Forgot your password?
typodupeerror
Google Government Privacy Your Rights Online

Google's Punishment? Lecture Those They Snooped On 252

Posted by Unknown Lamer
from the sounds-about-right dept.
theodp writes "When Aaron Swartz tapped into MIT's network and scooped up data from one non-profit company, the U.S. Attorney threatened him with 35 years in prison and a $1 million fine. So what kind of jail time did 38 Attorneys General threaten Google with for using its Street View cars to scoop up passwords, e-mail and other personal information by tapping into the networks of their states' unsuspecting citizens? None. In agreeing to settle the case, the NY Times reports, Google is required to police its own employees on privacy issues, lecture the public on how to fend off privacy violations like the one Google perpetrated, and forfeit about 20% of one day's net income. Given the chance, one imagines that Aaron Swartz would have happily jumped at a comparable deal." The fine being $7 million. At least EPIC isn't as cynical and thinks the outcome was positive.
This discussion has been archived. No new comments can be posted.

Google's Punishment? Lecture Those They Snooped On

Comments Filter:
  • Seriously now... (Score:5, Insightful)

    by Cali Thalen (627449) on Wednesday March 13, 2013 @12:34PM (#43160605) Homepage

    I'm going to submit this submission for the best example of 'comparing apples to oranges'.

    I'll assume the submitter knew nothing about the Google situation in this case, or should I think it's just a bad troll?

    • Re:Seriously now... (Score:4, Interesting)

      by Custard Horse (1527495) on Wednesday March 13, 2013 @12:37PM (#43160645)

      The whole Google fiasco was a non-story IMHO. Sure, data was collected and it arguably shouldn't have been.

      Google had its hands slapped and has to pay a fine and suffer the negative publicity. Can we move on now?

    • by Anonymous Coward on Wednesday March 13, 2013 @12:46PM (#43160743)

      Seriously...

      - This was a settlement, not what the attorney generals asked for. In Germany, regulators didn't even find anything to press charges with.
      - Also, just a little triviality here, but Google didn't actually violate any laws right?
      - The accusation against Google here is one employee was not supervised properly, not deliberate privacy invasion. Or do we want people to throw the book at this one employee? People here believe in what Aaron Swartz was doing, but it was still willful violation of the law. Pretty darn different.

      One person got screwed by the law. Therefore we should throw the book at everyone!

      • Re:Seriously now... (Score:5, Interesting)

        by sjames (1099) on Wednesday March 13, 2013 @02:03PM (#43161683) Homepage

        Actually, the other way around. Google's 'punishment' was appropriate. The question is "why do you have to be a large corporation to be treated justly?".

        It also reflects poorly on justice in the U.S. If they REALLY believed this sort of thing called for harsh penalties (right or wrong), they would be champing at the bit to throw the book at Google.

    • by Anonymous Coward on Wednesday March 13, 2013 @01:02PM (#43160961)

      I'm going to submit this submission for the best example of 'comparing apples to oranges'.

      I'll assume the submitter knew nothing about the Google situation in this case, or should I think it's just a bad troll?

      Google was collecting random, unencrypted, broadcast data as they plotted wi-fi access point coordinates for building a geolocation database. There was no intent to collect passwords or any other sensitive information, and intent is a huge component of criminality. So yes, this submission is a pretty massive troll. Google was eavesdropping at a party and possibly writing down more than they should have been, and Swartz was tapping phone lines during private conversations and recording all the audio with intent to distribute. Not even remotely close, unless one is blinded by troll-dom. But alas, this is slashdot, so every article must include a "sigh, if only Aaron were alive to see this..."

      Anon because you trolls are a bunch of touchy little motherfuckers.

      • by PRMan (959735)
        Actually, Aaron Schwartz was doing the equivalent of rebroadcasting CSPAN.
    • by gmuslera (3436)

      Is different reading what routers are publishing in the open air than a fully political prosecution [slashdot.org]. Google isn't, and is not treated as an enemy of the state, and is an US company after all (Samsung, as is not, had pay 1 Billon [nytimes.com] over for selling rectangular devices).

