back to article ICO mulls stiffer probe into Google Street View Wi-Fi slurp

The UK's data protection watchdog may still take enforcement action against Google over its unlawful collection of personal information from unencrypted Wi-Fi networks following the recent publication of a US regulator's report into the matter. The Information Commissioner's Office (ICO) told Out-Law.com that it is reviewing …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    ICO will just roll over

    so that Google can tickle the pussy cat's tummy.

    1. Ian Michael Gumby
      Mushroom

      Re: ICO will just roll over

      Unfortunately, you may be right.

      Here in the states, the FCC did just that.

      I believe the one thing that makes it difficult to use the Wiretap law is that it says 'voice' and not all of the data slurped dealt with voice. However there are other laws on the books which would cover this 'wardriving'.

      Clearly in the US, Google has curried favor with the Obama administration and its paying off.

      Here we have an example of where Google knowingly violated the law, even filed a patent on the process, yet they get slapped on the wrist and are allowed to compete for US Federal Government contracts to host mail and communication services. Think about it. Charged or not, this company violated a trust, yet our government awards them contracts where the trust they violated comes in to play? (Yes I am a Yank)

      I really have to hope that the EU countries where they also have strict laws have the balls to actually enforce them.

      And here's the irony. If this were our own governments doing this... we would be rioting in the streets. Yet we roll over and let a private company do this to us and get away with it.

      1. Alexander Hanff 1
        Unhappy

        Re: ICO will just roll over

        Sadly one of the biggest problems we face here in Europe (particularly in the UK) is enforcement. We do have pretty robust laws, but trying to have them enforced is incredibly difficult when the regulators and law enforcement are captured by very industries committing these crimes.

      2. Asgard
        Big Brother

        Re: ICO will just roll over

        "Here in the states, the FCC did just that." ... "I believe the one thing that makes it difficult to use the Wiretap law is"

        ... is really because of projects like this, i.e.

        http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1

        The governments will never truly move against any corporation to stop them, because the governments are seeking to spy on everyone, on a vastly greater scale than any corporation. All we will get (as we keep getting) is government murmurs and non committal words of wanting to stop the corporations, followed by endless procrastination and when pushed, stubborn sullenness and obstructionism because they don't really want to act. They know their spying plans are worse than any corporation, so they can't act to stop spying, because any law change would make it harder for them to spend so many billions building centers such as the above example (and they are building 2 of them).

        (Its worth comparing the power usage of the above data centers with even that of the worlds biggest super computers because its a lot more than any (public) supercomputer. Imagine what you could do with 65MW of power and rooms full of FPGA based massively paralleled semi-hard coded decryption. They don't even need to decrypt it all now, just the high priority stuff for now, and then just plan to wait until they can decrypt more of it later).

        Their aspirations are vast, so there is no way they will really want to stop what they are doing. So when you say ... "If this were our own governments doing this... we would be rioting in the streets." ... They are ... :(

  2. Chronos

    They've actually broken another law.

    Wireless Telegraphy Act 2006, Part 2, Chapter 5, Section 48:

    Interception and disclosure of messages

    (1)A person commits an offence if, otherwise than under the authority of a designated person—

    (a)he uses wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of a message (whether sent by means of wireless telegraphy or not) of which neither he nor a person on whose behalf he is acting is an intended recipient, or

    (b)he discloses information as to the contents, sender or addressee of such a message.

    (2)A person commits an offence under this section consisting in the disclosure of information only if the information disclosed by him is information that would not have come to his knowledge but for the use of wireless telegraphy apparatus by him or by another person.

    (3)A person does not commit an offence under this section consisting in the disclosure of information if he discloses the information in the course of legal proceedings or for the purpose of a report of legal proceedings.

    (4)A person who commits an offence under this section is liable on summary conviction to a fine not exceeding level 5 on the standard scale.

    (5)“Designated person” means—

    (a)the Secretary of State;

    (b)the Commissioners for Her Majesty's Revenue and Customs; or

    (c)any other person designated for the purposes of this section by regulations made by the Secretary of State.

    The offence is disclosure of the contents of the beacon packets (i.e. MAC address and location of the transmitter) where the transmission was not intended for their reception. The whole using other people's equipment to provide a location is an offence in the UK.

    1. Anonymous Coward
      Anonymous Coward

      Re: They've actually broken another law.

      Does this law only apply to males since there are references to "he" and "him" only and no female references?

    2. Anonymous Coward
      Anonymous Coward

      Re: They've actually broken another law.

      Except that the "intended recipient" of the beacon packet is any and all wi-fi equipment within range, so no offence has been committed by the recipient.

      Unless you believe that anyone who fired up a laptop or wi-fi enabled phone and saw a list of neighbouring hotspots should be guilty of the same offence - they've just disclosed the SSIDs contained in the Beacon Frames.

      1. despairing citizen
        Big Brother

        Re: They've actually broken another law.

        This is one of those wonderful wooly "intent" clauses.

