back to article Sergey Brin: 'We screwed up' on Street View Wi-Fi grab

Google co-founder Sergey Brin says the company "screwed up" when it equipped its world-roving Street View cars with software code that spent three years capturing personal data from open Wi-Fi networks. "Let me just say: We screwed up," Brin told a room full of reporters this afternoon at the company's annual developer …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Jobs Horns

    Why did they air their own dirty washing?

    Anyone starting to suspect that Google caught wind of the fact they were about to be busted wide open, so moved first to look like an honest company throwing its hands up at its error?

    The whole thing smells of damage limitation to me, from start to finish.

    I wonder if it was the press or the EU? I could see the EU having a field day with Google over this, if they were involuntarily exposed as what they are.

    That leaves the question of whether someone found out about purposeless data sitting silently on Google's hard drives where it was never going to be used, or if it was uncovered because Google started using it and it didn't go unnoticed...

  2. Anonymous Coward
    Megaphone

    what ? only a ""screwed up" !

    i would describe it a "fuck up" rather that just a "screwed up!

  3. JustGlobIt
    Alert

    From data centers in International waters; now this

    Data Centers In International Waters

    http://www.networkworld.com/community/node/32769

    http://www.datacenterknowledge.com/archives/2008/09/06/google-planning-offshore-data-barges/

    I wonder who will own the data on those not-to-distant-future floating barges?

    Now we're supposed to believe Google when it says "we screwed up and collected WiFi data" ..

    So much for not being evil ..

  4. Graham Marsden
    FAIL

    No shit...

    ... sherlock!!

  5. raving angry loony

    size matters?

    There's "not make excuses" and there's "get charged and convicted on criminal code violations and spend a few years in jail. The former happens, the latter seems to only happen if you're not a multi-billion dollar business. Some poor schmuck who does it to 5 houses gets a few years in the slammer, whereas a company that does it to thousands upon thousands of homes is likely to get away completely scot-free? Yeah, that's fair.

    1. Anonymous Coward
      Flame

      Unfortunately, Data protection violation is not a offence punishable by a jail term

      Unfortunately DPA and its equivalents in most countries will at most get you a fine and a criminal record. That is why the DPA is generally perceived as toothless. And it actually is.

    2. Anonymous Coward
      Anonymous Coward

      @raving angry loony

      Don't get angry get even, become an MP. Then at least if you can't change things you can just as equally screw everybody and all you'll have to do is say sorry.

    3. Anonymous Coward
      Anonymous Coward

      Surely the mistake was.....

      To have it come out at an inconvenient time when the news could not be managed well enough, not to have made the "screw up" in the first place... but matbe that is me being too cynical.

  6. jake Silver badge

    Brin's REALLY gonna be upset ...

    When he finds out he only made #25 in the "100 best inventions" list.

  7. Henry Wertz 1 Gold badge

    Nope!

    "Anyone starting to suspect that Google caught wind of the fact they were about to be busted wide open, so moved first to look like an honest company throwing its hands up at its error?"

    Nope! Frankly I am not. I think if someone had wanted to whistle blow they could have done it a month ago. I think at least enough people at Google do believe in Google's "Don't be evil" motto that they decided revealing this mistake of excessive data collection is better than trying to keep it closed.

    IANAL. But, I know for data breaches here in the US, the penalty is usually far higher if a company finds a breach, and just crosses their fingers that nobody finds out, versus a company disclosing any breaches. This is more an improper collection of data than a breach, but I wouldn't be surprised if a few jurisdictions have a similar policy.

    1. Danny 14
      Grenade

      aha

      But you forget about the palms-greased ratio. I reckon google has a decent palms-greased ratio so everything will be ok for them.

  8. kevin elliott
    FAIL

    Why/What

    So far there's been no justification for writing/using this code. And no statement of how they've used the illegally collected data...

    So now Google need to come clean - Why did they write/embed the code in the first place. And what have they already used the data for?

    Simlpy 'fessing up, partly deleting and trying to get away with it is not good enough. Especially as they've already lied about what they were actually collecting.

  9. petur
    Dead Vulture

    Paranoids...

    Paranoids can explain everything in a negative way.

    I honestly don't think they did it on purpose, and came out with this as soon as they found out. And I'm sure some heads are already rolling over there....

    1. Rob Dobs

      call a turd a turd

      "Paranoids" - I'm guessing you mean conspiracy theorists?

      Problem is history if VERY full of stories of powerful men conspiring to stay powerful.

      Google has on more than one occasion, shown themselves to be a monopoly building organization, they are trying to gain more control and power. That seems to be their main business focus (not unlike a lot of other businesses). Even more scary is their militia like insistence on cataloging data from public pools for their private use, that no-one should really have access to. And their scary belief that for some reason if they go and collect private data from people on their own dime that somehow they automatically have a right to use that data how they see fit.

      Honda, or Ford for example, don't seem to act this way, they seem to focus on producing a car that people would want to buy. I can not say that Google is like that. They do not appear to be soley focused on providing a good web index, or even to lucratively place relevant ads.

      They do do these things sure, but there is another plan at foot that is very obvious, even if we can't say accurately what that plan is.

      The purchase of YouTube, was part of their plan to monopolize content distribution on the web. I am sure some time down the road, if not already they will start buying up troubled content creators companies.

      That they would even think of paying teams of people by the 10,000's to scour the streets gathering what they could sniff out from inside people's homes is a frightening portrayal of their philosophy internally. They already scan gmail users personal private mail, why would one not think it a stretch for them to scan people's private networks? They did not ask for permission, and are trying to set laws by their actions, especially in the book scanning debacle.

