Google Found Guilty of Australian Privacy Breach 105
schliz writes "The Australian Privacy Commissioner has found Google guilty of breaching the country's Privacy Act when it collected unsecured WiFi payload data with its Street View vehicles. While the Commissioner could not penalize the company, Google agreed to publish an apology on its Australian blog, and work more closely with her during the next three years. Globally, Google is said to have collected some 600 GB of data transmitted over public WiFi networks. In May, the company put its high-definition Australian Street View plans on hold to audit its processes."
Mind Block (Score:5, Insightful)
Private? (Score:3, Interesting)
I agree to a point. If you don't secure your connection and get sniffed, it is your fault.
The fact that Google snooped it does not make their actions any better. If they had snooped and only picked up SSID and Mac addresses, then that is one thing.
This may have served an important purpose, it woke people up about security on WIFI connections.
Re:Private? (Score:5, Insightful)
Re:Private? (Score:4, Insightful)
It's the equivalent of google putting a tape recorder in a public park in order to record bird songs and then some people happen to walk by talking about how they like to take it up the butt.
No, it's the equivalent of them driving with a huge audio amplifying system and recording private conversations just because you didnt bother to sound-proof your house. Any audio professional knows it's extremely easy to sound-proof your house, you saying you don't do this in yours? Then don't whine if some one records what you say in your house, you can't claim it's private if you don't use the technical tools available to you to protect it.
Also, please do ignore the fact they didn't just connect to unsecured networks: they capture all data from these networks they could and saved it. Didnt they tell everyone they were just taking photos?
Re: (Score:3, Informative)
Then don't whine if some one records what you say in your house, you can't claim it's private if you don't use the technical tools available to you to protect it.
Soundproofing a house doesn't take 2 minutes and no extra material. If you could soundproof your house by flipping a switch, yeah, you would have some problems with it.
But it isn't even like soundproofing your house, having an unsecured wi-fi connection is akin to standing near an open window with a megaphone having a conversation, something like soundproofing your house is if you use weak encryption or common passwords, things that Google didn't bother to crack (and if I recall correctly, they didn't
Re: (Score:1, Insightful)
They didn't walk in and look around.
The physical equivalent would by you keeping all you stuff out on the lawn and then blaming passers by because they saw your stuff.
You put unencrypted radio transmitters in your house you lose all expectations of privacy. Nobody has to come in and look around when you are shouting it from the windows.
Stop trying to make Google evil over this thing.
It takes less than two minutes to secure your network, and in the absence of you doing that, YES, I am allowed to listen to y
Re:Private? (Score:5, Insightful)
The law does not agree. Few people know about securing WLANs so it's not reasonable to assume every unprotected WLAN was set up with the intent of inviting you in.
Re: (Score:3, Informative)
I find this statement quite funny, as Slashdotters on average have no respect for the law, so stating its legal status holds no merit
What, in a debate about a country investigating a company? You think the investigators follow Slashdot instead of the law?
Regardless, your statement above is demonstrably absurd. The average cellphone user cannot disable GPS tracking, either. The average person cannot do a great many things when it comes to securing their privacy. Someone who uses these legal methods to accumu
Re: (Score:2)
I've recently begun following the Cybercrime blog, and this article [blogspot.com] talks about legal expectations of privacy, and (as I see it) the bar seems set pretty high. As usual with her blog entries, lots of supporting case law sprinkled throughout, so don't expect to coast through or skim these posts (unless you happen to be a lawyer). Sadly, the trend I've seen over my time of reading her stuff is that the courts seem to provide law enforcement with most of the wiggle room based on leg
Re: (Score:3, Funny)
If I go out into the street right now, guess how much traffic I could pick up? I see 7 access points here. In a suburb. From in my house!
So your neighbors are idiots.
I see closer to 20 access points with nothing but my smartphone.
How much traffic could I pick up with a good laptop? Probably Gigabytes per hour.
How much traffic could I decipher?
One house's traffic.
Because that neighbor, like your neighbors, is an idiot.
Re: (Score:2, Informative)
Sure you can. No problem. But if Google had simply collected all the SSIDs of every WAP, that would not take up that 600GB of storage mentioned. So that implies that Google was sniffing a lot more payload data, and I can't think of a single legitimate reason for doing so. Simply saying "oops, it was a mistake, my bad" doesn't work for me.
Re:Private? (Score:4, Insightful)
Also, please do ignore the fact they didn't just connect to unsecured networks: they capture all data from these networks they could and saved it. Didnt they tell everyone they were just taking photos?
They did not connect to the networks.
They did not capture all the data from these networks that they could.
They drove by, captured a few microseconds of beacon data and random unencrypted packets. All they really wanted was the beacon data, to locate the wifi hotspot, but someone got sloppy in the packet filtration.
