Forgot your password?
typodupeerror
Google Privacy The Courts Government The Almighty Buck Wireless Networking Your Rights Online

Connecticut AG Opts For Street View Settlement, Without Seeing the Data 93

Posted by timothy
from the spitzer-would-have-thrust-harder dept.
theodp writes "Verifying Google's data snare is crucial to assessing a penalty and assuring no repeat,' said Connecticut Attorney General Richard Blumenthal last December in response to Google's 'accidental' collection of payload data from WiFi networks. 'We will fight to compel Google to come clean-granting my office access to improperly collected materials and protecting confidentiality, as the company has done in Canada and elsewhere.' That was then. Luckily for Google, there's a new AG in town, and Blumenthal successor George Jepsen said Friday that his office will enter into settlement negotiations with the company without reviewing the pilfered data, which Google has steadfastly refused to share with it. 'This is a good result for the people of Connecticut,' Jepsen said in a statement. A separate Jepsen press release suggested some of the blame for the privacy offenses laid with Google's victims, who were advised to 'turn off your wireless network when you know you won't use it' to thwart those who 'may be watching your Internet activity without your knowledge."
This discussion has been archived. No new comments can be posted.

Connecticut AG Opts For Street View Settlement, Without Seeing the Data

Comments Filter:
  • by DarthJohn (1160097) on Sunday January 30, 2011 @11:25AM (#35048938)

    'turn off your wireless network when you know you won't use it'

    How about secure your wireless network and nobody except those you specifically allow will be able to use it?

    • <quote>turn off your wireless network when you know you won't use it</quote>

      That's like suggesting you not to take your cell-phone with you if you don't think you'll need it. Hell, it's like suggesting unplugging your land-line (haha, land-line) if you aren't expecting a call since a telemarketer might ring.

      The whole point of these services is that they are available. I should be able to read a book and get an email even if I'm not intending on reading one, and I should be able to get a phone
      • by Ash Vince (602485) *

        <quote>turn off your wireless network when you know you won't use it</quote>

        That's like suggesting you not to take your cell-phone with you if you don't think you'll need it. Hell, it's like suggesting unplugging your land-line (haha, land-line) if you aren't expecting a call since a telemarketer might ring.

        Actually its nothing like that. The difference is that many people can use the router they bought without ever turning the wifi on. Many people only have a desktop computer and a crappy old phone that does not have wifi built in. I know this might come as an anathema to many slashdot geeks but we are probably also the type who make sure our wifi is secure anyway. There are some people however, who get given one of these things when they sign up for broadband and then just plug there desktop computer into it

    • by Anonymous Coward on Sunday January 30, 2011 @11:37AM (#35048994)

      I was walking on the sidewalk by his house, and he shouted out the window that he just farted. I took out a notepad and wrote down that the guy just farted. Then he sued me for invasion of privacy.
      ---> Guy gets laughed out of court.

      Same but then something difficult involving "computers and stuff"
      ---> Guy can make it stick ??!!??

      • Amen. This whole Street View debacle has been just absolutely ridiculous. Especially in a world of push-button WPS protection, it is just plain silly not to have encryption on your network.

        Most people get their wifi from the router that comes with their high-speed Internet and most of those come with encryption enabled. How many people still are using unencrypted wifi anyway?

        • by robot256 (1635039)

          How many people still are using unencrypted wifi anyway?

          Mostly people who don't know enough to properly put the password into their laptops but can somehow figure out how to turn the default encryption off. And then there are the ones stupid enough to think the hassle of giving the password to their friends when they come over is more important than the risk of getting hacked. *sigh*

          • by icebike (68054)

            Mostly people who don't know enough to properly put the password into their laptops but can somehow figure out how to turn the default encryption off. A

            No, the union of those two sets defines the null set. No one smart enough to connect to their router and turn off encryption is also too dumb to enter a password in windows or mac. I simply don't believe these people exist.

            If routers were not shipped with encryption OFF by default this would never happen.
            If Geeks trying to solve problems for friends and relatives didn't resort to turning off encryption as their first diagnostic step this would never happen.
            If routers would only work for an hour with encry

            • Routers do come with a brightly coloured label on the bottom with the WPA key from some ISPs in Australia. The problem is that once you start putting devices like gaming consoles on your wireless network, well, people fiddle around with it because they don't want to have to enter the key with the difficult to type with device.

