"Google: Oops, we've STILL got Street View's slurped Wi-Fi data"
"Google: Oops, we've STILL got Street View's slurped Wi-Fi data"
Surprise, surprise, surprise...
Google has apologised after discovering it still has some payload data slurped from unsecured Wi-Fi networks via its controversial Street View spycars. It had earlier vowed to delete this sensitive information after worldwide outcry against the wireless packet hoarding. However, the ad giant's global privacy counsel Peter …
"It's an American compny"
Weeell, this is very true, but it is also an American company operating on (choose your location) terra firma belonging to another international legal actor, and thus legal system. In this country Google must obey our laws, or suffer an appopriate fate. Just like Islamic extremists, freetards, Kim Dotcom (bloody fool), Julian Assange, and so on. :-)
Personally I don't trust Google at all, and use them only where there is no alternative that I can find.
Really this lame Google bashing needs to stop. I can understand how someone with tinfoil hats might get creeped out by Streetview, in the same way they might get creeped out by Microsoft's identical service they are running (that never gets reported).
To the rational people however, the ramifications of the "Google Streetview Slurp" are much less however. Someone would have had to:
1/ Had their wifi setup without Wifi encryption.
2/ Been using it at the exact moment Google drove by.
3/ Been transferring something sensitive over a non-SSL link.
It's just sad that El-Reg (and the rest of the media) make it out to be so much more serious than it actually is.
"Someone would have had to:
1/ Had their wifi setup without Wifi encryption.
2/ Been using it at the exact moment Google drove by.
3/ Been transferring something sensitive over a non-SSL link."
All well and good. However, excusing theft/misappropriation because a shop or house is temporarily unattended does not count in law, and that is where the rubber hits the road. That said, there is something to be said for a modem licence, or perhaps a mandatory security set up fee for those whose IT/net competence extends to the acronym 'LOL'.
So how is what google did any different to what Gary Mckinnon did? Why aren't extradition orders out for google execs? If anything google are more culpable because they did it on an industrial scale whereas Mckinnon just had a home PC running telnet. We live in a country where multinationals get away with murder (literally) and the ordinary guy is sh@t on from a great height.
Very strange that they would "find" this data knowing full well the ICO was regretting having told Google to delete it.
How hard would it be to fabricate new data that looks completely innocuous?
It doesn't matter if it looks innocous, if it shows that data has been collected when it shouldn't have it.
And the ICO could ask another jurisidiction investigating the wifi slurp if they cold compare the sort of collected info.
Unfortunately google are damned by being open and honest here. Though they still have the "single newspaper reporter programmer" defence in place I believe.
So let's see. Your assignment: Design a car that can drive around and take pictures of the road and record via video or still frame photos and log GPS data so you pin-point the location later for google maps.
The car comes back with Wi-Fi data and no telling what else. Who put that hardware/software in the car????????? Somebody had to pay for it and approved the budget to put in hundreds of vehicles.
In other words, someone hires you to just take photos of a wedding, that's it. But instead you take a computer and audio equipment and record what everybody at the wedding says, you record everybodies phone conversations, you record everybodies logging to the local wifi, you log the churches wifi data, you check the electric meter and water meter for power and water usage while you are there, you use photo face recongnition software to identify everybody at the party, you photograph everybodies license plate and log it to everybodies vehicle that shows up. You can'T make toast unless you have a toaster. YOU CAN'T RECORD WIFI DATA WITHOUT THE NECESSARY EQUIPMENT TO DO SO, AND THAT EQUIPMENT WAS IN THE CAR AND HAD TO BE PUT THERE BY GOOGLE.
If Google was found guilty, why didn't one of these government organizations use more than two brain cells and think about the car being used and confiscate it and go through it with a fine tooth comb and find out what else it was designed to collected.
The wifi monitoring was intentional to record the location, signal strength, SSID and MAC address of any wifi access points it could see, this was to build the database that android phones use to get a rough location fix without the use of GPS, the phone simply listens to see what access points are in the area, sends this to google who then query the database and return the likely location of the device.
Basically just the same as skyhook does for the iphone i think, but google just decided to make their own database instead of paying skyhook.
the need for this is less now as i *think* android phones themselves report back similarly when they have a good gps fix and wifi on so ensuring the wifi triangulation database stays up to date but it needed to be created in the firstplace before there were alot of android handsets about.
I can understand how with deadlines to meet it would seem a trivial task to just fire up airsnort on a laptop dump the data to a drive and then grep the log for SSID broadcasts and correlate the timestamps with your GPS log, and if you didnt think carefully about it this would work but grab other stuff too.
Id put this down to rushing to get a job done rather than some evil Machiavellian plot.
I don't think you understand the situation...
First the Google cars, like the Navteq cars, drive around snapping a frame once every 6 seconds or so. They also have LIDAR sitting up scanning the streets too. (Very interesting images from Lidar...)
The reason why companies map out SSIDs of wi-fi is that their locations don't change and it helps w A-GPS (Assisted GPS) Since cites and other heavily densely populated areas are like Canyons where you can't get a good fix off a large number of satellites.
But snarfing SSIDs isn't what Google did. They intentionally snarfed traffic. Big difference here.
Stupidity continues indeed.
Clearly you have no idea what you are talking about...
The Wifi is used in the same way Apple and Microsoft's mapping companies do, to record hotspot signals and stregths and triangulate. So you don't NEED battery sucking GPS to work out where you are.
EPIC-FAIL.
ICO damp, moist, slightly tepid air...
They have no teeth at all. The chocolate factory must be laughing at them like 9 year olds having a "trumping" contest.....
Until the ICO manage to grow a herculean set of clock weights, this is how it will continue...
Our privacy will be breached, nothing will be done....
If they really wanted to delete it, telling the government was the last thing they should have done. Clearly it would only cause more delays. Having it spread around to more people is also the last thing anybody who's data got slurped would want. They should have deleted the instant they discovered it. And that goes for the initial batch of slurped data too.
.. that Google basically simply IGNORE the laws and consider convictions just the cost of doing business?
You cannot do this accidentally - it's not just inserting code in the vehicle platform, you also have to prep a backend back home to store that data. Even the most primitive code shop would have some sort of change control in place to keep an eye on code and functionality (and if they don't I suggest you stay far away from any product but search)..
If the ICO doesn't fine the screaming crap out of them it ought to pack up - it is not capable of implementing EU privacy directives with such weak powers, and may actually put the UK in breach of EU law (IANAL, though).
"The ICO immediately responded to the confession by demanding that the company hand over the data for inspection."
IMO this is a classic example as to why the well known "defense" of "I got nothing to hide anyway" is simply an utter fail. It doesn't matter if you have something to hide or not or what kind of data it is all about, the real issue is how the collecting party is going to (ab)use it.
I'm pretty sure a lot of people didn't really mind the stuff Google did. Yet all of a sudden these people aren't so happy anymore now that the government gets involved. Whatever happened to "I got nothing to hide anyway", eh ?
THAT is why a lot of "tin-foil head wearing people" such as myself can get pretty upset over data slurping events such as this one right from the getgo, and not only when an unpopular party gets involved.
... because an 80p Google Play app I wanted to buy revealed that my credit card had expired, so I updated it, and that triggered the request. But as they probably have access to my wi-fi network, they can easily find a scans of them on my PC, no?
How Google 'ask' for your 'details'....
http://furbian.blogspot.com/2012/06/my-google-walletplaycheckoutwhatever.html