Google has stopped deleting the personal data its Street View cars collected from open Wi-Fi networks, following what the company called "some uncertainty" over the deletion process. For three years, Street View cars collected Wi-Fi payload data across 30 different countries. Some countries have asked Google to delete the data …
Taking the piss
This is rather taking the piss now. Don't these organisations have something useful to do rather than complain about *publicly* available data being collected?
If you don't secure your network it's your own fault if the content is read. And especially since very little was actually read from each network anyway - the opportunity was there for anyone to read much more - and *use* it.
If we stopped organisations from taking advantage of the gullible, lazy or just foolish then there would be very little commerce left. It's up to *you* to secure yourself from *them*.
This is what businesses do in a capitalist system (or any entity does in a competitive environment) FFS - they take advantage of everyone they can however they can.
Same goes for FB - you gave them the damn data, don't complain when they use it to their own advantage. Don't bloody give it them in the first place - then they can't use it can they?
Agreed. The wireless data was publicly available. It was collected from a public location. This, arguably, was just as legal as rummaging around in your trash can that is sitting curb-side on trash day. You can take whatever you want. However, if you manage to find a non-cancelled, non-impaired credit card...well, you can take it, but you'd only break the law by using it. Also, a Googlemobile probably was only within range of the "hotspot" for a mere 3-5 seconds. Not much data could be usefully gleaned during that time, unless you're very unfortunate. Even so, any suitibly "private" data would have been in an SSL session, and even potentially floating on a WPA2-encrypted packet as well. If Google wants to throw its 2+million servers at decrypting 3 seconds worth of wireless packets to know I was shopping on Amazon for a "Wireless Networks For Dummies" book, more power to them. They'd be better off sifting that data from my Gmail once I placed my order...
what are you
some kind of idiot?
Capitalists take advantage of others, that's capitalism? Perhaps if your a banker or on wall street, but in the real world anyone with a brain can tell you that Google operates well outside the boundaries that any potential rival ever could. It's a protected monopoly, runs with immunity.
They have their people in the US government and probably foreign governments. The clown they have in the US government was pwned by Buzz and didn't even really understand what it was or how his data got on the www. He was left cuckolded expressing his concern for google making his information public.
Google has admitted not knowing that the data was collected. They never said they were intentionally collecting the wifi data. Big difference here, and a big lie since google conveniently removed the hard drives prior to welcoming inspectors to inspect their cars.
I bet you support privacy and are against warrant-less wiretapping yet your condoning someone listening into your conversations "if the means exists to do so". Hell the means to do pretty much anything exist, it just makes some of us criminals and some of us millions.
Since we're not working for google (unless you are) we'd be criminals.
So if my front door's unlocked, you can just walk in, take what you like, and it's my fault?
There is such a thing as "Reasonable expectation of privacy"
Indeed poor security is a problem which leaves people open for exploitation. And leaving the door open is an invitation to theft. However theft remains theft and will be prosecuted as such.
Laws exist to (some degree at least) protect an individual's reasonable expectation of privacy. And as a general rule of thumb, a violation is defined as requiring a special effort on the part of a covert observer to gain access.
Thus yes I ACCEPT that in the middle of a crowd, my conversation can be overheard by those around me. However, I also EXPECT that there is no one covertly recording conversations in the crowd with the idea of trawling through those conversations later looking for useful nuggets of information.
Whatever Google's intentions, (and I am at least a little suspiscious of a story which has someone including a feature which was specifically excluded from the end user's wish list) the problem is that that data is a gold mine for those with a Stasi like mindset. Somewhere in all that random chatter will be evidence of crime, enough crime to help reinforce the idea that you can never know for sure when BB is watching.
Apply the above to one very important fact. Disidence is always a crime in the eyes of the establishment.
FB is a somewhat different amimal in as much as users voluntarily and knowingly allow access to private information to others. On the other hand, users were made certain promises that have subsequently been broken in the spirit, if not the letter of the law.
