back to article Google KNEW Street View cars were slurping Wi-Fi

Google knew its Street View cars were slurping personal data from private Wi-Fi routers for three years before the story broke in April 2010. When the revelations were made, Google said its map service's cars were merely collecting SSIDs and MAC addresses. The following month, it said network data had been captured, but this …

COMMENTS

This topic is closed for new posts.
  1. Jediben
    Devil

    A further course title

    For this shower of deceitful b*stards - self-loathing!

    1. ItsNotMe
      Mushroom

      Re: A further course title

      Google are still...and will continue to be...LYING SCUM.

    2. Barry Dingle

      Re: A further course title

      Teach them a lesson, never search for anything again, even car keys. And don't leave the barn door open when you want to protect horseshit.

  2. Anonymous Coward
    FAIL

    Oh dear, apologies forthcoming?

    Not from Google - although they should - but from the two Google fanbois that downvoted this.

    1. Aaron Em

      Re: Oh dear, apologies forthcoming?

      As opposed to the other three who downvoted it because the commenter was whining about the first two who downvoted it?

      1. Anonymous Coward
        Holmes

        Re: Oh dear, apologies forthcoming?

        Don't worry, dear, it's just the usual fanbois expressing their sadness in the only way they know how that the Gods of the Chocolate Factory have let them down yet again. Bless.

  3. Anonymous Coward
    Anonymous Coward

    Single rogue element....

    That idea always had the same level of credibility as the "single voicemail hacker" explanation for the intrusions by the British press.

    1. Anonymous Coward
      Anonymous Coward

      Re: Single rogue element....

      That defense works once.

      But no one really believes it.

      We've heard excuses like this before, and we never bought it.

      The sad fact though is that the FCC didn't think they break wire tap laws.

      Even if the owner/end user of the wi-fi network doesn't have any encryption turned on, there is an expectation of privacy on the network.

      We've seen cases like this plus laws were further enhanced to make war-driving a criminal offense.

      There is no way that a 'single engineer' had the authority to put this package in to production for 2 years on such a highly visible project. Streetview has been facing public scrutiny and privacy issues around the globe especially with their cameras and lidar units so high above the car.

      Navteq's cars, even with Lidar don't have their masts that high.

      1. Anonymous Coward
        Anonymous Coward

        Re: Single rogue element....

        How can you possibly claim to have an expectation of privacy on a network that you explicitly chose to run without encryption? You're broadcasting in the clear in a public space.

        You may have perfectly legitimate reasons for not using encryption, but you don't have any grounds for complaint if your broadcasts are "overheard".

        1. Ancientbr IT

          Re: Single rogue element....

          "Overhearing" implies a passive action - you just happened to be passing by and you "overheard" a conversation. This is true of human hearing. It's unavoidable unless you stick your fingers in your ears.

          But in this case, "overhearing" is an active process akin to eavesdropping - you're using a piece of equipment and actively searching out signals. The idea that it's accidental is about as valid as the idea that if you leave your doors unlocked, anyone who walks into your home has done so because you "invited" them to by not locking your doors.

          Too often now we hear the same mantra: no-one should expect privacy. It seems we also shouldn't expect integrity, honesty and accountability.

        2. Anonymous Coward
          Anonymous Coward

          Re: Single rogue element....

          @AC,

          You had a 900 MHz phone that had an analog connection between the handset and base station.

          There was no encryption.

          Yet there was an expectation of privacy and it was deemed illegal to listen in and record conversations.

          The fact that the average individual, not as technically as versed as your average commentard, doesn't know how to set up their wi-fi router and how to set up passwords. The cable company or phone company that sets up these people's wireless usually doesn't put encryption on. Those freetard that hang out at Starbucks for free wi-fi don't encrypt their connections. Yet War Driving is illegal. That is, the active act of knowingly snooping on unencrypted traffic is illegal, post TJ Maxx days which is when Google did their global sniff.

          Of course that's US law. German law, much stricter.

          Google got off? You can thank their lobbyists.

          They broke the law, even if you don't understand it, the damage was done.

  4. Aaron Em

    Anyone surprised?

    Anyone at all? Right, didn't think so. Back to work.

  5. Kenno
    FAIL

    $25,000 fine eh?

    That'll teach 'em good

  6. Jim Coleman
    Devil

    This

    This is one of many reasons I will never use a Google product again. Android doubly so. Do no evil, my arse.

    1. C Yates
      Happy

      Re: This

      Good on you!

      There's always Apple! They never impinge on anyone's priv... oh wait!

      Still, there is Microsoft, THEY never imp.... oh wait!

      Look on the bright side, at least when Google do it, it's mostly for free =)

      1. Rob Moir

        Re: This

        The likes of Apple and Microsoft are what I would term "Honest Bastards". They're not hypocritical enough to run around shouting "Don't be evil" while engaging in practices that would have Mr Burns shaking his head in combined disgust and admiration.

