Forgot your password?
typodupeerror
Google Privacy The Courts Wireless Networking Your Rights Online

Google's Streetview Privacy Snafu Prompts Lawsuit 418

Posted by timothy
from the bloodsucking-lawyers dept.
shmG writes "Google's secret data collection has prompted a class-action lawsuit that could force the company to pay up to $10,000 for each time it recorded data from unprotected hotspots, court documents show. The incident, which the company claims to have been unintentional, has prompted the ire of governments and privacy groups around the world. Google collected information that could be used to identify users, including 'the user's unique or chosen Wi-Fi network name, the unique number given to the user's hardware ... [and] data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being sent over the network by the user,' the suit stated."
This discussion has been archived. No new comments can be posted.

Google's Streetview Privacy Snafu Prompts Lawsuit

Comments Filter:
  • by OrwellianLurker (1739950) on Thursday May 20, 2010 @11:53PM (#32288984)

    Google collected information that could be used to identify users, including "the user's unique or chosen Wi-Fi network name , the unique number given to the user's hardware...[and] data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being sent over the network by the user," the suit stated.

    That should read:

    Google collected information that could be used to identify users, including "the user's unique or chosen Wi-Fi network name , the unique number given to the user's hardware...[and] data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being broadcasted publicly by the user," the suit stated.

  • by plover (150551) * on Thursday May 20, 2010 @11:54PM (#32288990) Homepage Journal

    If they lose the class-action suit they'll just have to pay the lawyers and give out discount coupons for Google search.

    Maybe they'll have to offer free links to advertisements for people to put on their web pages.

  • Unencrypted Wifi (Score:5, Insightful)

    by Anonymous Coward on Friday May 21, 2010 @12:04AM (#32289050)

    Vicki Van Valin ... said that their homes' wireless networks were infact not password protected... In connection with her work and home life, Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless network. A significant amount of the wireless data is also subject to her employer's non-disclosure and security regulations

    WTF. Her security was certainly broken, but not by Google - she broke it herself. She should be fired for not using encryption. I know it's wrong to wish ill upon somebody, but in this case, the security of her employer's data is more important than her job. If she does this kind of stupid stuff, she should get a job not involved with confidential data.

    The pair also claimed to have sent credit card and banking data over their networks.

    If you send your credit card info and bank info over unencrypted HTTP, you have bigger problems to worry about than Google.

  • by Rophuine (946411) on Friday May 21, 2010 @12:06AM (#32289056) Homepage

    This is beyond ridiculous. It's no different to standing on your front lawn naked for everyone to see, and then being upset when the streetview van snaps you naked. I can't see why people have any expectation of privacy for unencrypted public-broadcast wireless traffic. The creepy guy across the road is probably logging it all anyway, right?

    Everyone is yelling things like "it's clearly violating privacy and European laws", but I want to know how, and which laws. I'm just not buying it.

  • by gbrandt (113294) on Friday May 21, 2010 @12:15AM (#32289114)

    I am a programmer. I can honestly say that I have never saved data, via code, that I did know I was saving. There is no such thing as unintentional data.

  • by Darkness404 (1287218) on Friday May 21, 2010 @12:21AM (#32289168)
    You are one programmer. Google is dealing with hundreds of programmers and -huge- programs. Some bit of old code they thought they deleted or disabled really wasn't, it got a bit of data, Google realized it, and is going to delete it. I don't see how this is sooooo terrible. This is less data per user than your neighbor with Wireshark running for 15 minutes would get, if you care about your privacy use encryption. Simple as that.
  • by Shikaku (1129753) on Friday May 21, 2010 @12:27AM (#32289204)

    That analogy is incorrect. The door doesn't exist. It's just a gaping hole in the wall of your house.

  • by dubdays (410710) on Friday May 21, 2010 @12:28AM (#32289210)

    this, this, this and this!

    If you leave your AP unsecured like a dumbass you get EVERYTHING you deserve.

    This isn't about open APs...this is about SSID broadcast traffic only. You can have a rather secure wireless network and still have it broadcasting its name.

