Germany Fines Google Over Street View - But Says €145k Is Too Small 106
judgecorp writes "Germany's privacy regulator has fined Google €145,000 over its Street View cars' harvesting of private data — but the official has complained that the size of the fine is too small, because of limits to the fines regulators can impose. German data protection commissioner Johannes Caspar said the fine was too low, for 'one of the largest known data breachers ever,' saying, 'as long as privacy violations can be punished only at discount prices, enforcement of data protection law in the digital world with its high abuse potential is hardly possible.' In 2010 it emerged that Google's Street View cars captured personal data from Wi-Fi networks as well as taking pictures — since then regulators have imposed a series of fines — the largest being $7 million reportedly paid to settle a U.S. government probe."
Re: (Score:2)
By making that silly mistake Google opened the door to the whole line of Scroogled commercials and other FUD based attacks by their rivals.
The market is correcting this mistake and "imposing harsher fines" is just more ammunition for them to use on some dumb kid whose trying to sniff dirty pictures from other people's wifi connections.
The "market" would never know about this if the government agencies hadn't investigated. They could just have ignored the whole issue. In fact it was quite specifically the German authorities that brought this up by auditing the Street View system. The only possible way to do this is to have a special authority which has the right to investigate and punish. The punishments must be more than the amount that the company can expect to make.
Re:They need to shut up and get over it. (Score:4, Informative)
Google came out themselves about the issue. If anything, these years of fighting over the issue should make companies not want to disclose voluntarily.
This article from Tech Eye [techeye.net] says that it the admission was forced by a request to audit from the German authorities. Do you have a more specific time line for this?
Re: (Score:3, Informative)
Google came out themselves about the issue. If anything, these years of fighting over the issue should make companies not want to disclose voluntarily.
This is not correct, and I don't know why this re-written history keeps getting repeated on geek sites like Slashdot.
Google actually first guaranteed the German authorities that they were not collecting anything. And first after the German authorities despite this assurance still demanded a full audit of the data anyway, did Google do their disclosure (source: see link below).
This sequence of events was covered extensively in European press ( one of many sources [guardian.co.uk]), and I don't know how mostly US geek sites
Re: (Score:1)
I guess some people simply still can't accept that Google is not the white knight, but a company like any other.
Re: (Score:2)
I guess some people simply still can't accept that Google is not the white knight, but a company like any other.
That's an insult to most companies.
Re: (Score:2)
"Ok, this is hilariously bad advice. I tested his 645,000 line hosts file under linux."
But there's one benefit.
The hosts stuff is always in his posts, so you can use it to filter the asshole out.
Why? (Score:5, Insightful)
How is it a "data breach" â" or at least how is such a "breach" Google's issue when it's on the user's side? How can it be illegal to acquire signals "floating freely" through the air? Did Google "crack" anythingâ? Use any "back doors"? I'm sure we'll see a lot of "unlocked door" analogies and perhaps a "car analogy" or two, but this is a "left a Euro on the sidewalk" type deal here...
I know, Google is the new boogieman after Apple and Microsoft...
Re: (Score:2, Insightful)
Re: (Score:1)
That is the reality on AMPS and GSM.
Re:Why? (Score:5, Informative)
Mobile phone calls are encrypted. Maybe not very well, but a lock is a lock even if the door is made of cardboard. So that's different.
Re: (Score:1)
Using the same logic your mobile phone call data can be acquired freely to listen to your calls just because it's floating through the air. Why would that be a breach of privacy?
Your mobile phone call data is encrypted, so no it can't...
Re:Why? (Score:5, Insightful)
Using your same logic, your conversation with your friend across the room can be heard by any random person passing nearby, just because it's floating through the air. Why would that be a breach of privacy?
It would not be. And neither is intercepting unencrypted wifi traffic. Because you've deliberately chosen a means of communication which you know can be easily overheard.
This case is just an example of self-serving bureaucratic pandering. It makes just as much sense as the government demanding that everyone wear earplugs in public lest we overhear "private" information being shouted from the rooftops.
Re: (Score:2)
And neither is intercepting unencrypted wifi traffic.
But storing it is. And this is what this is fucking about. Well, that and lying about it. And then lying about deleting the data.
Re: (Score:1)
Re: (Score:2)
I could easily write down what you're saying while you're talking to someone.
