This issue kind of fell by the wayside in all the WebM and Android violence, but apart from the cool things Google did this past week, they’ve also done something really bad. They claim it’s a mistake, but the company has collected 600GB of data from open personal wireless networks in 33 countries through its Street View cars, prompting several countries to initiate official investigations into the search giant.
Most of you are probably familiar with Google Street View. All that photographic material is collected by Street View cars with crazy camera contraptions mounted on their roofs. I saw one drive through my street and neighbourhood a few years ago, but the data for The Netherlands and my small rural home town were only added a few months ago.
In any case, the Street View cars also collect information about wireless networks, namely the SSIDs and MAC addresses. Google collects this information for its location services, similar to what Skyhook and the Fraunhofer Institute have been doing for a while now. Google claims that because anyone with a wireless device can obtain this information simply by walking down the street, it can’t be called a privacy violation.
I’d say there’s a difference between an individual and a huge American (thus, foreign) corporation, but alas.
However, May 14, Google published a new blog post in which it explained it had in fact been collecting personal data as well from open wireless networks. “It’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products,” the company wrote.
“However, we will typically have collected only fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second,” Google added, “In addition, we did not collect information traveling over secure, password-protected WiFi networks.”
How did this happen? Google claims it was a mistake. “In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data,” the company explained, “A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software – although the project leaders did not want, and had no intention of using, payload data.”
Fragments or no, mistake or no, the backlash has been huge, and rightfully so. Ireland, Denmark, and Austria have asked Google to destroy the data they’ve collected, and the company has complied. Several others, Belgium, France, Italy, Spain, Germany, Switzerland and the Czech Republic, however, have asked Google to hand over the data so they can investigate whether or not the company is telling the truth when it says it only collected small snippets of data. The US and The Netherlands, too, have announced investigations into the matter.
Google CEO Eric Schmidt, in the meantime, believes his company shouldn’t be prosecuted because it was an honest mistake, and no harm has been done – “no harm, no foul”, further adding more damage had been done to the company’s reputation than to individuals.
Of course, Google’s reputation can fall of a cliff for all I care. If countries’ privacy laws have been broken here, the company should be punished for it fair and square. The matter carries additional weight with me because of Google’s immense size, as well as the fact it is a foreign entity. On top of that, it’s a company built around information, and as such, must be carefully watched as to prevent it from crossing the line.
Mistake or no, this matter should be investigated thoroughly, if only to send a clear warning shot across Google’s bow.
Search providers deal with lots of data, and much of it is private. There are other less invasive methods of locating people to within an area that is small enough for most static applications. Or here’s a suggestion, ask them if they WANT their location stored so that search results can be customised. On mobile devices – well at least on the iPhone, I can’t speak first hand for many of the others – you are asked if you want to allow location services to find your position.
As I drive along in my local area My iPhone regularly asks me if I want to join wifi networks it locates. This doesn’t give me the right to collect all the locations and use that information for my own purposes. Especially when their targeted search results are just another marketing tool for them to sell their advertising.
This follows further too. Just because I might put a file that contains personal information on a server somewhere for a short period buried deep in a random folder structure so that someone in another part of the world can gain quick access to it doesn’t mean I want Google to index it and serve it up in their search results. While there are methods to prevent this they are not known by a lot of people. I believe at the moment all search providers are afforded way too much freedom. The web has matured to a stage where I believe they should have to be specifically allowed by the user to search and index sites. No code in the header to allow it = no index.
We just need some governments to stand up and have the kahunas to do something about it, but then, with the amount of data governments collect on people it would be a bit like Tommy Lee giving Tiger Woods a lecture on commitment.
Not true. If someone put up their formerly private information on the web, it is NO LONGER PRIVATE … A lot of people either forget or ignore that fact.
Sorry but you just haven’t the slightest idea of what you are saying.
Where I store my information does not, in any way whatsoever, modify my rights upon it unless I specifically grant someone else the total or a at least a part of the them.
Storing _my_ information on _my_ server, does not give you, google or whoever else any single right upon it. Where I choose to store something of my property, does not change the nature of my rights upon it.
Edited 2010-05-23 02:31 UTC
Ahh, we must be talking about respective laws in different countries
For instance, what I said applies to the USA … what country does yours apply to?
The rest of them .. those countries in which civil and constitutional rights still apply.
That, I have to agree. The USA is so F*cked up, it’s not even funny
Agreed …
Your router isn’t the web. And just because you put data on the web doesn’t mean it’s public, not even in the USA. Restrictions that comes with copyright, patents, trade secret etc. are still valid.