  • by blackraven14250 (902843) on Friday May 21, 2010 @12:33AM (#32289248)
    You should turn off the damn broadcast if you really care whether it's gonna get picked up by everyone within range. Most wireless routers, if not all, have the option to turn off SSID broadcast. It's like saying "ZOMG teh Googster decided to listen to this radio broadcast I meant only for me to hear, despite me using enough power for it to be heard anywhere within a mile!"
  • by Striek (1811980) on Friday May 21, 2010 @12:38AM (#32289278)
    Ridiculous to you, maybe... To my 80 year old grandmother, maybe not. This is not a technical debate. Google is a multibillion dollar corporation and as such, is expected to exercise a modicum of responsibility when it exercises the powers those multi billions of dollars grants them. Average Joe user may have absolutely no clue his WAP is broadcasting in the clear, nor should he be required to have that technical talent, anymore than we should all be expected to be car mechanics . The alternative is putting governmental pressure on everyone to purchase Best Buy "security services" when they purchase a router. Many of these WAPs are also provided by ISP's with an insecure configuration, and consumers are never told. This should be controlled at the point of distribution, not the point of consumption.
  • by tukang (1209392) on Friday May 21, 2010 @12:40AM (#32289286)
    Here's another analogy. Leaving your keys in the ignition when you go to the store. It's a stupid thing to do, it's against the law (just as leaving your wifi open is in Germany [slashdot.org]) but that doesn't mean when someone steals your car the police shouldn't go after the thief.
  • by Rophuine (946411) on Friday May 21, 2010 @12:54AM (#32289376) Homepage

    If somebody steals your car, they've committed a crime against your property. That's pretty much covered in the laws of any country.

    If somebody looks at you, they've intercepted photons which you discarded by reflecting them. If someone takes a photo of you in public, they've recorded photons which you sent out into public space. Recording unencrypted wifi frames is much closer to the final analogy than the first.

  • by aepervius (535155) on Friday May 21, 2010 @12:59AM (#32289396)
    As another poster pointed out "Germany's privacy laws generally restrict photographs of people and property without a person's consent, except in very public situations, such as a sporting event." therefore your example is TYPICAL of what is *NOT* allowed to to be saved without your consent. It is not the fact that you can be looked at (or the data packet inadvertently caught) it is the systematic saving of the same data (or phtography) which is udner fire.
  • by pclminion (145572) on Friday May 21, 2010 @01:04AM (#32289418)
    This'll send Google a clear message -- honesty doesn't pay off. If you fuck up and overstep your bounds, for crissakes do NOT let anyone know you did it.
  • I do not care about people "misconfiguring" their home networks. I'm going to make an awful car analogy: if I do not perform properly educate myself on the operation of a motor vehicle and perform the minimum routine maintenance on it, I can't bitch when something goes wrong. By the way, people deserve the rights they can defend; that's a founding principle and a basic manifestation of natural selection.

    Let's try a different analogy: if you build your house out of glass, you can't blame folks for looking in. The fact that someone might not find this "obvious" just because it involves a home router bought at BestBuy does not absolve that person of responsibility for the equipment's prudent use. We do not live in a nanny state (at least not quite yet, not to the degree that some folks in Congress would like [at least for those USAians reading this post]), and I strongly object to most attempts to push things in that direction.

    The bottom line is simple. For years and years and years mainstream consumer network equipment has offered point and click wizards for enabling even the most basic of security measures. If people cannot be bothered to at least try to learn about a device they have bought and installed at their home, or consult someone with a 6th grade education to do it for them, I honestly don't have a lot of sympathy for their plight.
  • by pclminion (145572) on Friday May 21, 2010 @01:16AM (#32289486)

    Wat i don't understand is why google is running a packet sniffer and collecting this data; You cant do this highly technical thing unintentionally!

    Bullshit. Have you ever created a buggy tcpdump filter, started the logger and went home for the night, then came back in the morning to find that you'd filled up a 300 GB disk with nonsense because you made a typo? I have.

  • by QuantumG (50515) * <qg@biodome.org> on Friday May 21, 2010 @01:25AM (#32289524) Homepage Journal

    We *still* don't get what your point is.. if you're broadcasting ANYTHING, even if it is just random numbers, people are FREE to collect that information. There's a little button on the side your router that lets you turn it OFF, do that if you just can't stand the idea of people receiving what you're sending.

  • Let's see. (Score:2, Insightful)

    by Anonymous Coward on Friday May 21, 2010 @01:30AM (#32289548)

    We have....

