Google Declines To Turn Over Harvested Wi-Fi Data 201
An anonymous reader writes "Google declined to submit data collected as part of the 'Spy-Fi' flap, and Connecticut Attorney General Richard Blumenthal is now promising further action: '"I certainly will be pressing for continued involvement at the federal level in coordination with the states," Blumenthal told Politico Monday, just days after promising to explore "additional enforcement actions" if Google does not share the data soon. Asked to describe what those federal efforts might include, the outgoing attorney general said, "There's a range of potential opportunities for oversight and scrutiny by a member of the US Congress – including letters, meetings, hearings, and potentially even legislation." For its part, Google has tried to defuse the issue by offering to delete the data. The company reaffirmed that position in a Friday statement, promising to work with Blumenthal in the coming weeks, but declined to comment further on Monday.'"
Should have deleted it from the start (Score:5, Insightful)
What could go wrong? (Score:4, Insightful)
Why not the US government? (Score:4, Insightful)
Apparently Google has already given some or all of the sniffed data to authorities in Germany, Spain and France. I wonder why the US is causing so much more controversy?
Perhaps the US government is asking for more data (eg data from other countries) or has refused to meet conditions Google had set for the European governments, when handing over their shares of the data?
Re:Should have deleted it from the start (Score:5, Insightful)
Destroying evidence while being investigated by the FCC/FTC is usually frowned upon. But I'm glad they are declining to hand it over for what you aptly called grandstanding. Honestly I think Google has handled it the best they can given the situation. Seeing politicians exploit the situation is beginning to irk me too though.
Re:Sounds about right (Score:5, Insightful)
The fact that his answer was so evasive is actually very telling. If they had a good reason to be looking at the data they'd have a warrant in hand.
“There’s a range of potential opportunities for oversight and scrutiny by a member of the U.S. Congress – including letters, meetings hearings, and potentially even legislation.”
Translation: we got nothing, so we're gonna try and invent some reason to get the data.
Re:What if an individual did what Google did here? (Score:4, Insightful)
Wouldn't the state just extradite and prosecute? What is different in the process for a corporation?
They would ignore it. Fun fact for you: Google was doing the same thing thousands of hobbiests are doing every day using the same tools. But it's different for Google since there's political hay to be made.
Re:Should have deleted it from the start (Score:5, Insightful)
It'll probably end up on wikileaks once a government body gets it's paws on it; safer to chuck those discs in the microwave.
Exactly.
I'm rooting for Google to stand fast. What possible use would the government have for these account names and passwords.
When the government can prove that they can hold onto their own secret data then maybe they can be entrusted with this. (NAH, what was I thinking!?)
If it is released to the government, (AND Government) it will be leaked.
they didn't "accidentally" collect it (Score:2, Insightful)
1)You don't "accidentally" retain sniffed traffic logs of that size, across your entire international operations, for months if not years, "accidentally." See http://gizmodo.com/5671049/google-street-view-cars-collected-emails-and-passwords [gizmodo.com] I mean come on...someone would have noticed the drives filling up, wondered why, etc. These people are supposedly geniuses, right?
2)There's no political grandstanding here. This is a major privacy invasion. The "grandstanding" has been international, because people are PISSED. Google collected and correlated with location data...MAC addresses and IPs of base stations and client devices. Email addresses. Passwords. URLs. I'm going to be VERY generous and assume that they only captured the sniffed traffic, and not that they intentionally extracted all that from traffic and only stored the extracted data, because that would have been even more obviously-intentional.
3)It's slightly creepy when you go around wardriving. When an international corporation which has a always demonstrated an intense interest in profiling its users and mining its users data for advertising purposes, does it, across the planet? That's just slightly different.
Re:Should have deleted it from the start (Score:2, Insightful)
I don't think Google really minds an investigation about this incident, or the government even investigating the data. I think they just don't like the way the government is demanding to investigate the data.
Google did the right thing when they told the world about it. We deserve to know. And if they had not told us about this and we somehow found out, we'd be asking why they kept silent and what conspiracy this is related to.
The government wanting to investigate the incident and view the data as part of the investigation, I can understand. But a prosecutor who wants to thicken his resume demanding to be given the data, I have a problem with. It's obvious the guy just hopes he'll find juicy stuff and people to prosecute, which will look good for him. He normally would need a warrant (and thus, probably cause) to get people's e-mails but in this case he's using this incident as an excuse to bypass the warrant part. I'm willing to believe Google wants to protect our privacy considering that they admitted on their own good will that the incident happened in the first place.