      The truth is Google has more oversight of the people of the world, than most of the worlds country's spy services put together. If if they don't now, they have a data repository that makes them a threat to freedom in general. I really do see Google as the most real Big Brother threat that world has ever seen.

      I don't ever need anyone to "know better" for me, I'd rather decide for myself.

      It's not that Google is Evil, its that Google, isn't Good, but it thinks it is.

  10. Aristotles slow and dimwitted horse
    FAIL

    Derrr!!!!

    So Brin says : "we do actually have a lot of controls in place, but obviously they didn't prevent this error from occurring"

    I find it hard to comprehend that a company that is supposedly so forward thinking didn't think to test those controls before rolling this streetview fiasco out, which leads me to believe that this was definately pre-meditated and planned.

    This is definately damage limitation. FORTUNATELY, in the EU anyway, I feel the damage is now done to a point where any trust Google had garnered is now gone.

    Just another corp.

  11. Sillyfellow
    Boffin

    how could they not have noticed

    ok, let's think about this for a second..

    so, 3 years of.. how many cars? collecting wifi data in how many countries?

    now, how large would this accumulated data be? pretty damn sizable. how on 'google-earth' (hehe) could they not notice that they had this massive amount of data? and they then say 'oh, sorry, we'll delete it' which means they know they've got the lot.

    clearly they are lying. how blatant and scummy.

    .. and now they're 'eyeing up' face recognition technology. if them faces are blurred like they're supposed to be, then what indeed are they interested in that tech for? double-scummy if you ask me !!

  12. Hooch181
    FAIL

    So,

    this brings me to the question. Why did someone at Google feel the need for this, mistake or not?

  13. Sillyfellow
    WTF?

    it's all a bit confusing

    how google give us such great apps and stuff, and yet also do all this seriously dodgy untrustworthy stuff.. i don't want to be too ungrateful but i really smell rotten ulterior motive.. to collect every bit of data on every one of us that they can possibly get away with.. or not. i think.

  14. Anonymous Coward
    Big Brother

    Google's new motto

    don't get caught doing evil

  15. Gill Bates
    Gates Halo

    guck foogle

    do google publish dates of when and where their cars will be?

    I feel abusive, threatening and possibly bestial porn posters in all street-facing windows are the order of the day. or adverts for Bing.

    anyone know where to get a traffic police stinger from?

  16. Mike Bird 1
    Flame

    we were only collecting ...

    So why were they collecting " SSIDs and MAC addresses from Wi-Fi networks. " in the first place?

    What has my routers's MAC address got to do with them?

    Not that I even have WiFi enabled on my router in the first place of course.

    Perhaps so they can detail density of wi-fi nodes in places to then vendor the information for "public/private" wi-fi clusters?

    1. Owen Carter
      Welcome

      WHy collect SSID's and MAC

      "What has my routers's MAC address got to do with them?"

      People can easily change SSID's, but MAC addresses are harder to dick with (not all routers have a handy box to fill in your own) , and most people are not even aware of them.

      If you are providing Location aware services you want this info...

      A database of Wifi info (SSID+mac+ location+strength) can be used to help refine position, in the same way that AGPS uses mobile cell data to do the same. To get the cell info you need a suitable receiver, and a list of cell sites+other technical details that I'm sure the mobile network operators keep close guard on (unless you have paid for it).

      But if you have a wifi device without a GSM receiver, or AGPS unit, this data makes a viable alternative for approximate positioning. Which could be good for consumers by removing a need to pay Vodafone et al just to tell us where we are, or relying on the US military's largesse.

  17. Mr Jolly
    FAIL

    An error?

    An 'error' my arse.

    So, Sergey - you accidentally equipped a fleet of cars with hardware to capture wifi packets and by error you accidentally sent out this fleet of cars and by some failure they drove around the streets and due to a miscommunication they were turned on while driving around and due to a simple mistake they captured anything they could.

    Occam's razor alternative:

    You sent out a fleet of cars to deliberately capture data. What else did you think they would collect, butterflies?

    Do no evil? sod off.

    1. Sillyfellow

      wifi signal hardware

      yes, exactly. good point which seems to have been missed.

      in order to capture this wifi data, the streetview cars/vehicles would have to have been equipped with wifi enabled hardware, which is short-range. and this is not needed to take photos and gps position data. the only things they needed for streetview data.

      as you say, not only equipped (and powered), but turned on, and plugged in to the roving data capturing system...

  18. nichomach
    Stop

    *cough*

    "Let me just say: We got caught," Brin told a room full of reporters this afternoon at the company's annual developer conference in San Francisco. "I'm going to make excuses about this and hope we're too rich to prosecute."

    TIFTFY

    ...and WHERE are our evil Sergey, Larry and Eric icons?

    1. multipharious

      Second Request for Evil "G" Icon :)

      How about a blue Google "G" with little red horns on it.

  19. MnM
    Paris Hilton

    Drugged you, pulled down your pants, did you up the bum

    Oops, my bad!

    Paris because she always implies consent

  20. Anonymous Coward
    Stop

    RE: Paranoids...

    Not to mention that they collected this data whilst DRIVING PAST wifi hotspots. How much data of any use at all do the tinfoil hatters here think Google managed to pick up in the few seconds it takes to drive slowly from one end of a wifi hotspot to another? Your neighbours deciding to jump aboard your completely unprotected internet connection is a far greater threat than the few bytes that Google may have picked up.

