Google has said that its world-roving Street View cars have been collecting information sent over open Wi-Fi networks, contradicting previous assurances by the company. This means that Google may have collected emails and other private information if they traveled over Wi-Fi networks while one of the cars was in range. …
My arse, they just got caught out by the German audit.
@Google's promises on data distruction
Yeah, I was kinda waiting for them to say it would be deleted after 18 months.
That "special" US-UK relation is mainly on intelligence (or what passes for it), so I'm willing to bet GCHQ is going to horse trade your rights to get their hands on some of that SIGINT in the same way that hosting ECHELON at Menwith Hill gets them some data.
It'll be the usual slap on the wrist with a wet noodle.
I think the new administration...
...is going to be a lot more strict on accountability than we've become used to. I wouldn't mind betting they'll use a dry noodle from now on!
Telecoms regulation - you're doing it wrong.
And you thought they were just trying to photograph your house!
If Google haven't used this data to build up geolocation maps for all the relevant countries in order to further their all seeing eye, I'm a Frenchman. By now, they can probably delete the raw data without losing anything important. The maps are created
I spy with my little eye, something beginning with G...
Surely when running their phototaking ops they'd have noticed a storage drive use WAY above what would be expected? I know they'd have needed a *lot* just for the photos, but surely this would have raised eyebrows with *somebody*?
Don't be evil...
...but if you just can't resist being evil, don't be caught.
If somebody wants to organise a riot, or protest, I'll be there. X
Please can we have a new icon that depicts Google (and Facebook) as a satanic doer of evil, sly underhanded backstabber, maybe a nice icon of Judas with the Google logo?
Could somebody please make a Google homepage logo in the style of this???
It's not like you weren't putting out that information already...
My Cisco AP lists the "Rogue APs" including SSID, strength, and MAC
But apart from the obvious point that those with unprotected WiFi must include the naive as well as the fools, and they, at least, need someone to look out for them (like kids need teachers/responsible adults), collecting the data 'because you can' is perhaps in the same ballpark - morally-speaking - as stalking? Or of covering the nation in CCTV?
and they get away with it again
http://www.stuff.co.nz/technology/digital-living/3702291/Google-halts-Street-View-Wi-Fi-data-collection A link to our local website but one line in particular almost made me spit coffee all over my keyboard....
The engineering team at Google works hard to earn your trust - and we are acutely aware that we failed badly here," he said.
Trust?? Trust?? You have got to be Joking who in thier right mind trusts them
yep metal face and tinfoil hat
Do no Google
It takes both software and hardware to collect wi-fi data. Perhaps the software side could have been an error (though, personally, I simply don't believe it) but why is wi-fi hardware fitted to the Street View cars? I can't believe it was installed if there was no intention to use it.
Do I trust Google to remove properly all the wi-fi data collected? No way!
Until now, I thought Google Street View was a useful addition to Google Earth/Maps. Now that Google have abused my 'trust' in this way, I think (sadly) that the UK should go the way the German authorities seem to be going and ban Google Street View entirely.
'Do no evil'?- better 'Do no Google'!
There's nothing wrong with harvesting MACs
The WiFi hardware was there to harvest MAC addresses and SSIDs, to improve the accuracy of geo-location for mobile users who don't have an accurate GPS fix.
There's nothing sneaky or underhand about this - at this point radio signals are as much a part of our streetscape as street signs and traffic lights, they're just invisible to the human eye, but not to the gadgets that we increasingly rely on.
So there was a perfectly legitimate reason to have WiFi hardware in the cars. The problem is that the software module/library/object that was used to extract the MAC address and SSID, was a bit too "general purpose". It was logging everything it "heard", which, in the case of open networks, included any traffic that happened to be transmitted when the StreetView cars were in earshot.
If the system had just logged the MAC and SSID, along with the appropriate GPS coordinates, there wouldn't have been a problem, but it looks as though the system logged everything - possibly because it was post-processed to create the "radio map"", possibly because hoarding everything is in Google"'s DNA.
I'm increasingly paranoid about Google's all seeing eye, but in this case, I actually think this was a genuine mistake, and they were really caught off guard when this data turned up in their logs.
Deletion for Dummie (or in this case, Google)
Quote: "and the company has promised to delete the data. But before doing so, it will be asking regulators in "the relevant countries" how this should be done."
