A further course title
For this shower of deceitful b*stards - self-loathing!
Google knew its Street View cars were slurping personal data from private Wi-Fi routers for three years before the story broke in April 2010. When the revelations were made, Google said its map service's cars were merely collecting SSIDs and MAC addresses. The following month, it said network data had been captured, but this …
Not from Google - although they should - but from the two Google fanbois that downvoted this.
That defense works once.
But no one really believes it.
We've heard excuses like this before, and we never bought it.
The sad fact though is that the FCC didn't think they break wire tap laws.
Even if the owner/end user of the wi-fi network doesn't have any encryption turned on, there is an expectation of privacy on the network.
We've seen cases like this plus laws were further enhanced to make war-driving a criminal offense.
There is no way that a 'single engineer' had the authority to put this package in to production for 2 years on such a highly visible project. Streetview has been facing public scrutiny and privacy issues around the globe especially with their cameras and lidar units so high above the car.
Navteq's cars, even with Lidar don't have their masts that high.
How can you possibly claim to have an expectation of privacy on a network that you explicitly chose to run without encryption? You're broadcasting in the clear in a public space.
You may have perfectly legitimate reasons for not using encryption, but you don't have any grounds for complaint if your broadcasts are "overheard".
"Overhearing" implies a passive action - you just happened to be passing by and you "overheard" a conversation. This is true of human hearing. It's unavoidable unless you stick your fingers in your ears.
But in this case, "overhearing" is an active process akin to eavesdropping - you're using a piece of equipment and actively searching out signals. The idea that it's accidental is about as valid as the idea that if you leave your doors unlocked, anyone who walks into your home has done so because you "invited" them to by not locking your doors.
Too often now we hear the same mantra: no-one should expect privacy. It seems we also shouldn't expect integrity, honesty and accountability.
@AC,
You had a 900 MHz phone that had an analog connection between the handset and base station.
There was no encryption.
Yet there was an expectation of privacy and it was deemed illegal to listen in and record conversations.
The fact that the average individual, not as technically as versed as your average commentard, doesn't know how to set up their wi-fi router and how to set up passwords. The cable company or phone company that sets up these people's wireless usually doesn't put encryption on. Those freetard that hang out at Starbucks for free wi-fi don't encrypt their connections. Yet War Driving is illegal. That is, the active act of knowingly snooping on unencrypted traffic is illegal, post TJ Maxx days which is when Google did their global sniff.
Of course that's US law. German law, much stricter.
Google got off? You can thank their lobbyists.
They broke the law, even if you don't understand it, the damage was done.
The sad thing is that Apple and Microsoft are not exceptions. Every multi-billion dollar corporation I've worked for in the last 16 years has posted so-called mission statements or principles of practice prominently in the workplace, and deliberately and calculatedly violated every single one of them every single day.
An example: "We do not expect you to work more than eight hours in one day". One of my former colleagues went on vacation to Mexico with his family. His supervisor insisted that he take a laptop with him, specifically configured by IT to have a VPN, and every day of his holiday he was expected to phone in and do at least two hours of work. This was not an isolated incident. It happened in all departments at all levels and was considered "normal", despite the public profession to the contrary.
Note that the The Register called him a "rogue engineer" - the phrase didn't come from Google, so it's a bit rich to condemn Google for using the "rogue engineer" excuse. As far as I can tell, Google has not disowned the engineer in question, and hasn't accused him of acting irresponsibly
The repeated misconstruing of Brin's quote is just as bad - he didn't simply say that he wished Google wasn't subject to US law, he said that he wished that Google was subject to a jurisdiction that everyone in the world trusted, because quite clearly the US isn't as trusted as they would like to be, but Google doesn't have much choice in the matter at this point - it is subject to US law.
I'm not a fan of Google, but if the Registers best argument against them involves putting words in their mouth and deliberately misconstruing soundbites, I think it's obvious that "Do No Evil" isn't the Registers slogan.
Re: Al Jones.
No - Google said from the start it was one engineer working alone in a "careless error", see:
http://www.theregister.co.uk/2010/10/22/google_acknowledges_street_views_wifi_data_contained_emails_urls_passwords/
There's a wealth of related links to look through.
C.
As I said, Google has never claimed that the engineer in question was "rogue". The implication of the Registers use of the phrase is that Google was trying to throw the engineer in question under the bus, and wash the company's hands of all responsibility.