    • millions of privately installed security cameras
    • millions of government-installed security cameras
    • the ability of governments to monitor all financial transactions
    • the ability of the government to look at your banking account at any given time for any reason whatsoever
    • until a few weeks ago, the obligation for every telco to keep detailed records of all your activities, and that's probably returning in some form sooner or later
    • politicians who want blacklists for the internet that nobody except the federal police can know ('stop signs')
    • companies that collect so much data about you via bonus cards, credit cards and other means they probably know you better than your wife

    And they're complaining because Google sniffs small bits of unencrypted network traffic? I'm a privacy advocate myself, but this is utterly rediculous.

  • by Rophuine (946411) on Friday May 21, 2010 @01:49AM (#32289638) Homepage
    This. That's basically what happened, if you read Google's explanation, only on a StreetView van which is saving dozens (hundreds?) of megabytes of uncompressed TIFFS every minute or so, 300GB here or there is a drop in the bucket.
  • by DDLKermit007 (911046) on Friday May 21, 2010 @02:12AM (#32289764)
    Uh yeah, boooo corporate America for saying they made a mistake they had NO reason to tell anyone other than they actually do care. Which is why they pulled the project from going forward till this useless data was expunged (never used for anything). This whole thing is big non-issue to people who understand what happened. At worst their system captured a network name, and a couple useless frames of data that mean jack shit. And really, I don't give a crap if your some 80yr old lady who bought a Linksys router that didn't know how to configure it. It's each person's duty to lock their home, and make sure they didn't leave any windows open. A wireless network is to be treated the same. If the same 80yr old lady had a break in with the locks bolted on vs unlocked, her insurance company sure an't gona pay shit (and I sure wouldn't feel bad for her) because she DIDN'T SECURE HER DAMN HOME!!! Her data is to be handled the same damn way.

    And as an aside, if Google's streetview captured you passed out & naked on your front lawn, that's really your problem, and your own damn fault. You were in public. I'm sure if you asked them nicely, they would blur your ugly duff out. It's what they are doing with the data at this time. Go fist-waving at a subject that matters PLEASE. Like the BP oil spill. Oh wait, that's not something you could possibly financially have some gain from.
  • by totally bogus dude (1040246) on Friday May 21, 2010 @02:14AM (#32289778)

    You can still get the data if you happen to be using the wireless network at the time they come past.

    But really, the issue here is about aggregating seemingly harmless data in an easily accessible format. For example, anyone can drive/walk down a street and see whether your car is in the driveway, and from that ascertain whether you're home or not. Anyone can hang out on the footpath or other public area and keep an eye on your property and make notes on your coming and going.

    So where's the harm in doing that on a large scale in an automated manner? But it's pretty clear that it's not going to be in many people's interest to have a website where you can easily find everyone who isn't home at the moment in a particular neighbourhood.

    Ease of access to information does play a part in our privacy, as even a false sense of security is still a sense of security. For example, "reverse phone books" that provide name/address from a phone number, tend to be pretty controlled, even though the information in them is all entirely public (just indexed in the opposite direction). So on the one hand it doesn't prevent people from engaging in certain types of antisocial behaviour; but it does increase the amount of effort required to do so.

  • by beh (4759) * on Friday May 21, 2010 @02:40AM (#32289892)

    "The creepy guy across the rad is probably logging it all anyway, right?"

    That may be - but if he got caught, he wouldn't be able to hide behind 'by mistake' or any other excuse.

    Google got caught, that's what's the difference.

    Also, do not forget, that you and me may know enough about hardware/software and how to configure our WiFis to be encrypted, password-protected, ...
    But do not assume that most people out on the street would KNOW this, or even be aware of the problems connected with it - the law needs to protect those people, too.

    If you enter someone elses house uninvited, but hey - the door was open - and then leave, while taking some fairly private details (copies of receipts, ... other information that might be relevant for ID theft). Do you really think, if you got caught, a court would let you get away with "well, the door had been left open...", or do you think, you would still get convicted (it wasn't your premises, you had no right of being there) - you might get some small relief out of the owner of the property not protecting it (by locking the door), but it would still be illegal to enter uninvited.

    The same holds true for both the creepy guy across the road, and a multi-national like google.

    The thing I don't get about google, is how they can claim that it was by accident. Sure, it was by accident, we started some software that would take dumps of data-packets and store them, when all they wanted to do was just take photos.