        1. Ancientbr IT

          Re: This

          The sad thing is that Apple and Microsoft are not exceptions. Every multi-billion dollar corporation I've worked for in the last 16 years has posted so-called mission statements or principles of practice prominently in the workplace, and deliberately and calculatedly violated every single one of them every single day.

          An example: "We do not expect you to work more than eight hours in one day". One of my former colleagues went on vacation to Mexico with his family. His supervisor insisted that he take a laptop with him, specifically configured by IT to have a VPN, and every day of his holiday he was expected to phone in and do at least two hours of work. This was not an isolated incident. It happened in all departments at all levels and was considered "normal", despite the public profession to the contrary.

    2. Anonymous Coward
      Anonymous Coward

      Re: This

      Odds-on this 'moral crusader' is making such claims about how he refuses to use products from 'immoral' companies while downloading torrented video on his PC.

    3. Quantum Leaper

      Re: This

      What you don't use phones or anybody's products? Almost all companies have done 'evil' in the past, the bigger they are the more likely to happen.

    4. Anonymous Coward
      Anonymous Coward

      "Do no evil, my arse."

      Good advice for anyone's arse.

      (I'd give it five minutes before going in there if I were you)

  7. dotdavid
    Devil

    Rogue Engineer

    Ah yes, the rogue engineer. By night he roams the halls of the Googleplex, inserting bugs into Google Maps and preying on the leftover free food. By day he effortlessly blends in to the population of normal engineers (admittedly, a small population), ready to strike again...

    1. dotdavid
      Alert

      Re: Rogue Engineer

      Downvote? Rogue Engineer - is that you? ;-)

      1. Anonymous Coward
        Anonymous Coward

        Re: Rogue Engineer

        Damn!

        I've been rumbled.

        Yours faithfully

        Rogue Engineer

        1. Anonymous Coward
          Anonymous Coward

          Re: I've been rumbled

          That's okay, I've got your back.

          Prepare for extraction at 802 11th St.

          -Backup Rogue Engineer

      2. Anonymous Coward
        Anonymous Coward

        Re: Rogue Engineer

        That's "Engineer Doe" to you! =P

        1. Anonymous Coward
          Anonymous Coward

          Re: That's "Engineer Doe" to you!

          A woman, then?

        2. Random Handle
          Headmaster

          Re: Rogue Engineer

          I think you'll find its actually spelled, 'D'Oh!'.

    2. Al Jones

      Re: Rogue Engineer

      Note that the The Register called him a "rogue engineer" - the phrase didn't come from Google, so it's a bit rich to condemn Google for using the "rogue engineer" excuse. As far as I can tell, Google has not disowned the engineer in question, and hasn't accused him of acting irresponsibly

      The repeated misconstruing of Brin's quote is just as bad - he didn't simply say that he wished Google wasn't subject to US law, he said that he wished that Google was subject to a jurisdiction that everyone in the world trusted, because quite clearly the US isn't as trusted as they would like to be, but Google doesn't have much choice in the matter at this point - it is subject to US law.

      I'm not a fan of Google, but if the Registers best argument against them involves putting words in their mouth and deliberately misconstruing soundbites, I think it's obvious that "Do No Evil" isn't the Registers slogan.

      1. diodesign (Written by Reg staff) Silver badge

        Re: Re: Rogue Engineer

        Re: Al Jones.

        No - Google said from the start it was one engineer working alone in a "careless error", see:

        http://www.theregister.co.uk/2010/10/22/google_acknowledges_street_views_wifi_data_contained_emails_urls_passwords/

        There's a wealth of related links to look through.

        C.

        1. Al Jones

          Re: Rogue Engineer

          As I said, Google has never claimed that the engineer in question was "rogue". The implication of the Registers use of the phrase is that Google was trying to throw the engineer in question under the bus, and wash the company's hands of all responsibility.

          As the article you link to shows, Google's position, since the beginning when it voluntarily announced that it had been doing this, was that, even though Google didn't think it had broken any laws, it was wrong to to record the unencrypted wifi data, and that while the code was the work of a single engineer, the real failure was that the code review process didn't recognize the significance of this.

          The phrase "rogue engineer" means more than someone working on their own. It implies an intent to do wrong. Orlowski is quite deliberately using it to imply that Google has tried to place all the blame on the engineer, when that obviously isn't the case.

          (As someone who has worked as a developer and with developers, I know full well that we don't always understand the full implications of our brainwaves, and our managers didn't always spot the pitfalls in what we were proposing to do either. It happens, and doesn't require any roguery!)

          1. diodesign (Written by Reg staff) Silver badge

            Re: Re: Rogue Engineer

            Re: Al Jones.

            "Rogue" has quite a wide definition; it's not as narrow as you imply although I appreciate that you've taken it in its strongest form. Given that Google said it was "mortified", described the traffic capture as an "error", deleted said data pretty quick, and that the whole thing has drawn widespread criticism, it's not an unreasonable word IMHO.