That's Google talk for "we'll ask officials in a few countries what to do and if they don't respond quickly enough we'll take it as given that we can do what the hell we like with private data that we shouldn't have captured in the first place".
Do Google really expect the world to believe it needs help figuring out how to delete illegal data?
More complicated than you might realise...
This data is not stored on a single hard drive.
It is probably duplicated on several google servers, each with RAID arrays of disks and on several backup tapes.
Even once you've identified all the disks / tapes it's held on you then have to decide how hard you should make it for someone to recover data from those disks. Threse days it's generally considered fairly easy (i.e. relatively cheap) to retrieve data from a disk that's been completely overwritten 5 or 6 times.
And then you've got to convince everyone outside of google (i.e. governments etc) that you actually have securely destroyed every single copy.
Re: More complicated than you might realise...
Yes, and asking all the affected countries how to delete data from Google hardware makes perfect sense doesn't it? I'm sure every country has a portfolio giving detailed insight into Google infrastructure, thereby allowing those countries to become more competent with Google hardware than the Google engineers themselves!
FTR every corporate I have worked for has had a rapid deletion policy that covers backup mediums in addition to day-to-day storage devices. Given that's something to expect as normal from big companies I am having a hard time witnessing your argument holding water.
My arse indeed.
But presumably Google also snoops the content of emails on GMail, sniffs the traffic that's going over their own network backbones, logs what you're searching for on Google itself, and takes a quick shifty throught documents on google docs? This is an American company that relies on knowing who people are and what they're doing and saying in order to make a profit. Their culture will inevitably be one of doing all these things as much as possible for as long as it can get away with it all round the world with typically American arrogant disregard for local laws and social norms. I wouldn't trust them with any private data of mine at all.
And we were worried about Phorm!
And the rest please ...
1. Why am I not surprised
2. What else are they collecting that they haven't admitted to, oops I mean mistakenly collecting
The fool and his money will soon be parted
Well, if you are not using encryption on your connections you get whatever Christmas you deserve.
As far as Google its creepiness is what will bring it down. It is simply a matter of when.
By that logic...
...if you are not wearing plate armour in the street its okay for someone to stab you right?
I would ahve thought that it is more akin...
...to saying if you don't wear any clothes in the street, it's okay for others to point and laugh at your genitals.
Router SID and MAC = location?
I'm about to move house, so if Google are reliant on this information to "locate" me, then will be locating me wrongly ad infinitum (or until I change my router). You would hope there is some method of over-riding this location information at Google's end, which would then prove that harvesting all this was unnecessary, as they could get location information by other means!
Correcting Google's wireless geolocation data
"You would hope there is some method of over-riding this location information at Google's end, which would then prove that harvesting all this was unnecessary, as they could get location information by other means!"
Of course, they could only get information this way from people who willing volunteered it. I guess that is not enough and they have a burning need to learn the physical locations where people using their services are located. Maybe they need to tell the Chinese government where all those blogging dissidents live.
Depends on how long (if at all) Google retain their build configs....if they adhere to any form of 'standard' (e.g. ISO9002) then they should retain all their build configurations, which should show when any 'wi-fi' branch was added to the system, and any released build.
Both code & build system could be inspected.
And yes, straight 'shredding' of the payload data should suffice - although if it's been backed up for the last X years, then those backups have to be dealt with too, and they are normally tied up with other items - which always causes 'fun and amusement'.
Still, if everyone changed their SSID, and (if possible) utilised MAC, then all locational data relating to specific SSIDs/MACs would be wrong.
If you have an unsecured wifi connection anybody can see your stuff, not just Google. If Google were cracking secured connections to get the data then this would be a worthwhile story.
I just don't believe you can do this by accident. They got caught, public and governments don't like it so as PR they claim to stop.
But how do we know they will stop?
(What's that Wop, Wop, Wop noise?)
How did it get stored?
OK, so this unnoticed subroutine grabbed the extra data, and presumably stored it on the local drive.
But how did it move on from there? How did it get into their central storage? Did they just grab the entire raw contents of every disk and archive them?
If they were feeding specific data into their other systems I would expect it to transfer just that specific meaningful data, not a bunch of extra bytes that they didn't know the meaning or structure of.
Google may be master information dealers, and storing *all* information they can find just in case, but junk bytes with no attribution are not useful information.
"promised to delete the data. But before doing so, it will be asking regulators in "the relevant countries" how this should be done."