      Anyway, is not as bad as banks [rollingstone.com]

    • So Aaron Swartz did not get fairly treated by the justice system. THIS DOES NOT IMPLY THAT EVERYONE ELSE SHOULD GET THE SAME TREATMENT. The justice system is what needs to change.
  • by Hentes (2461350) on Wednesday March 13, 2013 @12:42PM (#43160711)

    you shouldn't have any expectations of privacy.

    • Re: (Score:2, Insightful)

      by Etherwalk (681268)

      you shouldn't have any expectations of privacy.

      How many unencrypted telephones are there in the world?

      • by Hentes (2461350)

        GSM does use a form of encryption, although not a strong one. Which is one of the reasons I don't like to discuss sensitive topics on the phone.

        • Really, because GSM has bad encryption? I'm sure no one is close to you and listening to your signal.

          Regardless of the encryption used, the telco has the key and just forwards the police unencrypted audio.

      • Those phones are generally on a point-to-point medium. Thats not the same as shouting private info to your SO through a megaphone, and then getting upset when the neighbors hear it.

      • by sjames (1099)

        Practically every cordless phone in existence.

    • by fermion (181285) on Wednesday March 13, 2013 @01:15PM (#43161137) Homepage Journal
      The point is if a private citizen or smaller company had done what data did, which is to collect this 'public' information, and in some form potentially put it to use, which we have no evidence google did not do, the feds might have worked harder at finding a punishment. There is a bit of unequal justice going on.

      Here is a couple of further examples. HSBC almost certainly laundered terrorist money. They were fined 1.9 billion dollars. That is like 1% of market cap. OTOH, a few years ago the leaders of Holy Land Foundation for Relief and Development were put in jail for a long time and had to forfeit most of their money, the prosecutor saying money is the lifeblood of terrorist organization. By this logic HSBC is responsible of countless murders of US citizens, yet they get off pretty much scott free.

      Allegiance to a dominant group is also beneficial. Eric Rudolph committed a terrorist act by bombing the olympics and other premeditated and unprovoked murders. He was a fugitive for five years. He was arrested, did not turn himself in. One might think he would be charged as a terrorist, but because he was a major element in the Christian Movement, he was merely give consecutive life sentence,which allows him to spew his hate of persons who do not agree with him. OTOH, on of the beltway snipers who were not so politically motivated and were not kept hidden and supported by the Christian terrorist movement, were put to death.

      Powerful friends, and good lawyers, will tend to minimize the consequences of your actions.

  • by gnasher719 (869701) on Wednesday March 13, 2013 @12:47PM (#43160755)
    People should take responsibility for their actions. Companies are considered persons, so they need to take responsibility for their actions as well. So far the posters here deny that principle.

    Where the comparison is breaking down: It was apparently one guy in the Aaron Swartz household, and one guy in the Google company, who thought it was a good idea to get data that they shouldn't have (although in the Google case, many people ended up collection data that they shouldn't have). If you have a company with 10,000 employees, and one employee costs you 20% of a days profit, that multiplied by 10,000 would be 5000 days profit, which is a lot. (But then again, it _was_ more than one employee collecting data because one guy wrote the code).
    • by gbjbaanb (229885)

      yeah the comparison breaks down pretty quickly.. Aaron deliberately hacked into things he shouldn't have gone near.

      Google wandered around just receiving network data from open, broadcasting, wifi sites. Ostensibly so they coudl build up a map of places with free, open wifi like Starbucks or McDonalds et al. Unfortunately, lots of silly people also had open wifi nodes and the google cars simply couldn't tell that these weren't free wifi hotspots or not (could you?)

      so Google gets a slap and a bit of a fine, p

  • oh no (Score:5, Insightful)

    by clark0r (925569) on Wednesday March 13, 2013 @12:47PM (#43160759) Homepage
    Oh god! This is a terrible post. It's like comparing apples and oranges. These are two totally different cases... Slashdot, you are quickly becoming the worst tech news site on the Internet :(
  • Fines are intended to punish so the total isn't as significant as the amount relative to the means of the fined.
  • by rjmx (233228) on Wednesday March 13, 2013 @12:48PM (#43160773)

    Google's "punishment" seems to me to be about right for the seriousness of the "crime". Swartz's was not. In fact, the penalty Swartz was threatened with was the actual result of "lobbying fees and campaign contributions" (by the MAFIAA and its ilk).