    1. Adwords

      They broke the law

      which concerns people, and undermines their trust in the company.

      I am not sure why it should be thought "paranoid" to object to breaches of privacy laws by large corporations.

    2. Gill Bates
      Pint

      that's not the point..

      ..google street view sent cars round to capture views of the street, not capture private wifi data.

      imagine if you could correlate MAC addresses with locations, you're then narrowing down to a smaller set of ISPs. a combination of MAC address, ISP dns suffix and the arp command sound like key components of an attack vector to me..

      1. Al Jones
        Flame

        A little knowledge is a dangerous thing

        Here's my MAC address:

        00-18-8B-77-C4-A2

        Good luck using it to do anything useful on the other side of the first router between me an the rest of the Internet!

        MAC addresses are only useful on the LAN. You can't use an ARP command to "attack" a MAC address on some other network.

  21. rfc959
    Big Brother

    inadvertently collected 600 gigabytes

    Google said Friday that it had inadvertently collected 600 gigabytes of data from unsecured Wi-Fi networks around the world as it assembled its Street View archive. Google said the data, which it has described as snippets of Web sites and the contents of personal e-mail messages, was collected as a result of a programming error.

  22. Mike Hanna
    FAIL

    <Gentle_wave>This isn't the data you're looking for...</Gentle_wave>

    So they're bringing a 3rd party in to help get rid of the data they collected? This doesn't fill me with confidence! The Street View pic of my house has changed twice over the last few years, so they've driven past more than once, and collected this data more than once. And now they've got a company in to wipe their hard drives. "No! Not those hard drives, just these ones over here!"

  23. Firefox Russ

    Move along, no surpises here.

    An error they will of course get away with.

  24. Velv
    Black Helicopters

    I wonder...

    What data did they capture as they drove past government or other sensitive site (yes, yes, they should all be secured, but).

    Perhaps the Google directors should be tried by the same lot looking for Gary McKinnon. Let's face it - google have snooped and recorded private data, and accessed "closed" systems in many countries, not just the US. And since the systems Gary allegedly hacked should have been secure, Google should be subject tot he same rules.

    Or has Sergiy got Aspergers?

    1. Anonymous Coward
      Anonymous Coward

      If they have broken the law

      why should there not be consequences?

      1. Velv
        FAIL

        @AC

        errr, did you not read my post. Totally agree, they broke the law, they should be tried.

        I'm simply suggesting the level of Google's wrong-doing is substantially greater than other high profile cases which are seen to be severe enough to warrant extradition requests.

  25. Thomas 18
    FAIL

    This is how I imagine it went

    Bob: Hey know how we bought over that firm a while back that had the open WiFi ripping code?

    Dave:Yeah?

    Bob: and you know how we are paid by the number of lines we write

    Dave:Yeah?.... HEY THATS A BLOODY GOOD IDEA

    Bob: Yeah and if we just dump all the extra data in some obscure folder somewhere when they come back with more requirements we can just spend an afternoon sifting data rather than a month coding and 6 months sending the cars round again.

    Dave: SCORE! Bob you're a bloody genius.

  26. Basic
    FAIL

    Don't believe it

    I can accept that some software may have been put into place by accident - But lets be realistic, if you captured (say) 10,000 SSID/MACs and the data file is much more than 10,000 x the average row length then SOMEONE should've noticed.

    Also, assuming the data was captured in error on the computer in the car - It either had to be transmitted / copied to central servers. Are they telling us they accidentally copied the data too?

  27. Anonymous Coward
    Anonymous Coward

    Translation

    Brin: "Let me just say: We screwed up (because we got caught, and make no mistake I'll be taking a hit out on whoever blew our cover just as soon as I find out who it was)"

  28. Owen Carter

    Overblown.

    Sheesh.. Is this is the best the anti-google attack dogs can come up with.. I'm even more confident that Google are the 'good guys' now if this is all can grub up.

    Never forget why we are reading this folks: Because Google's commercial rivals are pushing it like hell. I'll bet a number of the above posters are sitting in spinternet centres owned by them right now, frantically astroturfing to make it look like an important story.

    A trivial amount of data (fag packet estimate: 0.00001% of all UK wifi traffic in the last 3 years.) has been captured, and for any specific location it represents just a few seconds worth of data.

    Oh the calamity.

    If you want real news, how about the fact your ISP and mobile telco is collecting vastly more info about your internet use and social habits, 24x7, and sharing it at the drop of a hat with the police and security services. And at the drop of a penny with their commercial partners.

    1. Anonymous Coward
      Thumb Up

      Well said sir!

      Exactly what I thought!

      I can wander down any street and pickup your WiFI AP ESSIDs and MACs on my pigging Sony PSP game console in homebrew mode, FFS! What's the big deal here?

      As the previous poster states, your ISP is holding a thousand times more info about every single little thing you do, the amounts of data.

      A simple silly example, I had a Sky Unlimited account, I didn't want it so I called them to downgrade. Bad move!

      "Hmmm, Mr Fuzzypig, well we can't downgrade you yet, as your usage patterns are very high."

      "Oh yes?"

      "Hmm, you see on the 14th, you downloaded about 1.5GB, then on the 16th, 17th and 21st you downloaded about 2.5GB a day at least. Visiting a lot of sites like oracle.com and Ubuntu is it? Gaming sites are they?"

      "No database software and operating systems. I thought this was unlimited service?"

