Google's Streetview Privacy Snafu Prompts Lawsuit 418
shmG writes "Google's secret data collection has prompted a class-action lawsuit that could force the company to pay up to $10,000 for each time it recorded data from unprotected hotspots, court documents show. The incident, which the company claims to have been unintentional, has prompted the ire of governments and privacy groups around the world. Google collected information that could be used to identify users, including 'the user's unique or chosen Wi-Fi network name, the unique number given to the user's hardware ... [and] data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being sent over the network by the user,' the suit stated."
Re:Exploitative Assholes (Score:3, Interesting)
This is crap. You're obscuring the issue completely. Try this analogy instead:
If you were standing naked on your front lawn with no fence or anything, and I'm walking down the road taking a video, is that ok? And of course, it's you're fault for standing out naked where everyone can see you. Google didn't have to peer in from the top of your tree: You were broadcasting this stuff to everyone anyway.
Journalism slacks again. (Score:1, Interesting)
Which federal statute? Which jurisdiction was the lawsuit filed in? In what way was the law violated?
But seriously, lawsuits are the way that the US has decided that facts should legally be determined. This lawsuit could be useful if it is determined that users are responsible for their own data security to some degree.
There is a legal precedent called caveat emptor (buyer beware). There should also be one called 'user beware'. The woman claims to work with 'high technology' and yet she claims that Google 'stole' her data. I find this depressing. If you don't want your credit card info sniffed, use a wired connection and HTTPS.
As far as the $_CORPORATE_ENTITY bashing goes, meh. Any company that tries to do something no one has done before WILL get sued. It takes time for people to become accustomed to the new idea and construct a legal framework for it. Your neighbor drives by your house every day, and has the opportunity to sniff your wireless traffic everyday. This could be considered long term snooping, or it could just be being your neighbor. Same with google. It could be a massive plot to construct a database of everyones personal information, or it could be an attempt to construct a new and useful service.
Legal or Not, WHY Did This Happen? (Score:4, Interesting)
Some are complaining that this was some kind of breach of privacy, maybe breaking several laws (very debateable). Others are asking why this is even an issue since unencrypted wifi is freely viewable. So what on any of that!
Why was the Google StreetView system collecting this data to begin with?
Really, to collect this data, the street-team had to be running wifi in the vehical, purposely vacuuming all the data it could snif out of the air, and dumping it to a rather large drive. Why did this setup exist? Why was this system actively aquiring all this data? Was this being done by some of the streat-teams, or all?
My thoughts are that this really was a simple mistake, likely from a misconfiguration. The likely intent was to gather open access points, like war-driving writ large, but a misconfiguration led to aquiring more than just the AP location/name/basic config- it grabbed whatever was being transmitted at that time. Of course, an oops like that, that was then allowed to continue (possibly), could be a firing-offense as it should have been better setup.
Re:Google shouldn't worry (Score:5, Interesting)
I'll agree with you and disagree with you. I'll agree that what they are being charged with doesn't hold water particularly well. I'll disagree with you in that there is a much larger consideration you aren't seeing.
As alluded to in the summary, Google is good about collecting data about faceless, location-less individuals from all over the internet. We still feel quite anonymous because we clear our cookies and browser cache and history or at least take comfort in knowing the option is there. It was all good because in this case, we all go to Google more or less voluntarily with our searches and queries and other things. But now, Google is mapping the OTHER side of the pipe as well... not just the end of the pipe they own -- the one people more or less voluntarily use -- but the end of the pipes we, as end users own. Now, with all this wifi-data collection, there is very real potential for complete identification of a great many individuals that they have been building from the very first days.
What I am saying is that it is all well and good to collect data when people bring it to you. But when you go about collecting it in this way, it can be at the very least, more disturbing.
Re:Google shouldn't worry (Score:3, Interesting)
I'm still wanting to know how Google violated your 80-year-old Grandmother's privacy, and which laws they broke.
I'm really confused by the fact that you're mad at Google, but you say the insecure configuration on WAPs should be controlled at the point of distribution. Google didn't distribute the WAP to your Grandmother.
If your Grandmother is worried about her privacy, the fact that Google is driving down the road collecting one or two out-of-context frames is not relevant to her. The fact that the people next door are connecting to her WAP, browsing through her network shares, and looking at child porn through her connection is.
