Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Google Privacy

Germany Fines Google Over Street View - But Says €145k Is Too Small 106

judgecorp writes "Germany's privacy regulator has fined Google €145,000 over its Street View cars' harvesting of private data — but the official has complained that the size of the fine is too small, because of limits to the fines regulators can impose. German data protection commissioner Johannes Caspar said the fine was too low, for 'one of the largest known data breachers ever,' saying, 'as long as privacy violations can be punished only at discount prices, enforcement of data protection law in the digital world with its high abuse potential is hardly possible.' In 2010 it emerged that Google's Street View cars captured personal data from Wi-Fi networks as well as taking pictures — since then regulators have imposed a series of fines — the largest being $7 million reportedly paid to settle a U.S. government probe."
This discussion has been archived. No new comments can be posted.

Germany Fines Google Over Street View - But Says €145k Is Too Small

Comments Filter:
  • Why? (Score:5, Insightful)

    by Frosty Piss ( 770223 ) * on Monday April 22, 2013 @10:08AM (#43515585)

    How is it a "data breach" â" or at least how is such a "breach" Google's issue when it's on the user's side? How can it be illegal to acquire signals "floating freely" through the air? Did Google "crack" anythingâ? Use any "back doors"? I'm sure we'll see a lot of "unlocked door" analogies and perhaps a "car analogy" or two, but this is a "left a Euro on the sidewalk" type deal here...

    I know, Google is the new boogieman after Apple and Microsoft...

    • Re: (Score:2, Insightful)

      by imbusy ( 1002705 )
      Using the same logic your mobile phone call data can be acquired freely to listen to your calls just because it's floating through the air. Why would that be a breach of privacy?
      • by Anonymous Coward

        That is the reality on AMPS and GSM.

      • Re:Why? (Score:5, Informative)

        by Anonymous Coward on Monday April 22, 2013 @10:26AM (#43515741)

        Mobile phone calls are encrypted. Maybe not very well, but a lock is a lock even if the door is made of cardboard. So that's different.

      • by Anonymous Coward

        Using the same logic your mobile phone call data can be acquired freely to listen to your calls just because it's floating through the air. Why would that be a breach of privacy?

        Your mobile phone call data is encrypted, so no it can't...

      • Re:Why? (Score:5, Insightful)

        by 5KVGhost ( 208137 ) on Monday April 22, 2013 @12:18PM (#43516851)

        Using your same logic, your conversation with your friend across the room can be heard by any random person passing nearby, just because it's floating through the air. Why would that be a breach of privacy?

        It would not be. And neither is intercepting unencrypted wifi traffic. Because you've deliberately chosen a means of communication which you know can be easily overheard.

        This case is just an example of self-serving bureaucratic pandering. It makes just as much sense as the government demanding that everyone wear earplugs in public lest we overhear "private" information being shouted from the rooftops.

        • And neither is intercepting unencrypted wifi traffic.

          But storing it is. And this is what this is fucking about. Well, that and lying about it. And then lying about deleting the data.

          • I could easily write down what you're saying while you're talking to someone.
            • I could easily write down what you're saying while you're talking to someone.

              And while you are doing it, I could kill you. So that would make it okay, right? Good we settled it then.

    • I think Apple and Microsoft are the new boogiemen after Microsoft and Apple and I do mean in that exact order, lol. Anyway, did you notice how it's funny that if I drove my car around and recorded a couple packets of unencrypted wifi data and got a 140,000 euro fine, people would be outraged. Since it's a billion dollar company, now all of a sudden the fine should go up. And yet, it's the same "crime." That's right up there with fines being higher for blacks because they're black.
      • by Holi ( 250190 )

        If you did it with multiple cars in multiple locations I think a lot of people would say WTF why are you getting a fine and not going to jail.

        • So should these guys go to jail? They mapped out half the access points in the city.

          Warflying

          Warflying or warstorming is an activity consisting of using an airplane and a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect Wi-Fi wireless networks. Warstorming shares similarities to Wardriving and Warwalking in all aspects except for the method of transport.
          It originated in Western Australia with the WaFreeNet (WAFN) group taking up a Grumman Tiger four-seater near Perth City in 2002, as documented on the weblog of Jason Jordan

          Most warflying is harmless, as most of the people will just scan for the networks, either as an experiment, or just for the pure amusement, or to map out the wireless networks in the area.[citation needed] Due to the nature of flying, it is much more difficult to attempt to access open networks while warflying.

          http://en.wikipedia.org/wiki/Warflying [wikipedia.org]

          • So should these guys go to jail? They mapped out half the access points in the city.