"if my front door is unlocked" analogy
Im sick of hearing the "if my front door is unlocked" analogy. If the signals were contained to within your house and i stuck a probe through your front door to collect the data then it would fit but these are signals that you are broadcasting outside of your property. If you don't want anyone to look at these signals that you are sending to everyone in the area then secure them. its not that hard ffs
That's _exactly_ the way every drug dealer and black marketeer I ever knew would have seen it! And for all the implied libertarian sensibilities that would have got most people loudly hear-hearing (before they knew just what these guys did for a living), most of them would rip off absolutely anyone, no holds barred, no prey too small and defenceless. Rather like the way certain types think there is honour among Mafiosi but the smarter ones grow up to realize 'honour amongst thieves' is an illusion, not to say a sick joke.
You, moosh, are an idiot.
@Ac taking the piss
> If we stopped organisations from taking advantage of the gullible, lazy or just foolish
> then there would be very little commerce left.
Is this, do you think folks, the most mind bogglingly stupid comment ever published on the Reg? I get involved in a lot of commerce: buying food, energy, clothing, housing, all the rest of it. Whether I'm gullible lazy and foolish or not all that still happens: if it doesn't happen then I'm dead, because the place where I live wouldn't support me in a hunter-gatherer lifestyle.
Because the Googlcar was on the public highway. If you have an open network, you have bigger problems than Google's brief interception on one occasion.
I see very few open networks nowadays, and I imagine that few people were actually accessing the Internet during the few seconds Google's car drove by.
No, but that's not really what google did. Google simply recorded the wifi radio waves as they drove by. This is more akin to you opening your curtains and turning on a very big TV, and then getting angry when I see what's on the TV as I drive by.
Read the law before opening up your zipper
You are trying to apply NeoCon morality to an issue that is a simple matter of LEGALITY.
Unless in your world of righteous self-sufficiency there are two sets of laws, one for big corporations and one for the rest of us, its is still *illegal* to scoop up other peoples private messages.
To use an often abused analogy,, just because I forget to lock up my mailbox, does *not* entitle you to come and snatch up my mail and specifically not to start offering the private info contained in it to the highest bidder.
It is an often repeated urban myth that the unsecured status of WiFi access point makes it legal to access it, even so you clearly know its not yours and its not meant to be accessed by the public.
But that is just as wrong and to assume that you could just take a you ride in every car you find parked by the side of the road with the keys left in the ignition.
If you do the latter you will still go to jail for car theft and if you commit the first, then its referred to as "computer tresspass" - and in 99% of Western Countries that's a criminal offense!
Ever read a lawyer's e-mail?
Those are clearly send out over the public Internet and yet they still contain the footer "If you are not the intended recipient of this e-mail you must destroy it immediately..."
Educate youself about such topics before starting to unzip your pants!
RE:There is such a thing as "Reasonable expectation of privacy"
You're absolutely right, there is a reasonable expectation of privacy when: you, are in your home or other private locations, and, you take steps to make / maintain that location private. ie drawing the curtains on your windows, closing the doors and not broadcasting your activities in a manor in which your activities can be viewed, heard or otherwise generally accessed in public, by the public.
That statement was a ruling from a superior court judge in a criminal case in which i was arrested and charged with misdemeanor possession of marijuana, and subsequently convicted at trial.
The story goes like this: myself and 2 friends were on the patio, in a backyard that is completely surrounded by a 6ft 4" block wall, this wall could not be looked over by random people, as it was too tall. The property in question is a corner lot and the yard and patio sat adjacent to a major road, as the 3 of us sat and smoked a joint, a police officer pulled a car over on a traffic stop which happened to stop right along side the patio, we heard the cars stop and such, but wasnt aware it was the police, as we enjoyed our indulgence some comments were made regarding the quality of the product we had acquired. The police officer, while writing the ticket stood on the sidewalk, listening to our commentary and smelling the aroma coming from our little burning session.
After writing the ticket, he contacted a supervisor and explained the situation, the supervisor gave him permission to enter the yard without obtaining a search warrant for the purpose of investigation. in the mean time some backup had arrived and 3 officers just simply let themselves into the yard without notice or warning and proceeded to arrest the 3 of us.