As the article you link to shows, Google's position, since the beginning when it voluntarily announced that it had been doing this, was that, even though Google didn't think it had broken any laws, it was wrong to to record the unencrypted wifi data, and that while the code was the work of a single engineer, the real failure was that the code review process didn't recognize the significance of this.
The phrase "rogue engineer" means more than someone working on their own. It implies an intent to do wrong. Orlowski is quite deliberately using it to imply that Google has tried to place all the blame on the engineer, when that obviously isn't the case.
(As someone who has worked as a developer and with developers, I know full well that we don't always understand the full implications of our brainwaves, and our managers didn't always spot the pitfalls in what we were proposing to do either. It happens, and doesn't require any roguery!)
Re: Al Jones.
"Rogue" has quite a wide definition; it's not as narrow as you imply although I appreciate that you've taken it in its strongest form. Given that Google said it was "mortified", described the traffic capture as an "error", deleted said data pretty quick, and that the whole thing has drawn widespread criticism, it's not an unreasonable word IMHO.
C.
Whether it is a "rogue", "careless", or "lone" engineer, the excuse has always been as believable as a Bond villain from a Sean Connery flick. In organizations as big as Google, nobody works all alone on a project with no oversight and no lawyers involved. Hell, nobody works all alone in a five person code writing sweatshop let alone a place like Google. So it really doesn't matter which adjective you choose.
By that comparison, everyone who's wireless got snooped would have lost their connection while it was being snooped.
A better comparison would be you leaving pictures or letters out in the yard and someone taking pictures of them without your consent. Now you both have a copy of the text or image but no theft took place.
> So If I accidentally leave something lying around outside my house, you'd be quite happy to nick it because it's in a public place?
No, but if you leave your diary lying around outside and open don’t be surprised if somebody reads it. If you leave your windows open and talk loudly don't be surprised if somebody listens. If you leave your Wifi open and unencrypted don’t be to surprised if somebody captures the data.
"No, but if you leave your diary lying around outside and open don’t be surprised if somebody reads it. If you leave your windows open and talk loudly don't be surprised if somebody listens. If you leave your Wifi open and unencrypted don’t be to surprised if somebody captures the data."
But do be surprised if there is 100's of people being paid to do all of the above outside of of every house for 5 mins and recording it all to put in a big database.
*this* is the "expectation of privacy" that most people expect, even of an unencrypted WiFi signal. Yes, the odd person may come by and possibly pick up a little bit of information, even something you'd rather they didn 't know. But when it's a big corp slupring lots of little bits of infomation from all and sundy across international borders, then the game changes.
As I have said before on this topic, *there is no expectation of privacy on any unencrypted wireless broadcast*. Just think about any publicly usable radio frequencies. Anything you broadcast on any channel can be heard by anyone else that can receive that channel. Scanners exist for exactly that reason. One of the first things that you need to learn when using radio is that anything that is sensitive needs to be encrypted (e.g. a pre-arranged code), because there is no expectation of privacy.
Simply put, Google might have been sneaky, but the responsibility lies with the owners of unencrypted wifi transmitters. They have no legitimate ground for complaint. It is the equivalent of them standing in their front garden shouting out their conversations.
The law of trespass applies. If they enter your land to read the diary, take the item, or listen to your conversation then they are trespassing (unless invited or have reasonable grounds to expect an invitation).
The law of privacy applies. If they open the diary or turn the page then they are breaching your privacy, just as if they move to stand closer to the window so they can hear your conversation.
If they are simply exposed to your conversation in passing, or they see a displayed page from your diary then they're in the clear.
Google didn't stop to listen but just drove past on public highway, which I guess is why they weren't considered to have broken the law in the UK at least.
sniffing a copy of freely available data doesn't deny any access to the owner anymore than looking at the bike in your front garden or taking a photo of your house. neither of which I would call stealing
you might not like it, but the fact is you left it in the equivalent of your front garden for anyone to read, if you don't want it read, make it private.
Sniffing and recording your (unencrypted) WiFi data is akin to someone coming up to the window of your house with a video camera and recording what goes on inside.
No, it's the equivalent of YOU recording what goes on in your house and projecting it on a bloody great screen for all to see. YOU'RE the one transmitting the information.