Google Found Guilty of Australian Privacy Breach

schliz writes "The Australian Privacy Commissioner has found Google guilty of breaching the country's Privacy Act when it collected unsecured WiFi payload data with its Street View vehicles. While the Commissioner could not penalize the company, Google agreed to publish an apology on its Australian blog, and work more closely with her during the next three years. Globally, Google is said to have collected some 600 GB of data transmitted over public WiFi networks. In May, the company put its high-definition Australian Street View plans on hold to audit its processes."

Re:Mind Block

[DarthBart]

In your black-and-white world, I'm sure that things work that way.

In some cases, they do.

In your world, you shouldn't complain if somebody goes through your trash and digs up everything from bills to medicine prescriptions. You willingly discarded it so callously, so it is not private at all. You should have incinerated it.

Once it hits the curb for trash collection, it's fair game. Tons of legal precedents have been set for this. If I want to dispose of my accounting ledgers for my meth operation, I damn well better torch or shred them.

After all, you willingly set foot outside.

Yep. Just like not doing something stupid like logging into my bank account from the untrusted computer at the hotel lobby, I have no control of my surroundings and have no expectations of privacy. It is a jungle out there.

In the US, there are no laws against receving un-encrypted data or voice communications (other than maybe cellular, I don't know the exact laws for that). What's illegal is using the reception of those signals for personal/business gain or for assistance in commission of a crime.

Re:Private?

[Darkness404]

Then don't whine if some one records what you say in your house, you can't claim it's private if you don't use the technical tools available to you to protect it.

Soundproofing a house doesn't take 2 minutes and no extra material. If you could soundproof your house by flipping a switch, yeah, you would have some problems with it.

But it isn't even like soundproofing your house, having an unsecured wi-fi connection is akin to standing near an open window with a megaphone having a conversation, something like soundproofing your house is if you use weak encryption or common passwords, things that Google didn't bother to crack (and if I recall correctly, they didn't even intend to use a packet sniffer, it was just some debug code that got left in by mistake)

Let me get this straight..

[Techman83]

It's not ok for google to inadvertadly [blogspot.com] capture minute packets of useless information, but it's ok for the government to direct ISPs to intercept data illegally [zdnet.com.au].

The Australian Labor party have time and time again broken their promises [abc.net.au], Barging ahead with Policies [libertus.net] that their citizens do no want [ninemsn.com.au] and completely fucking up things they tried to achieve [dennisjensen.com.au]

The only reason Google are in hot water is because they stood up [guardian.co.uk] to Senator Conroy and he got upset [canberratimes.com.au] about it.

I for one will be making my vote count this year and I urge all fellow Australian slashdotters to do the same.

Re:Private?

[matunos]

Except in this case, it was apparently in violation of the law.

Re:Private?

[BrokenHalo]

I see 7 access points here. In a suburb. From in my house!

Sure you can. No problem. But if Google had simply collected all the SSIDs of every WAP, that would not take up that 600GB of storage mentioned. So that implies that Google was sniffing a lot more payload data, and I can't think of a single legitimate reason for doing so. Simply saying "oops, it was a mistake, my bad" doesn't work for me.

Re:Private?

[KDR_11k]

I find this statement quite funny, as Slashdotters on average have no respect for the law, so stating its legal status holds no merit

What, in a debate about a country investigating a company? You think the investigators follow Slashdot instead of the law?

Regardless, your statement above is demonstrably absurd. The average cellphone user cannot disable GPS tracking, either. The average person cannot do a great many things when it comes to securing their privacy. Someone who uses these legal methods to accumulate this data (say, by tracking GPS positions using Google Latitude or other services) is not in the wrong.

Yes they are, unless they have specific consent from the user to collect that data they have no right to collect it. If it's generated by regular use of the service the data has to be destroyed, not stored. Only information necessary for billing can be stored by default and then only as long as they are necessary for billing/tax purposes, after that they must be destroyed. A person is allowed to look into the personal data held by a corporation on him (of course not free of charge) and correct it or have it destroyed. Last I checked laws were being implemented that prevent opt-in clauses for data collection to be a part of a non-negotiated contract that's primarily about something else (e.g. a contract to use a service, without that you can't use the service but the citizen must have the ability to use the service without opting into additional data collecting). EULAs are invalid in Germany so that doesn't work either. There are also a ton of sanctions on the data including not exporting it to countries that don't have such strict data protection laws without voluntarily obeying EU data protection laws there too.

As you can imagine a company like Google that's specialized in gathering personal information about people isn't terribly popular with the agencies in charge of enforcing data protection laws.