      "It is, but within reason. You aren't in any trouble, but you need to show that your usage stats and site visits (?!) are less than that required for the downgrade service, for at least 2 months, before we can downgrade you."

      "Can you put me through to cancellations in that case please? Thanks"

      Watch them, 'cos they are watching you!!!

      1. Gill Bates
        Pint

        re: Well said sir!

        that's beside the point. you choose your own ISP but you don't specifically ask for a third party you might have nothing to do with eavesdropping on your comms.

      2. Rob Dobs
        FAIL

        MY ISP isn't spying on me

        MY ISP can gather all of this information...The major difference is for all that i can see, they are not doing this.

        Further I have never heard rumor or accusation of them doing this. Unlike Google, who has a F$&%King COMPANY MODEL of gathering all the data they can on everyone.

        Even more importantly, even if they are collecting traffic and site access data (which could be useful under a warrant to assist in solving a real crime with the real authorities) they are only collecting what data is necessary, they are not scanning my emails for ways to advertise to me, they are not cross referencing all the sites that I visit (based on their ads being there), and they are not combining all this data together on me to create a personal consumer profile, for them to try to get as much of my money as they can.

        What Evil is they can leverage this knowledge to beat out the competition and establish a global monopoly that could down the road threaten our free lives.

        More scary here is the overall philosophy and goals of Google.

        And yes they got caught! stop giving them ANY credit for coming clean, their Lawyers have advised them to do this in order to avoid serving jail time form this being purposeful. ALL EVIDENCE so far shows this was purposeful.

        Anyone have the number for the appropriate States Attorney General or DA office?

        Maybe if we complain to the Gov or Mayor they will be prosecuted for an obvious wire tapping crime?

    2. Anonymous Coward
      Stop

      You miss the point

      @Owen Carter

      You are missing the point... You say, "A trivial amount of data (fag packet estimate: 0.00001% of all UK wifi traffic in the last 3 years.) has been captured, and for any specific location it represents just a few seconds worth of data... Oh the calamity."

      The issue here is not that a trivial amount of data has been captured, but rather that it has been captured at all. Ask yourself this question... If we are to believe, as we are told, that this was simply an oversight on the part of Google - or an unauthorised action by a developer - then it seems a little strange to me that Eric Schmidt would say, and I quote, "We're not going to delete it unless we're ordered to."

      You may perhaps call me a cynic, but if the collection of said data was an oversight - or an unauhtorised action - then why should Eric Schmidt insist that the data will only be deleted when ordered.

      However, perhaps you were inspired by Mr Schmidt when he eloquently said, "If it is authorised then there is a reason for them to be doing it. If it is unauthorised, it is not authorised."

      Yes, it's a world of known-knowns, known-unknowns, unknown-knowns and unknown-unknowns out there. But what is known is that Eric Schmidt has made it clear he has no intention to move for the deletion of the data voluntarily. That in itself speaks volumes to the wise (or the cynical if you prefer).

      Furthermore your parting comments about ISPs, the police and the security services are nothing more than a distraction and there is no direct comparison to be had.

      I hope you find it comfy in bed with Mr Schmidt and friends. They will no doubt be more than happy to shaft you up the county gritter in the future. :)

      1. Al Jones

        "We're not going to delete it unless we're ordered to."

        Because the Data Privacy Authorities in each country will take different approaches - the Irish authority said "delete it", and Google deleted the data that was gathered in Ireland, and got a 3rd party to verify that the appropriate data was, in fact, deleted. The German authority said "We want to examine that data to see if there's any indication that this wasn't accidental" so Google didn't delete the data collected in Germany. It's extremely unlikely that the Germans won't tell Google to delete the data once they're finished the investigation, but in the mean time, Google aren't going to delete it.

        It's going to be the same in the rest of the 30 odd countries where the StreetView cars have been active. Deleting the data before the Authority tells them to will get them in more trouble, particularly if someone decides to construe that as "destroying evidence".

  29. MinionZero
    Big Brother

    @AC: "found out about purposeless data"

    I totally agree with you about damage limitation, but I very much doubt its "purposeless data". They wouldn't accidentally go to so much trouble, on such a large scale and do it for years. So make no mistake they have uses for that data.

    The obvious use is attempting some kind of geolocation of detected IP addresses. Then when Google gets search requests etc.. these incoming packets of data can be deep scanned to attempt to workout where they are coming from, then Google can associate all searching with the geolocation of that IP address. After all Google are attempting to workout what people are interested in, so spying on IP addresses is a way to more closely identify people who block their cookies and to workout the location of people who don't block them. Its not a perfect system but it doesn't need to be. At worst its a stochastic process to workout the views of millions of people and at best they locate individuals.

    Plus that's before they start scanning deep into email data etc.. to more closely identify people.

    This isn't an accident or a mistake. Its not a single programmer, its large scale spying over years. They have spent years building this spying infrastructure. Makes me wonder what other two faced duplicitous Machiavellian spying plans they are also working on in the background. What really gets me is their doubletalk like doing no harm etc.. Its all the usual two faced lies you would expect from Narcissists who are laughing at people behind their backs as they say one thing, as they do another thing. Its all two faced lies. Worse still I very much doubt we are even close to seeing the full extent of Google plans for our future.

    So its about bloody time Google were seriously investigated, but I very much doubt they will be, it'll just be a high profile token investigation, with a fine that means nothing to Google, all designed to make it look like the governments are monitoring them. If anything the governments will just use this high profile story to get more hooks into Google, so they can exploit the power of Google for themselves. After all knowledge is power as they say, which is why governments are very happy to work with Google and even why governments seriously consider Google for outsourcing of government data processing, on data about all of us. So they are happy to give Google data on all of us yet now they want us to believe they have our interests at heart, in investigating Google. Yes right and pigs can fly.