            C.

            1. dotdavid
              Coat

              Re: Rogue Engineer

              I'm just glad he wasn't described as a 'rouge' engineer (a common enough designation on teh interwebs), although if the rogue engineer is a rouge engineer fair play to them.

          2. Tom 13

            @Al Jones 01-May-12 08:03 GMT

            Whether it is a "rogue", "careless", or "lone" engineer, the excuse has always been as believable as a Bond villain from a Sean Connery flick. In organizations as big as Google, nobody works all alone on a project with no oversight and no lawyers involved. Hell, nobody works all alone in a five person code writing sweatshop let alone a place like Google. So it really doesn't matter which adjective you choose.

      2. Tom 13
        FAIL

        Re: Registers slogan. [sic]

        Of course it's not!

        You need to spend more points on your observation skills. El Reg's slogan is clearly imprinted in the header which appears on every page: "Biting the hand that feeds IT."

  8. Anonymous Coward
    Anonymous Coward

    Google's magic wand waving

    <Goodwins>I'm sure Hitler wished for a similar magic wand</Goodwins>

    1. Anonymous Coward
      Anonymous Coward

      Re: Google's magic wand waving

      I just don't understand all this negativity towards Hitler, he wasn't all that bad, after all he did kill Hitler.

      1. Francis Boyle Silver badge

        Re: Google's magic wand waving

        Yeah, but he had a lousy sense of timing.

        It's all in the timing.

  9. Anonymous Coward
    Anonymous Coward

    Of course they knew, they knew because it was a sensible idea to record the data for analysis! The issue is just contentious because idiots like to leave their wifi networks unencrypted. It was broadcast to the public so I don't see what prosecutors are getting excited about.

    1. Jim Coleman
      Meh

      WTF?

      So If I accidentally leave something lying around outside my house, you'd be quite happy to nick it because it's in a public place? Well you are a fine upstanding individual aren't you.

      1. Remy Redert

        Re: WTF?

        By that comparison, everyone who's wireless got snooped would have lost their connection while it was being snooped.

        A better comparison would be you leaving pictures or letters out in the yard and someone taking pictures of them without your consent. Now you both have a copy of the text or image but no theft took place.

      2. Anonymous Coward
        Anonymous Coward

        Re: WTF?

        > So If I accidentally leave something lying around outside my house, you'd be quite happy to nick it because it's in a public place?

        No, but if you leave your diary lying around outside and open don’t be surprised if somebody reads it. If you leave your windows open and talk loudly don't be surprised if somebody listens. If you leave your Wifi open and unencrypted don’t be to surprised if somebody captures the data.

        1. John Brown (no body) Silver badge
          Megaphone

          Re: WTF?

          "No, but if you leave your diary lying around outside and open don’t be surprised if somebody reads it. If you leave your windows open and talk loudly don't be surprised if somebody listens. If you leave your Wifi open and unencrypted don’t be to surprised if somebody captures the data."

          But do be surprised if there is 100's of people being paid to do all of the above outside of of every house for 5 mins and recording it all to put in a big database.

          *this* is the "expectation of privacy" that most people expect, even of an unencrypted WiFi signal. Yes, the odd person may come by and possibly pick up a little bit of information, even something you'd rather they didn 't know. But when it's a big corp slupring lots of little bits of infomation from all and sundy across international borders, then the game changes.

          1. Intractable Potsherd

            Re: WTF?

            As I have said before on this topic, *there is no expectation of privacy on any unencrypted wireless broadcast*. Just think about any publicly usable radio frequencies. Anything you broadcast on any channel can be heard by anyone else that can receive that channel. Scanners exist for exactly that reason. One of the first things that you need to learn when using radio is that anything that is sensitive needs to be encrypted (e.g. a pre-arranged code), because there is no expectation of privacy.

            Simply put, Google might have been sneaky, but the responsibility lies with the owners of unencrypted wifi transmitters. They have no legitimate ground for complaint. It is the equivalent of them standing in their front garden shouting out their conversations.

            1. Ancientbr IT

              Re: WTF?

              Scanners are a specialised piece of equipment whose sole purpose is to intercept broadcasts - hardy anyone has one, and so there IS an expectation of privacy.

          2. Tom 13

            Re: *this* is the "expectation of privacy" that most people expect

            Oh, you mean like the dailies do to the Royals on a regular basis with their BLCs?

        2. Anonymous Coward
          Anonymous Coward

          Re: WTF?

          The law of trespass applies. If they enter your land to read the diary, take the item, or listen to your conversation then they are trespassing (unless invited or have reasonable grounds to expect an invitation).

          The law of privacy applies. If they open the diary or turn the page then they are breaching your privacy, just as if they move to stand closer to the window so they can hear your conversation.