We all 3 hired seasoned experienced criminal defense lawyers to defend us, we fought our defense based on invasion of privacy and illegal search and seizure and we lost. the reason we lost was exactly as stated above, the judge stated that all expectations of privacy was removed when we broadcasted our endeavors in a manor that could be seen, heard or otherwise accessed in a public manor...
no, I can't
But if you put your crap out in the street, anyone can take it. And that's just what you're doing when you don't lock down your wi-fi.
Who Wants to Be a Millionaire
It's like Chris Tarrant, stringing the contestant along with lines like "But we don't want to give you that!..."
Destroyed th hard drives !
"Before my arrival, Google staff had consolidated the Wi-Fi packet captures onto four hard drives,"
They copied the data and then DESTROYED the original hard drives !
That would be the consolidated drives - so no reason to think the original data is not still in various places in Google
i picked up on that
The independant "Security" consultants, appear to have only verified that the data was deleted from the 4 hard drives that they were presented with, not that the data was actually deleted from the Google data servers, pcs, laptops, USB sticks or from any associated backups.
I don't want to be seen as a Gapologist but it does seem they did wrong and are now taking entirely the correct steps to put it right. After the initial booboo I'm not sure what else they can do.
Why was Google Collecting this data for gods sake?
"its mobile team included payload-capturing code in the Street View cars' software despite the fact that the project leaders "did not want, and had no intention of using, payload data."
Why was google equiping its vehicles with the hardware needed to capture WIfI data in the first place? I would assume that their vehicles had 3g or satelite technology to upload the images as they were collected or download them at the end of day by plugging the harddrive into a computer?
In this country it is illegal under the wireless telegraphy act to listen to a communications that you are not a party to or that is not by its nature intended fpr public consumption. Snooping on someone elses radio conversation is illegal. The fact its very easy to do does not detract from the illegality of doing it and you would expect a company "that does no harm" to have checked with their lawyers before embarking on an enterprse such as this.
Google have been caught with their trousers done and are wriggling to avoid the consequences.
And it is impossible to know whether the signal that just activated your antenna contains a packet addressed to you without first intercepting, decoding and parsing the data. And guess what, the data that Google were *actually* after (i.e. access point beacons) are address "To Whom It May Concern". They're broadcasts. "Snooping on someone else's radio conversation" is in fact what all wifi cards do - they always receive all packets*, and then discard the ones that they think are not theirs unless in promiscuous mode.
The mistake made was in the inclusion of capturing *all* data, not just beacons. The reason they wanted the beacons was to build a location database that give you a reasonably accurate position based on a few AP MAC addresses. Which is legal. Anyone can do that if they so wish.
* All packets of sufficient strength etc
They're already using the data to locate you based on your wifi connection. My phone thinks I'm 50 miles away from my actual location because when Google drove past my old house they "caught" my wifi ssid/mac/whatever and plotted it on a map. Now whenever I connect to that AP Google think I'm at my old house (accurate to about 5m) even though I'm over 50miles south west of that location!
Google = Phorm
They were actively intercepting and recording the data without the consent of owner.
"This, arguably, was just as legal as rummaging around in your trash can that is sitting curb-side on trash day"
I don't know if that's legal where you live, but where I live it certainly isn't.
It's not the equivalent of Google entering your unlocked front door. A better analogy is you reading out all your bank details over a CB radio. Would you do that? I thought not... So why do you think it's someone elses fault if you let your wireless router broadcast your bank details? There are plenty of people with far more evil intentions than Google out there!
Beware Geeks Bearing Miffs
Part of the problem here is that the great majority of WiFi users are not geeks. Most will have little realisation that their browsing habits are aggressively analyzed by Google, let alone know that their WiFi comms are susceptible to interception. It's no surprise that Joe Public gives such matters little consideration; there is a reasonable expectation on the part of most people that you need a warrant in order to conduct such activities.
This being the case, it's a good thing that Google's 'mistake' is being properly investigated. The publicity alone will clue people up about the kind of world we live in.
Legals don't matter
Regardless of the legalities, Google swore blind that they'd collected this data accidentally and that it's existence was a surprise.
If this is really so, why have they just not zapped it outright?
Easy: because it wasn't a surprise or accident, Google are huge liars intent in collecting stupid amounts of information under the guise of not being evil.
