back to article Google finds MORE slurped Street View data down under

The Australian wing of Google has found yet more disks containing slurped payload data - including emails and passwords - its Street View spycars gobbled from unencrypted Wi-Fi networks across the globe. The advertising giant wrote to the Office of the Australian Information Commissioner on Monday confessing that it had …

COMMENTS

This topic is closed for new posts.
  1. Tim Parker

    Enjoyable as the Sunday Sport writing style was, reality is - alas - a bit more dull. This is the contents of the "grovelling missive" :

    Dear Commissioner

    Re: Google Street View Wi-Fi Collection

    Google Inc. has now completed our comprehensive review of our Street View disk inventory. We can advise that the final stage of this process identified two additional Street View vehicle disks that were used for the collection of data in Australia during the time that Wi-Fi data collection was ongoing. Both disks have always been securely housed in our quarantine cages, but our systems were not able to recognize them as Australian. We apologize for this error.

    One of the disks was used exclusively in Australia. We would like to delete this disk and, unless you object, we will proceed with its deletion pursuant to your 6 August 2012 letter.

    The other disk was used in both Australia and New Zealand. We would also like to delete this disk and, unless you object, we will proceed with its deletion when we receive approval to do so from the Office of the Privacy Commissioner of New Zealand.

    We do not expect to identify any other Australian disks.

    Yours respectfully

    Google Inc

  2. Anonymous Coward
    Anonymous Coward

    I bet it pains them to admit it. They love slurping data from anywhere they can get it.

    1. Anonymous Coward
      Anonymous Coward

      Actually, there is a backstory here.

      They are trying to clean this up to distract attention from where that program has migrated to. I hope you are aware of the fact that this function has now been taken over by Android phones, and that they have admitted as much in their submissions to the various Data Protection officials that have hauled them over the coals for this stunt?

      1. Anonymous Coward
        Anonymous Coward

        "I hope you are aware of the fact that this function has now been taken over by Android phones"

        If you're referring to the Wifi location mapping then yes, you're correct, that is, if you've turned the option on. However since this story is about the illegal (and supposedly accidental) sniffing of open Wifi network packets, then no, Android phones around the world are not doing anything of the sort.

        What Android phones do is report the GPS location and the BSSID (MAC address) of any routers in range. That is not illegal. SkyHook even have a patent for doing it.

  3. Anonymous Coward
    Alert

    The reality of it - which the article misses - is that Google had already previously done an audit and promised the Australian government that all data was destroyed.

    Then they find this extra data hiding around. So much for that audit and earlier promises..

    (Source: http://www.theaustralian.com.au/australian-it/privacy-commissioner-slams-google-for-street-view-backtrack/story-e6frgakx-1226492179133 )

    More worrying than the data itself is how Google's internal procedures and audits have repeatedly failed during these tribulations.

    I now wonder how effective are their other data retention policies, such as the IP access logs they promise to delete after 9 months. Maybe it's time for authorities to check that is being done properly.

    1. James Micallef Silver badge
      WTF?

      What I really can't understand...

      I don't know what the law is there in Oz, but this situation seems similair-ish to what happened in UK and Europe - Google's unauthorised slurping of wifi data could be construed as a violatio of one of any number of hacking laws, but instead of Google being subpoenaed for the data as it could be used in a case against them, they are allowed to delete it. Not only that, but Google somehow spin it in a way that they are deleting the data as a 'punishment' or as a favour to teh government when in reality they're probably chuffed that they're allowed to delete evidence of what is a potentially criminal act on their part

      1. Anonymous Coward
        Anonymous Coward

        Re: What I really can't understand...

        > UK and Europe ... violatio of one of any number of hacking laws,

        Please list at least 2 of them together with what section they have allegedly violated.

        1. Anonymous Coward
          Anonymous Coward

          Re: What I really can't understand...

          Please list at least 2 of them together with what section they have allegedly violated

          In the UK, Data Protection law (unauthorised access to personal information), Computer Misuse Act (unauthorised access to computer resources), RIPA 2000 (unauthorised intercept). You can do your own homework, I don't have time to dig up the specific details. The equivalent of these laws exist in nearly any EU country.