          If they are simply exposed to your conversation in passing, or they see a displayed page from your diary then they're in the clear.

          Google didn't stop to listen but just drove past on public highway, which I guess is why they weren't considered to have broken the law in the UK at least.

        3. Ancientbr IT

          Re: WTF?

          I don't know who instilled your moral sense in you but whoever it was did a lousy job...

      3. Anonymous Coward
        Anonymous Coward

        Re: WTF?

        sniffing a copy of freely available data doesn't deny any access to the owner anymore than looking at the bike in your front garden or taking a photo of your house. neither of which I would call stealing

        you might not like it, but the fact is you left it in the equivalent of your front garden for anyone to read, if you don't want it read, make it private.

        1. Anonymous Coward
          Anonymous Coward

          Re: WTF?

          Sniffing and recording your (unencrypted) WiFi data is akin to someone coming up to the window of your house with a video camera and recording what goes on inside.

          Yes, it's public and there for all to see, but would you be happy with that?

          1. Steve Knox

            Re: WTF?

            Sniffing and recording your (unencrypted) WiFi data is akin to someone coming up to the window of your house with a video camera and recording what goes on inside.

            No, it's the equivalent of YOU recording what goes on in your house and projecting it on a bloody great screen for all to see. YOU'RE the one transmitting the information.

            1. Ancientbr IT

              Re: WTF?

              Not a good analogy. Everyone has eyes (most of them working) but not everyone has the equipment and knowledge to pick up a wi-fi signal, so it's an active not passive process. There's a HUGE difference.

          2. Anonymous Coward
            Anonymous Coward

            Re: WTF?

            Sorry but that only hold true if your wifi data was sniffed and recorded from inside your house.

            The person transmitting the data was also broadcasting it *outside* their houses.

            We are perfectly within our rights to photograph or record video of anyone's house/etc from public ground outside people's homes, so why not data?

      4. edge_e
        FAIL

        Re: WTF?

        That's not the same. If you put a sign up in your garden, i might read it if i walked past.

        Still don't trust google though!

      5. mini-me
        Meh

        Re: WTF?

        That's "theft by finding" which is an offence.

        Google, for all that we may not like what they've done, have been cleared of committing an offence here.

    2. Anonymous Coward
      Anonymous Coward

      Silent, don't you know you can't defend google here? In particular after Andrew has taken the conclusions he wants from what is and what isn't written by the FCC! It doesn't matter the final conclusion is "not guilty", the anti-google fanbois are rabid and jump at the first chance, and a page view magnet like this won't be missed!

      In the mean time, seems like Microsoft has bought Barnes and Noble for 300 000 000 US Dolars - or at least bought their resignation from the fight against the android patent extortion racket. But that doesn't attract so many clicks and page views as Andrew's manipulations of the truth, so it isn't yet on the reg...

      1. diodesign (Written by Reg staff) Silver badge

        Re: Anon

        B'n'N story coming up..

        C.

        1. jocaferro

          Re: Anon

          And "Skype/MS reveal remote/local IP" story coming up too?

          1. diodesign (Written by Reg staff) Silver badge

            Re: Anon

            You mean this story? http://www.theregister.co.uk/2011/10/21/skype_bittorrent_stalking/

            If not, drop us an email.

            C.

            1. jocaferro

              Re: Anon

              No. I already sent an email to the author but I can place here the link.

    3. Ole Juul

      Idiots?

      > The issue is just contentious because idiots like to leave their wifi networks unencrypted.

      These are average users who don't know what you're talking about. You many be on top of this, but they shouldn't have to be. In fact they're probably your customers. Have a little respect.

    4. Tom 13

      Re: Of course the knew...

      You forgot the /sarc tag.

      Although you do briefly and tangentially indict the real problem makers in your rant: the ISPs who had intolerable default configs on the wireless routers they sent to punters: Verizon, Comcast, etc. in the US, BT et al in the UK. Even a simple but easily crackable WAP configuration would have prevented the Google slurp. And those ISPs OUGHT to be delivering reasonably secure for the time of delivery configurations on the routers - WPA and at least the serial number (if they can't be arsed to generate a truly random and secure password) as the password for the network.

  10. Jeebus

    To think, there'll still be a hardcore of naive imbeciles who'll still buy into the chocolate factories lousy, blatantly incorrect lying propaganda.

    Fine them massively, they absolutely deserve it for their guilt and condoning of this from the CEO down.

    1. Asgard
      Unhappy

      @"there'll still be a hardcore of naive imbeciles"

      I totally agree, they truly are sickening. They clearly have never learned to understand the old saying, "the road to hell is paved with good intentions". Every time more power over people is created in society, someone subverts it for themselves and with great knowledge over others, comes great power.

      But what gets me the most with the followers is that they actually think its us who are wrong, because we can't see that Google just have good intentions. The do no harm bullshit has to be one of the biggest bits of corporate propaganda in the past few decades and its deeply sickening that anyone falls for it.