Re:Should have deleted it from the start (Score:5, Insightful)
Oh noes! Google might have recorded an unencrypted packet or two of someone checking gmail while they were driving through a neighborhood! They are clearly guilty of receiving and recording electromagnetic signals IN A FREQUENCY THAT IS PUBLIC AND UNLICENSED, by devices that were advertising their SSID and transmitting unencrypted data. Guilty of doing something completely legal and completely trivial.
I trust Google with my personal contacts and emails, documents, schedule, voice mail, etc. I do not trust and never authorized the State of Connecticut to have access to any data of mine, and neither should you. Go away extortionist attorney general.
Re:they didn't "accidentally" collect it (Score:5, Insightful)
I'm a little confused on how giving more people access to the data helps to ameliorate the supposed privacy invasion?
Re:Sounds about right (Score:5, Insightful)
Evidence for what charge? What you are describing above is commonly known as a "fishing expedition". If Google has been accused of a crime then by all means go to court and get a search warrant to collect evidence, but demanding evidence so that you can go away and scour the books to see if you can find a crime is not how it's supposed to work.
Re:Should have deleted it from the start (Score:4, Insightful)
I think that there is a good case that privacy concepts need to be re-thought in the light of what is possible now through data-mining. Today, private information can be derived from amassing and relating lots of disparate public information. This is an issue that is not simply dispatched by pointing out that the source information was public. I think that we need new concepts of privacy.
Re:Sounds about right (Score:5, Insightful)
Sure, just like a cop without a search warrant could find lots of things in your home to hang you with. It's not about trusting either google or the government it's about the rule of law which says the authorities must have probable cause. In this case they don't have probable cause, they don't even have an allegation, which is why they don't have a search warrant.
"You're naivety is astounding!"
Voulenteering ANY information to an investigation that is spending a pile of taxpayer's money looking for a reason to hang you, is not just naive, it's stupid.
Re:they didn't "accidentally" collect it (Score:5, Insightful)
1) Yes you can accidentally retain sniffed traffic logs. Run Kismet for instance. I have once accidentally left it on, sniffing all encrypted and non-encrypted traffic in my neighborhood (~15 networks) for about 48 hours: ~10GB. Google did not sniff all traffic, it only sniffed (or sampled) a few packets from every hotspot (maybe 10-20kb). With standard disk sizes being 250GB it takes a really, really long time to fill up your disk with random samples.
2) People are pissed for what? Not securing their own wireless? Transmitting their passwords in clear text over an insecure medium? They only correlated what any WLAN tracker/sniffer can provide. If you own a wireless network you might know that your MAC addresses and SSID's get transferred and being able to correlate them against GPS locations has been done not just by Google. Even so, it's still legal in most places to receive radio transmissions (since it's physically impossible not to) and you can do whatever you want with them those transmitting those radio transmissions should know that there can be eavesdroppers anywhere.
3) It's not slightly creepy. I have done it as have probably many others here. Ever been at a location where you need internet? Maybe at your local coffee shop or at a hotel? You open your laptop and scan for networks hoping to find an unsecured one - you're now wardriving. Doing it for profit has been done before, there are companies that sell these databases successfully since at least the last '90's, not just Google.
Re:Should have deleted it from the start (Score:5, Insightful)
Well the whole thing just seems like an ever climbing level of stupid. First Google collects data that while not illegal certainly wouldn't look good for the company: Dumb. Then they announce it to the world: Extra Dumb The governments demand to see the data...why? Just to see if there are any juicy bits? :Really Dumb, and now Google refuses to hand any of it over rather than just redact the names and let them have the boring bits: Extra Super dumb.
First Google accidentally collected the data, they didn't do it on purpose. Then after realizing they had collected it they decided to come forward and do the right thing rather than doing what most corporations would have done and covering it up. Then instead of governments realizing "hey they screwed up and they've admitted it, we want to encourage this kind of behavior rather than cover-ups" all of the governments involved have done a fine job making the cover-up look like the smart choice over doing what's right.
Re:Should have deleted it from the start (Score:4, Insightful)
While I agree I also think there needs to be some clear indication that privacy is desired. Encrypted WiFi, however weak the encryption may be, clearly signals a desire for privacy and the argument can convincingly be made that anyone cracking the encryption is willfully violating privacy. Unencrypted WiFi should carry the same expectation of privacy as talking over a clear channel on a CB radio, the concept is actually quite similar.
What really should have happened here is that the government should have asked Google "Ok, you screwed up, now what are you going to do about it? How about you fund a campaign to educate the public on privacy matters and the importance of encrypting their WiFi?" That would have been a better solution for everyone involved. The government still gets to look like they stepped in and took care of the issue. Google still pays for the mistake, while helping people in the process. The public gets to use this incident and all of the publicity surrounding it as a lesson and many more people will encrypt their wireless networks or clamor to their ISPs to provide their wireless routers with encryption already set up. Very large missed opportunity here.