Either this means that google are technically incompetent - deleting data can't be that difficult.
Or, it means that they want to bargain as to how little they need to delete.
"forked tongue google" icon now!
How to delete data
Nice arguments, but no, it's more complicated than that.
Google can't just delete the data because the data are (potentially) evidence that Google committed a crime in collecting it in the first place.
If Google were to simply delete the data, it may commit another crime by destroying the evidence of the first crime.
It all gets ridiculously messy if Google tries to match up data with the people whose information they improperly collected and stored without revealling that data to the public or the government.
Two things I find curious, 1; just saying it was an accident is enough to stop US plod investigating, and would this work with any other offence? "I didn't run that red light" Case dropped.
2; How do you accidently write code, include it in software, and actively drive around using it. Writing it and installing it isn't something that can be covered by the dictionary definition of accident
Saying it was accidental doesn't stop plod investigating, but the wiretapping laws weren't broken if this logging of data was accidental. Plod still gets to investigate, and Google could still be brought to court, but their defense wouldn't be "we didn't do it", but "we didn't intend to eavesdrop". Unless a prosecutor thinks that he can prove otherwise, the case probably won't go to court.
Someone wrote a WiFi library some time ago, and one of the properties that it returns is the MAC and SSID. Someone else, who needed to record the MAC & SSIDs in the StreetView cars, included that WiFi library in their project. They didn't pay attention to the other data that this function logged - they probably weren't even aware of it. That falls well within my dictionary definition of an accident.
I can't understand how using some old code you would still be storing payload data. Surely you would only call the specific functions from that class that are needed and only expect a certain data type to be returned. In just a few levels of debugging you would be able to see that extra data is not only being made available, but being recorded as well.
However, I really can't see a really good reason for Google to do this. I don't really think they are really using this data as they like snooping through e-mails and facebook updates. The very limited amount of data they could collect in those few seconds passing a property, combine with the fact that anyone could be connected to your open router, makes the data pretty worthless - surely?
The only thing I can guess is they were doing a land-grab - using SSID, BSSID and packet sniffing to determine the required MAC and router information.
Really though, you have far more to worry about if Google was able to capture this information than the fact they did!
Take off your tinfoil hats
Why is everyone need to see this as some evil conspiracy?
They were geo-tagging MAC addresses, to capture a MAC address you need to capture the whole frame, it seems like their mistake was logging the whole frame instead of just the bytes they needed. It doesn't require a conspiracy to see how this could happen by accident.
I doubt that these fleeting snapshots of internet traffic made it through the post processing into the useable database.
If you or I did this and were caught, how do you think a court would take the defence of "it was accidental, while we were geo-tagging other people's WLANs without their permission" and "We did not mean to capture all this payload data - we were just negligent"?
BTW, to find a MAC address you only to capture and store the headers of one single frame, not the full payload of several packets.
I have had cause to use such tools within an inter-governmental organisation whose site is considered outside the jurisdiction of the country in which it is located (like an embassy) - but the ramifications and necessary precaution, procedures and limitations were first clarified with our legal department. Why did Google not do the same?
Next week form the Google Fuckup Spin Department :"A big boy made me do it"
It's what they do,
This isn't news to me, as soon as I heard about their wifi maps I knew they would be spying on peoples transmitted data.
Anyone surprised by this has their head firmly stuck up their arse.
Also, these people expect us to trust them with our printing jobs.
I've read some corporate bullshit in my time but "We're sorry, we decided to equip our camera cars with aerials, detection and recording equipment but we didn't mean to accidentally capture people's router SSIDs" has got to be one of the lamest, most duplicitous lies I've ever seen.
Aside from thanking the German authorities for highlighting this (something which the Home Office seemed to have missed) what do our Governments intend to do about it? What *can* they do about it? Is someone going to sanction Google? Force them to destroy all the data? Fine them some huge about for all this snooping?
Of course not... move along people, nothing to see here. Google are immune to your complaints and will continue to do what they bloody well like. No matter that Sergei Brin is a Russian.
US law enforcement in action - or not
Google is "saying it's an accident and that may be a good enough excuse to get them out of the wiretap liability,"
I really have trouble buying the "accidental" here (and the fact that that is enough to avoid criminal investigation). You're sending cars all over the planet and collect huge data volumes and this remains unnoticed? Let's start earlier - I don't buy an "accidental" inclusion of such code either.