  11. Anonymous Coward
    Anonymous Coward

    ok, so now...

    what?

    ...

    they were found out to be lying about a rogue engineer, so what happens next with this very low-key affair?

    ...

    ...

    yeah, so I thought.

  12. tom dial Silver badge
    Stop

    Just asking

    Who, exactly was damaged by this, and how? I agree capturing and storing the unencrypted date wasn't a particularly nice thing to do, but don't recall seeing anything describing actual harm that resulted. Have the many and somewhat costly investigations actually turned anything up, or is this just a glorious opportunity for the political class to show how they are Watching Out For The People and direct our attention away from government activity aimed at doing the same, and much more?

    1. Jim Coleman
      Meh

      Re: Just asking

      So you'd be perfectly happy for me to have a look through your diary, your photo collection, your financial records and your collection of love letters? After all, it won't do you any actual harm.

      1. Tim Parker

        Re: Just asking

        "So you'd be perfectly happy for me to have a look through your diary, your photo collection, your financial records and your collection of love letters? "

        To make your analogy more accurate you would have to put your photo album and financial records out on your front wall with the pages open... or dictate your diary in a loud voice in the pub.

        That said, as has been pointed out elsewhere over and over - the accessibility of the data doesn't make Google's behaviour at all ethical.. they are effectively taking advantage of the fact that many, perhaps most, people with a router aren't aware of how open they can be.. and what they are exposing. Given that the world is not entirely populated by angels, perhaps some more effort from service providers and network supply vendors might also help in this area... perhaps they are already, it's not like I switch either frequently, but i'd not put much money on that.

      2. tom dial Silver badge

        Re: Just asking

        I do not think that you could, at least based on the little that Google might have captured when they photographed my street. If I did not encrypt my WiFi, if I happened to be emailing or otherwise active at the time, and if they captured something significant, I have not seen any claims that they made it available for searching.

        I didn't say what they did was a good thing; it is not. I do think the reaction is excessive and I do not think it is necessarily appropriate to hold Google to a different and more stringent standard than the US government, which I understand to be setting up to capture, store, and analyze essentially all telecommunication traffic. And I seem to remember something about similar UK government plans.

  13. Anonymous Coward
    FAIL

    They operated within the law...

    However that doesn't make their actions ethical. Especially since they openly hid the truth afterwards and tried to postpone its release with everything they got.

    Now; let me make one thing very clear here: I also think that in the end the owners of said open wifi points are also to blame. After all; if you compare this to a real life situation then its by far comparable to the analogy of a door which has been left open or unlocked. No, instead there is also a sign standing besides it saying: "The door is open so you can easily get in!".

    Because that is what an open wifi is actually doing; its broadcasting its signal to the world around if. In fact; if you're in range with your smartphone then chances are high that it will pick it up, prefer wifi over its data connection and start using it. /Just as Google did/.

    Still; there is also a huge difference between using the service (for all we know this could simply be a friendly gesture of the owner) or collecting everything you can about it with the intent to use this in a business like (commercial) fashion.

    Back to real life analogy again: you hand out cookies for free. But only 1 (or two) per customer because you want to prevent people (ab)using your cookies for anything else than their own enjoyment. Otherwise people could try to get 30 cookies from you, package it up and start selling it as "the new cookie delights". Yet that wasn't the intention of sharing those cookies!

    And its that aspect which I think Google should have known up front. Its also why I hold it heavily against them because if you're looking at the bigger picture (or try to) then Google doesn't exactly have a very good reputation where privacy concerns for its users go.

    It seems to me as if Google doesn't (want to?) understand what a "gentlemens agreement" is. For starters: it takes /2/ gentlemen...

    1. Aaron Em
      Facepalm

      "openly hid the truth"

      "Look! Over here! See this? It's the truth! And we're hiding it!"

    2. Ian Michael Gumby
      Boffin

      Re: They operated within the law...

      No, they did not operate within the law.

      Its more of a question of if the FCC had the stomach to prosecute along with the other countries where they broke the law.

      Unencrypted or not, it was eavesdropping and illegal for many of the countries where this occurred.

      What I found interesting is that no whistle blowers have stepped forward. They would get a portion of the penalties.

    3. Invidious Aardvark
      FAIL

      Re: They operated within the law...

      "Because that is what an open wifi is actually doing; its broadcasting its signal to the world around if. In fact; if you're in range with your smartphone then chances are high that it will pick it up, prefer wifi over its data connection and start using it. /Just as Google did/."

      No they did not. You are talking about someone "borrowing" some of the bandwidth of someone's unsecured wi-fi. What google did was record data that were being broadcast and therein lies the complaint. The FCC says this is not an illegal wiretap because the data were no encrypted; I'd love to know whether you could use this as a defence for tapping someone's phone calls - after all, most phone calls aren't encrypted either...