There was no Connection to these networks. There was no expectation of privacy. Don't try to make more of it than it was.
Wait for Google's appeal, if any. (Score:2, Interesting)
Or are you just making blind assumptions about what you think happened vs what really happened according to the evidence provided by Google to the Australian Government?
In other comments on this activity, it appears that you are wrong and that Google *did* actually connect to private (even if insecure) networks and *did* collect more than beacon data.
If you have evidence that can show that Google did not collect personal data, b
Re: (Score:3, Insightful)
Google has publicly stated that they did not connect. Its in their blog post months ago. Its the same thing they told governments around the world.
Are you now claiming access to some other admission? If so lets see it. If not, just admit you made it up and we can be friends.
They drove by at about 25 MPH. You really can't connect to a router that fast when the average router has a range of about a hundred feet thru walls.
Re: (Score:2)
From Germany Asks Google to Surrender Private Data
The German demand underscored the seriousness of the quandary Google now faced after its admission last Friday that it had stored the snippets of [b]Web sites and personal e-mail messages from people around the [i]world[/i
Re: (Score:2)
Article: http://www.nytimes.com/2010/05/19/technology/19google.html?_r=1 [nytimes.com]
Re: (Score:2)
I would trust google with my private data a lot more than I would trust the German government...
Re: (Score:1)
That would be a somewhat fit analogy if it wasn't for almost every operating system and wifi device warning you when you setup or connect to an open connection that all your communications can be listened to and it wasn't a secure setup.
You see, if someone or something warned me that my conversations with you could be listened to by anyone with a big microphone, or perhaps a web browser with the capabilities of viewing this post/response, then I would in no way expect that communications to be private. and
Re: (Score:2, Informative)
Except in this case, it was apparently in violation of the law.
Re: (Score:2)
This is not at all clear.
The opinion of a political appointee to public commission, does not a criminal make.
She stated: "Australians should reasonably expect that private communications remain private".
Totally neglecting the fact that the communications were NOT private because they were using unsecured wifi.
Re: (Score:2)
To me, this whole situational is analogous to claiming a breach of privacy over them collecting pictures which visibly show the numbers of houses.
They collected the data, but they didn't put it out in the world, did they?
Re:Mind Block (Score:4, Insightful)
In your black-and-white world, I'm sure that things work that way.
In your world, you shouldn't complain about people taking pictures through your windows. You willingly radiate electromagnetic radiation - in the form of photons - so anything that can be seen through your windows is not private at all. Should have closed your curtains.
In your world, you shouldn't complain about people using parabolic microphones to listen to your conversations with another person in your household. You willingly make the surfaces vibrate, so anything that an outsider manages to pick up is not private at all. Should have use 2-foot thick reinforced concrete and lined the inside with sound absorbing padding.
In your world, you shouldn't complain if somebody goes through your trash and digs up everything from bills to medicine prescriptions. You willingly discarded it so callously, so it is not private at all. You should have incinerated it.
In your world, you shouldn't complain if private security companies band together and employ facial recognition among other to track your movements wherever their services have coverage, selling this data to yet other companies. After all, you willingly set foot outside. You should have gotten a teleworking job and gotten your groceries home-delivered.
Fortunately, in the real world, things aren't so black and white. Things are many shades of gray and probably all the colors of the rainbow, too. In the real world, we do define some rules, laws, that curtail these sorts of activities one way or another - generally in the interest of people's privacy.. even where in your world there would be none.
It is in that real world that Australia has seen fit to set privacy laws (Privacy Act) under which Google's activities are a no-no.
Whether or not those people should have known better, and should have secured their WiFi, or whether the people whose data has been collected even care that it occurred.. is a moot issue for the conclusion reached by the Australian privacy commissioner.
Re: (Score:2, Interesting)
Bravo.
The single problem with google's invasion is that they go beyond *my product spec* and extend the 50meter range of your wireless to worldwide distances, even if it's just a few useful bits. All without permission. People get sued for ignoring re-broadcasting "laws" here in the states.
Re: (Score:3, Informative)
In your black-and-white world, I'm sure that things work that way.
In some cases, they do.
In your world, you shouldn't complain if somebody goes through your trash and digs up everything from bills to medicine prescriptions. You willingly discarded it so callously, so it is not private at all. You should have incinerated it.
Once it hits the curb for trash collection, it's fair game. Tons of legal precedents have been set for this. If I want to dispose of my accounting ledgers for my meth operation, I damn
Re:Mind Block (Score:5, Insightful)
It's about reasonable expectation of privacy, not what's technically possible. Did you know that in many parts of the world people leave their door unlocked yet still expect people to not walk in uninvited? While many Americans seem to have a very free for all wild west attitude to these sort of issues many other parts of the civilized world expect others to behave civilly.