    So even if it goes to trail around the world, (assuming they don't make deals in secret) its going to be empty smoke screen show trials designed to placate us into believing they are punishing Google.

  30. shade82000
    Pirate

    Trust?

    "Trust is very important to us. And we're going to do everything we can to preserve it."

    Trust doesnt mean people dont do wrong, it means people dont expect them to do wrong and that makes it easier for them to do wrong.

    Of course they'll do everything they can to preserve it.

  31. Owen Carter
    Big Brother

    Wow.. how paranoid..

    "This isn't an accident or a mistake. Its not a single programmer, its large scale spying over years."

    Err.. it's about 10 seconds maybe once a year. And if you have WEP turned on it's not even that. Oh and a similarly low refresh note of your network details.

    By the way.. can you explain -how- they get your public IP address from your Wifi details.. Cos otherwise this plan of correlating IP addresses to locations fails when they find millions of postcodes for 10.0.0.4

    1. Gill Bates
      Pint

      re: Wow.. how paranoid..

      10 seconds, once a year. it's funny, I remember times when there weren't strangers driving round in cars doing this completely without permission.

      it's OK though. purely by accident, I happen to enjoy dropping grenades from my roof on to passing camera-wielding cars for 10 seconds, once a year. bring it.

      By the way.. they have your public IP and ISP's DNS suffix from the instant they connect to your wifi, incidentally.

      they can then arp the IP for the MAC address of the public interface.

      what about dynamic IPs then?

      with your geographic location and ISP's DNS suffix they can narrow you down to an IP range. then using arp once again they can eliminate IP addresses from that range by using your previously-captured MAC address. hey presto, a fully verified public IP. I've just done it myself on my own wifi router.

      1. Owen Carter

        Please leave this to the experts.

        "By the way.. they have your public IP and ISP's DNS suffix from the instant they connect to your wifi, incidentally."

        Well, turn WEP on and then they cant connect. doh.

        And even if you are so dumb as to leave that off..

        Are they connecting? I see no mention of connecting! just sniffing.. Can you give me a credible reference to them actually connecting as they drive past?

        All they see are IP's in the 10.0.0.x(*) range.. wow. that tells them loads. They dont see your public IP, they might be able to see your ISP's DNS suffix. Kinda depends what sort of traffic was sniffed. And assumes suitable traffic was passing in the short timeslice they had.

        As for peoples understanding of ARP; best leave it to the experts guys.. I dont think they could enumerate the network without making an active connection.

        (*) or 192.168.x, or whatever floats your boat.

        1. Anonymous Coward
          Thumb Down

          As an expert...

          are you *really* advocating the use of a deprecated security algorithm that has been widely reported as not fit for purpose by everyone and their neighbour, not least the body that oversees the wireless protocols and encryption models? I think you need to get with the times and perhaps, leave it to the *real* experts...

    2. Rob Dobs
      WTF?

      Evil Is as Evil Does

      Err... so If I leave my door unlocked it's ok for my neighbor to go rifling through my daughters underwear drawer while we are not home?

      "it's about 10 seconds maybe once a year."

      What does duration have to do with criminal intent?

      If your grandfather raped you at Christmas for only 10 seconds would that be OK?

      And your comment doesn't at dispel the argument that with so many people involved that this was clearly a COVERT SPYING operation.

      All Wifi AP have an IP address (or more) Simple ARP/RARP requests on the local network can give you the IP addresses of ALL the devices on the network. If they wanted this quick 10 seconds could give them not only IP address information, but likely information about what kind of hardware is in your home. They could then use this to illegally have an information edge over their competitors about what hardware people use, how they set up their WiFi networks etc. Depending on what programs they use, they could actually capture snippets of VOIP phone calls, and as the article states - emails. Gathering someone's private communications and storing them is wiretaping, and they have been caught paying for an ARMY of people to do this crime in MASS.

      That they think they have the right to snoop on private homes is very scary.

      1. Vin King
        FAIL

        Fail

        Actually your analogies are entirely wrong. Consider it more like screaming into a megaphone to talk to your neighbor, and then complaining that they're eavesdropping on you.

      2. jake Silver badge

        @Rob Dobs

        "Err... so If I leave my door unlocked it's ok for my neighbor to go rifling through my daughters underwear drawer while we are not home?"

        Speaking as a father with a daughter ... EEEEEEWWWWWW! Where in the fuck did that come from? I think I can honestly say that the last place I would eyeball in a burglary would be a little girl's underwear drawer ... Well, maybe the sink traps. Or the leach field. Did I mention EEEEEEWWWWWW? Seriously, the mind boggles ...

        "If your grandfather raped you at Christmas for only 10 seconds would that be OK?"

        Oh. You're psychologically damaged. That explains it. Seek help. Ta.

        1. Sarah Bee (Written by Reg staff)

          Re: @Rob Dobs

          Are you qualified to make a diagnosis of psychological damage? No? Well shush then, you big blouse.

          1. jake Silver badge

            @Sarah

            Question for you, Ms Bee ... If you overheard someone at a cocktail party[1] come up with such over the top "examples", would you go out of your way to spend time with them? Or would you avoid them?

            My c.v. isn't on the table here.

