and worrisome, why doesn't the ICO just insist that it be deleted as agreed upon? If it was ok to delete it earlier, why does it have to be handed over now?

    I'd rather have my data in the hands of Google than in the hands of Google *and* some random regulatory body. Many companies have a hard time certifying data destruction with multiple redundant offsite backups and replication, and data stored in the cloud where they may not even know every place their cloud provider stores it.

    Though really, why is there no outrage about the fact that plaintext email passwords (and credit card numbers or whatever other personal data they are worried about) are even able to be captured with a simple drive-by Wifi scanner? There is no reason why a Wifi router should default to an open unencrypted mode, and even if it does, there is no reason why personal data should be allowed to be sent in the clear. CPU powerh is cheap, SSL should be used to secure *all* sensitive data.

    The fact that Google drove by and captured snippets of data is not the problem... they aren't going to steal your credit card number or hack into your bank account (and there is a good chance that they already host your email) - the problem is when an identify thief does the same thing.

    • I would rather have my data in hand of governement ONLY (and anyway they almost certainly have it or can subponea it) which is beholden to keep it secure, rather than in the hand in private industry which can sell it to anybody, can be unsecure, and can just snub me if I don't want to have it spread.

      Furthermore you can vote a governement out. It may be hard but it is possible. Private company ? Forget it. Once in their hand it is utterly impossible to stop it spreading.
      • by drinkypoo (153816)

        Furthermore you can vote a governement out. It may be hard but it is possible.

        You can sometimes vote A government out but it's not clear that you can vote THIS government out. Vote fraud is rampant. Our votes don't really matter.

      • by chispito (1870390)

        I would rather have my data in hand of governement ONLY (and anyway they almost certainly have it or can subponea it) which is beholden to keep it secure, rather than in the hand in private industry which can sell it to anybody, can be unsecure, and can just snub me if I don't want to have it spread.

        "Your data" in this case is a few seconds you were transmitting in the open as a car drove by.

      • by hawguy (1600213)

        I would rather have my data in hand of governement ONLY (and anyway they almost certainly have it or can subponea it) which is beholden to keep it secure, rather than in the hand in private industry which can sell it to anybody, can be unsecure, and can just snub me if I don't want to have it spread.

        But once that data is in the hands of the private company, do you want them to just hand it over to the government without so much as a warrant?

        Would you feel better about Facebook privacy if they set up their systems so they could ship all of their logs and other data to the NSA without Facebook themselves being about to view it? Would you want Google (and Bing, etc) encrypt their search history logs customer emails and documents immediately in such a way that only the NSA can decrypt it and feed the data

  • Why are people getting their panties in a bunch for collecting information that was being broadcast publicly?

    That would be like someone getting upset because something they posted on Twitter was used to deny them a job.

A committee is a group that keeps the minutes and loses hours. -- Milton Berle

Working...