The Information Commissioner's Office is reopening its investigation into Google's collection of unsecured Wi-Fi by its fleet of Street View cars. The change of heart by the regulator comes in the light of tougher stances taken by other countries, and Google's confession on Friday that its cars collected entire emails, URLs and …
The ICO has developed a spine??
Gonna have to clean my monitor after reading that.
£20 says they slap their wrists and do sod all else.
One wonders did they even look at the data collected*? Or did they take Google's word for it?
* Assuming they are legally permitted to.
No they haven't
In fact reopening the case because other countries do is even more spineless. Basically we must thank other countries for taking the matter seriously. The people who get paid to protect us didn't care until they realised that they were losing their faces.
I wonder what the story would be with Phorm if they had run the same tests in an another European country. Probably the Telefonica or Deutsche Telekom directors would have received a huge fine (at least) and rightly so.
Slapping wrists implies some degree of integrity
Fifty quid says the Information Commissioner will remain happy to let other countries do his job while he crawls back under his desk.
He may come out later to say "Told you so," but that's as much as I'd expect.
ICO worse than useless
If they'd done their job properly in the first place they would have picked up on this earlier. It just goes to show that the "preliminary assessment" was a tour around Google's facilities followed by a tea and biscuits presentation.
It will be interesting to hear how google claim that the additional data slurping was un-intentional and if the ICO blindingly accept those claims. After all they were convinced by previous excuses which were blatantly unbelievable to everyon except them.
the 'personally identifiable' ruse
The ICO sounds like it did its research into the data by asking google for it's official line on privacy and URLs don't have my name in them so that's ok by Google.
ICO has only acted now because other countries are and it will look even more like the irrelevant quango it is.
Regulators that don't regulate, that's the FSA / ICO way.
Definition of Identifiable..
Having just re-read the ICO's guidance notes (here: tiny.cc/6ofea, page 7 in particular) they imply that knowing information about an unidentified someone as well as their address does permit you to easily identify them.
Quote: "The starting point might be to look at what means are available to identify an individual and the extent to which such means are readily available. For example, if searching a public register or reverse directory would enable the individual to be identified from an address or telephone number, and this resource is likely to be used for this purpose, the address or telephone number data should be considered to be capable of identifying an individual."
It's my guess that Google do have access to suitable "registers or reverse directories", but they'll no doubt wriggle on the "...and this rsource is likely to be used for this purpose..." It strikes me that the weakness in the DPA is that it requires to show that a nefarious purpose was intended from the beginning, rather than that it might be possible later.
Statement from the Google CEO:
Now that the ICO has stepped back in, I am really really afraid.
Please dont let them use any of their massive powers.
Oh No someone who knows how to actually enforce the UE Data Protection Directive is actually after us.
Here's betting another £20 that nothing happens at all!!!
That's OK then
'Google has appointed a director of privacy to oversee improvements in its practises and promised to train all staff and consider the privacy implications of all its products.'
So that's OK then, and the result of that consideration will be -
'everything is fine and to carry on as we are'
Forget tootheless Data Protection, surely this is illegal? The Computer Misuse Act 1990, states unauthorised access to computer material is against the law. So isn't attaching to someones wireless network (even if open) and stealing their data is illegal?
Or does the Computer Misuse act only apply to personal individuals and not big companies?
Also what about copyright? Copying my data is copyright theft - surely the most serious crime on the planet?
Your device was standing up, waving it's arms and saying 'talk to me !'.
Their device asked your device if it could come in, and your device said yes, here's the internet'.
That's an invitation, as far as I can tell, so can't be unauthorised.
The postman is standing in your street, you waive your arms, he comes to your door, you let him in your house and he steals your wallet. Its not illegal because you invited him in?
Ah, you are resorting to the good old "Look at her, how she was dressed; she was obviously asking for it, M'Lud..." defense.
Which is never EVER appropriate or valid.
Not even when the mighty google are shafting us over.
invited != authorised
having an implied invite to connect to a network does not authorise you to snoop all data traffic on that network that is being sent to and from machines OTHER than your own.
doing so would be akin to walking into someone's house and assuming you were invited because they left the door unlocked.
This 'story' brought to you by googles competitors.
'£20 says they slap their wrists and do sod all else'.
Yeah.. 'cos that's all it's worth. There -will- have been a few url's and passwords captured, some full emails, possibly worse (email attachments.. private pictures?).
But it was exceptionally transient, and self-reported. Unlike your neighbours kid..
And the 'victims' always had the option of not broadcasting this material on the radio and in the clear.
It was neither transient nor self-reported.
First up, this practice by Google was not short-lived in the slightest. In fact it would have carried on were it not for the technically minded in the community noticing attempts to access wifi networks and observing what was happening beyond the initial negotiation of the connection.
