Germany Demands Google Forfeit Citizens' Wi-Fi Data 318
eldavojohn writes "Germany has ordered Google to give up hard disk drives used to store German data collected during their Street View operations in that country. This follows Google's admission last week (after prodding from the Germans) that it had collected the data from unsecured wireless area networks from around the entire world as its roving cars collected the photo archive for Street View. Google says they've offered to just destroy the data, in cooperation with national regulators, but the German government wants to know what they've collected. They do not think that destroying the drives suffices for compliance with the laws. Officials went so far as to say of the situation, 'It is not acceptable that a company operating in the EU does not respect EU rules.' Germany has certainly been keeping their eye on the search giant." The Ars coverage notes that the US FTC may be looking more closely at Google's collection as well.
Privacy laws (Score:2, Insightful)
I seriously hope more EU countries will demand the same thing. It's outrageous
how Google blatantly breaks laws, especially privacy ones, and get nothing for it.
Whoever in the EU parliament will impose big fines for Google breaking privacy laws gets my vote. It seems it's the only way Google will learn. They have previously too pissed of Germany on privacy issues [slashdot.org].
US may not do the same, but Europeans take privacy seriously. We have had our governments to completely different agendas many times in the history. It also doesn't help one thing that Google is an US company and US government can get access to all of our data even while those people aren't US citizens. Don't use Google services you say? That's a little bit hard when they have their cars driving around sniffing web traffic.
Viviane Reding, the European justice commissioner, criticized Google for not cooperating with German privacy officials.
"It is not acceptable that a company operating in the E.U. does not respect E.U. rules," she said in a statement released by her office.
This is what Google should learn.
Hmmm (Score:5, Insightful)
Google [has] until May 26 to hand over one of the hard drives that it had used to collect and store information in Germany, where Street View is not yet available.
Through a spokesman, Google reiterated its offer to destroy the WLAN data in conjunction with regulators, but stopped short of saying it would hand over a hard drive, which would allow regulators to see for the first time what kind of data had been collected.
So they're happy to "destroy" is but don't want to turn it over so Germany can see exactly what they were gathering? Smells fishy to me.
Re:Privacy laws (Score:5, Insightful)
Re:Privacy laws (Score:5, Insightful)
Re:Privacy laws (Score:5, Insightful)
Actually, I kind of agree with Google's position about destroying it.
I mean, it boils down to "you have collected something which is illegal and invasive to have ... why don't you give it to us and we'll, er, keep it safe."
I agree that if Google is actually scraping people's email and stuff from unsecured wireless that's a huge invasion of privacy and is a very bad thing. But, handing the same information over to a government who wouldn't be allowed to have it either doesn't seem any better.
A few things. (Score:5, Insightful)
1. If you run an unencrypted 802.11 network, expect your data to get pwned.
2. It was an accident of code reuse (seriously, guys, code-reuse accidents happen quite often).
3. If people were just casually using the internet, https saved their stupid little asses from letting their data out in the wild.
4. Why do we trust the German government (or any EU government, for that matter) with this data more than we trust Google? I know that the EU is better about not giving companies a blank check, but let's not forget about the kind of crap that governments pull. This is a surveillance freebie, provided that the illicit persons being surveilled are professional idiots (i.e. had an open network).
Google screwed up, but has the Google-hatred here risen to such a high degree that we're okay with just handing over even accidentally-collected data to the government? I'd at least insist on an independent auditor, to make sure that government abuses of the data didn't take place. With Google's resources, I'd go so far as to take it to the (largely impotent) EU court of human rights.
Oh i get it. (Score:5, Insightful)
Google collected broadcast data by accident, but as yet has not violated my privacy.
So the German government wants Google to violate my privacy by giving my data to the German government.
Which is (as many have pointed out) exactly who i want to be protected from when I decide to consider my data private.
Germany needs to be sat down in the back of the EU with a tall, cone-shaped hat on its head. Again.
Re:Privacy laws (Score:2, Insightful)
Germany as it is after WWII isn't exactly the same Germany it was before it. Allies set up the new government, laws and everything else. In fact, I think it taught a lot of Germans and other Europeans the need for privacy.
Besides, Hitler was really from Austria, not Germany.
Re:Privacy laws (Score:5, Insightful)
There's a massive difference between wired communication and wireless. If you honestly can't see that (which I truly doubt is the case), you could be in the parliament of an EU member state!
Seriously, security is the answer to security. Making it illegal to detect and record open-air RF is like making it illegal to see things.
Re:Getting punished for "doing the right thing" (Score:5, Insightful)
But that's not what has happened *at all*. From the article of the slashdot story this story links to:
They're basically saying "let's just forget anything happened" by offering to delete the data. Uh-nuh, not really how it works. If they didn't pay attention and ran software that violated privacy laws, they should be punished. THEN we can delete the data...