        Until somebody takes a case, and some clarity is added via case law, it will be open to interpretation.

        However in my personal opinion, google would have difficulty trying to put themselves into the fudged gray area on this, as quite clearly their street view car was not the intended receipant of the e-mail etc. They deliberately went out to collect it according to the FCC.

      2. Chronos
        FAIL

        Re: They've actually broken another law.

        No, they haven't. To whom have they disclosed? Only themselves, which is quite correct and intended usage. Google, however, even have my MAC mapped despite SSID beacons being disabled since wireless went in at this location, a pretty clear indication that I don't want my access point being used in this way, and are disclosing it to all and sundry so they can locate the device seeing the MAC.

        How do I know? Samy knows.

        I say again, it's illegal. If Sergey could wave a magic wand and end up in a jurisdiction where they're subject to no laws, he'd do so. He has said as much. This, however, is the real world.

        I have even appended my SSID with _nomap, even though it never gets broadcast. I suspect they'll take as much notice of that as they do SSID broadcast being disabled. Or would, if I had left the thing connected.

  3. Anonymous Coward
    Anonymous Coward

    How is this all so wrong?

    If I stand at my front door and shout loud enough to be heard 100m away. Can I blame any passers by for hearing it?

    1. JimmyPage Silver badge
      Alert

      Re: How is this all so wrong?

      <fighting hard not to be too cutting ...>

      Of course not. But that's not what happened is it ? First off, if you were shouting that loud, you would probably be breaking some law on nuisance. But secondly, parliament has not made it an offence to hear you, nor for people to copy down what you say, store it, and then pass it onto a third party. Whereas they HAVE made it an offence to intercept digital communications, except in very specific circumstances. Unless Google can pull some sort of legal authorisation out of their pocket, they clearly broke at least one law here.

      Now can you see the difference ?

    2. dephormation.org.uk

      Re: How is this all so wrong?

      It is an offence under RIPA and the Wireless Telegraphy Act, as well as Copyright theft.

      You might not agree with it, but that is the law.

      One key difference between your example of an overheard conversation, and this present example, is the systematic, deliberate, covert, and unauthorised recording of information for reuse.

      Google did not chance upon this information.

      1. Panimu

        Re: How is this all so wrong?

        Are you chaps trying to talk about the SSIDs or the frame collection now? The former is broadcasted so the "intended recipient" is everyone.

        1. Ian Michael Gumby
          WTF?

          Its more than just the SSIDs Re: How is this all so wrong?

          Capturing SSIDs? Thats not the issue.

          There is no expectation of privacy.

          Capturing unencrypted data?

          There is an expectation of privacy.

          Is that a hard concept to understand?

          1. Anonymous Coward
            Anonymous Coward

            Re: Its more than just the SSIDs How is this all so wrong?

            How is there an expectation of privacy when you make a deliberate choice to disable encryption?

            1. Ian Michael Gumby
              Mushroom

              Re: Its more than just the SSIDs How is this all so wrong?

              "How is there an expectation of privacy when you make a deliberate choice to disable encryption?"

              I think you fail to understand the issue.

              The law(s) state that its illegal to capture electronic information which is not yours or meant for you.

              In the US, you have both Federal and State laws concerning this.

              Encryption is a moot point. Its the act of capturing and storing the data which is illegal.

              Still not convinced? Supposed you encrypted the data, yet the encryption isn't strong enough and could easily be broken. WPA for example. Does that make the capture any less illegal?

              So you then argue that its ok because its your fault that the data encryption wasn't strong enough and you should have used a stronger encryption? Sure. Ok. So should we sue the wi-fi routers and hardware vendors for not using AES-256 or stronger?

              Sorry, that god the law doesn't work that way.

              Its the conscious act of recording the data as a third party which is illegal.

              This is why Google should face criminal charges.

              1. Panimu

                Re: Its more than just the SSIDs How is this all so wrong?

                It was broadcasted, hence meant for everyone.

    3. John H Woods Silver badge

      Re: How is this all so wrong?

      If you did that you could hardly object to my observing your signal strength (oh, that person over there is shouting at this volume). But what if you shouted something I didn't understand (bytes) and I went to the effort of translating it, transcribing it (making it search-able), storing it with something identifying your voice (MAC code), the address you were at, and when it happened. And keeping that information indefinitely. Oh, and then systematically driving round the whole world doing the same, with microphones able to pick up what people were saying 100m away. And then saying I did it unintentionally.

      Doesn't it seem just a tiny bit wrong now?

    4. Stuart Castle Silver badge

      Re: How is this all so wrong?

      If the Streetview cars had merely listened to the data, you'd have a point. They didn't. They recorded it, then google used at least some of the data for commercial gain (unless you really think they spent millions of dollars to actually provide a service for nothing).

      I believe a better analogy would have been you shouting, and passers by recording what you say, then using those recordings commercially. In which case, they do need your express (and written) permission.