That’s so vague it’s a hundred different ways it could be attacked. E.g. if you leave your belonings in the middle of a city square without any protection, no sign that it’s yours, and no warnings about eventual consequences of taking them, you can’t expect they will remain untouched, even if at the point of dumping they were your properties. And even with this silly example I only partially approached the stupidity of putting private data to be accessible by random individuals through an unprotected wireless connection.
And it has been .. as many times as the property right has.
I never wrote nor implied the word expect .. yet regardless of whatever expectations you may or may not have on the future of your belongins, the nature of your rights upon it remains untouched.
They key is the will, and not what may or may not happen.
What its your’s, its your’s and will remain your’s until you change your will and decide to transfer the whole or a part of your property right to someone else. And not even the State can take away your rights upon your property, as in order to do so it needs to pass a law and give you a fair compensation in exchange of your right.
No, you did not. You just proved that lack of protection in regards to the rights you have on your own property (of which the information you produce, be it personal or not is a part of), toghether with the restless abuses commited by the biggest corporation that mankind has ever seen and the blatant innaction of the goverments of some countries to protect those rights, have gone so long as to deform the perception and undertanding of one of the pilars of society, economy and foremost: democracy.
You may want to go back to 1689 and read John Locke’s “Two Treatises of Government and A Letter Concerning Toleration.”. Trusts me, you won’t regret it.
Edited 2010-05-23 07:34 UTC
Wrong.
Sorry:
As soon as you leave your belongings unattended, or your information unsecured, it becomes, BY LAW, abandoned – unless it is protected by other laws ( trespass, spying, or what-have-you ).
At that point of neglect, you have forfeited your rights to said property or information.
If you accidentally e-mail everyone in your company a copy of your just-finished book, but meant to only send it to the publisher, all those other people have a free copy. You have not right to take that copy from them, because you forfeited that right. However, you still retain the copyright.
If you leave $500 in a public place, unprotected, and someone takes the money, they now own the money. You have no right to reclaim that money.
In these cases you neglected the security of your data or belongings, and therefore forfeited your rights upon them.
The same goes for unsecured wireless networks. Here, you are actually BROADCASTING your data to anyone who can listen. If you make an attempt to secure that data, it is illegal for someone to even TRY to obtain that data.
You have to realize that you had to do something to provide access in the first place – once access is provided, it is up to YOU to protect your data / belongings.
In one case you upload your data to everyone.
The next case, you leave your money unattended in an insecure location.
In the final case, you BROADCAST your data to a large area in an insecure manner.
In all three cases, you gave up your rights.
–The loon
1) read the OP
2) appoint that LAW as well as its legal precedent
3) attend to law school, get a degree, pass the board exam, come back and post again.
Again law says that who takes them are commiting FELONY! If I leave my door unlocked and someone takes my stuff they commit FELONY! If I send data on unsecure way and someone peaks it he commits FELONY! If you find someone property middle of street you call police which will take it, same goes unsecure lines. You don’t fucking peak there see if there some data, you fucking inform it is open. No fucking excuses here, justice for all!
Don’t bother .. they just won’t get it ..
They’ve been slowly yet steadily trained to think that if you use the internet, no matter what, it’s your fault.
They are finally living in the Orwell world .. and got there by the means that Huxley proposed.
They have been warned hundreds of years ago, yet they still gave up essential liberty to purchase a little temporary safety … they brought it upon themselves, and now, its payback time.
Not sure why your were modded down for that. You speak the absolute truth. If I put my social security number on the internet, I should very well expect for it to be stolen.
Maybe because your comment doesn’t really relate to the article, where a company drove around collecting ( rather useless ) information about WiFi networks is getting in some trouble.
I think, however, that it is the individual’s responsibility to properly protect their network. It isn’t terribly difficult.
The real truth, from the ground, is that most (knowledgeable) people really don’t care if someone can hop in on their wireless network, so long as they aren’t causing harm in any way.
I don’t.
I have a 100% unsecured wireless network with as much amplification as I can provide so that anyone can get internet. I know most don’t know enough to cause harm, and I know to secure the few areas that need security ( I own a LOT of computing power ).
Now, if someone comes in and snoops around, they will find some barriers ( notably my secure Linux server ), but even if they get past that and access all of my data – well, okay.. I have nothing to hide.
Seriously, who does? Sure, many people use Quicken or QuickBooks for financial data, but who is dumb enough to actually put enough information to destroy yourself in a single place?
I would never do that.
But that may just be me. I remember every single account number I’ve EVER had, and I just create a name. I also shred all mail that may identify me…
Maybe I’m just paranoid, though.
–The loon
And that doesn’t change the fact that _it_was_stolen_ and that and that the one who _stole_it_ should be prosecuted.
What privacy do they speak about ??
They forget Facebook privacy concerns and mess now with Google ?