            Blouse as an insult? New one on me. I'm not even sure of the etymology (stuffed shirt??) ... ::shrugs:: Whatever. Use of ad hominem, even when it fails to make it's mark, says more about the writer than the subject of the writing.

            [1] BBQ, wine tasting, baby shower, pub crawl, whatever floats your boat.

            1. Sarah Bee (Written by Reg staff)

              Re: @Sarah

              No no no. I was merely pointing out that you made a rather confident appraisal of another poster's psychological state which seemed over-zealous. The OP's comments were clearly using exaggeration to emphasise his point - clumsily, but

              *this comment unfinished due to lack of interest, awareness of futility of exercise*

              1. jake Silver badge

                Re: Re: @Sarah

                "*this comment unfinished due to lack of interest, awareness of futility of exercise*"

                If you're not interested, why bother in the first place? Kinda seems at cross-purposes, no?

        2. Rob Dobs
          WTF?

          missed the point obviously

          These examples were obviously meant to be extreme to emphasis a point.

          Just because my neighbor is not stealing something from house, does not mean it isn't deeply disturbing, and indicative of much worse behavior to come.

          Why do you even interpret this as something one would eyeball after a burglary? The whole concept I was getting it at is of someone doing something gross in your home that you DONT know is going on. eeeewww indeed yourself sir).

          And sadly this seems to be an issue I have heard more than one news story about weirdo coming into homes to steal (or other things) with wives and daughters underwear. I have daughters also, and that one seemed the worst to me.

          I just tried to think of something in my home that I would not want accessible to the public if my door were unlocked. EEEEEWWW was the exact effect I was seeking to evoke. Google comes sniffing around and grabbing emails from peoples homes.... Eeeewww.

          Same with the second example, just using a simple example to negate the previous point that something is OK just because it is for a short duration.

          Try it out, think of something shocking that you wouldn't want to happen, the act really doesn't have the effect of causing or exhibiting any kind of damage.

  32. Tom 13

    You're too late Luther!

    Wiping the data now is a worse move than keeping it on file for 3 years so you could mine the data. There's a Federal investigation coming your way, which means if you wipe it now you WILL be guilty of obstructing justice, which IS evil.

  33. Yet Another Anonymous coward Silver badge

    @Why/What

    They wanted to record open WiFi locations, reasonable - if you are mapping the area anyway then some statisitcs on amount of free public wifi might be useful. It's going to get out of date but it's only costing you a wifi card on the laptop.

    The software is cobbled together from a bunch of freeware network monitors, one of them was also dumping fragments of captured packets.

    When the cars get back everything gets dumped to a server, Tb of images, Mb of raw GPS data for latter correction and a few Mb of captured packets.

    I'm inclined to believe Google on this one - if they really wanted to capture lots of information about you they have better ways than grabbing a fraction of a second of open wifi.

    1. Rob Dobs
      WTF?

      What they can get away with

      The thing is, this is what THEY COULD GET AWAY WITH.

      Google now has a sampling of internet traffic, from possibly 100,000 of homes. You CAN"T buy information like that, literally because its illegal.

      I'm not inclined to believe Google about anything anymore, they keep getting caught, and their attitude gives away their internal philosophy

      Who gave them permission to may my IP in the first place if that's what they were doing.

      I should set up a web page that show the map location of the Google Executives children at any given time. They are certainly a target for kidnapping with their daddies owning billions. I wonder if the threat was on them, would they still feel it was OK to display other peoples private data?

      Google doesn not just throw shit together, they are NOTORIOUS for meticulously planning EVERYTHING and EVERY ASPECT. What they did was exactly what their lawyers thought they could get caught (if it happened) and stay out of jail and continue as a company.

    2. Stevie

      Bah!

      Not reasonable, in my opinion, and completely unnecessary.

      Publicly accessible Wi-Fi nodes are advertised if the invitation to use them is genuine, such as at a Starbux Koffeehaus. Google could simply, had they wished to provide a non-clandestine service, have offered collaborative help in getting those nodes more widely known.

      I'm not a suspicious person, nor do I see conspiracies coming out of the woodwork, but I can see a big, slimy, skulking conspiracy here without my pop-bottle glasses on.

      Besides, modern Wi-Fi-equipped kit tells you when it has found a possible onramp. You don't need Google telling everyone you Gran just bought a wireless router and switched the bugger on.

      The words "eavesdrop" and "wiretap" come easily to the mind here.

  34. Anonymous Coward
    Anonymous Coward

    FFS

    As only a couple of people have said - So Fecking What. A few bytes of data from each Wifi spot passed pails into insignificance with the petabytes of data needed to store the imagery. That why it wasn't noticed- - its like 0.0001% of the total amount of data stored (figures made up but you get the idea - a Wifi frame is tiny compared with even ONE streetview image). I saw ref to 600 GB of accidental data capture - less than one USB drive of data compared to warehouses willed with drives of image data.

    As to deliberately letting the code in - I guess most of you lot have never worked on a project involving more than a couple of webpages - big projects have colossal amounts of code, and lots of that is hangover code from previous projects which is there but not used. I can easily see how code that was used to grab SSID's grabbed other data by mistake, and that data wasn't discarded.

    Here is one scenario. "Hey Fred, we need to grab SSID as we drive around" "Ok Bert, we have some grabber code over here - it probably grabs a bit too much data for your purposes so you will need to discard some of it" "Ok, Fred, will do. Thanks you just saved us 2 months work there."....Later on "Er, Bert, it appears you forgot to add the extra code to discard the data we didn't want..", "Er, sorry Sergay".