    4. Ancientbr IT

      Re: They operated within the law...

      ... let me make one thing very clear here: I also think that in the end the owners of said open wifi points are also to blame...

      This makes the unfair assumption that the wi-fi owner should have known that they were broadcasting publicly, and then holding them partially accountable.

      But we all end up broadcasting information publicly no matter how hard we may try to clamp down on it. Web browsers are notorious for doing this - if we visit a website and the site takes details of the last ten sites we visited beforehand, along with our OS version, our allocated IP address and any personal identifiers, is that over-reaching by the site or lax supidity on our part?

      It's a major task to try and stay on top of what's broadcast by our technologies, especially when no-one is accountable to us as users. No-one says to us: "We're thinking of issuing products with this insanely great technology called Bluetooth, and we're thinking it's too much effort to encrypt the transmissions - is that OK with you?" And even if they did, how many of us would know exactly how to answer? Insiders know immediately what the answer would be...

      IMHO, at the end of the day ethics is the big problem. Just because you CAN do something, doesn't mean you SHOULD.

  14. Eguro
    Go

    Harm - Expectation of privacy

    I wonder if there is any feasible way to implement, by law, a definition of harm - as something infringing on your expecation of privacy. Thus meaning that in this case actual - legal at least - harm had been done.

    Why had it been done? Isn't this comparable to me having a conversation with a guy across my street in a loud yelling fashion, and Google simply overhearing a snibbet of that conversation?

    Perhaps, but there is a factor of scale and possibly intent.

    If you overhear "And then I cut my grass - har har har", then you'll probably just go on your merry way to the pub or what not. That's fine - I don't expect my conversation to be unable to be overheard.

    However I do have a reasonable expectation that my conversation not be recorded as part of a massive - global - effort to record all loud yelling conversations, and analyse them whilst tying them to the yeller or his immediate area.

    Furthermore I have some expectation that my yelling not be part of that same operations goal to make money for the collectors of that yelling.

    Or don't I? Seems to me that I do, at least to some extent have that expectation.

    So if privacy expectations being broken was equal to harm in a legal sense - then this breach of privacy expectations would be equal to considerable harm.

    I think the real crux of it, comes from the fact that this data was collected in order to make a profit. There can be no other reasonable explanation - hell even the MAC adresses and SSIDs might be seen as relevantly hit by this offered explanation.

    But since the MAC adresses and SSIDs are useful in a different manner - and not something the user actively creates (unlike the data going to and fro) I think there's a possibility for leeway.

    Any way, now I've just begun rambling, and have lost track of where I was going - carry on!

    1. tom dial Silver badge

      Re: Harm - Expectation of privacy

      It's a somewhat interesting question: If you broadcast unencrypted information so it can be received by anyone within a hundred meters or so, is it not quite similar to standing in a semipublic place such as your front porch and shouting it out? Do your really have any expectation that the utterance will be private? Or that someone passing by won't hear it and, accidentally or not, record it? Really?

      Google's handling of this data was not appropriate, but fails to attain the level of evil that quite a few of the responses here indicate. Hundreds of billions of bytes, to be sure - of pretty random snippets of data not much different from street noise.

      1. Ancientbr IT

        Re: Harm - Expectation of privacy

        I think the telling aspect is the technology required. Most of the analogies here have talked about seeing or hearing things, and those are activities we do all the time with the equipment (ears, eyes) that we have (or most of us do, and most of us have working versions).

        If I'm walking down the street, I'm not going to be able to hear wi-fi; my ears aren't up to it. If I'm sat in my car writing up some notes on my laptop, unless my computer has some kind of wi-fi-compatible card and is configured to constantly look for hotspots and try to connect to them, I'm going to be blissfully unaware of any wi-fi transmissions.

        But if I run software or use hardware that's explicitly seeking wi-fi signals, then I've crossed a line from being an accidental recipient of a transmission to being an active seeker, and that's where I think Google broke laws everywhere.

    2. Ian Michael Gumby
      Boffin

      Re: Harm - Expectation of privacy

      Why had it been done? Isn't this comparable to me having a conversation with a guy across my street in a loud yelling fashion, and Google simply overhearing a snibbet of that conversation?

      -=-

      No.

      This issue had been raised ad nauseum and it's a fallacy.

      Suppose you are in a crowded restaurant and you overhear a conversation. You can't but help to overhear the conversation. You use no technology except the two ears God gave you. There is no expectation of privacy when having a conversation in a public space.

      Contrast that to someone who buys a black box where the quick install directions say to plug it in, and follow a simple one page instruction set to get wireless internet. Easier than programming a VCR.. err... I mean your new smart TV...

      Is it reasonable to expect that your communication between your laptop to your black box and to the Internet? The answer is yes.

