The Canadian privacy watchdog today said Google's Street View fleet broke the law when it collected payload data from unsecured Wi-Fi networks. An investigation by the Office of the Privacy Commissioner of Canada, one of dozens launched around the world earlier this year, also found the practice was the result of a single Google …
a big fail for the Canadian gov...
And what, everyone else at google was too incompetent to realize they were grabbing excess data? This sounds like a big pile of BS to me!
If they do not fine, etc. google, that should mean everyone on the planet has the right to "accidentally" violate the privacy of multiple people in Canada "until they get caught" at which point they get a warning the "same as google".
If they do not fine, etc. google then they do not have to right to fine anyone down the road!
A big fail for Shane Kent
The Privacy Commissioner of Canada found that Google had collected data that it shouldn't have. There is no auggestion that Google was even aware that it had the data until earlier this year, and there is absolutely no implication that Google actually USED that data in any way. In fact it is clear that if anyone had ever actually looked at the actual data (as against just processing it to extract the bits they needed for StreetView), they would have realized the problem much earlier and stopped gathering the data.
Google doesn't need or want a few random e-mails that are broadcast in the clear - they just aren't worth the trouble, especially compared to the millions of e-mails that pass through it's servers every few minutes anyway.
Nobody's privacy was violated, because nobody read the e-mails, and the information in them wasn't acted on in any way.
Apart altogether from the fact information broadcast in the clear in a public space probably shouldn't be considered private in the first place.
I don't get it
If I'm yelling out my window my personal business, and someone drives by and writes down what I say, what person in the right mind would consider me right in expecting what I yelled to be held private?
This data was siphoned from OPEN UNSECURED networks. The only blame here is the people who set up their networks.
Why do we have to baby every single person on the planet?
Can you say Illegal Wiretap
The laws of various countries deal with what constitutes an illegal wire tap.
Shouting out your window of your car, you have no reasonable expectation of privacy.
Make that same call on an old 900Mhz phone... and someone listens in? That's an illegal wiretap.
Being unware of breaking the law is not an excuse. I'm pretty sure if I stand up in court and say "I'm sorry your honour. As I hadn't looked at my speedometer I was not aware I was doing 100mph" I think I'd be sent down.
I don't know Canadian law well enough to comment on various area's of radio communication, but in the UK it is an offence to intercept and listen to or record communications not intended for you. Which is why I'm surprised, or rather not as this is a multi-billion dollar company, that Google weren't brought to task for it in the UK.
and that's why
there's no Street View for Nunavut!
OK, Penguin==South Pole but there isn't a polar bear icon
Still their fault
"When Google decided to deploy the code to map Wi-Fi networks in the real world, the unnamed individual identified "superficial privacy implications", but did not send his designs to lawyers for review, contrary to company policy."
Who cares if it was contrary to company policy. While they were paying his wages he was acting for them. Anything he did that got released into the wild was done by them. Somebody at Google must have given that code the green light. Nobody allows engineers to write code and put it live without some sort of check.
Google are clearly trying to make one man a scapegoat. Well it shouldn't be allowed to wash. Fine them, then double it for trying to wriggle out of it by blaming some poor schmuck.
whats a title?
So people leave their wifi networks open, unencrypted and unsecured, so that any tom, dick or sniffer can access it, then moan that someone does?????
my god - the way people are up in arms over this is ridiculous!! ohh ohh - mr insurance company - i left my car unlocked with the keys in the ignition - can I have a new one please? what do you mean no?
if you dont want your wifi slurped/borrowed by tightfisted neighbours then CHANGE THE DAMM THING FROM DEFAULT SETTINGS
its ok - I didnt come with a coat
Fair but some logic problems
Yes, people need to learn that "Belkin 54G" means "free wireless access" and they need to be arsed to set up a password. There are two problems however;
First, most of the world when they buy their wireless widget thing from PC World have enough trouble plugging the thing in and have to call their "mate that know about 'puters" let alone which security to set up.
Second, given that I assume you have fitted decent door and window locks to your home can I assume from your argument that if you find me up a ladder testing the strength of your window locks with a crowbar your response will be "fair enough mate, you are testing my window locks for me" and not a punch in the face?
If you are going to use analogies at least try to use one that is relevant. If you left your car unlocked do you think it is ok for someone to come and insert a listening device to record everything you or your passengers say in your vehicle?
You bloody idiot.
The day you happen to leave your door open (hypothetically, you've made it clear you never would) you will not want any action taken against the burglars that walk in? They'll be quite welcome to your goods, cash etc? Even if the police catch them, all you'll expect is a rant from the authorities for your stupidity?
Your point of view is nonsense.
"Open door" analogy is inadequate.
The real analogy here is putting your belongings on the street with no-one to supervise them, and hoping no-one takes them. Once it is out of your building, it is at risk unless you do something to prevent it, whether it is data or your record collection.