    You lot really have got you paranoia hats on today!

    That said, Google made a mistake - they have admitted they made a mistake. They are fixing the mistake. They may get fined, but not very much, because the offence, to my mind isn't that reat.

    1. Anonymous Coward
      Flame

      Ok then...

      ... it's all right for someone to burgle your house, as long as they only steal £1. Remember to tell the coppers that when they're throwing them in the back of the van.

    2. Rob Dobs
      WTF?

      600GB = over 49 Million Emails!

      12.8KB is the average of my last 10 emails. At least a few of them contain information that is not criminal (i.e. don't give me the "if you have nothing to hide" BS), but could hurt my company if in the hands of my competitors. There is not telling how many competitor emails or just interesting social trends they could glean from such a database.

      600GB should equal 629145600KB

      That could be as many as 49,152,000 E-mail messages. That's a hell of a lot of Private E-mails to browse, catalog and gather a whole bunch of interesting information from.

      Now obviously the bulk of the data is not Email messages. All we know is what Google has stated so far. And so far they have stated that they illegally gathered personal information form private networks, that some of that information contains E-mails, and that there is an estimated 600GB of it.

      Google is the size of company that can pay 10,000 people to travel around the world for 4 years collecting up to 49 MILLION E-mail messages from private networks around the world. I have no doubt this was a deliberate action.

      And to the comments of about war driving and my neighbors being a bigger risk:

      They do not have the tools, there are not hackers driving by home on a scheduled 3 month basis. My private neighbors also do not have a multi-national advertising company they seek to combine this data from me with. Nor are the building a profile on my shopping habits, or likes and dislikes.

      BTW for disclosure sake I have never run WiFi in my home (it's lazy and easier to cable up all the rooms in your house if you choose to.) I do however have experience deploying wireless networks for users in the thousands, so I am not unfamiliar with the technology.

      I have managed big projects with MANY large companies and never I have I EVER seen an operation of Google's size, mistakenly send THOUSANDS of workers into the field, performing specific daily routine tasks, and one of those routine tasks was an "accident". This technology was loaded onto the vehicles. (I have an issue with their IP mapping and SSID logging plans to begin with, let alone the wiretapping.) Teams of people have examined the Google cars daily tasks and operations not only for thorough review, but I guarantee to an such an extreme level that have made this criminal operation as efficient as they possibly could.

      Listen I am not saying Google is a bunch of Satanic Nazi's hellbent on world destruction. But their behavior has not washed with their stated stances. I see them as a dishonest company that does not concern themselves with the public, nor their customers general well being.

      Someone said it best already (don't know who) to paraphrase: Google's customer is the entire business world, and their product is the public at large.

      Am I Paranoid?, no that would mean by definition that I am behaving unreasonably. I choose to protect myself from a company that I see as a threat to my privacy and freedoms in general, and that appears in general hypocritical in its behavior. Sounds rational to me. I just choose to present what I feel is a valid argument to those who may be ignorant to the inherent dangers such an attitude has for any organization.

  35. Anonymous Coward
    Anonymous Coward

    At last..

    .. they are involving an external party. It's a start. A cockup is believable in that they maybe don't separate experimental from live that well, but they should not try to talk it "away" as a minor matter like they tried in the beginning, because that only confirmed the rapidly growing opinion that Google has no idea of privacy.

    Privacy has been a festering sore in the whole Google setup.

  36. Gill Bates
    Pint

    FFS, FFS

    "Here is one scenario" - that's disconcertingly vague

    "As to deliberately letting the code in - I guess most of you lot have never worked on a project involving more than a couple of webpages - big projects have colossal amounts of code, and lots of that is hangover code from previous projects which is there but not used"

    I see certain anonymous contributors have colossal amounts of either arrogance or ignorance, I'm not quite sure.

    never heard of source control or versioning?

    not actually sure what's in your own software?

    your code is full of redundant WTFs?

    I guess you've never worked on a project involving code full stop.

    sign up for an account, be a man and show yourself. I bet I can guess where you work.

    1. Anonymous Coward
      Pint

      WTF?

      "FFS, FFS"? O come on Gill, really, FFS!

      To respond to your little survey:

      Q: "never heard of source control or versioning?". A: Yes. You?

      Q: "not actually sure what's in your own software?" A: Totally sure - thank you for asking.

      Q: your code is full of redundant WTFs? A: No it isn't. I would imagine yours is OK too, as it is obviously only full of redundant FFS's! ;)

      Q: "I guess you've never worked on a project involving code full stop" A; You mention arrogance, you display a little yourself here methinks.

      This anomymous coward - that's me by the way ;) - has answered your little rant/survey quite honestly.

      However you forgot to add the following question... Have you ever worked on a project that is micro managed by a PRINCE qualified shit-for-brains and peer reviewed by, well, absolutely no-one that has any place actually reviewing code? The answer to that is categorically, "YES! All the bloody time". Project managers, who'd have 'em, eh?

      However your post fails to present any valid reason for Googles 'oversight'. You only present - obviously subjective - excuses for such a foopah. Poor code management is no excuse for corporate or management failures, or even bad press for that matter.

      Posted anonomously just for fun - or to piss you off - I don't really care which ;)

      (The pint because I am offering a toast to all the shit-for-brains Project Managers out there - and I know where quite a few work!).

    2. Owen Carter
      Happy

      getting with the modern development flow.

      "I see certain anonymous contributors have colossal amounts of either arrogance or ignorance, I'm not quite sure."

      It aint just the anonymous ones.

