Interesting article: Questions for PI?
First,
PI; are acting here as much as (un?)willing agents of google's commercial competitors just as much as they are acting as privacy watchdogs.
I was wrong in previously saying Google have discussed this since streetview was launched, I have read their press release (linked in article) and it says 'We have discussed this before' and links to some Google blog postings from 2009;
- This is disingenuous because those posting make no mention of wifi snooping; just traditional geolocation stuff based on IP address and celltower location. Which I think most people are already aware of.
In fact, Commercial companies other tha Google have for years been building big lists of IP address vs physical location; Does PI have a position on this? It seems every bit as insideous as collecting SSID or MAC, worse even.. since I cannot easily change my IP address, while my SSID and MAC are entirely within my control (but not everybodies of course).
One of the links in the google blog points to a New York times story from a year ago about a company that was also doing a similar thing (SSID/MAC collection, not payload). At one time they used Taxi's to help give wide coverage.This was not Google, does PI have concerns with the activities of 'Skyhook Wireless' and others?
Many ISP's issue preconfigured modems (SSID and MAC) that the user cannot change, or will not know/care enough to do so. Has PI also contacted Virgin, BT etc. to ask if they too keep databases of address/MAC/SSID/IP address? Is this database accessible to the authorities under RIPA type legislation? Will PI pursue this in the same manner they are pursing Google? Does PI consider such a database (which is realtime unlike the Google data) to be equally problematical?
But; Google have definitely escalated this in scale.. I share PI's concern that this info is logged and can then used for who-knows-what outside of the narrow stated reasons, and even if it's not Google doing that, it will be others.. Such data always ends up being brought and sold, it's a 'commercial asset'.
This is the one compelling argument PI have; if the data is never collected it cannot be turned to evil..
When the court cases start rolling in it will be interesting to compare punishments handed to Google with those handed to people who have deliberately targeted (say) their neighbours, and then used the data collected to directly harm them.
In case it is not clear: I agree with you when discussing the total package (hi-res images + SSID + MAC + GPS position + others? that's a lot of info) as a big and dangerous intrusion into privacy. That -I- am OK with it is a purely personal opinion, and a minority one; I totally understand why others are upset, and at other times in my life I had more to loose and would have been upset too.
Ok; but what really galls me is page2. This is where the author tries to bamboozle us the science of how this must have been a carefully planned attack coming from the top. However, they are asserting a level of technical competence that they do not have. Not that I doubt his narrow experience; but he really should get out more in the software development world.
He describes just one type of development model, the one that many old school characters in the software world are wedded to; but which is only appropriate for companies developing embedded solutions, safety critical and never ending government projects. When NHS IT projects mushroom to billions of pounds, with flakey software running on 20 year old obsolete database farms, this is the devlopment model they have used. Companies like Google deal with vastly more info at a fraction of the cost, and they do it by breaking the old development lifecycle 'rules'.
I came out of the old school and into the new a few years ago; dropped ClearCase for Subversion and Git. Tightly locked down defect databases that you could only see and edit if you have been pre-authorised; for an open one with change tracking and blame. (every engineer in the whole company is free to look at and modify the the code, documentation and issue database, if they screw up it gets reverted and they get blamed... tracked down later and given a b*****king if necesscary). Testing is instant, within a few minutes of a change being submitted the code has been rebuilt and tested. This testing is not exhaustive, and does not try to quantify and capture every single possible scenario. Occasionally we lock stuff down for sensitive projects, but this is the exception, not the norm.
So: Get with the flow man. That flow is called an Agile development process, and while it has similar nominal steps what happens at each stage is different. In particular you do not audit everything, if a module you are bundling in contains superfluous code you don't care so long as it does the job it is intended for and does not break anything else. You go forward not back at all times. And you churn out projects with huge functionality in weeks, not years. Which is exactly what Google does to get ahead of it's rivals.
And now, I'll get my coat. I've posted loads about this, and need to stop. Hypocrisy and grandstanding is what gets me fired up in this case; both ooze around PI like a miasma, while much bigger and egregious lapses get ignored by them.
Biting the hand that feeds IT