Self-reported? Google only came clean because they got caught out. Plain and simple. As for Google's spokesman on BBC News last night claiming that the data was never used and never would be, pah - if they hadn't been caught out you can guarantee the information would have been used.
You're quick to imply that the victims of this crime are themselves at fault for not taking precautions. First up in many cases the victims do not control or maintain the wireless network. Do you really expect your grandmother to be securing her wifi network? Your grandmother simply wants to plug the magic internet box into the phone line and get on with it. Let's go a step further. Let's say you come home to find that someone's been in your house because you left your front door unlocked. Are you more than happy to be the victim of a burglary, or an unknown person making note of personal details about you derived from their entry into your unlocked house?
Instead of blaming people for either being ignorant or for demonstrating a degree of trust why don't you consider ways to be helpful and conducive towards solutions?
"It was neither transient nor self-reported."
So the google street view car sat outside your house all day collecting data did it?
Or did it drive past once in the last year or so?
I bet the latter!
As I said.. Transient.
And as for self reported, not entirely, but they 'fessed up fully with very little provocation.. go read the history of this. There was no 'technical community' noticing active connections from the cars, since no such connections happened; they passively recorded data. That looks like unsubstantiated FUD from you.
Google wasn't "caught out" by technically minded people noticing attempts to access WiFi networks. Because Google didn't make any attempts to access wifi networks. Google's StreetView cars simply passively listened to wifi broadcasts, and didn't initiate any "conversation" with WiFi routers, and didn't broadcast anything through those WiFi networks.
Google didn't enter anyone's house and steal their wallet - google walked by on the public street outside the house and overheard the TV that was turned up real loud, and smelt the cabbage that was being cooked for dinner.
Google themselves found this extraneous data in their logs, and Google told the world about it.
Never fear, the ICO is on the case
Have they ever actually prosecuted anyone? I've dealt with them on 3 separate occasions and let's just say that they're not particularly effective, to the extent that they don't even respond, in fact, I'd have been more than happy for them to be involved in that nice little quango scrappage the Tories pulled the other week. In fact, are the EU still prosecuting us for their utter inaction on Phorm?
I love the effectiveness of their investigation.
They took one glance at the data Google had collected here and said "that's ok then"
Then when regulators that actually troubled themselves to do their jobs find that Google collected a lot more than you'd expect, they then decide to get involved again. The mind boggles.
If the other regulators hadn't have actually done their jobs and put the ICO to shame would they have decided to do anything? I think not.
ICO are a bunch of incompetant muppets...
Of course unencryted network traffic contains plain text data. why haver they only just worked this out? (because a.n.other country said so?) did they not know before???
Really doesn't need a rocket scientist, to know that, if that is captured theres a problem. however in my opinion the problem is the muppet that is broadcasting it...
Now there is no excuse for a further fudge. Time for the ICO to send all these data leeching parasites a message that it is OUR data and that they have NO automatic right to harvest/store/use it. I don't use Google - I choose not to, I want to keep my data as far out of their intrusive hands as is possible (yes I realise that they are leeching from a huge number of points on the net) I owe them nothing..
IMHO they have no right to use any data/signal from my premises for any reason. I can receive unencrypted TV signals at my premises - it doesn't give me the *right* to use those signals without a licence even though they are freely and easily available for me to use, and this would seem to be no different. If Google want to use my equipment or the signals from it as part of any location network they need to purchase a licence from me for the use of the signal generated by me, and if they have harvsted any data from my PC (as opposed to id stuff from the router then I expect them Prosecuted in the same way and with the same tenacity that would be the case for any private citizen. Google and the rest should not be - or be seen to be -- above the law
Time to take back our data from the parasites - or make them pay dearly for it! It really is time that both the legislators and the regulators removed their lips from the collective butt cheeks of big business and put in place some laws to protect the privacy of the public whom they are elected/employed to SERVE! Might be time for a campaign of emails to MPs to get OFCOM replaced by a proper regulator with teeth (or should that be balls?)
Coat... its Ofcoms.. and has a huge bottle of lube in the pocket for when Google calls round
Feel free to choose a reason
Bandwagon of more robust and proactive ICO's from other coutries rolls by and ours doesn't want to be left out. Or to look like they are left out.
Quangos are set for the chop and ours wants to be seen to do something? (Sadly he isn't on the list to be chopped)
Given they did now't on the phorm debacle AND the phone hacking of 3000 z list celebs, he can't be seen to do nothing ALL the time.
Or more likely as GCHQ have been given the green light to do whatever they want, they can't then very well let a private company do it faster, better and easier, in a way that doesn't mean massive brown envelopes to BAE systems to come up with a slower fatter and crapper version. That wouldn't be British, would it?
The ICO don't want to really limit or punish Google.