Exactly how hard is it to spot "#include ECHELON_ng" in a code review?
I call BS - as another poster commented, their only problem was that they were caught out. Exactly how much sponsorship do they get from the NSA?
Why did they write it in the first place?
I know it's impolite to mention the elephant in the room, but...
it's one thing to expect us to believe that this software made it out of a source control system, and into active use on some hardware all by mistake. What they haven't explained is why they ever wrote some software that appears to be intended for the sole purpose of illegally intercepting data.
It's a bit like Iran apologising because a nuclear missile was accidentally fitted onto a plane (well, a little bit anyway).
"Street View cars have now been grounded"
Google has flying cars?
I must have missed something --- like maybe the first part of the story, but am I the only one who is wondering WHY they collected this data in the first place?
Never mind *collect* --- why did they even have equipment registering nearby router IDs?
why? Why? Why?
Geolocation without GPS
I don't know about other browsers, but in Firefox If you go on Google Maps, there's a button under the compass, which if you click it, churns away for a moment and centres the map on your approximate location. Since my computer doesn't have GPS, it must be doing it by working out what wifi networks are in range of my machine and looking it up in a database. It'll obviously work better in cities and built up areas where the networks are a lot denser.
It's a neat feature, there's nothing overtly sinister about it - if it meant I could get location-aware services without turning on a battery-thirsty GPS chip I'd probably say it was a good thing.
"It's a neat feature, there's nothing overtly sinister about it....."
I you happened to be a dissident blogger in one the world's less enlightened regimes, it might be very sinister if wireless geo-location brings men with guns to to cart you away for a spell of torture, followed by a long stay in jail.
The Island of Google
Google may as well be a nation now. That would give them the ability to do this and chuck it in the self-defense bucket. Only big, dreamy nations get to screw you royally while claiming it was in their national interest. As a corporation, they are at the mercy of their host nation. Who the hell wants that?
Is Australia still inhabited after that red cloud of death swept through? What's the asking price for a continent these days? I say it's time to take it up a notch. Think different.
Also, there must be more of the electromagnetic spectrum that can be monitored. Can you check my pulse as you drive by? If my folks could Google my latest heartrate, that would probably comfort them.
Don't worry, Earthlings. These bitches know what they doin'.
Enough with the paranoia
Seriously - Google might have suffered a technical screw-up but get some perspective. There's almost nothing of value they could have learnt from this. Anything they might have learned would be the result of an idiot not securing their network.
But what could they have learnt? Their vehicles probably spent less than ten seconds within range of each network. I'm pretty sure Google has more sense (evil or not) than to deliberately set out to snoop on private networks. It would have to be the most inefficient privacy violation strategy in history.
It's just a silly cock-up. Likely nothing of value was copied and the 'victims' would do far better to learn how to configure their equipment. Everyone else would do well to assume that any data packet that leaves the boundary of their property (either on a physical network or radio waves) can be compromised.
The question still stands
Why did they access those networks in the first place?
Why were they even looking for wifi routers, let alone logging their details, let alone recording traffic.
For some reason, everybody seems to take it for granted. Like maybe other people do this every time they walk the dog.
Do they? What am I missing?
"For some reason, everybody seems to take it for granted. Like maybe other people do this every time they walk the dog. Do they? What am I missing?"
In my case the answer is simple: I don't have a dog. However, I suspect Google doesn't either, so it's even more mysterious. :)
Seriously: No, it is not normal to collect information on private networks, especially by someone who has the ability to correlate this with other information about the people involved. A private person doing this would probably get thrown in the clink. I think Google just wants to collect as much information on people as possible. They'll go as far as they can get away with.
Why did they access the networks?
They collect the SSIDs of WiFi networks, secured or otherwise, and link them to a specific geographic location to implement a basic geolocation service in Google Maps for devices that don't have a GPS. Yes, if you move that will confuse things slightly for a short time. If you go to the Skyhook website you can manually request changes. Not sure if Google and Skyhook use the same database or are competing with each other.
- Geek's Guide to Britain Kingston's aviation empire: From industry firsts to Airfix heroes
- Analysis Happy 2nd birthday, Windows 8 and Surface: Anatomy of a disaster
- Adobe spies on readers: EVERY DRM page turn leaked to base over SSL
- Analysis The future health of the internet comes down to ONE simple question…
- Lollipop unwrapped: Chromium WebView will update via Google Play