Re: "Open door" analogy is inadequate.
Ah but what if it's a CAR that you leave outside your house etc etc etc
conspriacy theory lives on...
I wonder why it is that so many Governments seem afraid/reluctant to punish Google as they would other firms?
Who is getting paid off? Is the data slurp actually being channeled to Govt on the basis that a fudge like this has far less political implications than Govt Depts doing it directly? How much are they really skimming?
Now where is my tin foil hat?
No surprise to see Google showing no responsibility about this....
They give the 20% time like a gift but as lots on here will know, whatever code you right at work on your employers time belongs to them completely. The engineer being disciplined is a wholly internal matter and the public punishment or otherwise should be at Google's door.
Don't know the details of Google's employment contracts, and I'd imagine your right in this case.
But the pedant in me just has to point out that who the code belongs to varies. It's entirely reliant on the terms of your contract, if there isn't a clause relating to it in there then the code remains yours.
Personally, I'm inclined to agree that this was probably a stupid mistake. There's just no sensible motive given the tiny amount of data you could gather. Not that this should be a defense, if the law was broken it doesn't really matter whether it was accidental or not (although this varies law to law, state to state as well).
In either case, it's really not worth the energy being wasted on it by various commentards
To take into consideration
Jennifer Stoddart's tenure is about to end (in November) and many people think the conservative government will replace her with new blood. It should be fairly obvious that a conservative government is not going to be very excited about taking enforcement action against a big industry player like Google.
It is not entirely beyond the realms of possibility that Stoddart's statement today is a result of political pressure and job preservation - which would be a shame given the OPCC's reputation for being one of the strongest DPAs in the world.
So even the Mighty Google ...
has the odd Bad Apple.
So you be careful. Cos if you ever leave the door of your house open, I'll take that as an invitation to come in and invade your privacy :)
Wrong, wrong, wrong!
See my comment above. FFS, try to use the correct analogy. There was no "entry" - the stuff was being thrown out into the world for anyone to catch!
Right, right, right!
Sorry, IP, but I can't agree with your analogy at all.
Leaving your wireless unprotected is exactly like leaving your house unlocked.
Private data from an unsecured wireless setup can only be obtained if you choose to connect to and/or set up a sniffer to read from the unsecured network. This doesn't happen by accident. You make a choice to do it. It is the rough equivalent of walking through the doorway of an unlocked house. The door may be unlocked, but you chose to turn the knob and walk in. Your computer didn't just suddenly start collecting this stuff -- you had to configure it to.
Ladies and gentlemen. This issue is remarkably simple. You may not take advantage of your neighbours' technological inexperience to use their Internet connection or rummage through their data -- regardless of how easy they may make that for you.
If you choose to do this, you cannot defend this behaviour by saying they "gave" it away. They did no such thing. They simply didn't do anything to prevent someone from taking it. There is a difference.
WTF? How can a fully working and operational piece of code that controls some hardware, collects data over radio waves, then stores it in a DB somewhere for late retrieval, be classed as "careless error"!?!?!
"Sorry, I ran over your dog!" is "careless error"!
"Oh God! I shot your parents by accident during a hunting trip!" is "careless error"!
Testing, distrubuting and running complex code to collect data in hundreds of little automotive data colleciton units, is not freaking "careless error"!
The fitting of the vehicles with Wifi kit, and collection of some data was not an error. They've never claimed it was. I'll explain it in short words for you;
Dey woz tryin to collect details of dem wirelesses - Name dat sort of ting
Dey collected da data dey wanted but also caught emails and sum over fings.
The 'careless error' was failing to check that the code only collected the data they wanted. It's a fairly simple rule in data protection - only disclose what the person needs to know - the same goes for when you are collecting data!
Aww come on
You know there was no malice intended. Noone has denied it, noone has pretended it did not happen. Why in God's name is everyone so quick to believe that any successful company will sudeenly start actig in some sort of psychopathic way?
I read my own argument back and have for the first time doubts ....
Intent is not the issue
Google broke the law. If any other individual or organisation did it, they too would have broken the law. In some countries, the mere possession of such software may constitute a criminal offence.
Also, does Google expect everyone to believe that the code used in these systems, which were subsequently deployed around the world, was entirely under the control of a single person? Nobody else checked the code, there was no peer review or any kind of change control or any of the other processes and procedures common to companies around the world?
If someone is too dumb tock the door, don''t be surprised if you are robbed
When travelling I live off unlocked WiFi systems, never had to buy signal for years. Users should learn how to secure WiFi systems if they want a modicum of security.
If you are really wound up about Google, just send your secure stuff at night as Google only takes daylight shots!
Nobody wants to sue a very large, powerful and rich US company.
Google bluffed with their 'lone gunman error' excuse and it gave governments an easy out.
Clearly this set up their defense, a lack of mend rea. (Lack of a guilty mind).