The apathy shown so far by the ICO, being so late behind so many other countries, shows they are not really interested in punishing Google. Plus the ICO done absolutely fuck all to stop or really punish Phorm (because it turns out that our own government (the bunch of two faced lying bastards in power) have now shown they intend to use the same Phorm style spying abilities themselves!. So the ICO will do nothing that even risks setting precedents that could risk limiting the government's ability to spy on all of us.
The point the ICO miss
The content of those communications - fragmentary or otherwise - should not be in Google's hands.
The content of those datagrams are private/confidential personal (and commercial) data, and should be protected by PECR and the DPA (not to mention RIPA, Copyright, and the Wireless Telegraphy Act s48).
Yet, I'm told Chris Graham 'doesn't want to pick a fight with Google'. And the Police won't act.
What is the bloody point of the ICO if they are running scared of the industry they are supposed to regulate?
If they were scrapped would anyone notice any difference?
I think maybe the US/UK governments are too busy playing propaganda games, trying to portray certain eastern regimes (read China, Iran, etc.) as totalitarian and meddling, so they gift our privacy rights to these corporations.
Accidently nicked your password
Oops they accidently wrote a sniffer program that collects passwords too. If google get away with that then hackers unite, there will be a test case that allows you to accidently collect passwords where there was no need to!
ICO? What about plod?
Weren't they nicking people for "wardriving" a while back?
At least that lot were only after your bandwith and not your data.
Ah - but....
... that was individuals or poor people. Not a multi-million dollar company with strong influences over our "unbiased" politicians and boatloads of vicious little piranha lawyers waiting to snap up the flesh of anyone that dare to question their ultimate goal of world domination. Zeigoogle Heil !
"The change of heart by the regulator comes in the light of tougher stances taken by other countries".
In other words, everybody else is doing something so I guess we should too. Google could well argue that their previous investigation turned up nothing... but I won't discuss that.
What is possibly MORE damaging is the "proof of crime" requirement to keep the data. Just snip a sample (a megabyte or two should be sufficient, either data was collected or it wasn't) and DELETE THE REST. Because it being in Google's coffers is one thing. It being copied so analysts, so-called experts, legal bods, and god-only-knows-who can examine it... could mean passwords, personal emails, all sorts of data pass to all sorts of people - and beyond... with NONE of those involved being aware of their data passing all over the place.
Is your network unsecured? [don't know? let your mouse hover over the little WiFi activity indicator down the lower-right of your screen, it will pop up a yellow box with connection details which will say "(unsecured)" if it is so] Yes? Go to Google streetview and look up your address. Is it a fairly recent set of photos? Yes? Can you remember what you were doing at that exact moment? What data was passing through your network at that time? Anything you wouldn't care to share with the world?
So, yes. Keep a SMALL sample for illustrative purposes and just get rid of the rest. Anything else is compromising people's privacy as much as collecting it in the first place.
Google director of privacy
"Google has appointed a director of privacy to oversee improvements in its practises and promised to train all staff and consider the privacy implications of all its products."
I'm shocked, shocked, to hear that a corporation so concerned with privacy as Google has waited this long to do such a thing.
It's not that dick^W lovely man Schmidt is it?
ICO - ffs what a bunch of incompetents
Phorm Porm Phorm RIPA RIPA RIPA.
Obviously just apply to individuals NOT Big Businesses.
Cuts? What cuts?
Yes Minister, it would be unwise to further restrict funding to ICO as they have a rather large and important project that needs attention with some urgency.
Minister: :-| Who? What?
It seems google amassed quite a bit of information and there may be case about the whether it was proper or not under UK law.
Minister: :-[ Google? Law? Are we not friends with Google?
Yes Minister. Google and friendliness? Is one speaking from the Minister's personal perspective, the Departments or the Government's? It seems an unfortunate consequence arising from UK present legislation.
Minister: :-( Hrrmmph, Cough-cough-sneeze. Consequence? Unfortunate consequence?
Get my financial advisor (no, not the Government one - my private one) I think I had better put another couple of million offshore soonest.
Unfortunate consequence? I bet that was not anticipated? Now where is one's tea and biscuit?
Serious " wrist-slap " Heads Up
ICO spokesman says " inadvertently collected " twice.
So they're not, um, jumping to conclusions or anything ?
I agree with everyone else
Basically you get what you were asking for, even if you did not know you were asking for it, and criminals would do it to you anyway so why not big business? In fact I'm sure that it scales such that big business can do it cheaper and more effectively than the criminal fraternity might ever hope to achieve so that will put the criminals out of business... so maybe they can re-hire them under some Gov job creation scheme so they can drive nice cars and use Macs plus they can centralise all the data gathered in order to make better use of it.
There.. GCHQ := Google Chav Headquarters