      1. Anonymous Coward
        Anonymous Coward

        Re: How is this all so wrong?

        if I make a recording of a crowd roaring at a football match, do I need to get the express and written permission of every member of that crowd before I use the recording commercially?

  4. Alexander Hanff 1
    Go

    Already sent Open Letter to ICO

    I sent an Open Letter to ICO in the early hours of this morning asking them to re-open their casein light of the FCC report:

    http://www.scribd.com/doc/92027489/ico-2012-05-02

    I am in the process of writing a second Open Letter to the officer in the Met who handled the original criminal complaint under RIPA that I was involved with when I worked for Privacy International.

    The Met originally closed their investigation because they felt that Google's defence at the time (it was just an accident and the work of a lone engineer) would make it difficult to prove mens rea and thus be unlikely to secure a conviction - the FCC report illustrates intent making it much easier to establish mens rea so the Met's previous arguments for closing their investigation no longer holds water.

    As stated in the this article it is widely believed that prior to last year RIPA permitted "unintentional" interception (I would actually argue that it didn't) and I was part of the Home Office consultation that made changes to RIPA last year - so again given certain interpretations of RIPA at the time the Street View scandal took place it could be argued that RIPA permitted Google to "unintentionally" intercept. Of course, in light of the FCC report, we now know that notonly was this by design and intentional but the data was even considered for further business use processing, including consideration of use to establish how often people used the Google Search Engine.

    Even under the OLD RIPA, this type of activity is not permissable and would constitutea criminal offence.

    So there are clear grounds for the Met to now re-open their case and for the CPS to seek prosecution - I will be forwarding a complaint to the Director of Public Prosecutions as well.

  5. dephormation.org.uk
    Holmes

    Wireless Telegraphy Act 2006 s48?

    s. 48

    Interception and disclosure of messages

    (1)A person commits an offence if, otherwise than under the authority of a designated person—

    (a)he uses wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of a message (whether sent by means of wireless telegraphy or not) of which neither he nor a person on whose behalf he is acting is an intended recipient,

    or

    (b)he discloses information as to the contents, sender or addressee of such a message.

    1. Alexander Hanff 1
      Thumb Up

      Re: Wireless Telegraphy Act 2006 s48?

      I included WTA in the original complaint to the Met back in 2010 and still feel this would be relevant.

      1. dephormation.org.uk
        Unhappy

        Re: Wireless Telegraphy Act 2006 s48?

        Same here, I made a complaint to Avon and Somerset Police.

        Looks like we suffered the same contempt for law enforcement?

      2. Chronos

        Re: Wireless Telegraphy Act 2006 s48?

        The WTA(2006) is Ofcom's jurisdiction, specifically the RIS as-was. The rozzers will do nothing except assist the RIS if and when needed.

  6. That Steve Guy

    RIPA broken? it won't matter.

    I wish I could be optimistic about this but when RIPA gets broken by big business they tend to go unpunished.

    If BT can escape unpunished for the whole Phorm mess, you can bet the all powerful Google will as well.

    1. JimmyPage Silver badge
      Facepalm

      Re: RIPA broken? it won't matter.

      indeed.

      I know it's not necessarily a viable *legal* defence, but it is certainly a viable *publicity* defence for Google to point at Phorm (who never had any possibility of claiming their actions were "inadvertant" or "incidental") and say "if they got away with it, so should we"

  7. Stuart Ball

    Morally how is this different to phone hacking? Interceptions carried out in the name of profit, with little corporate governance and respect for lawful privacy...

    Should Google not be getting the "Murdoch Treatment"?

    1. Crisp

      Yeah, but

      Google haven't interfered with the investigation of a childs murder yet.

    2. Anonymous Coward
      Anonymous Coward

      If you're on a train or a bus, or walking along the street and someone beside you makes a phone call, are you guilty of phone hacking because you overhear the conversation? Would you be guilty of an offense if you recorded that conversation? Would you be guilty of an offense if you decided to take action on the basis of that overheard conversation? (Back a horse, cancel a trip, go home for your umbrella because you overheard mention of rain in the forecast, decide to bring a someone to lunch at a particular restaurant).

      That's effectively what StreetView did - drove down the street and overheard wifi traffic that was broadcast in the clear. They would have been in range for a few minutes every couple of years (or how ever often the streetview will be updated, if at all). They didn't target any particular individual, they didn't make any effort to decrypt encrypted traffic.

  8. Lloyd
    Joke

    It's the ICO for goodness sake

    Why is there even conjecture on prosecution? The letters ICO are the dead giveaway, it's a bit like phoning the Met after a burglary and expecting them to come around and inspect the scene of the crime, never gonna happen.

  9. Anonymous Coward
    Anonymous Coward

    Does RIPA make encrypted wifi mandatory?

    The article says -- Under RIPA unlawful interception takes place if a person makes "some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication"

    Does that mean that it's illegal to use unencrypted wifi? After all, you're making some or all of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication.

This topic is closed for new posts.

Other stories you might like