What are you talking about? What "persecution"? If they violated laws, they get punished. Where's the problem? I'd rather have corporations involuntarily investigated, than then "admitting their wrongdoings" and there being no consequences for it.
Re:Privacy laws (Score:1, Insightful)
Only if you have naturally developed wi-fi receiving capability. I'd consider a laser microphone to be breaching my privacy, and possibly infra-red cameras and binoculars in certain circumstances.
Re:Great News! (Score:3, Insightful)
Google's already freely stipulated that they did something wrong. If they're willing to admit that they broke the law and collected this data, then why would the German government still need this data?
Oh, that's right, only because it's a treasure-trove of never-needed-a-warrant-in-the-first-place data.
An independent auditor is the nearest thing we'll get to fair inspection of this, but they'll just hand that crap over to the government, anyway. Let's face it:
1. This data is most probably completely useless junk.
2. On the off chance that there are little nuggets of valuable information in this data-set, the only way to safeguard the individuals who had their data recorded is to delete every copy of it.
The EU's prevailing belief, that businesses tend towards malfeasance and must be held in check by the government, is a valid one. The founding American belief, that governments tend towards malfeasance and must be held in check by the people, is also valid. Google's trepidation certainly seems more populist than corporatist in this case.
Re:Privacy laws (Score:5, Insightful)
What Google did to the data is exactly the same thing you have done if you've ever recorded video or audio in a public place. You have data (sound and images) of people in public. If these people had unsecured wireless, they were sending their data into the street for the world to hear.
Re:Privacy laws (Score:1, Insightful)
Are you for real? Germany have been a beacon of democracy in Europe since World War II ended, a driving force in the European Community and have actually outlawed the movement you refer to, which started almost 78 years ago and was crushed to death 13 years later. 13 is, incidentally, just how long Google have been in business. You should be modded down as an ignorant troll, not given virtual pats on the back from other ignorant trolls.
Besides, Google's track record is infinitely worse than the German government's during Google's short lifespan.
P.S.: it's "whose", not "who's".
Re:Privacy laws (Score:4, Insightful)
I have to agree. While it's great that the European countries take privacy seriously, there is a real problem here. If someone transmits radio waves into public space - heck, into your house, your car and through your body - just how can any sensible person say you do not have a right to receive those radio waves? This is especially ridiculous outcomes in the case of wireless networks, since practically every European citizen carries a wireless receiver (in their mobile phone) all the time. There can be no expectation of privacy here.
As a related anecdote, Google has gotten in trouble in Switzerland because their camera is mounted higher than a person's normal eye level. This is a much more valid complaint, as it means that the camera occasionally sees over hedges and fences and into windows that people did reasonably consider to be out of the public view.
Re:Privacy laws (Score:3, Insightful)
Most people know that its generally a bad idea to have unsecured Wi-Fi, just as its a bad idea to leave your windows open in a bad neighborhood. One person's stupidity doesn't give another the right to take advantage.
Re:Privacy laws (Score:5, Insightful)
Who's track record is better?
In recent years? EU governments (or Germany in particular) vs. US corporations (or Google in particular)? Seriously?
Europeans have learned some hard lessons from history, some of them still within living memory. One of them is a healthy distrust of government; you may have noticed that we have removed several formerly powerful administrations from office in recent years. But another is that the US does not hold its businesses to account very effectively. Thus, we tend to take a rather stricter line with big business in many respects, privacy and data protection among them.
As long as it is the privacy/data protection authorities who are arranging the destruction of the data (and potentially bringing legal action against Google), and not any other branch of government who have no more legitimate right to access that data than Google, I would far rather the drives were removed from Google's hands.
Re:Privacy laws (Score:3, Insightful)
Again, that isn't what occurred. This would be like you walking into the police station saying "Hey, an automated script on my computer downloaded child porn, when I meant to download anime. Going to go delete it now."
You clearly have no understanding how RAID, SANs, or databases work. One hard drive will have nothing readable on it.
Re:Great News! (Score:3, Insightful)
how does giving the wifi data to a government solve anything.
That was my first thought, too. First of all, handing it over doesn't guarantee that you haven't made a copy of it. And distributing either an original or a copy doesn't guarantee any security, even if it is the German government.
Besides, there's the obligatory troll, you know who *else* was a German government? Someone's gonna go there...
Re:Getting punished for "doing the right thing" (Score:4, Insightful)
> It's sad that Google is getting punished for "doing the right thing" and being honest about their screw-up.