And while you are doing it, I could kill you. So that would make it okay, right? Good we settled it then.
Re: (Score:3)
Re: (Score:2)
If you did it with multiple cars in multiple locations I think a lot of people would say WTF why are you getting a fine and not going to jail.
Re: (Score:2)
So should these guys go to jail? They mapped out half the access points in the city.
Warflying
Warflying or warstorming is an activity consisting of using an airplane and a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect Wi-Fi wireless networks. Warstorming shares similarities to Wardriving and Warwalking in all aspects except for the method of transport.
It originated in Western Australia with the WaFreeNet (WAFN) group taking up a Grumman Tiger four-seater near Perth City in 2002, as documented on the weblog of Jason Jordan
Most warflying is harmless, as most of the people will just scan for the networks, either as an experiment, or just for the pure amusement, or to map out the wireless networks in the area.[citation needed] Due to the nature of flying, it is much more difficult to attempt to access open networks while warflying.
http://en.wikipedia.org/wiki/Warflying [wikipedia.org]
Re: (Score:2)
So should these guys go to jail? They mapped out half the access points in the city.
Warflying
Warflying or warstorming is an activity consisting of using an airplane and a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect Wi-Fi wireless networks. Warstorming shares similarities to Wardriving and Warwalking in all aspects except for the method of transport.
It originated in Western Australia with the WaFreeNet (WAFN) group taking up a Grumman Tiger four-seater near Perth City in 2002, as documented on the weblog of Jason Jordan
Most warflying is harmless, as most of the people will just scan for the networks, either as an experiment, or just for the pure amusement, or to map out the wireless networks in the area.[citation needed] Due to the nature of flying, it is much more difficult to attempt to access open networks while warflying.
http://en.wikipedia.org/wiki/Warflying [wikipedia.org]
Note that they didn't store any WiFi data unrelated to SSIDs and MACs. Nor did anybody else to our knowledge. Google did. And they kept it over years. And they kept it long after they promised to delete it.
Re: (Score:2)
Depends on what you believe the purpose of the law is. If it's to provide restitution to the victims then a low value fine for a low amount harm is appropriate. If it's to discourage people from breaking the law, then it's perfectly reasonable to have the fine adapt to the wealth of the perpetrator. (See this [bbc.co.uk] for a real life example.)
Re: (Score:1)
No. It is like taking a photo from the street.
The same exact thing google already does, except with things that get information we normally can't (i.e. wee can't percieve those kind of signals with our own eyes, ears or any other part of our body that I know of). Some other being may, but we can't.
Re: (Score:2)
Your child's window appeared in streetview and you think that's dealing child porn? No wonder they didn't take you seriously the first 2 times. They probably complied if only to shut up a nutter.
Re: (Score:2)
The Medical Information Bureau has all your health history available to anyone with the $$$.
"Medical Information Bureau"? Never heard of them.
But of course, if anyone is releasing medical data on people without their permission, they are already breaking Federal Law...
Re: (Score:3)
but this is a "left a Euro on the sidewalk" type deal here...
It is not even that, since someone would have to lose a Euro for someone else to find it, and nobody "lost" anything. This is more like someone walking down the street and recording your house number. This is a classic case of manufactured outrage. [urbandictionary.com]
the general problem with fixed-size fines (Score:5, Informative)
If fines are intended as compensation, then fixed-size fines make sense. But if they're intended as a deterrent, they end up being completely ineffective for people or companies with a lot of money. A $10k fine might deter a small business, and a $100k fine will truly scare them, but for a Google-sized company those numbers are all noise, lost somewhere in the sushi budget.
If you really want to have effective deterrence, fines based on a percentage of annual income would be more effective. Some countries already do this with traffic tickets, to ensure that rich people have to care about getting a speeding ticket, rather than just laughing at the (to them) paltry amount.
Re: (Score:2)
If you really want to have effective deterrence, fines based on a percentage of annual income would be more effective. Some countries already do this with traffic tickets, to ensure that rich people have to care about getting a speeding ticket, rather than just laughing at the (to them) paltry amount.
If by some countries, you include the United States, then yes. Sure, silly infractions like 5-10 mph over the speed limit are fixed, but once you get higher, that's not always true. Take it from someone who got a fine, based on what I make, for speeding, in the United States.
