Google's Punishment? Lecture Those They Snooped On 252
theodp writes "When Aaron Swartz tapped into MIT's network and scooped up data from one non-profit company, the U.S. Attorney threatened him with 35 years in prison and a $1 million fine. So what kind of jail time did 38 Attorneys General threaten Google with for using its Street View cars to scoop up passwords, e-mail and other personal information by tapping into the networks of their states' unsuspecting citizens? None. In agreeing to settle the case, the NY Times reports, Google is required to police its own employees on privacy issues, lecture the public on how to fend off privacy violations like the one Google perpetrated, and forfeit about 20% of one day's net income. Given the chance, one imagines that Aaron Swartz would have happily jumped at a comparable deal."
The fine being $7 million. At least EPIC isn't as cynical and thinks the outcome was positive.
Re:Seriously now... (Score:4, Interesting)
The whole Google fiasco was a non-story IMHO. Sure, data was collected and it arguably shouldn't have been.
Google had its hands slapped and has to pay a fine and suffer the negative publicity. Can we move on now?
What about responsibility? (Score:4, Interesting)
Where the comparison is breaking down: It was apparently one guy in the Aaron Swartz household, and one guy in the Google company, who thought it was a good idea to get data that they shouldn't have (although in the Google case, many people ended up collection data that they shouldn't have). If you have a company with 10,000 employees, and one employee costs you 20% of a days profit, that multiplied by 10,000 would be 5000 days profit, which is a lot. (But then again, it _was_ more than one employee collecting data because one guy wrote the code).
Godwin (Score:4, Interesting)
The Aaron Swartz Story is quickly becoming some new kind of Godwin's Law.
Yes, it was a horrible tragedy that everyone involved probably wishes they could do over again. No, it has nothing to do with this case.
Re:Seriously now... (Score:2, Interesting)
It's grey. When the law involves humans, perception is part of the law.
Technically an unsecured router is broadcasting unencrypted data on unlicensed frequencies for which receivers are ubiquitously available.
Humans think of their Wifi connections like wireless "modem calls" and have some expectation of that kind of privacy (not saying it's rational, but they do).
This is much like voyeurism, if your neighbours are setting up a telescope to watch you in the shower they are the voyeurs, if they aren't but you leave the window open, you are a flasher. The same events occur, them seeing you naked, and which party is responsible and whether it's a crime is all about perception, circumstance and intent.
Personally, I don't like the kind of porn any of my neighbors are downloading, so I fetch my own.
Re:Seriously now... (Score:3, Interesting)
What Google did was unauthorized access to a computer system. You know, computers communicate with each other, the network is as much part of the system as the CPU is. What they did is in fact illegal in many places where they did it. The prosecutors know better than stand up to someone with such deep pockets, though. No, it wasn't like BP -- people understand so little about IT that the public outcry wasn't enough to cover possible fallout from messing with a legal department that got more dough than your entire state's (and subdivisions thereof) legal departments, all combined.
Re:Seriously now... (Score:4, Interesting)
Nope. The SSID database is not all that they did. They sniffed the data packets as well. As in: they got the MACs of the machines of the network, even hardwired machines, they also logged the contents of all the IP traffic, mDNS names, NMB names, etc.
Re:Seriously now... (Score:3, Interesting)
I'll assume the submitter knew nothing about the Google situation in this case, or should I think it's just a bad troll?
You, sir, are the troll. I am not.
Assuming you're the one who wrote the submission, yes actually you are.
You're comparing sniffing passwords from open, unsecured access points (which is arguably not even 'naughty' to start with) to a directed break-in of a computer system you were told, and signed an agreement, to not enter into. But since "Down with the Evil Corporation, Up with the Lone Renegade!" stories get a lot of page hits, they went ahead and pushed it to the front page.
Sniffing open unsecured access point is most certainly naughty. It's basically like being a peeping Tom. Whether it deserves legal action and to what extent is debatable. But the "They were asking for it" argument also doesn't hold water.
Re:Seriously now... (Score:5, Interesting)
Actually, the other way around. Google's 'punishment' was appropriate. The question is "why do you have to be a large corporation to be treated justly?".
It also reflects poorly on justice in the U.S. If they REALLY believed this sort of thing called for harsh penalties (right or wrong), they would be champing at the bit to throw the book at Google.
Re:Seriously now... (Score:4, Interesting)
Do you know how those systems work at all? Let me give you na overview.
System A: Sends out broadcast saying "hey, here i am!"
System B: "I see you, can I connect?"\
System A:" can do the following: 1-"sure come on in!" 2-"Sure, just give me a password"
In these cases, System a chose 1 - "Come on in!"
Yes, it gets a lot more detailed, especially on the authorization side, but that doesn't matted becasue these system didn't ask for authorization.
And, in fact, it many places, what they did was not illegal. I would hard pressed to find a place where the scenro is illegal.
Now if they were using an attack to gather the password, or get around a password that's a different story.
". You know, computers communicate with each other,"
yes, and in this scenario the communication included 'Come on in!'