          I specifically admire the Google volume trick. If you violate one person's privacy, it damages the recipient just as much as if you violate the privacy of 10 people. But if you f*ck around with a million it suddenly no longer becomes a fine per instance, but some lump sum - which is their get out. We should simply fine them as per instance, I don't care one bit that it would nuke the company. They have enough money to pay for lawyers that can tell them they will be in deep trouble if they pull this one.

          Oh, and don't play the "it was all an accident" card - code inclusion would *possible* be acceptable, but the fact that there was a back end ready to receive that data when they got back tells me this was no accident at all.

          1. Anonymous Coward
            Anonymous Coward

            Re: What I really can't understand...

            > In the UK, Data Protection law (unauthorised access to personal information)

            The Data Protection Act has 8 principles which the act covers. Principal 7 is the only one the mentions anything being "unauthorised" and it states the following:

            Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

            The DPA offence isn't for somebody gaining access to data, it is for failing to adequately protect it.

            > Computer Misuse Act (unauthorised access to computer resources)

            This is the very first section (Unauthorised access to computer material) and it states explicitly that the material you are accessing must be held on a computer. Google did not access the data on their computers, the data was transmitted unencrypted.

            RIPA 2000 doesn't exist in the UK (which is where we are talking about).

            Sections 44 to 46 of the Telecommunications Act 1984 deals specifically with offences relating to "modification and interception of messages" and Google would clearly be in breach of these sections. However, in 2003 the Communications Act came into being and if you look at Schedule 17 Section 63 of this act you will see that it specifically strikes down section 44 to 46 of the Telecommunications act and does not replace them with anything else. This means that Google has not committed any offence by listening in on transmissions broadcast without encryption.

      2. Old Handle

        Re: What I really can't understand...

        I don't understand why you don't understand. I had an open wireless network (intentionally, but that's beside the point) so Google almost certainly slurped data from it. Barring them sending me a check, which is so not going to happen, the only possible remedy is for Google destroy the data. And I would prefer that happens as soon as possible and without the data going through extra hands, even the government's--no especially the government's.

  4. frank ly

    They stored the data on disks?

    Don't they trust their own GDrive?

  5. toadwarrior
    FAIL

    How do they expect anyone to trust them with their data? They've been shown to collect too much and they can't seem to identify all the data they have.

    Their business models pretty much revolve around our data being valuable and if that's the case they're looking to be too careless with it. If they can't handle it then maybe their access to it should be restricted.

    1. Turtle

      @toadwarrior

      "How do they expect anyone to trust them with their data?"

      And yet people do so by the hundreds of millions.

      1. Eguro
        Trollface

        Re: @toadwarrior

        Well of course!

        Don't you see how well and voluntarily they are deleting this? It's amazing how trustworthy Google is with data.

  6. Anonymous Coward
    Anonymous Coward

    Good job they're not a Chinese company...

    like Huawei or ZTE as they would be seen as evil and a national security threat!

  7. Petrea Mitchell
    WTF?

    "[O]ur systems were not able to recognize them as Australian"

    How does that happen? Unclear accents or something?

    1. Gannon (J.) Dick
      Pint

      Re: "[O]ur systems were not able to recognize them as Australian"

      It's all the "Mates". Google has written off Australia as a Nation of Incompetent Chess Fanatics. If Oz didn't have beer they'd have already been tossed from the UN.

  8. zen1

    But seriously...

    Do you think Google employs any actual adults, or people with just a little bit of sense? I know... I don't think so either..

  9. petrosy
    Big Brother

    so what....

    So Google slurped data from people with open networks...so be it. Everyone is jumping up and down in fits and the .gov are on their high horse. Let’s not forget that the government wants to keep all your sms,email and browsing history for up to 2 years ( NOW THAT IS SCAREY ) Most of us have CCards and use some form of social networking .... news flash your data is already out their...the genie has left the bottle so to speak

    Google is the least of your worries. I trust Google with my data instead of Julia Gillard.

    Your data on its own is of no importance to Google it’s the aggregated data that is useable. However everyone has a delusion of grandeur and thinks their crappy unencrypted data snippet is the holy grail of information.