    • Yes, Google was clearly guilty of the crime of writing down what people are yelling into a bullhorn for all to hear.

    • by geekoid (135745)

      No, what he was threatened with was the result of MIT. MIT wouldn't accept a short, zero, term sentence deal.

      This had nothing to do with the **AA

  • by geekoid (135745) <(dadinportland) (at) (yahoo.com)> on Wednesday March 13, 2013 @12:49PM (#43160783) Homepage Journal

    the AG offered a deal for zero (0) prison time, MIT refused to accept it.

    How many people computer rooms did Google break into? none.
    How many people system did they hook an unauthorized computer to? none.
    How many systems did they put unauthorized software on? None.

    These two case aren't remotely the same.

    • by tibit (1762298)

      If you sniff packets, you are getting unauthorized access to a computer system. Heck, two computer systems - the endpoints of the conversation. Remember that the network is an essential part of the system.

      • but personally I think that anything being broadcast over a radio transmitter in the clear is fair game to receive, and shouldn't even count as "sniffing".

        Next you're going to say I'm committing a crime by overhearing the conversation of the people sitting at the next table in a restaurant.

    • by sjames (1099)

      It wasn't up to MIT to accept or not.

      If you mean Swartz, they offered to recommend zero prison time (except for time served of course) but couldn't assure it. He would also have had to accept a felony conviction on his record and the associated loss of rights.

  • no tapping (Score:5, Insightful)

    by Anonymous Coward on Wednesday March 13, 2013 @12:50PM (#43160787)

    Sigh. Google didn't "tap into the networks". They simply recorded packets being broadcast from open wifi points, for the purpose of logging the SIDs. A side-effect of recording the packets was that if they happened to contain fragments of plaint-text communication, they could in theory have logged passwords etc. This was the fault of the developer who had been tasked with writing software to log SIDs. When Google realised that more than that had been logged, they themselves reported it to the authorities.

    Bad analogy time: a national birdwatching society has a project to record birdsong in the urban streets of the country. They also end up recording the "private" arguments of couples who are shouting at each other indoors, but with the window on the street side of the house left open.

  • Godwin (Score:4, Interesting)

    by Ieshan (409693) <ieshan @ g m ail.com> on Wednesday March 13, 2013 @12:50PM (#43160791) Homepage Journal

    The Aaron Swartz Story is quickly becoming some new kind of Godwin's Law.

    Yes, it was a horrible tragedy that everyone involved probably wishes they could do over again. No, it has nothing to do with this case.

    • Yes, it was a horrible tragedy that everyone involved probably wishes they could do over again.

      Well, except the involved people that have repeatedly said they did exactly the right thing and would do the same thing again in the same circumstances, sure.

    • by sjames (1099)

      Actually, the prosecution is unrepentant.

  • ...with prison?

    They could have gone after the individual employees with threats of criminal prosecution (no, the "corporate veil" would not protect them) but that would not have gotten them any money.

    • They could have gone after the individual employees with threats of criminal prosecution (no, the "corporate veil" would not protect them) but that would not have gotten them any money.

      Nor would it have been likely to produce criminal convictions, since recording unencrypted broadcasts that may happen to contain, e.g., passwords is not a crime.

  • What happened was that after Swartz committed suicide, they US got worried that maybe Google might do the same thing so they backed off.
    Yeah, that's the ticket fer sure ;-).

    The real problem is that corporations have "no bodies to kick, no souls to damn" as someone eloquently said quite a long time ago.
  • by BitZtream (692029) on Wednesday March 13, 2013 @01:00PM (#43160935)

    Clearly, collecting data that people broadcast openly into the street as if they were yelling at the top of their lungs in the middle of a crowded arena is actually exactly taking the steps required to visit a website, find a loophole, exploit and download data.