              • by icebike (68054)

                Do once. Done.

                • by Khyber (864651)

                  Yea, right, that's what YOU think.

                  Try it with most any Belkin device.

                  Fuck, I have to change shit WEEKLY because Belkin just sucks that fucking much.

                  I don't even touch the PS3 now because the Belkin and almost every other router out there today are total pieces of shit.

                  Gigabit switch, bitch. Fuck your shit wireless.

            • Mostly people who don't know enough to properly put the password into their laptops but can somehow figure out how to turn the default encryption off. A

              No, the union of those two sets defines the null set. No one smart enough to connect to their router and turn off encryption is also too dumb to enter a password in windows or mac. I simply don't believe these people exist.

              I agree totally. I do run unencrypted WiFi at home purposefully though.

        • How many people still are using unencrypted wifi anyway?

          I have unencrypted WiFi connecting my main box to a couple of laptops we have floating around the place. I can not foresee that this is a risk to us and/or our data.

      • I was walking on the sidewalk by his house, and he shouted out the window that he just farted. I took out a notepad and wrote down that the guy just farted. Then he sued me for invasion of privacy.
        ---> Guy gets laughed out of court.

        I know this "shouting" example gets thrown around a lot with question, but it's much more that he had private data (passwords, email, etc) on a big screen TV, which you can see clearly from the street. He could have done any number of things to secure it (turn the TV, close the blinds), and realistically he has no expectation of privacy, but in the end, it's a setup that he fails to understand the consequences of, rather than an action he takes over and over (vis a vis shouting).

        Also, if you're routinely w

        • by Khyber (864651)

          "Also, if you're routinely writing down things people yell out their window (or especially one person's house), that's exceptionally creepy behavior. I have no idea if it's illegal or not, but jeeeeeez."

          Are you that ignorant to not know what gossip consists of?

          Ouch, back to school for you. Preferably middle school, where this type of behavior typically begins.

      • Re: (Score:2, Insightful)

        by williamhb (758070)

        I was walking on the sidewalk by his house, and he shouted out the window that he just farted. I took out a notepad and wrote down that the guy just farted. Then he sued me for invasion of privacy.
        ---> Guy gets laughed out of court.

        Same but then something difficult involving "computers and stuff"
        ---> Guy can make it stick ??!!??

        Organise a paid group of people to walk down the streets of every major city, with explicit instructions (equivalent of computer code) to listen for and write down every private conversation they can overhear, and yes you probably will be sued and no it wouldn't be laughed out of court. And if you are arrested by the police and refuse to hand over the notebooks as evidence for the court, saying a big "up yours, cop, my name's Google and everybody knows I can't do anything wrong no matter what your pissy li

      • If someone is shouting-out, "I'm going to check my email..... next I'm surfing over to pay my bank bills..... and now I'm visiting playboy.com," such that everyone within a radius of 1 block can hear it

        That doesn't make the listener an "evil" person. The person doing the shouting is at fault, and he should encrypt his wireless so the broadcast is not understandable by passers-by.

  • by Jahava (946858) on Sunday January 30, 2011 @11:27AM (#35048946)

    A separate Jepsen press release suggested some of the blame for the privacy offenses laid with Google's victims, who were advised to 'turn off your wireless network when you know you won't use it' to thwart those who 'may be watching your Internet activity without your knowledge.

    So from the actual link:

    The consortium recommends:

    1. Use anti-virus and anti-spyware and a firewall.
    2. Turn off identifier broadcasting.
    3. Change the identifier on your router from the default.
    4. Change your router’s pre-set password for administration.
    5. Turn off your wireless network when you know you won’t use it.
    6. Don’t assume that public “hot spots” are secure.
    7. Be careful about the information you access or send from a public wireless network.

    Are you fucking kidding me? After all of this, the court case, the hearing, a formal consortium omits the single most important and critical suggestion... turn on WPA encryption and use a VPN or (at least) HTTPS if you're using a hotspot. You know ... the only things that will actually protect your data, rather than obfuscate it?