I wish people would see them for what they are.
It matters because
this surprise is actually very unpleasant for them and exposes them to all sorts of liability. Therefore the only sensible thing to do is what they are doing: publicly own up to what happened and do nothing further with the data without oversight and instruction from the governments of the countries where the collection happened.
There's a difference
... between carelessness about eaves-dropping and deliberately making information publicly available - that should be bloody obvious. People with poor wifi security may not care about nosiness, but I doubt very much that they expect someone to record all their traffic and make use of it. That's just abuse and it sure as hell is unethical.
Re various states asking google not to delete the data - is it really to provide evidence for a prosecution? I'm sure at least a few are wondering if it is worth doing a quiet deal to buy the data off them.
Only EU bureaucrats
Would rationalize data retention as helping the privacy of those whose publicly broadcast data was intercepted, as opposed to destroying that data. And only EU citizens are sheepish enough to go along with it what the bureaucrats tell them.
That was a shame.
It was like reading a really good post with 'looooolll!!!!!!!1' at the end.
This isn't the same as someone walking in and taking your stuff. For a start they didn't 'take' anything.
This is the same as you shouting your details out of your front window and being surprised when someone writes it down. Anything you operate on wifi is *broadcast*. If you do that unencrypted then don't be surprised if someone can pick it up (entirely passively) whilst driving around. It's not illegal, or even immoral, to receive data that's publically available.
First they want google to delete the data, so it complies, now they're bitching because google are doing *exactly* what they ask? They can't win. I'm afraid the privacy nuts are making idiots of themselves here.
snooping through open windows
If I'm in my house playing music and the window is open, is it unreasonable for me to assume that someone passing won't note the location, and what was playing at the time? Or that they would then use that to create a service which tells other people if they can hear particular music then they're probably close to my house? How about if they used it to make a guess at my music tastes, and sold that information to a direct marketing company? What if they overheard an argument, and the next day I get a mail drop from a counselling service?
The problem is not that they eavesdrop on what's going on, it's the way they will use what they heard as they went past.
Be careful gc_uk!
If you're playing music with the window open so other people can hear it, expect either a copyright infringement notice from the BPI, a royalties with menaces demand from the PRS, or both
@McMoo: because that is destruuction of evidence. In cases of data leaks in the us, covering it up makes fines and penalties FAR larger than coming clean.
In one sense I agree that anyone using unecrypted wifi is aking for it.. *BUT* don't argue that *anything* receivable outside is fair game!! Between infrared, "millimeter waves", and equipment sensitive enough to pick up window vibrations, you are in fact saying you are fine with anyone watching and listening to you at any time 24/7.
Àh, but there's a small logic flaw...
Google HAVE come clean, and are attempting to rectify this by erasing the data collected "in error". The problem now is certain governments, under a variety of excuses, were all "delete it! delete it!" and now, realising how much information might be there [*] they trot out a whole different set of excuses for "leave it! leave it!".
Google screwed up big by collecting this data in the first place, but now there is no action they can take to make things better. I fully expect certain stupid [*] governments will seek to relieve Google of this data.
* - Firstly, how much *useful* data can be gleaned in the time it takes to drive by an insecure network? while traffic will be slower in built-up areas, so too is WiFi density, there's only so many available channels. Secondly, if this looks like being an information gold mine, what's to stop a government driving around with WiFi sniffers looking for potential criminal behaviour ("actively sniffing out child p0rn, think of the children!"). In fact, what's to stop ME doing it? Is there a bit of software that can turn my eeePC into a promiscuous-mode sniffer?
If this Google cock-up teaches us anything, it isn't who collected what data and where it goes, it is SECURE THE DAMN NETWORK so that drive-by sniffing simply isn't an issue any more... [whether non-geeks understand it or not, in various parts of the EU this will soon be a legal requirement with the liabilty on you if you don't...]
"Meanwhile, two Americans have filed a class action suit against the company for intercepting their personal Wi-Fi data."