            Warflying

            Warflying or warstorming is an activity consisting of using an airplane and a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect Wi-Fi wireless networks. Warstorming shares similarities to Wardriving and Warwalking in all aspects except for the method of transport.
            It originated in Western Australia with the WaFreeNet (WAFN) group taking up a Grumman Tiger four-seater near Perth City in 2002, as documented on the weblog of Jason Jordan

            Most warflying is harmless, as most of the people will just scan for the networks, either as an experiment, or just for the pure amusement, or to map out the wireless networks in the area.[citation needed] Due to the nature of flying, it is much more difficult to attempt to access open networks while warflying.

            http://en.wikipedia.org/wiki/Warflying [wikipedia.org]

            Note that they didn't store any WiFi data unrelated to SSIDs and MACs. Nor did anybody else to our knowledge. Google did. And they kept it over years. And they kept it long after they promised to delete it.

      • Depends on what you believe the purpose of the law is. If it's to provide restitution to the victims then a low value fine for a low amount harm is appropriate. If it's to discourage people from breaking the law, then it's perfectly reasonable to have the fine adapt to the wealth of the perpetrator. (See this [bbc.co.uk] for a real life example.)

    • but this is a "left a Euro on the sidewalk" type deal here...

      It is not even that, since someone would have to lose a Euro for someone else to find it, and nobody "lost" anything. This is more like someone walking down the street and recording your house number. This is a classic case of manufactured outrage. [urbandictionary.com]

  • If fines are intended as compensation, then fixed-size fines make sense. But if they're intended as a deterrent, they end up being completely ineffective for people or companies with a lot of money. A $10k fine might deter a small business, and a $100k fine will truly scare them, but for a Google-sized company those numbers are all noise, lost somewhere in the sushi budget.

    If you really want to have effective deterrence, fines based on a percentage of annual income would be more effective. Some countries already do this with traffic tickets, to ensure that rich people have to care about getting a speeding ticket, rather than just laughing at the (to them) paltry amount.

    • If you really want to have effective deterrence, fines based on a percentage of annual income would be more effective. Some countries already do this with traffic tickets, to ensure that rich people have to care about getting a speeding ticket, rather than just laughing at the (to them) paltry amount.

      If by some countries, you include the United States, then yes. Sure, silly infractions like 5-10 mph over the speed limit are fixed, but once you get higher, that's not always true. Take it from someone who got a fine, based on what I make, for speeding, in the United States.

    • by Qwavel ( 733416 )

      I agree with your general point, but the fine should also take into account that there is no evidence or indication that this was done on purpose, that they did anything with the data, or that they ever intended to do anything with the data.

      So now they have been fined, sued (class action lawsuits), and pilloried in pretty much every jurisdiction of the world for this.

      Do you really think that is not sufficient deterrent, and why do you even need deterrent there isn't really much of an upside?

      • According to German news sources, this IS the fine for accidental collection of personal data.

      • I agree with your general point, but the fine should also take into account that there is no evidence or indication that this was done on purpose, that they did anything with the data, or that they ever intended to do anything with the data.

        Yeah, nothing but the fact that a company that makes its money with collecting and storing all sorts of data did exactly that while all the other entities also linking WiFi networks to locations failed to collect and store personal data on those networks.

        But that aside - after Google promised they would delete the "accidentally" collected and stored data they -errm, say- managed to forget to actually do it [slashdot.org]. Got any explanation for that?

    • Re: (Score:3, Interesting)

      by gnasher719 ( 869701 )

      If you really want to have effective deterrence, fines based on a percentage of annual income would be more effective. Some countries already do this with traffic tickets, to ensure that rich people have to care about getting a speeding ticket, rather than just laughing at the (to them) paltry amount.

      These are different situations. Someone who makes 100 times more money than I will be driving about as much as I do and should get statistically the same number of parking tickets that I do. To make us both avoid parking tickets, we should get different fines.

      But a company with 100 times more employees than another will statistically do things that are wrong 100 times more often than the smaller company. so for small offenses (like one employee cheating a customer) they shouldn't be fined more. It will h

  • Fines (Score:5, Insightful)

    by fredprado ( 2569351 ) on Monday April 22, 2013 @10:09AM (#43515603)
    That is a generic problem with fines and big corporations, not only something related with privacy issues. As long as fines are applied at absolute values corporations will only laugh at them and keep doing what they want. Fines should be applied at amounts proportionally to a company's value.
    • That is a generic problem with fines and big corporations, not only something related with privacy issues. As long as fines are applied at absolute values corporations will only laugh at them and keep doing what they want. Fines should be applied at amounts proportionally to a company's value.

      If one rogue employee does something wrong and the company is find 145,000 Euros, they won't be laughing. They'll fire him so he won't do it again. I think the problem here is not that they think Google should be fined more because the company is big, but Google should be fined more because they spied on an awful lot of people. Let's say a small company loses personal information of all their 1,000 customers. And eBay loses personal information of 0.01% of their customers, which happens to be also exactly 1

  • by StoneyMahoney ( 1488261 ) on Monday April 22, 2013 @10:09AM (#43515607)

    Every article I see about this always wails about Google's capture of personal data from wifi networks. Are they cracking the encryption? No? So why is it their fault if people are sending their data over unencrypted links? If people don't want their data read by strangers, they shouldn't be broadcasting it into the street in the clear! I wish someone would force Google to delete all the data they took. Instantly Google Street View would cease to function, as would the Wifi triangulation location system that so many people probably don't realise they use. I bet there would be a far bigger outcry over that than the original "privacy" issues ever raised.