Take the excuse or be forced to spend lots of money on a very expensive case where the average citizen hasn't a clue of the law and the guilt of the company involved.
This is clearly a failure on the parts of the governments where action could have been taken, yet the took an easy way out.
As a software professional I know that Google did intentionally slurp the data. They even tried to patent it.
Definitely a fail for the Canadians.
Firstly it's _MENS rea_.
More importantly, and less pedantically - numerous offences do not require mens rea in order to ascertain guilt. Not sure if this is one of them, but it really wouldn't surprise me.
Thats why the Actus Reus is sufficient to convict you of motoring offences despite your protestations of "I didn't know or mean to do it"
Lawyer I'm not...
Sorry you are correct, and I didn't take the time to spell check Latin phrases.
Actus Reus means that you didn't think about committing a crime, you had actually taken some physical steps to perform the crime.
I disagree that Actus Reus is enough to convict.
The reason mens rea is required for a conviction is that one has to show that Google acted with intent. That is to say that the data capture was an intentional act.
Google claims otherwise and their publishing that this was an 'accidental capture' is to establish that there was no mens rea. That while they may have committed a crime, it was an unintentional act, that is... they lacked the guilty mind.
I agree with you that they should be charged and then based on the evidence produced, convicted, however, I'm trying to explain that Government AGs (Attorney Generals) are less likely to take on a very expensive and public lawsuit against a company whose public mantra is 'do no evil'. Lot of money , lots of risk, little return. Could be political suicide.
It sucks but its a reality of life. Politicos need to grow a pair. (Ladies included)
New service from Google...
Hi, [name] we notice your internet access is open, try our new "How to secure your net wireless" service. [beta]
find free wireless in your area
App for Android
Missing the point - what *was* the indended purpose?
I think most people seem to be focusing on the 'OMG, invasion of privacy', 'It's unsecured, serves you right', and 'they didn't use it' arguments... However, I've yet to hear an explanation for why the software deployed actually captured the data? What *was* the indended purpose for the data captured - there must have been some, otherwise the engineer wouldn't have written the code in the first place. That is a far more interesting question. As others have said, millions use Google email services, so snooping a few random emails as a google car drives past a house is pointless compared to mining the data in the millions of emails they have stored on their servers. If you're worried about the wireless stuff, why aren't you hysterical about what they're doing with all that data behind closed doors?
WTF, for WTF was the intended purpose?
The purpose was to build a geolocation database
The data they were extracting from the wifi data was the access points MAC address and the signal strength, which they then stored along side the location where the reading was taken. This data can then be used to estimate locations based on the signal strength of surrounding APs. If you've used the location service on Firefox, you would have been making use of this data set.
The problem is that they reused some software for the wifi packet capture that stored more data than was required for the geolocation database. This may have been a mistake (as Google has stated), or they might have been storing the data on the chance that some other data could be extracted.
One thing worth remembering is that it was Google themselves who reported the problem. Would you think better of them if it was revealed that they had identified the problem and silently deleted the data without reporting the privacy breach?
A lot of people are trying to equate connecting to an unsecured network with stealing, either a car or the contents of your house.
Clearly it isn't the equivalent though. Google didn't steal the packets they received, they still got sent to their destination. I think the analogy with shouting your business in public is much more apt.
Would you complain that someone with ears had overheard you when you deliberately shout things out in a public place?
On the other hand, knowingly connecting to a network that you don't have permission for in the UK is a criminal offence under the computer misuse act... Even if it isn't secure.
So if you leave your house unlocked you have no problem with me coming in and photocopying all your mail, bank statements, birth certificate passport etc...?
Google didn't actually connect to these networks.
They simply monitored the frequencies flying around our head. It's a very thin line, but it's enough to cause a prosecution under the CMA to fail. RIPA would be a far, far safer bet.
Seems to me the Canuc have got it right.
Google broke the law, and the reason they have given is that it was an error on their part. However, no-one was harmed, no data illegally captured was used (and as others have said, I can see no use of using the data anyway, it's worthless to Google or to anyone else).
Google get a fairly stiff slap on the wrist, and some really bad press and they will have to tighten up their software release practices (and I can easily see how this rogue code got in to the street cars by accident - and anyone who cannot see how its could have happened obviously hasn't worked in the software industry for long enough or with big code/library sets - remember this is a google car taking pictures, not an airliner or power station control system)
Seems a fair result to me.
- Pics Facebook's Oculus unveils 360-degree VR head tracking 'Crescent Bay' prototype
- 'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
- Teardown Pop open this iPhone 6 and see where the magic oozes from ... oh hello again, Qualcomm
- Analysis Apple's warrant canary riddle: Cock-up, conspiracy, or anti-Google point-scoring
- Bargain basement iPhone shoppers BEWARE! eBay exposes users to phishing vuln