This comment reminds me of the movie "The Quiz Show", when Van Doren confesses his role in the rigging of the game during a House Committee meeting. At first some people congratulates him for coming forward, but then the chairman says: there is no merit in telling the simple truth. Then everybody applauses.
Re:A few things. (Score:3, Insightful)
4. Why do we trust the German government (or any EU government, for that matter) with this data more than we trust Google?
Why do we trust Google more with it than the government? Right now, only Google knows what exactly they captured. The government wants to know, too. Because they want to snoop on you? Please, be serious. Don't you think they could've their own streetview cars on every corner if they wanted to?
I personally think our current german government stinks and is probably the worst one we had since the founding of the federal republic. But a rational view says me it's a lot more likely they want the data so they can make a better estimate about how bad Google screwed up, than it is that they can't do their own surveilance and thus think a public demand for this data would help them in anything.
Though I agree an independent auditor would be best. But who do you pick? Anderson^H^H^HAccenture?
Re:Privacy laws (Score:4, Insightful)
Wrong analogy. Open WiFi is like opening your windows and then walking naked in front of it (or do anything else that you want to keep private) and then be mad at somebody else when they see you.
Re:Privacy laws (Score:4, Insightful)
How wrong you are. Open Wi-Fi is like an open window in your house - just because you leave the window open doesn't mean its okay for anybody to climb in and "have a look around".
Nobody climbed into the house. They looked through the wide open window while standing in the street. Don't like it? Close your window and draw the blinds.
Re:MOD PARENT UP!! (Score:4, Insightful)
Re:Oh i get it. (Score:5, Insightful)
Lets assume the quality control for code vital for a project costing many millions was slack enough to let this kind of feature slip by test.
Would they have failed to notice them filling dozens of HDDs a week when they should've only needed a small number for a country?
When they went home and looked over the data, you think they didn't notice that they were capturing significant amounts of data alongside SSID, IP and location information?
They knew all about this and did nothing to stop it. Heck they probably saw it as a bonus (must've kept doing it for a reason, the data storage would eat up valuable budget money)
Re:Privacy laws (Score:3, Insightful)
For example in Sweden stores that contain security cameras *must clearly note so* outside the store. By law you are required to tell people if you are recording them.
In many EU countries there is also expectation of certain privacy even in public places.
Does Sweden have any amusement parks or other public venues? If so, can one bring in a camcorder? If so, how does one go about getting all the notifications signed and legally processed from all the passers-by?
Unless of course these laws are as selectively enforced over there as they are over there, that is...
Re:Privacy laws (Score:3, Insightful)
Besides, Hitler was really from Austria, not Germany.
And what of all the people who supported his rise to power, and followed his orders? All Austrians as well?
Re:Privacy laws (Score:2, Insightful)
Do you mean IP addresses? That would at least be believable. What good would a map of MAC addresses be?
MAC addresses, that are guaranteed unique and stuck to a device for life (theoretically -- although many routers can adopt an arbitrary MAC to "clone" the router they're replacing), accessible on all networks (regardless of encryption), and great for geolocation, which is what Google obviously wants them for (and what GP suggested)... and you're asking what good a map of them would be?
But you think they want IP addresses, meaning those ones usually handed out by DHCP (thus volatile), almost always on class C private subnets, and (at least around here) almost always on the same two (192.168.0, 192.168.1) subnets? And it doesn't even give you that useless data for encrypted networks, since (duh) the IP addresses are encrypted, too. For geolocation, aparently, since you didn't dispute that bit? That's your definition of "believable"?
... wasn't intentionally recorded (according to Google, which is believable.)
I don't believe that for a second. Perhaps permission wasn't acquired from management and legal council, but that's not the same thing as unintentional.
As for the inability to believe that it was unintentional, /. comments when the all-your-data-are-belong-to-google story broke the other day were basically three comments, repeated over and over:
If you'd read that discussion at all, you'd understand that either Google is paying the world's largest army of astroturf defenders, or that accidental data collection was in fact quite plausible. If you had any knowledge of networking (don't worry, you've already disproved that with your previous point) and programming, of course, you'd have realized it to start with.
So, in summary, either you don't know what you're talking about and haven't even been following the discussion to try to inform yourself, or are simply blinded by corporation-hate. Either way, why the fuck are you wasting our time and bandwidth with your ignorant comments?
Re:Oh i get it. (Score:3, Insightful)
Exactly. People who think Google could have done this "accidentally" must not have ever done any project involving storing data.
The data Google collected must have gone through tens of Google employee, you know, the Google that is famous for its very high bar on hiring only those highly skilled, motivated, engaged, creative employees, AND the company's main expertise is data minning.
Is it likely that all of them didn't notice the extra bulk of data coming in? Heck, some of them might even have been using thier famous 20% time analyzing this data for we know!