Re: (Score:2)
Walking into someone's place - even if the door is unlocked - when you have no right to be there is unlawful entry. So in civilized countries, it's still safe to leave your front door unlocked while you go out for an hour to shop or walk the dogs or visit a neighbor. It seems
Re: (Score:2)
It's about reasonable expectation of privacy
Yes exactly, but many people, including you, seem to intrepret this incorrectly by substituting "ignorant of basic facts" for "reasonable". That is not what it is about. The "reasonable" is a test of the judgement of an ordinary person after they are informed of the facts, not a test of what facts an ordinary person knows.
So would an ordinary person, after having learned all about how Wifi works - how an open Wifi access point allows anybody to see traffic and broadcasts it up to a hundred feet outside
Re: (Score:2)
The difficulty of the act is immaterial. It's easy to walk through an unlocked door, yet we still expect you not to do that. It's easy to photograph someone on their lawn while they're having sex, yet we expect you not to do that either. It's just common decency(which in some countries are enshrined in law).
Re: (Score:2)
Would a reasonable person with an understanding of wireless technology think that 3rd party companies should be allowed to ...
Well, it is not really about what reasonable people think *should* be the law. The only reason reasonable people come into this is to use their judgement: is it a reasonable expectation that a conversation will be private in a given situation?
In this particular situation there might as well be giant blinking illuminated signs telling the person that their conversation is not private - everything from the install manual of the access point to Windows is telling them that it is not private. They can thin
Re: (Score:1)
I cannot understand the technogeek arrogance (and cultural ignorance) of "well you were using technology you don't understand so suck it and reap the consequences of your techno noobity."
I'm in IT and I find that attitude worse than banal, and insulting to my profession which, in the end, is about *people* not computers. Otherwise what kind of society are we inventing all this crap for?
By the same logic, people "intentionally" install viruses, so by definition viruses are ok and users have no cause for comp
Re: (Score:3, Insightful)
If I'm outside with a megaphone screaming a conversation from a driveway, can you really say that the conversation was private? Yet that is essentially what having an unencrypted wi-fi syst
Re: (Score:3, Insightful)
Well it all depends on what senses you are using.
for example Google could get some x-ray/heat vision gizmo that allowed then to track peoples actions in their homes or a sound amplifier to listen into someones home.
While wireless receivers are a lot easier to buy, that does not mean they are fundamentally different.
Not that I did not share your opinion as a gut instinct.
Re: (Score:2, Insightful)
I really don't understand the issue: If you willingly radiate an unsecured Wi-Fi signal (or any type of signal), how can you claim a breach of "privacy"? *NOTHING* was "private"!
I can't believe the number of times this inane justification is being used!
If you use your computer on a wired LAN, anyone in the same collision domain can intercept everything you're sending and use a packet analyzer to reconstruct your traffic. Is it a privacy violation for them to do so -- yes! They need your express approval to do so.
Even if you use your laptop on public encrypted WiFi, anyone connected to the same WiFi hotspot can intercept everything you're sending and use a packet analyzer to rec
Re: (Score:2)
Re: (Score:2)
If you use your computer on a wired LAN, anyone in the same collision domain can intercept everything you're sending and use a packet analyzer to reconstruct your traffic. Is it a privacy violation for them to do so -- yes! They need your express approval to do so.
That, in part, is why everyone moved from hubs to switches ages ago. That's also why everyone has nice full duplex ethernet connections these days - switches.
Regardless, none of this has anything to do with anything - including your semi-invalid WIFI example. Next you'll be yelling that everyone is violating TV and radio station's right to privacy when they turn on their radio or TV.
So long as you are transmitting an RF signal in the clear (unencrypted) for all to receive, a reasonable right to privacy shou
Re: (Score:2)
Already modded on this topic, but I feel an odd compulsion to reply; ...I'd suggest a majority wanted a household network and had a clear expectation of privacy, even if they did not possess the technical skills to recognise or implement the solution.
They lacked the technical skill to RTFM? Actually most routers install disks prompt you to set up security these days, so they lack the technical skill to type in a password? You confuse "lack of technical skill" with "willful ignorance". People in the latte
Think differently. (Score:1)
If I connect my laptop to your Wifi network because I know your network password (lets say I guess it), is that connection authorised without you saying I can do it?
If I create a "guest" login on a web server that has no password and someone logs into it without my authorisiation, is that against the law or not?
If that "guest" login also has "guest" as a password
Re: (Score:1)
Gotta love our stupid laws (Score:2)
Sir you have been found guilty of breaching the privacy of our citizens by listening to what they freely broadcast anyway. You are hereby ordered to pay the sum of a 250 word letter saying sorry. Atta boy there. [ruffles hair]
Re: (Score:1)
To be fair, that sounds like pretty much what should be done in this case. Apologize and work better in the future so this sort of thing doesn't happen.
Re: (Score:2)
Isn't that what they did before the lawsuits? Hell, I doubt anyone would have known if they just wiped the files and forgot about it.