    I'm not sure I entirely sympathise with the photo privacy issue either. They haven't put online anything I couldn't have seen myself by standing on top of a car. Or a wheelie bin. Or a bench. Or a phone box. Or a post box. We seem to have very strange ideas of what "privacy" really entails.

    • by Trepidity ( 597 ) <[delirium-slashdot] [at] [hackish.org]> on Monday April 22, 2013 @10:15AM (#43515653)

      Europe has privacy laws that regulate what kinds of databases of user data you can compile. It's not an issue of cracking encryption, but that you simply cannot collect certain kinds of information, and the information you do collect has to be used in certain ways. The goal is to keep companies like Google or Facebook from doing what amounts to surveillance of the population.

      • The goal is to keep companies like Google or Facebook from doing what amounts to surveillance of the population.

        Sounds like a good idea. Can we bring that over here, and maybe make it apply to governments as well?

      • by LordLimecat ( 1103839 ) on Monday April 22, 2013 @11:34AM (#43516437)

        The problem is that, IIRC, Google was essentially driving around with a wifi adapter set to "sniff" in order to gather SSID beacons, to compile a geolocation-by-SSID database. In the process, they also grabbed a bunch of unencrypted data.

        Its essentially as if they had driven around New York with an off-the-shelf recorder grabbing "sounds of the city" for some research project, and managed to pick up a bunch of people discussing their social security number on their cellphones. Technically youre not supposed to do that, but the problem is that people were discussing sensitive details in public.

        Google definately should have taken better precautions, but this isnt them being bad guys (what on earth do they want with random people's network captures? Problems of of "too much noise", "not useful", and "its illegal, to boot" apply here); its an issue of simply not thinking things through. I cant imagine what motivation people are assuming Google might have had when they assume this was an intentional action of an evil corporation; do you suppose Google has infrastructure set up to analyze and use illicit network dumps to somehow generate ad revenue?

        • by Bigby ( 659157 )

          Ironically, private companies like Google aren't allowed to listen, but the government can listen all they want without a warrant. Quite the opposite of what the Constitution states...

      • "The goal is to keep companies like Google or Facebook from doing what amounts to surveillance of the population."

        European governments prefer to do that sort of thing themselves. They get so jealous.

        But in all seriousness, it's a pretty stupid law if the intent is to prevent gathering information. The allegedly private information that those people broadcast to the entire neighborhood via unencrypted wifi is still being broadcast and presumably is still unencrypted. Sure, the courageous privacy police may h

        • by Trepidity ( 597 )

          Banning widespread surveillance doesn't require banning every instance of someone looking out their window. There is a qualitative difference between looking out your window, and (to take the opposite extreme, not yet reached) flying 10,000 drones around the city constantly recording video.

          Also: permitting corporate surveillance implies government surveillance, because the government can just buy data from companies. If you want to protect any semblance of a non-surveillance state, both governmental and pri

    • This is a really interesting and good point. I wonder if Google could get much of the same desired result by offering a bounty on images/video/wifi to people with Google+ and Android phones. They could offer the legal protection of Google's legal team to each person who captures a legitimate data area. If this kind of event came up, Google's legal team could handle it in stride and there'd be no profit to be had by attacking the big bad Google.

      Who'd be foolish to do that you might ask? Millions and millions

    • You aren't trying to capture a street view of every residence on the planet and publish it on a web site where every anti social human can study it for reasons to firebomb your home.

      As far as the wardriving it really is a just stupid thing to do. In the US that sort of activity is probably a felony. Not sure why some enterprising DA (Carmen are you listening?) hasn't filed charges.

      • Anyone who is dedicated enough to want to firebomb a house is also dedicated to drive by it themselves.

        It's not like there is anyone out there going, "Gosh I want to firebomb Steve but I don't have a picture of his front yard, and I can't be bothered to drive by his place myself."

  • In the time it took me to type this message, Google earned $1.54 million.

    How much do you fine them before it's a rounding error that they fail to notice?

  • The data that was collected consisted of only the beginnings of packets, by an antenna that randomly switched between many different frequencies.

    If Google was really trying to collect personal data, why didn't they collect entire packets on all the frequencies? They certainly have the resources to do it right.

  • Short of criminal penalties (even a couple days in jail), paying any amount less than the profits is just a cost of doing business.

    The fines should be "profits from the illegal activity" plus a reasonable punitive fine on top.

  • It's not like they are hacking into networks--these are *unsecured* wi-fis.

  • Regulators (and judges) should not complain or make comments about the law, as much as law makers should not comment on how it is applied. If the limit was set (purportedly) low by the law maker, the regulator has to apply it and shut up. If they want to make laws get elected first.

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...