    I would believe google just about that they didn't want to use the data to break into the systems of the people involved, but maybe to make up some nice stats of how many unsecured/unencrypted connections they found. But that wouldn't have required storing the data.

  • by CaptainZapp (182233) on Friday May 21, 2010 @03:08AM (#32290006) Homepage
    Yes, it's probably against the law in most jusridictions to steal cars. Hover, other laws differ from country to country and in the US, where you obviously reside, they differ from state to state, even.

    Example? Sit onto a bench in central park and drink a beer? Busted! This is perfectly legal in most of Europe. Another example? Drink a beer at the tender age of 17? In most of the US a crime in most of Europe wine and beer can be consumed from 16 up. In Switzerland a 17 year old boy can screw a 15 year old girl (or vice versa) without falling afoul against the law. Something, I would guess, gets you stamped as a felon and a sex offender agains kids for the rest of your life in most states

    There's a whole damn library [europa.eu] about privacy legislation throughout the EU.

    Those binding directives must be implemented into law in all of the EU countries. You can add Iceland, Norway and Switzerland to the mix. This partially translates to criminal offenses if violated and yes - systematically storing and processing personally identifiable data without permission, reason and safeguards may be a crime depending on circumstances.

    You may claim that this is stupid. I for one however rather sip a beer, sitting on a park bench on a sunny day then have my private data (including phone, financial and medical data) splattered around the world and sold to every sleazy marketoid that pays for it.

    Your priorities may differ, of course.

  • by dhavleak (912889) on Friday May 21, 2010 @03:11AM (#32290024)

    It's no different to standing on your front lawn naked for everyone to see, and then being upset when the streetview van snaps you naked.

    But there are huge holes in that analogy.

    Standing naked in your yard is something you would not unintentionally / unknowingly do. Tech-challenged users might not know anything about WEP/WAP/etc. and might not even in their wildest dreams have thought that everyone can access their WiFi willy-nilly. It's not the same thing. People absolutely do setup have an expectation of privacy when they setup their routers -- even if they have never actually thought about it. Especially if they have never thought about it -- it's basically expected of a user who knows nothing computer related. Google shouldn't be taking advantage of their ignorance.

  • by FireFury03 (653718) <slashdot@nexusuk . o rg> on Friday May 21, 2010 @03:21AM (#32290098) Homepage

    Average Joe user may have absolutely no clue his WAP is broadcasting in the clear, nor should he be required to have that technical talent

    Why? Why should people expect complex technology to do what they want without having any understanding about how to make it do that?

    anymore than we should all be expected to be car mechanics

    Of course we don't all need to be car mechanics. However, cars are not designed to work perfectly for their whole lives without a mechanic doing some work either. Most people understand that they need to get their car serviced - if they can do this themselves then fine, but those that can't can take it to a professional to be serviced. Why is wifi so different? If you can set it up yourself then fine, otherwise damned well pay a professional to do it for you.

    Complaining that your wifi is insecure (because you didn't know how to set it up) is like complaining that your car broke because you didn't understand how to service it - in both cases, if you didn't understand how to do it you should damned well have paid someone who did.

  • by Requiem18th (742389) on Friday May 21, 2010 @03:21AM (#32290100)

    Just one of these stupid posts should be allowed per Google-SSID article. All the other ones are redundant.

    Ok, why is this stupid? Because the entire world has grown up to understand the idea that there is a difference between doing something and doing something a lot.

    There is a difference between peeking in a magazine and reading it at the store.
    There is a difference between listening to music and listening to music at 100dbls in a party.
    There is a difference between walking around naked in your house and doing so in your glass house.
    There is a difference between selling your old computer in your garage and turning your garage into a used hardware store.
    There is a difference between selling your 2 tickets to a concert you won't attend and selling your 100 tickets to the same concert.
    In fact the whole RIAA has successfully sold (or rather bought) the idea that it is not the same to share a movie with your friend than sharing it with your other hundred thousand friends.

    And yet you are unable to understand that there is a difference between broadcasting SSID and MAC addresses to let your equipment interoperate inside your home and volunteering them to a global geolocating database of the entire Internet!

    And yet you are unable to understand that there is a difference to let your neighbors see your face and having an omnipresent and omniscient entity mapping and logging every detail about you!

    These people didn't opt-in into this, they never even knew about it, and if they knew, they would have opted out.

    Google is abusing both people's thrust in their neighborhood --who could have known that Google is watching you everywhere?-- and their ignorance. Is it ok to take something from someone just because they didn't knew they had it?