    1. Anonymous Coward
      Anonymous Coward

      Re: so what....

      It doesn't matter what the data is, it matter who takes it and by what authority (me giving permission is of course one way of getting such authority regarding my data). Government has - or could be granted - sufficient authority. The authority to - without my express consent - take and store my personal data is something that government either has or could potentially get (via the democratic process). It is however not something that Google has nor is it anything they are likely to get, at least not till they finally become our overlords!

      [Please keep in mind, that the above is working in theory. Of course governments can and do sometimes abuse power]

  10. Anonymous Coward
    Facepalm

    WTF?

    Is an unencrypted Wi-Fi network?

    1. Anonymous Coward
      Anonymous Coward

      Re: WTF?

      Please... We expect a little tech understanding around here, unless you are a journalist whose name rhymes with bitch.

  11. Turtle

    Searching, Searching, Searching...

    "Google finds MORE slurped Street View data down under"

    "Ad giant unearths two more disks down back of sofa"

    Apparently Google needs a new search algorithm.

  12. Anonymous Coward
    Anonymous Coward

    FINE THEM

    US$1 Billion should help make sure they really deleted all the data.

  13. Anonymous Coward
    Anonymous Coward

    can data be really totally deleted?

    Is it just me or or does anybody else find it hard to believe that data can be demonstrably deleted? What about all the various archives, backups - full and incremental? Rewrite all those mag tapes but without the the deleted data? What about disks that data was originally collected on and their backups? What about the probably numerous staff laptops and workstations data can end up on? USB keys used to move data around? Developers personal home NAS backup drives which are perhaps backed up to the cloud, who backup their data to who knows where? The list goes on.

    When someone says they have deleted data, how can we or they be sure?

  14. Anonymous Coward
    Anonymous Coward

    What's a couple of disks?

    Data?

    We've got data.

    What would you like?

  15. melts
    WTF?

    i really don't see what the fuss is about

    unencrypted wifi should be treated like shouting, ie updating your facebook status on an unencrypted wifi network should be the same as opening a window and shouting your status at everyone within earshot.

    just because a google car came past at the same time as you shouting doesn't mean they did anything wrong.

    I don't see how this is any different, except people apparently have no understanding of what it means to be running an unencrypted network and demand hand holding and legal protection for their stupidity.

    on top of that unencrypted networks are rare these days, and i'd say most people who think they are affected aren't, and anyone here who was should understand they were broadcasting their data and not expect it not to be accessible to others.

    anyway, that'd be my thoughts on it. roll on the govt plans to capture your data even if you don't want it captured then the populace can complain.

    1. Anonymous Coward
      Anonymous Coward

      Re: i really don't see what the fuss is about

      "unencrypted wifi should be treated like shouting, ie updating your facebook status on an unencrypted wifi network should be the same as opening a window and shouting your status at everyone within earshot."

      No, it's like sitting yourself down next to someone who has a quiet phone conversation on the train and asking them to speak up a bit while you take notes of what they say. You'll get your lights punched out in short order, and deservedly so - the person involved feels it correctly as a gross invasion of their privacy. That they don't choose to have this conversation in a closed room with the windows shut still doesn't give you the right to monitor what they do, and most people instinctively respect this.

      1. Mark 176
        FAIL

        Re: i really don't see what the fuss is about

        Hardly. They drove past your house and you sent them the data of your own free will. All they had to do was listen they didn't ask you to turn off the encryption or for your password. So I don't see how people can get upset about it. If you want to keep your data private don't broadcast it unencrypted to every person who might drive past your house.

  16. dhcp pump
    Linux

    Dear Gov

    1 - Dear Gov ,We ask permission for the sins we committed in the past to be now approved ,of course gov that letter of approval will be expedited by the (cough) copy of the quarantined gdrive we found behind the sofa ,,sent directly to you at a cost of ( in QLD dollars) of 1c per open network ..ahh.

    2- Dear gov ,we are so glad you still support us in lobbying for all wireless router manufacturers to ship all routers in default mode,ie no protection.

    Tanks a million

    hee hee

    Giggle Inc

This topic is closed for new posts.

Other stories you might like