Re: (Score:2)
I agree with your general point, but the fine should also take into account that there is no evidence or indication that this was done on purpose, that they did anything with the data, or that they ever intended to do anything with the data.
So now they have been fined, sued (class action lawsuits), and pilloried in pretty much every jurisdiction of the world for this.
Do you really think that is not sufficient deterrent, and why do you even need deterrent there isn't really much of an upside?
Re: (Score:3)
According to German news sources, this IS the fine for accidental collection of personal data.
Re: (Score:2)
I agree with your general point, but the fine should also take into account that there is no evidence or indication that this was done on purpose, that they did anything with the data, or that they ever intended to do anything with the data.
Yeah, nothing but the fact that a company that makes its money with collecting and storing all sorts of data did exactly that while all the other entities also linking WiFi networks to locations failed to collect and store personal data on those networks.
But that aside - after Google promised they would delete the "accidentally" collected and stored data they -errm, say- managed to forget to actually do it [slashdot.org]. Got any explanation for that?
Re: (Score:3, Interesting)
If you really want to have effective deterrence, fines based on a percentage of annual income would be more effective. Some countries already do this with traffic tickets, to ensure that rich people have to care about getting a speeding ticket, rather than just laughing at the (to them) paltry amount.
These are different situations. Someone who makes 100 times more money than I will be driving about as much as I do and should get statistically the same number of parking tickets that I do. To make us both avoid parking tickets, we should get different fines.
But a company with 100 times more employees than another will statistically do things that are wrong 100 times more often than the smaller company. so for small offenses (like one employee cheating a customer) they shouldn't be fined more. It will h
Fines (Score:5, Insightful)
Re: (Score:2)
That is a generic problem with fines and big corporations, not only something related with privacy issues. As long as fines are applied at absolute values corporations will only laugh at them and keep doing what they want. Fines should be applied at amounts proportionally to a company's value.
If one rogue employee does something wrong and the company is find 145,000 Euros, they won't be laughing. They'll fire him so he won't do it again. I think the problem here is not that they think Google should be fined more because the company is big, but Google should be fined more because they spied on an awful lot of people. Let's say a small company loses personal information of all their 1,000 customers. And eBay loses personal information of 0.01% of their customers, which happens to be also exactly 1
I Still Don't Get It (Score:4, Insightful)
Every article I see about this always wails about Google's capture of personal data from wifi networks. Are they cracking the encryption? No? So why is it their fault if people are sending their data over unencrypted links? If people don't want their data read by strangers, they shouldn't be broadcasting it into the street in the clear! I wish someone would force Google to delete all the data they took. Instantly Google Street View would cease to function, as would the Wifi triangulation location system that so many people probably don't realise they use. I bet there would be a far bigger outcry over that than the original "privacy" issues ever raised.
I'm not sure I entirely sympathise with the photo privacy issue either. They haven't put online anything I couldn't have seen myself by standing on top of a car. Or a wheelie bin. Or a bench. Or a phone box. Or a post box. We seem to have very strange ideas of what "privacy" really entails.
Re:I Still Don't Get It (Score:5, Informative)
Europe has privacy laws that regulate what kinds of databases of user data you can compile. It's not an issue of cracking encryption, but that you simply cannot collect certain kinds of information, and the information you do collect has to be used in certain ways. The goal is to keep companies like Google or Facebook from doing what amounts to surveillance of the population.
Re: (Score:2)
The goal is to keep companies like Google or Facebook from doing what amounts to surveillance of the population.
Sounds like a good idea. Can we bring that over here, and maybe make it apply to governments as well?
Re:I Still Don't Get It (Score:5, Insightful)
The problem is that, IIRC, Google was essentially driving around with a wifi adapter set to "sniff" in order to gather SSID beacons, to compile a geolocation-by-SSID database. In the process, they also grabbed a bunch of unencrypted data.
Its essentially as if they had driven around New York with an off-the-shelf recorder grabbing "sounds of the city" for some research project, and managed to pick up a bunch of people discussing their social security number on their cellphones. Technically youre not supposed to do that, but the problem is that people were discussing sensitive details in public.
Google definately should have taken better precautions, but this isnt them being bad guys (what on earth do they want with random people's network captures? Problems of of "too much noise", "not useful", and "its illegal, to boot" apply here); its an issue of simply not thinking things through. I cant imagine what motivation people are assuming Google might have had when they assume this was an intentional action of an evil corporation; do you suppose Google has infrastructure set up to analyze and use illicit network dumps to somehow generate ad revenue?