      Putting code into source control just lets you track changes from that point, it does not prevent changes.

      - If it does where you work; you are either 1) Stuck with a luddite old school development methodology and need to understand the Agile development models used by Google and other fast moving companies, or you are 2) writing safety critical or ultra high availability code.

      - Agile also demands that libraries etc.. get dynamically pulled in.. as much as possible you treat this as a 'plug and play' excercise.

      - This is how Google will have developed the tools used here, a fast Agile process with maximum code re-use and fastest time to delivery.

      - This is not a product they are selling; it is a tool they developed in-house, for use in their own vehicles.

      I'm a CM and toolsmith at an agile development house; I've been a CM off and on for 20 years, I move with the times. I am always totally astounded how many 'old school' techies are 10 years out of touch with current development methods, and the speed with which you can write reliable code.

      Back to the assertion that they knew every line of code in there:

      Auditing of the inital checkin, and of all changes subsequently, is the thing that lets you determine exactly what is in your code.

      If you are re-using external libraries and packages, you either have to audit them, or trust them, or accept you are taking a chance.

      This is -very- expensive and time consuming, I doubt very much if they audited this code in any depth; that would of been overkill for a in-house tool.

      But of course:

      None of tha above would have stopped them from evilly designing, developing and deploying this spyfunctionality in the camera cars, but why so limited?

      If they had wanted to do a proper spy mission they would have had cars capable of cracking WEP and making connections to the networks. They definatley have the resources and technical capabilities to have done that. But they did not.

      PS; regarding anonymous posters; a golden rule of astroturfing is to not do it anonymously because that dimishes influence and credibility; astroturfers always create accounts.. usually lots of them in order to aid sockpuppetry.

      1. Rob Dobs
        WTF?

        already covered this

        "If they had wanted to do a proper spy mission they would have had cars capable of cracking WEP and making connections to the networks. They definatley have the resources and technical capabilities to have done that. But they did not."

        Such an overt an obvious act of espionage, and wiretapping would land them in Gitmo, not just prison.

        Sniffing SSID's they could "claim" are public (this is not well establish law in America yet, and has not had even circuit court review that I am aware of) and "accidentally" capturing millions of emails and personal messages, is something they could get away with.

        There is no way they just accidentally decided to include WiFI antennae on the car (these have to be ordered and installed) They would have to load the same WiFi sniffing program on EVERY car, this had to be done tens of thousands of times, I just do not buy that they could include this by mistake.

  37. cordwainer 1
    WTF?

    Um....one question no one has asked or answered that I've seen...

    I'm sorry, but WHY were the vehicles collecting this information in the first place? Street View has nothing to do with computer networking. It's just a way of showing everyone a street-level view so they can find locations more easily.

    I can understand why the vehicles needed some kind of wireless connection themselves....but isn't anyone wondering why Google decided to gather wireless data in the first place?

    Even making a list of available free wireless connections doesn't require scavenging the information passing through those connections.

    Anyone know the answer?

    c

    1. Al Jones

      Did you just wake up?

      It's been explained, again and again and again since the story broke.

      Use Firefox, and go to Google Maps. Click the little circle under the Compass at the top left. Firefox (yes, Firefox, not Google), will ask you if you want to share your location. If you say yes, Firefox 9not Google!) will call the network APIs on your system to get a list of Wireless networks "in earshot". It will then send that information to a geo-location provider. That provider will correlate the information that Firefox sent it with it's database of SSIDs and MAC addresses, and return an estimate of your actual location.

      As it happens, Firefox is using Google as it's geo-location provider, but there are other services out there. The example above uses Google maps, but the code can be used on any website. Note that Firefox won't share this information unless you explicitly permit it to. That's why Google has built a database of WiFi networks and correlated them with GPS data. It's a perfectly legitimate service, using information that is broadcast on the public airwaves.

      function showPosition(position) {

      alert(position.coords.latitude + “ “ +

      position.coords.longitude);

      }

      navigator.geolocation.getCurrentPosition(showPosition);

  38. Anonymous Coward
    Black Helicopters

    Why indeed? And it's not necessarily the data your ISP sees either.

    Why indeed?

    It's certainly logical for them to collect the SSID and MAC - as others have pointed out, that data can help to provide location services when GPS isn't available (or to refine location when GPS is spotty). Android-based phones (and we know who wrote Android, right?) already use this capability.

    Why they'd grab payload is beyond me - there's nothing in the payload that's going to help the StreetView or geolocation missions. And it's not an accident - grabbing SSID & MAC is easy, grabbing the payload requires deliberate additional effort. Why did they do it?

    To those poopooing this and saying "your ISP has that data already", I call foul: payload capture would show ALL traffic on the WiFi network, including internal communications that never reach the ISP. Printing that tax form from your laptop to your network-attached printer? Moving data to your network storage drive? Monitoring a wireless camera in the baby's room? None of that data ever gets to your ISP, but it was all visible to Google.

    Why indeed?

  39. Yet Another Anonymous coward Silver badge

    @Um....one question no one has asked or answered that I've seen...

    Because their engineered solution was something like "wireshark - dumpall > data.dat" and worry later about extracting SSID == starbucks or whatever they wanted.

    El reg's webserver collects a lot of data about my browser - why does the reg need to know what version of Java I have installed or what service pack of XP? It must be part of an evil el Reg plan to take over my machine in order to advance skynet and the coming apocalypse.

    Or it might be that thats the default in apache and nobody has time to change it.

This topic is closed for new posts.