      To capture your private electronic communication violates said expectation. Encryption is a moot point. It's the simpe action of capturing the data which is illegal.

      1. Eguro
        Thumb Up

        Re: Harm - Expectation of privacy

        I know what you mean.

        My argument was pointing to the fact that even if you accept that the data was publically available - which I guess is what The Big Man (aka the US) has ruled (hence why it wasn't deemed illegal) - then there should still be a matter of scale or intent.

        I agree wholeheartedly that I have an expectation of privacy for my data, what I was arguing was, that even if my expectation was lowered because it was unencrypted (as my yelling conversation was), there would still be cause for concern due to the scale of things.

        On another note, isn't the primary reason to encrypt your data, to prevent others from breaching your expectation of privacy? Isn't it like a lock on your door. Even if my door is unlocked, it's still illegal to simply enter my home.

        Bottom line - I agree with you :)

  15. Alan Firminger

    History

    Over the last 12 years I have used Google to find some obscure answers. One thing puzzled me - they gave me access to pages behind paywalls and to other members only material (1). Then over more recent time has come the publication of the weakness of the history list. That is probably how they got secret links.

    So they are shit squared.

    But how can I live without them. I have used the private material gratefully ?

    (1) like developers stuff about ncurses, so stop sniggering

    1. Oninoshiko
      Stop

      Re: History

      No.

      Many sites give access to what is behind their paywall to googlebot. They want it indexed so you know you can buy the info there. By the same token, if you want access, just change your user agent to report as googlebot.

      1. Alan Firminger

        Re: History

        So why is there an ongoing row about Google linking to copyright material ?

  16. Anonymous Coward
    Anonymous Coward

    Of course they knew

    If not, then what was the infrastructure doing there, ready for Rogue Engineer Doe's code?

  17. Wile E. Veteran
    Thumb Down

    Sure am glad.

    I dumped my Android smartphone for my daughter's old BREW feature phone.

    My WiFi is as secure as the embedded firmware will let me make it (WEP2)

    I only use Gmail for mailing lists like AUCTeX and ConTeXt.

    I only post bland topics of no personal import on G+ Does Google or its advertiser customer base care about Emacs, TeX & friends, the Open Clip Art Library, the Open Fort Library or such?

    I only ever put pictures of my cats and a couple of nature photos on Picasa,

    Just because I'm paranoid does not mean they are not out to get me. I sure miss the days of UUCP, bang paths and spamless USENET.

    1. Wile E. Veteran

      Re: Sure am glad.

      ACK! I meant *WPA2* not WEP2. I am so embarrassed. Must have been a brain fart.

    2. Anonymous Coward
      Anonymous Coward

      Nudge nudge...

      'Nature photos'?

      Say no more...

  18. IGnatius T Foobar
    Windows

    Clearly...

    Clearly this was all planned by Microsoft moles working from inside the chocolate factory.

  19. Tom Maddox Silver badge
    Coat

    Engineer Doe?

    More like "Engineer Duh," amirite?

  20. paulf
    Holmes

    Smartphone Location service demands Wi-Fi

    Not sure if this has been raised before but I'm convinced Google recorded the location of detected Wi-Fi networks deliberately.

    When I'm using Google Maps or Google Stalker Latitude on my Android phone it always nags me to turn on Wi-Fi to improve location accuracy. If it only had mobile network triangulation then I could understand this, but it does it even when GPS is turned on and reporting the location with an accuracy of ~5m.

    Really! Why would they suggest Wi-Fi as a method of location accuracy improvement unless they deliberately logged a massive database of Wi-Fi network locations with incredible accuracy?

    Have I missed something?

    1. The Original Cactus

      Re: Have I missed something?

      I think you have. IIRC Google's stated motive for gathering MAC addresses and SSIDs was to tie those identifiers to geographic locations. Then, when you turn on wi-fi, the device checks nearby wireless networks against the database of known network locations and tells you where you are.

      1. paulf
        Facepalm

        Re: Have I missed something?

        My point was performing this, rather substantial, data collection undertaking cannot have been the work of a lone "Rogue" Engineer. In the unlikely event that it was it couldn't have gone undetected in a company of super brainy geeks for more than a few weeks. If their reason for collating the MAC addresses and SSIDs was improving location accuracy (even when GPS is reporting excellent accuracy) then it was deliberate from the very outset and not the complete accident that was only discovered by chance, as portrayed by Google.

        My point was, that I feel I have missed as it were, was that if it was deliberate from the outset (as I feel it was) they lied about it being the work of a "Rogue" Engineer. If it wasn't deliberate and they just woke up one morning to find a mass of Wi-Fi SSID+MAC+location data in their Streetview Database then they didn't waste any time in finding a use for it!