The whole point here is that Google hasn't done anything wrong, but anyone whose data they collected is, by implication, leaving themselves open to untraceable crime and privacy invasion which have no correlation to any data that Google did or didn't collect, and would remain unchanged even if Google had never been near their house.
Re:get rich (Score:4, Interesting)
So, uh... What you're saying is that, in a contingency case, if the judgment is for a LOT per plaintiff, the lawyer doesn't get most of it, but if it's for a LITTLE per plaintiff, then he does. Right?
Let's try 10,000 plaintiffs, $10m judgment, 25% fee. Lawyer gets $2.5m, each plaintiff gets $750. Hmm, looks like (from the point of view of an individual plaintiff), the lawyers are the big winners. Let's look at one where each plaintiff gets a bigger payout, like you say.
Ten plaintiffs, $10m judgment. The lawyer gets $2.5m, each plaintiff gets $(10-2.5)/10m, or $750,000. So the lawyer gets much more than any plaintiff. I guess we need bigger payouts per plaintiff.
Four plaintiffs, $10m judgment. The lawyer gets $2.5m, each plaintiff gets $1.875m. Still looks like the lawyer was the biggest winner.
Two plaintiffs, $10m judgment. Hang on, weren't we talking about class actions?
The fact is that it doesn't matter how big the settlement per class member is. If the fee is 25%-33%, the lawyer will ALWAYS get 25%-33%. It doesn't matter if each class member gets $250 or $250,000.
This is a F-ing joke (Score:2, Interesting)
Re:Google shouldn't worry (Score:4, Interesting)
They should be exercising responsibility and restraint, and I do not believe they were where this issue is concerned.
I agree that they should be. I don't agree that they have to: I can't see the law. I don't see how they did anything illegal. Anything actionable. Let me put it this way: Non-tech-savvy users with unsecured WAPs are vulnerable to all sorts of things. Someone downloading child porn over their connection. Someone connecting to their network shares and stealing data. Someone accessing their network without authorization. All of these would be illegal in some parts of the world. The first one would be illegal pretty much anywhere.
Just driving past, not sending any traffic, even respecting any encrypted APs and not so much as noting their SSID, but just recording the unencrypted traffic for a benign purpose? Dozens of companies already do this. When I used to work in the banking industry, MASTERCARD MADE ME DO THIS. As a part of my audit, I had to record all wireless traffic visible from our data center and analyze it to ensure that none of it was potentially a rogue AP somewhere inside our network. You might feel uncomfortable that Google collected this data wholesale, but they didn't do anything wrong.
Re:Google shouldn't worry (Score:4, Interesting)
We *still* don't get what your point is.. if you're broadcasting ANYTHING, even if it is just random numbers, people are FREE to collect that information. There's a little button on the side your router that lets you turn it OFF, do that if you just can't stand the idea of people receiving what you're sending.
Nope, you're quite wrong there. You see, at least here in Finland (and probably in other European countries) it is illegal to collect (or to create a database) of identifiable information without a valid reason ( and even then it is restricted). The point is not that you're broadcasting something, the point is that collecting that information and creating a db might be illegal.
Re: (Score:3, Interesting)
(a) he uses wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of a message (whether sent by means of wireless telegraphy or not) of which neither he nor a person on whose behalf he is acting is an intended recipient, or
If this is intended to apply to wireless networks and collecting unencrypted frames, that makes any use of a wireless network with more than two connected computers illegal. If you see a frame on the network and you collect it, but it wasn't intended for you, you've committed a crime. If you don't collect it, you don't know whether it's for you or not. Fortunately, the law says "with intent to obtain ... blah blah". To be guilty of this, Google would have to have intended to identify the sender, addressee, or contents once they knew it wasn't intended for them, which by all reports they didn't. They were only intending to collect the SSID from networks which broadcast it publicly.
Re:That personal traffic was encrypted anyway.Righ (Score:3, Interesting)
Re:Google shouldn't worry (Score:1, Interesting)
Germany's privacy laws generally restrict photographs of people and property without a person's consent, except in very public situations, such as a sporting event.
That's wrong.
Germany's privacy laws generally restrict the publishing of people and property without a person's consent, except in very public situations, such as a sporting event.
You may take as many pictures as you want as long as you don't publish them, except when you take a picture of someone sitting on the toilett or other really private areas.
Re:Google shouldn't worry (Score:2, Interesting)
So its basically your version of the DMCA. Security through making it illegal.