    I'm not saying Swartz deserved 35 years in jail (and he wouldn't have gotten that anyway), but to pretend willfully stealing data is the same as overhearing it and recording that ... well that just make you look fucking stupid.

    Google's mistake is that they were honest about it what they did by accident. It isn't even actually illegal to do it intentionally contrary to popular belief in most places, regardless of what this court case makes you think. The should have just kept their mouths shut. People who understand the technology don't care about what people did. The only people that care are the ones that heard Google say 'yea, we shouldn't have done that' and then they look for reasons to tear Google apart.

    Swartz on the other hand took direct action to steal data for the express purpose of stealing the data. It wasn't an accident, it was intentional. That changes the punishment in and of itself from both a moral and a legal perspective. Swartz sounds (if you think you know the truth about the Swartz case, you're just ignorant) like he probably wasn't doing anything actually wrong either from a moral perspective, but from a legal one there is no question that he violated the most basic federal computer crimes law. Unauthorized access to any computer system is illegal, period, no ifs ands or buts about it. The only exception to that is if the 'access' wasn't your choice and was forced on you, such as say the perfect example ... wifi signals broadcast at you. It is not legal to steal someones data and then say 'look, I stole some of your data, fix it!'

    Slashdotters may think this is the moral high ground, but it isn't. What if he'd stolen say ... a confidential database of aids patients in the area ... and then someone stole it from him or he lost his laptop ... and now that aids patient database becomes public ... Would you still be so fucking stupid as to think it was OK for him to steal data he never had any rights too in any way? What if you were in that database? What if your child, who got aids through some shitty accident like the utrarare blood transfusion instances (rare now days anyway) and suddenly he can't go to school anymore because everyone is afraid of the little kid with HIV so your kid gets isolated from everyone and can't go to school ... would it still be OK for Swartz to have stolen the data?

    Swartz was unstable and depressed, stop pretending that he was an angel that was trying to protect us from the evil bad code and data leaks.

    Google accidently stored and didn't immediately throw packets that BY DEFINITION THEY CAN NOT IGNORE and you act like its the same thing as intentional data theft.

    Let me give you a hint, your wifi adapter ... right now ... is listening in on EVERY FREAKING SSID ON YOUR CHANNEL AND PROBABLY THE ONES NEXT TO IT AS WELL. If you have a wifi card the difference between you and Google is that Google wrote down what you threw out.

    Google is not evil and Swartz wasn't your fucking hero, grow up.

  • From the New York Times article, "The applause was not universal, however. Consumer Watchdog, another privacy monitor and frequent Google critic, said that “asking Google to educate consumers about privacy is like asking the fox to teach the chickens how to ensure the security of their coop.”"
    • by geekoid (135745)

      Stupid. Google has done many things to make people aware of privacy issues, and to even make ways to complete get off their systems.

      Google history shows that it is well behaved in this area.

  • Their name /is/ "Google".

  • by GodInHell (258915) on Wednesday March 13, 2013 @01:12PM (#43161083) Homepage
    Google grabbed (small bites of) data out of the air that had been broadcast on unencrypted channels, in the process of collecting potentially useful information about networks broadcasting their SSIDs. When confronted by authorities Google investigated the allegations, found them to be true, and cooperated in isolating and destroying the data collected.

    Aaron Schwartz entered onto MIT's property, hiding a laptop under a box, for the express purpose of downloading specific documents which he knew to be offered under a restricted license. When MIT added security measures to stop Mr. Schwartz, he updated his program to adapt to and circumvent the new methods and continued his (admittedly illegal) downloading. When approached by uniformed police, Mr. Schwarz ran in an attempt to avoid arrest.

    Google was offered a penalty a several millions dollars (20% of own days income) and to commit its employee time to . . . what is essentially community service. Google accepted. Google was probably threatened with steeper penalties, but we won't ever know that, because Google did not try to use the press as a weapon against investigators.

    Mr. Schwarz was offered a light sentence of a few months in prison, but refused because he didn't want to be branded a Felon. He was threatened with up to 35 years in prison and a fine of $1 Million dollars. Mr. Schwarz wanted to bring public pressure to bear to force the government not to hold him accountable for his actions, so he made public every offer and threat made by the prosecutors.