    I mean, to their credit, the list isn't inherently bad. Hide or disable your identifier, don't use public hot-spots, be careful, etc. However, it leaves the user with a false sense of security. If a user followed every suggestion in that list, Google could just as easily sniff every byte of traffic. Talk about inept and ineffective.

    • by leenks (906881) on Sunday January 30, 2011 @11:54AM (#35049052)

      Actually that is the summary the Jepsen press release contained rather than the actual guidelines. Regardless, it is pretty appalling since it is likely most people will not bother to follow the link to the real guidelines.

      The actual consortium guidelines (http://www.onguardonline.gov/topics/wireless-security.aspx, linked from the PDF in the article) has the following list:

      Use encryption to scramble communications over the network. If you have a choice, WiFi Protected Access (especially WPA2) is stronger than Wired Equivalent Privacy (WEP).

      Use anti-virus and anti-spyware software, and a firewall.

      Most wireless routers have a mechanism called identifier broadcasting. Turn it off so your computer won't send a signal to any device in the vicinity announcing its presence.

      Change the identifier on your router from the default so a hacker can't use the manufacturer's default identifier to try to access your network.

      Change your router's pre-set password for administration to something only you know. The longer the password, the tougher it is to crack.

      Allow only specific computers to access your wireless network.

      Turn off your wireless network when you know you won't use it.

      Don't assume that public "hot spots" are secure. You may want to assume that other people can access any information you see or send over a public wireless network.

      • by Kaboom13 (235759)

        "Most wireless routers have a mechanism called identifier broadcasting. Turn it off so your computer won't send a signal to any device in the vicinity announcing its presence."

        I see this all the time and it's just retarded advice. If you turn SSID broadcast off, it still gets sent with every packet, it just doesn't respond to requests to announce it. It makes it slightly harder for someone who knows nothing to find it, but they arne't a threat anyways. Use an unique SSID, set your WPA2 key to something reas

      • You realize that when you turn off the identifier, that doesn't prevent the router from broadcasting its existence, it just has an empty string where the the SSID would be...

    • by sconeu (64226)

      What confused me:

      'turn off your wireless network when you know you won't use it' to thwart those who 'may be watching your Internet activity without your knowledge."

      But if you're not using it, how is there any of your Internet activity for someone to watch?

    • And they forgot MAC filtering too. I believe this is the best security measure you can use, obviously on top of all the others, since this one can't be guessed (it can be spoofed, but the spoofer would need to know your MAC first).

    • by kurls (1986658)
      As pointed out, this is in the consortium's advice. And, to be fair, the paragraph above does basically state you should use encryption, which is presumably why they left it out of the list: "Manufacturers often deliver wireless routers with the encryption feature turned off, Jepsen said. Consumers should consult the instructions for their wireless router or obtain additional information from the manufacturer’s website to enhance the security of their home networks."
  • by Alpha232 (922118) on Sunday January 30, 2011 @11:29AM (#35048958)

    Ok, Google has it...

    They said they will destroy it, either they do or they don't, it doesn't matter because they will do what they choose. But why go handing a copy over to every state who asks for it?

    Really, if you're concerned about privacy, you want this information in the LEAST number of hands possible.

    • Really there could have been an easy compromise. The AG gets to send someone in to review the data, and confirm it is what google claimed it to be. This person would not be allowed to copy the data. This way the AG gets confirmation that the acquisition was accidental, and the data isn't copied.

    • by Qlither (1614211)
      The level of data gathered is not all that great either. Sure not something you want to hand out, but ANY ONE could get all the data by war driving. Google owned up to it as well, which blows my mind at how people have practically burnt Google like that are the ultimate evil. In the end Google should have gotten an easier time for owning up to it, and offering to securely destroying all the data, better still they refused to hand it over to anyone, Thank you Google.

      Google is still one of the few companies i
    • by Metrathon (311607)

      If the purpose of the Google data collection effort is to build a database of the physical location of routers as identified by hardware addresses, then it is hard to see why they would be collecting any payload data at all. Having an independent look at what they did collect might shed some light on what they were trying to achieve by doing so.

      • by nedlohs (1335013)

        They already gave a pretty simple reason for why they did so. And given that explanation matches the data they gathered - *everything* -- what light are you expecting?