He said he will delete that data and he gives apologies so what’s next ?
Can’t find how a company who donated a 124m $$ to public with VP8 open sourcing is treated like that !
If I develop the cure for cancer, I’ll still get sent to jail if I kill someone.
Actually, in USA, there is quite a high possibility that you WILL be sent free ..
I know they haven’t collected my data. Why? Because the street view car only went down half of the street I live in, and Google Maps only shows the road going down half of the street. The question then becomes why were they collecting peoples wifi traffic but not correcting the omissions/inaccuracies from their map data when they should have been blindingly obvious.
Edited 2010-05-22 23:59 UTC
They were probably too busy collecting your data that they didn’t have enough time to think about streets!
what data? name of wireless network? and geolocation of said network? is that the extent of the data? what else could they collect while driving slowly past it? not much else. so really who cares about this?
They could have any data that was currently being transmitted over the network while it was being scanned, but if Google’s telling the truth then there couldn’t be much data picked up in that 1/5th of a second. Especially because I’d bet that most/all unsecured wireless networks only carry web surfing data and lie idle 99% of the time.
I’d agree that it’s a bit of a non-event, especially since Google has freely admitted what has happened (rather than there being a whistleblower).
Receiving unencrypted radio signals is, most likely, not illegal, as long as you’re on public property or your own property. Transmitting data would imply use of someone else’s network without their permission, which is probably illegal. But Google only received, did not transmit.
Freely admitted? As in told everyone they were going to listen/look into whatever I was doing on the interwebs at the time that stupid van went past, like Before they actually did it?
I don’t remember them telling me, maybe that was another slight oversight, similar to the one where they take and store how many meg/gig/tetrabytes? Of information. Like on accident.
But seriously it was nice of them to tell us, Im sure had the german authorities not have asked for the data they would have told us anyway/
How do you make a mistake in 33 different countries? This is more on an error in judgement on the part of Google rather than a ‘mistake’.
In any case, no doubt there will be fines, which Google will happily pay, and all will be fine.
]{
You just have to run the same software. That’s not new, we’ve seen it in the past and we’ll see it again in the future.
To me, this is a non-event. Why are there still some Wifi networks that are not encrypted ? I would say because “it’s not important to have them secured”. If it’s not important, then what is all this fuss about?
I find it rather interesting that Google compared Apple to Big Brother at Google I/O while, really, Google is the closest thing we’ve had to Big Brother in recorded history.
Google search history is already used in cases to convict people. It’s only a matter of time before governments start trolling Google’s data for ‘undesirables’.
]{
Google is indeed quite dangerous. But the worst is that when you look at what’s in front of them, you’re still tempted to choose them.
It’s a next-generation dictatorship. Instead of basically acting in the old “we only care about our benefits, our customers are just something that we happen to need for that” way, like Microsoft and Apple, Google use a more subtle approach…
Not true. Big Brother never asks you if you’re willing to participate. With Google, the users all opted in, and continue to do so, either never caring about their privacy-related settings, or never bothering to get information about how the different services work and how they are interconnected. I hate car analogies, but here you go, when you’re buying a car, you’re not just taking it home without getting all the information about terms, conditions, payment plan, insurance, and so on. The perception of what Google is becoming is just as much the users’ fault – who are stupid – as theirs – who know they are stupid and exploit that to an extent.
Not true. People whose data was stolen (“scanned”) by the Street View cars never opted in.
People who had registered to Youtube before Google acquired it never opted in.
And while I partially agree with your about the users’ responsibility, it is still *wrong* to just enter someone’s house even if the door is open, and even if it is not against the law, taking something you find there definitely is. Same applies here.
…it is still *wrong* to just enter someone’s house even if the door is open, and even if it is not against the law, taking something you find there definitely is.
That is not what happened. With unprotected wifi a router owner pushes his laundry out into the street. Google wrote a piece of code that did not quite do what they expected and they were inadvertently eavesdropping, but I can’t demonize Google for it.
If people shout out private stuff into the street and somebody hears it, than that is tough, but you can’t expect privacy when you throw personal stuff out there yourself.
This is not about ‘should expect’. When you commit illegal actions you should be prosecuted. Then it’s up to the court to decide if there should follow a conviction and, if so, what the sentence should be. Why has so many people problems with understanding this?
Privacy whining only applies to facebook and not to google, bunch of hypocrites.
Just curious, if you stroll around town how many open wireless network will you find?
Here Telcom Lesotho were installing ADSL routers with wireless connectivity leaving them open and with default SSIDs, passwords etc.
You could start up you laptop get free internet and cut off the user from their own internet (tempting but I didn’t). It has improved a little of late but is still common.