    Let us compare this to a third group - the civil rights marchers of the 1960s in Selma. There, a group of citizens gathered on the public way and attempted to commit a completely legal act -- walking to their state capital together. The police ordered the crowd to disperse, and then began beating them with clubs, releasing attack dogs on them, and attacking them with water cannons. Many were hospitalized. John Lewis, the march organizer, was beaten with a club - receiving an injury to the head that caused his skull to fracture, then placed in jail and charged with a nuisance offense. This day has been named "bloody Sunday" because of the breadth and severity of the injuries inflicted by the police on law abiding citizens.

    See the differences?
    • Google grabbed (small bites of) data out of the air that had been broadcast on unencrypted channels, in the process of collecting potentially useful information about networks broadcasting their SSIDs. When confronted by authorities Google investigated the allegations, found them to be true, and cooperated in isolating and destroying the data collected.

      Google grabbed _intentionally_. Someone thought it was a good idea to do this and wrote the code to achieve it. Next, Google did not cooperate. That's part of what the fine is for. They were supposed to delete everything and didn't.

      • by PRMan (959735)

        Google's programmer grabbed an open source module. He wasn't aware of the extent of the logging, which included the full packets captured, which included usernames and passwords in some cases.

        Aaron Schwartz knew that accessing the public domain works in the manner he was made people unhappy. But he was not technically stealing or violating the policies. They offered him unlimited and then capped him.

  • Tired of This Case (Score:5, Insightful)

    by organgtool (966989) on Wednesday March 13, 2013 @01:13PM (#43161107)
    I am so sick of hearing how evil Google was for recording information that other people forcefully put out into public airwaves. I know there are going to be plenty of bad analogies, so let me attempt to preempt them with a good analogy. If you go through the effort of acquiring a bullhorn to communicate with other members in your household and then proceed to pollute public airwaves with your personal information using this bullhorn, you have absolutely zero expectations of privacy. It really is as simple as that. If you don't like this, then you have many options: takes 30 seconds to set up a damn password, use https connections when possible, or use a wired connection! Once you put something out there, you can't take it back, so exercise some damn personal responsibility if you hold any expectations of privacy.
  • The situation that is playing out was anticipated by many: The politically powerful have their proprietary information protected, because they can make government do it for them. Everyone else has no privacy.

    Individual end-users don't have the ability to protect themselves. Most have no idea of encryption, much less what data is accessible to someone scanning Wifi frequencies (most people couldn't even tell you what a "frequency" is!). Even if they had the knowledge, they have limited time and resources. Th

    • by Todd Knarr (15451)

      Individual end-users don't have the ability to protect themselves. Most have no idea of encryption, much less what data is accessible to someone scanning Wifi frequencies (most people couldn't even tell you what a "frequency" is!). Even if they had the knowledge, they have limited time and resources.

      End users have plenty of ability to protect themselves. You don't have to know how encryption works to set a password in your router and switch encryption on. The manuals walk you through all the steps. They eve

    • by PRMan (959735)
      It's not at all hard to believe if you read about how the developer did his work with an open source module that he was unaware was logging to that extent. He grabbed what he needed and threw the rest away but didn't know the logs kept it all because he really didn't pay enough attention to that feature of the module.
  • It is almost an anthithesis to the word "justice". Consequences (punishment) depend only on two things: 1) who you are 2) whose fingers did you stomp on. Actual damages does not matter much (if at all).

    If you're a big bank, corporation or some awfully rich individual with political connections, you propably get away with anything (be it drug money laundering, like HSBC, scamming an awful lot of people like in fraudclosure fiasco or stealing private e-mails and passwords en masse, like Google). If you're an

    • by geekoid (135745)

      It's not rigged in that you scenario doesn't really happen.

      "r stealing private e-mails and passwords en masse, like Google"
      asking for something from someone, and then they give it to you isn't stealing.

      Dotcom committed crimes.

  • Give a man a fish ... or teach him how to fish.

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

Working...