Re: (Score:2)
Ironically, private companies like Google aren't allowed to listen, but the government can listen all they want without a warrant. Quite the opposite of what the Constitution states...
Re: (Score:2)
"The goal is to keep companies like Google or Facebook from doing what amounts to surveillance of the population."
European governments prefer to do that sort of thing themselves. They get so jealous.
But in all seriousness, it's a pretty stupid law if the intent is to prevent gathering information. The allegedly private information that those people broadcast to the entire neighborhood via unencrypted wifi is still being broadcast and presumably is still unencrypted. Sure, the courageous privacy police may h
Re: (Score:2)
Banning widespread surveillance doesn't require banning every instance of someone looking out their window. There is a qualitative difference between looking out your window, and (to take the opposite extreme, not yet reached) flying 10,000 drones around the city constantly recording video.
Also: permitting corporate surveillance implies government surveillance, because the government can just buy data from companies. If you want to protect any semblance of a non-surveillance state, both governmental and pri
Re: (Score:2)
This is a really interesting and good point. I wonder if Google could get much of the same desired result by offering a bounty on images/video/wifi to people with Google+ and Android phones. They could offer the legal protection of Google's legal team to each person who captures a legitimate data area. If this kind of event came up, Google's legal team could handle it in stride and there'd be no profit to be had by attacking the big bad Google.
Who'd be foolish to do that you might ask? Millions and millions
Re: (Score:2)
You aren't trying to capture a street view of every residence on the planet and publish it on a web site where every anti social human can study it for reasons to firebomb your home.
As far as the wardriving it really is a just stupid thing to do. In the US that sort of activity is probably a felony. Not sure why some enterprising DA (Carmen are you listening?) hasn't filed charges.
Re: (Score:1)
Anyone who is dedicated enough to want to firebomb a house is also dedicated to drive by it themselves.
It's not like there is anyone out there going, "Gosh I want to firebomb Steve but I don't have a picture of his front yard, and I can't be bothered to drive by his place myself."
Re: (Score:2)
LOL, fine be a jerk. I wasn't astro-turfing. Honestly, I'm not a fan of MS's products.
It's just kind of a weird world: where renting/leasing out flippin' airplanes to take pictures of neighborhoods... is somehow less of a legal-nightmare and invasion of privacy than a car with a panoramic camera. There was a time when people feared "black helicopters" invading their rights and such more than people in cars.
Hey, some guy driving the car made a mistake going where he/she shouldn't... some private road, som
Re: (Score:2)
Hey, some guy driving the car made a mistake going where he/she shouldn't... some private road, some really long driveway that looked like a continuation of the road, etc. It was a mistake by a poor guy that probably got fired / reprimanded for his goof, not some company trying to be evil. Now the whole WiFi thing... meh. Haven't been following up on it.
What I've seen is the groupthink shift from "if the signals are floating through the air it's OK to intercept them while I look for free wifizzz" to "google collecting all this information must be eeeevil!" It's OK if people do it, but not OK if google does it, apparently.
There's some merit to the idea, because google is in a much better position to abuse information. But on the other hand, is your network secure or isn't it?
How big of a fine for Google to notice? (Score:2)
In the time it took me to type this message, Google earned $1.54 million.
How much do you fine them before it's a rounding error that they fail to notice?
Re: (Score:1)
Why were they only capturing the start of frames? (Score:2)
The data that was collected consisted of only the beginnings of packets, by an antenna that randomly switched between many different frequencies.
If Google was really trying to collect personal data, why didn't they collect entire packets on all the frequencies? They certainly have the resources to do it right.
Fines smaller than profits cost of doing business (Score:2)
Short of criminal penalties (even a couple days in jail), paying any amount less than the profits is just a cost of doing business.
The fines should be "profits from the illegal activity" plus a reasonable punitive fine on top.
Too much for doing nothing wrong! (Score:1)
It's not like they are hacking into networks--these are *unsecured* wi-fis.
separation of powers (Score:1)
Regulators (and judges) should not complain or make comments about the law, as much as law makers should not comment on how it is applied. If the limit was set (purportedly) low by the law maker, the regulator has to apply it and shut up. If they want to make laws get elected first.