Typically stupid American attempt at a money-grabbing lawsuit. I presume these two people have concrete evidence that Google actually holds their data? Didn't think so. Google did wrong, no doubt but *individuals* (or groups of individuals) filing suit when nobody knows for sure exactly whose data has been slurped up is just ambulance chasing. I suppose they'll be claiming they endured 'pain and suffering' too?
It's good that the data is reviewed
I think it's a good thing that some folks want to review the data.
The sooner folks have a look at this data , the sooner they'll
see how silly it was to get excited about it.
The good thing about it being Google that brought a bright light
onto the subject of WiFi security is that, the data they collected
is indeed harmless, but had it been someone not just driving by
but camping on those routers , the story might have been just as big
but the results might not have been so benign.
As everyone will agree , this story has probably had the benefit
that far more people have taken that few minutes
to lock up the router so they are not dumping their data on
the public streets!
Not you again.
I was baffled...
...Utterly baffled as to why Google collected *any* of this data, or even as to why they should even be registering the presence of wifi routers, let alone logging anything about them (what next? toilets?)
Today, however, all is clear. Seeing a new symbol (I like the silver-blue colour) on Google Earth, I clicked on it, and up popped the box, "Connect to this network".
Some of the icons have a red bar. When you click on those, you get "This network is secured".
Google continues to do a great job with all of this. Pity they didn't think of collecting telephone numbers at the same time. Accidentally.
It's a shame that many commentards are judging this by the laws of their country (e.g. the US) alone. Remember that Google collected this data in many countries, at least some of which have different expectations of privacy and possibly even laws to back that up. Google should have respected those.
Since the "we accidentally collected your data" explanation is at least a little suspicious, it seems reasonable to me that evidence be retained for possible further use in legal investigations. I might be a bit happier if it were handed over to a trusted third party, but given how easy it is to lie about deleting data, maybe the damage is beyond repair anyway by now.
As regards the "what harm can this data do?" argument. Actually, it's not too hard to see. I expect there are many administrations around the world who would quite like to have a map of where all the unsecured wireless networks are in their country. Heck, it'll appear on the internet no doubt, so every shyster in the world will know as well. Given how many unsecured networks there are, I'd say that's bad for a start.
A lot of you say it's like someone passing by while you shout. Well, not really.
It's more like someone pointing an antena at your house for a few seconds to see what you are doing. You can't see them do it, you are probably not even aware that people can listen with your walls between them and you and then you find out they saw you jacking off to some weird porn.
People, even a lot of people who read theregister, don't really realise how far the signal goes or that other people then them can listen to it. No one explained it to them and they don't understand enough about technology to know it's possible.
It's a lot like the CIA being able to listen to everyone's home conversation. It's not something anyone should be allowed to do, period.
not so hard to know why
Google collected this data so they can run an accurate where you are service. some other company does it for Apple/etc. it's not great but they only captured a few seconds worth of data - they have access to far more through people that use their search/email/video/shopping/ect services. I'm all for privacy but in this case I think people are missing the wood for the trees - there's far bigger threads to privacy than this.
France said keep it? Isn't there some kind of strange law in France about accessing a wireless point from outside a building or something like that?
The data is already invalid
Collecting this data was a waste of time, as it's already incorrect.
When Google patrolled around in their street view cars I lived in town G, however now I live in city 17. Whenever I'm at home in city 17 my phone thinks I'm in town G whenever it's connected my wi-fi router because that's where my router was when they drove past. But now that I've moved, the location of my AP is wrong!
I don't care about privacy (as many have said, this is public data attained from a public location using legal methods), what I do care about is inaccurate information. Does anyone know of a way I can let Google know where my AP is now rather than where it was a year ago?
If you are broadcasting your SSID publicly you should expect that someone, somewhere will write it down. There is a checkbox in your router security settings to turn broadcasting off. Why is this a problem?
- Vid Hubble 'scope snaps 200,000-ton chunky crumble conundrum
- Updated + vids WHOA: Get a load of Asteroid DX110 JUST MISSING planet EARTH
- 10 years of Facebook Inside Facebook's engineering labs: Hardware heaven, HP hell – PICTURES
- Very fabric of space-time RIPPED apart in latest Hubble pic
- Massive new AIRSHIP to enter commercial service at British dirigible base