    Google basically played "easier to ask forgiveness than ask permission". Are you really so incapable to realize the difference between an individual and a corporation?

  • by FireFury03 (653718) <slashdot@nexusuk . o rg> on Friday May 21, 2010 @03:34AM (#32290158) Homepage

    You can perfectly legally watch me go down the street, but in most jurisdictions you better have a damned good reason if you're filming me.

    Which jurisdictions are these? In most jurisdictions, you're well within your rights to film pretty much anything happening in a public place. You might not be able to _publish_ that film without consent, but that is different.

  • by FireFury03 (653718) <slashdot@nexusuk . o rg> on Friday May 21, 2010 @04:43AM (#32290564) Homepage

    He's talking about EU jurisdictions. And it is the law here, rightly or wrongly.

    Umm, no it isn't. Here in the UK (which is an "EU jurisdiction") you can most certainly take photos of pretty much anything in a public place. There are laws regarding what you can _publish_ without people consenting, but you're free to take photos for personal use.

    This is why there has been such an uproar about the police confiscating cameras, etc. when people take photos of them, because (no matter what the police claim when they confiscate the photos) it is completely legal for people to do so.

  • by Rophuine (946411) on Friday May 21, 2010 @04:57AM (#32290622) Homepage

    Ok, why is this stupid? Because the entire world has grown up to understand the idea that there is a difference between doing something and doing something a lot.

    There is a difference between peeking in a magazine and reading it at the store. There is a difference between listening to music and listening to music at 100dbls in a party. There is a difference between walking around naked in your house and doing so in your glass house. There is a difference between selling your old computer in your garage and turning your garage into a used hardware store. There is a difference between selling your 2 tickets to a concert you won't attend and selling your 100 tickets to the same concert. In fact the whole RIAA has successfully sold (or rather bought) the idea that it is not the same to share a movie with your friend than sharing it with your other hundred thousand friends.

    There is a difference between buying a t-shirt and buying 10,000 t-shirts. There is a difference between running 1km and running 100km. That doesn't make buying 10,000 t-shirts or running 100km illegal. I get that there are differences. But in general, if doing something once is legal, doing it lots is also legal. You need specific laws (noise control, scalping, and so on) to make lots of something illegal when a little bit is okay.

    And yet you are unable to understand that there is a difference between broadcasting SSID and MAC addresses to let your equipment interoperate inside your home and volunteering them to a global geolocating database of the entire Internet!

    A number of companies have done this before Google, and they're not in trouble. There's an iPhone app.

    And yet you are unable to understand that there is a difference to let your neighbors see your face and having an omnipresent and omniscient entity mapping and logging every detail about you!

    Hardly every detail about me. Actually, pretty much nothing about me (in this instance). I opted out by turning encryption on. People should be suing the companies that sold them WAPs with encryption off by default and didn't explain to them that they were broadcasting their traffic to the public by using it. Even if my encryption was off, one or two frames of network traffic is far from "every detail about [me]". I think you're panic mongering.

    Google is abusing both people's thrust in their neighborhood --who could have known that Google is watching you everywhere?-- and their ignorance. Is it ok to take something from someone just because they didn't knew they had it?

    Google basically played "easier to ask forgiveness than ask permission". Are you really so incapable to realize the difference between an individual and a corporation?

    Google is not watching you everywhere. Panic monger. Google is driving around taking photos (this shouldn't really surprise anyone) and collecting information about public networks. Not much information, by the way - a little more than they intended to, but when they discovered that they stopped it, and disclosed. I just don't get the big deal. They didn't collect anything that any member of the public couldn't. When they realised they had more than they'd planned to collect, they disclosed and started deleting.

  • Google is evil (Score:4, Insightful)

    by JeffSpudrinski (1310127) on Friday May 21, 2010 @06:28AM (#32291032)

    Google is evil. Period.

    Why do people insist in acting surprised when they find that Google can't be trusted. Google's object is to know as much as possible about YOU. They will find that out, then attempt to find ways to exploit that information without actually doing anything illegal. They got caught in this instance and realized that they should tell someone they did it rather than a whistleblower...which would have been even worse.

    Greed = Google.

    Just my $0.02.

    -JJS

"Trust me. I know what I'm doing." -- Sledge Hammer

Working...