I guessing in the first world open wireless networks are not so common?
Edit I haven’t seen Google vans driving around Maseru though!
Edited 2010-05-23 07:50 UTC
well they collected my information about wireless network
and when I tested html 5 geolocation it pinpointed me to my house on google maps with wireless. I then tested the same with a normal cable and that kind of geolocation positioning was not possible it only made as far as to the internet provider.
Thus it is a more than just a simple mistake, privacy?
You’re confusing two issues. Google never hid the fact that they were collecting SSIDs to pin point users location on WiFi. That kind of information isn’t private though – even on secured networks it’s braudcasted. In fact, a WiFi SSID is much like a house number on a street – ie it’s intended to be public knowledge as it’s how you identify your home/network when connecting.
What Google also did was collect and store packets of communication. While this doesn’t matter on secured network as it’s just a garble of encrypted nonsense, on unencrypted networks the packets can contain personal information.
However, this thing is a storm in a tea-cup because:
1/ I actually do believe Google that it was an accident – their reasons are plausible and for other reasons I’ll state next.
2/ the amount of unsecured data will be neglageable: very few wireless networks are unsecured and those that are, are unlikely to be under heavy usage (as if they were, it’s likely that the user is technically minded thus would know about securing his/her network). Thus the probability of capturing ANY data, let alone personal data, it very very low.
3/ secure sites like online banking will have SSL encryption anyway. So even on an unsecured network, you wouldn’t be able to read the most sensitive of information
4/ thus (continuing from point 3) the data you will capture is likely nothing more than you complete when you sign up for Google Mail anyway. ie not enough to actually do anything serious such as identity theft.
This whole witch hunt that’s going on at the moment is only good for one thing: raising peoples awareness that it’s THEIR responsibility to secure THEIR network. Sure, Google are in the wrong (accidental or not), but at least it’s Google’s street view that was listening and not someone looking for a “fall guy” when bit-torrenting or downloading child porn.
I don’t know where you’re located, but in a lot of the US there are a hell of a lot of unsecured networks. Most of the time they’re put there by the cable or DSL providers and the home users never touch them. The worst of it is, when I tell them they should secure it, they always ask “why?”.
Personally, I’m of the belief that if you don’t care enough to lock down your network you deserve to get sniffed. You’re asking for it. If it’s a deliberately public Wifi hotspot, then know that you are wide open and can be sniffed and accept the fact.
I agree with the rest of your points. Wow, Google might’ve accidentally seen someone’s twitter postings. Big deal. The really important stuff is locked behind SSL anyway. Still, I don’t see any harm in investigating it. I think, in this case, this was probably an honest error, but by all means look into it. It’s a pity the governments seem to be doing their job in this case but some of them (US) don’t do crap when it comes to real violent crime.
Interesting to hear about the state of things in the US. I’m from the UK and the ISP routers seem to be fairly good at defaulting to secured networks (at least the ISPs I’ve been exposed to). But this is purely my own anecdotal experience.
I do see myself agreeing with your post though.
Did Google intend to save eavesdropped packets on unsecured WiFi connections? I doubt it.
Should Google be investigated over this? Absolutely!
I think the storing of data seems to be my issue with this, but you might argue the point that you cannot view the data without storing it (mayhaps rabbit…)
For example:
Think of the data as a TV in someone’s house that you can see through a window where the curtains have not been drawn. The house could be the server/home pc and the window with drawn curtain could be the unprotected wifi.
I don’t mind if a company/person could see my TV because it is viewable through a window and can tell the brand, size, shape, colour and what’s showing.
What I am concerned about is that someone has ‘accidentally’ stumbled through the front door because I left it unlocked and stumbled out with my TV onto the street.
I don’t mind that they have seen the TV (data), and have retained various bits of metadata about my TV. What I do mind is that they have stumbled onto the street with my TV – yes it was unprotected, door wide open even, but it is in my house. I stored that TV in my house, not in their hands on the street.
Do I have the right to call the authorities?
I know this is a simplistic point of view. Why did Google have the ability to collect the data, store it, but not have the ability to delete it straight away?
This is irresponsible. It is no good to shrug the shoulders. The news release advising the public of Google’s mistake is PR, and it is desgined to start the trickle of slowly diffusing the situation. Google will state that they came clean about it – weak…
If this was a person who accidentally stole my television, he would be prosecuted.
Yes Google has seen and has knowledge of the data, but they have no right to store it.
Google did the right thing they admitted they collected data. Now those same people on the same networks need to ask themselves how many other people have been sniffing their networks as they drive by or live next door? The bigger issue isn’t google is some super power that can just get into anything, its that it is completely and utterly wide open.
Take it as a warning, your data is not safe, fix it!