  21. Lockstep Technologies

    Classic technologist's privacy error

    At the time the story broke, blogs were full of geeks espousing their view that unsecured data in the public domain is up for grabs, and that Google did nothing wrong. I bet that was the predominant view in Google engineering and Google management. And it's wrong, at least in those many parts of the world where OECD privacy principles hold. No organisation can collect Personally Identifiable Information beyond what is required to do their job, and even then, they are obligated to be transparent about it. Thus Google's StreetView wifi exercise broke the privacy law of many jurisdictions. There is no strong privacy law in the US to be broken and the FTC investigation obviously went down a different track.

    http://lockstep.com.au/library/privacy/public-yet-still-private.html

    Google knew what was going on but they didn't see surreptitiously harvesting PII as being wrong. Why would they? It's their BUSINESS MODEL.

    1. P. Lee

      Re: Classic technologist's privacy error

      There is a small assumption that the data slurped was PII.

      In most cases, it would not be. In most cases there would be some form of encryption, so unless Google decrypted it, they would be home free.

      Then you would have to show that the data slurped was personally identifiable. You would have to identify which person (not host or browser) was identified by the traffic.

      You may or may not have to show that the data collected by wifi was additional to that provided by other google tracking systems.

      Be careful with the "do I need it for business purposes?" get-out clause, if you then claim that tracking personal information is google's business! It would be a bit like a market researcher, noting the kind of clothing people are wearing as they walk past.

      I'm a bit torn on this one. Certainly Google should not have done it. However, I'm not convinced what they did actually caused much damage, or indeed that the PII data was that useful or intentionally used.

      A (google-sized) slap on the wrist, an order to delete the data and better guidelines regarding wifi surveys are in order. I'm in no mood to go to jail for switching my WIFI card into promiscuous mode and finding my neighbours have left their network open.

      1. Ian Michael Gumby
        WTF?

        Re: Classic technologist's privacy error

        There is a small assumption that the data slurped was PII.

        Did you actually follow the story?

        This isn't an assumption, but actual fact.

        1. tom dial Silver badge

          Re: Classic technologist's privacy error

          There is a small assumption that the data slurped was PII.

          Correct. Right there in the first part of the FCC report: "e-mail and text messages, passwords, Internet usage history, and other highly sensitive personal information." The report also indicates that the data was inspected and analyzed much more thoroughly by government agencies in Canada, France, and the Netherlands. Further, it shows a good deal of management sloppiness at Google: numerous managers overlooked things that should have been red flags; it appears that nobody paid much attention to what the software was doing while reviewing it carefully to ensure that it would do it well.

          But as many have pointed out, users have some responsibility as well. I put passwords and similar information into things that go on the net only after making sure that the link is encrypted - completely apart from the fact that if I am using WiFi that also is encrypted. Some passwords, of course, go in the clear because the acceptor won't honor https (e. g., theregister.co.uk).

          Shame on Google for screwing up, and shame on careless users who broadcast important (to them) information in the clear.

      2. Ancientbr IT

        Re: Classic technologist's privacy error

        As I recall, wasn't the question asked of the engineer "Are these URLs that you extracted from the data streams of open wi-fi spots?"

        That seems to imply lots of active behavior and very little passive...

  22. aiop
    Meh

    Rogue Engineer?

    What I want to know is is whether this rogue engineer drove ALL around the world in the same car - must have corns on his bum by now lol.

  23. Mikel
    Windows

    That's nothing

    I used Google search, and the next time I went to the refrigerator all the milk had curdled.

    I followed a Google maps route once, and it took me two extra minutes due to construction.

    Once, in gmail I got a spam. From my brother, who was whitelisted for some reason.

    These are all signs that Google is a scion of the apocalypse.

  24. adam payne
    Stop

    The FCC might not think they did anything wrong but I'm quite sure Google is not telling the whole story. Things just don't add up.

    Street View was a service much heralded by Google but surely they tested anything before roll out? How did they not spot that data was being taken during testing? Why impede the investigation?

    They may not in the FCC's eyes done anything wrong but I think they've been down right sneaky.

    1. Ancientbr IT

      It did occur to me that the collation of open wi-fi spots would enable another feature if a driver was using Google maps at the time, and that is to feed back real time data about traffic density so that suggested re-routing could occur. It's likely to come anyway (not necessarily through Google maps, obviously), but maybe Google were trying to get a step ahead?

  25. Bernard M. Orwell
    Stop

    Hmm....

    "A better comparison would be you leaving pictures or letters out in the yard and someone taking pictures of them without your consent. Now you both have a copy of the text or image but no theft took place."

    So, if I go into the cinema; a public place, and record the film which is being displayed openly, then no theft took place? I'm not sure the law would agree. My data, surely, is MY intellectual property - say I was transmitting the latest draft of my (awful) novella? Or a personal message to a...erm..close friend. What law is NOW being broken? Copyright theft? Wiretapping?

    Perhaps we should invoke a class action stating that Google is in contradiction of intellectual property and copyright laws?

This topic is closed for new posts.

Other stories you might like