Re: (Score:1)
Re: (Score:2, Interesting)
Re: (Score:2)
But that's not the case. They were snooping as they were driving past, they may have recorded 600GB, but that's 600GB total from their entire world wide street view effort.
Walking down the street and recording a single sentence of someone's loud conversatio
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Google hasn't been "found guilty" of anything.
A political appointee to a nothing commission made a pronouncement. Posturing. Grandstanding.
She would never be so stupid as to bring formal charges in a court of law, because she would go down in smoking ruin.
Australia finds it perfectly ok for their government to filter their entire network, but let some passing car pick up a packet on an unsecured wifi and they have conniptions. Daft.
Re: (Score:2)
Indeed - the fact that she is not taking it to court says that she knows they don't have a case but also that Google knows that the damage from just being contrite about this is far less then trying to defend themselves here. They really don't want this data at all, there is no business win for them in establishing that it is ok to collect it, in fact, the reverse is true. If they did successfully defend this it would just bring on a new bout of privacy legislation that might actually cripple them.
So it
Re: (Score:2)
Excellent analsys.
You pretend to slap my wrists an I'll pretend it hurts ..
Re: (Score:1)
fine free (Score:2)
Is it just Google? I doubt it... (Score:2)
Here's the question:
Who else might be doing what Google has been found to be guilty of doing? You see, it does not require a lot of sophisticated equipment to pull it off.
another question: only 600 GB? (Score:2)
Re: (Score:2)
Re: (Score:2)
Indeed, the only reason your wireless adapter in your device doesn't receive the data is because it _voluntarily_ checks whether it is destined for it or not.
But it DOES receive the data. There is simply a gentleman's agreement to not read another's mail. So it discards it.
Unless Little Joey fires up Airsnort.
Re: (Score:2)
Here's the question:
Who else might be doing what Google has been found to be guilty of doing? You see, it does not require a lot of sophisticated equipment to pull it off.
Who?
Why the Australian Government, that's who.
Let me get this straight.. (Score:4, Informative)
The Australian Labor party have time and time again broken their promises [abc.net.au], Barging ahead with Policies [libertus.net] that their citizens do no want [ninemsn.com.au] and completely fucking up things they tried to achieve [dennisjensen.com.au]
The only reason Google are in hot water is because they stood up [guardian.co.uk] to Senator Conroy and he got upset [canberratimes.com.au] about it.
I for one will be making my vote count this year and I urge all fellow Australian slashdotters to do the same.
Re: (Score:1)
Re: (Score:3, Insightful)
Re: (Score:2)
Why is it that people keep thinking that this is something between Google and some Government? This about your privacy. That means BOTH can be wrong.
Because this is something between the government and Google, although that's not the point I was making. The government were actively directing the ISPs in the trial to intercept peoples data. Google inadvertently captured a few packets of data that was actively being _broadcast_ in an unencrypted format. The only reason that my laptop isn't currently capturing my neighbors unencrypted wireless packets is that by default wireless cards are set to ignore everything that isn't addressed to them.
The point
Awesome use of taxpayer's money (Score:1)
Google did NOTHING wrong... *sigh* (Score:1, Redundant)
As I've said many times in the past, Google has done absolutely nothing wrong. People are 100% free to collect any and ALL insecure, unencrypted wireless data that I send out any time. That's just the way it is. All of this makes me SO mad...governments going after Google for nothing! It's absurd. They want to do this just so that people can continue living in ignorance of how exposed they are? It's pathetic...and as others have pointed out, a huge waste of taxpayer money. Google has nothing to apolo
Re: (Score:2)
Yes they did. What they did wrong was not delete the data before they announced they intercepted it.
Re: (Score:2)
What they did wrong was not delete the data before they announced they intercepted it.
Exactly so.
They are incurring the wrath because the did the RIGHT THING, by admitting their mistake.
No one else will ever do that again. They will just purge it.
Fess up if anybody asks, and say they destroyed it as soon as they realized their error. Case closed.
No good deed goes unpunished.
Australian Privacy Act is a wet lettuce leaf (Score:2)
> The Australian Privacy Commissioner has found Google guilty of breaching the country's Privacy Act when it collected unsecured WiFi payload data with its Street View vehicles.
The Australian Privacy Act is weak and ineffectual. I looked into it and discovered if you make a complaint against an organisation, the worst the commissioner can do is make a non-binding determination which has no legal or financial penalties against the violator. And they can keep doing what they're doing. You have no recourse.
Don't fall for it Google! (Score:1)
Um, anyone remember the last time [wikipedia.org] Australia asked for an Apology?
Beach (Score:1)
I thought it was "Privacy Beach" and street view cars collected photos of hot topless women.
Damn.
But what part of the Act did they actually break? (Score:1)