      • by icebike (68054)

        This has been asked and answered a thousand times on the net.

        Why weigh in with this now, when doing so reveals you are willfully ignorant of the situation?

        A simple programming error recorded all packets instead of just beacon packets. Period. End of Story.
        Google noticed it, reported it, and made no use of it. The actual content has been validated by
        other agencies, but not by being given wholesale access to it.

        The cars drive by at about 25mph, or highway speeds in rural areas. The amount you can get
        when y

    • by icebike (68054)

      Exactly.

      Turning someone's accidentally sniffed passwords over to State Government buffoons is the height of stupidity. This simply compounds the problem. It effectively places it all in the public domain, since is is not medical, tax, or banking information, which is all most states are allowed to protect.

      I'm glad Google stood its ground. I'm incensed government asked for that data.

    • by williamhb (758070)

      Ok, Google has it...

      They said they will destroy it, either they do or they don't, it doesn't matter because they will do what they choose. But why go handing a copy over to every state who asks for it?

      Because it is evidence of an (alleged) crime. In the next episode of CSI ... "No, no, destroy that DNA right now -- I don't care if the killer will get away with it, we musn't invade anybody's privacy!"

  • by ancientt (569920) * <ancientt@yahoo.com> on Sunday January 30, 2011 @11:30AM (#35048960) Homepage Journal

    Government should be protecting privacy. It seemed reasonable for a state to want to know exactly how the privacy of its citizens was infringed on. I could see the other side, that knowing what was in the records wouldn't improve anyone's privacy and could actually harm them if their state government representatives turned out not to have the most pristine of ethics.

    That "turn off your wireless network when you know you won't use it" comment sent me clear over to Google's side. The last thing I want is someone who believes that's the appropriate response to be poking through people's personals.

    • by Anonymous Coward on Sunday January 30, 2011 @11:54AM (#35049050)

      If you want privacy then build a Faraday cage. Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever. If I can see what you're doing from outside of your property, you're not handling your privacy correctly. It's your fault. Stop trying to legislate solutions for a problem that only you can fix.

      • by ancientt (569920) *

        There seems to be a misunderstanding. Since I'm not affected by this particular issue directly, I humbly submit that this was neither my fault, nor can I fix it. The broader issue however affects all of us, it is an issue of what should be private, what shouldn't have an expectation of privacy and what role the government should take in protecting privacy.

        I can agree that it is my own responsibility to protect my own privacy, but I have trouble with the idea "Once you emit any electromagnetic radiation out

      • by Metrathon (311607)

        Applying this to windows (the transparent kind) I conclude I should paint them in order to have any expectation of privacy.

      • by williamhb (758070)

        If you want privacy then build a Faraday cage. Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever. If I can see what you're doing from outside of your property, you're not handling your privacy correctly. It's your fault. Stop trying to legislate solutions for a problem that only you can fix.

        So those pesky Eastern European communists, who did the equivalent of Google's actions (paying people to listen in on your conversations throughout all the major cities, noting down everything they could overhear), those were fine hey? No need to legislate against things like that?

        • by Khyber (864651)

          "If I can see what you're doing from outside of your property, you're not handling your privacy correctly. It's your fault."

          Then you better keep your ass in the house, because I see what the fuck you're doing on your front yard. Don't bother mowing the grass, or I'll be spying on you.

          What you suggest is bullshit and you're a fool for suggesting such.

          • by Khyber (864651)

            WTF slashdot? This was to go to AC, NOT williamhb.

            Fix your shit, site designers/coders, or go back to school to learn how to create proper CSS.

            Even my site has FAR FEWER errors than yours, and I admit I can't do CSS for shit.

            Looks like you going corporate made you as dumb as your parent corporation.

      • by Bazar (778572)

        "Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever."

        What a load of shite.
        I believe the US Supreme court decided in a 4-3 decision that there are expectations of privacy, and just because you can observe/listen in a public place doesn't give you a right to do so. (I can't find the case, i believe it was over cops using powerful heat cameras to find and raid weed growing operation houses).

        And damned right!.
        As it is there are technolo

        • by Khyber (864651)

          ""Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever."

          What a load of shite."

          You're dead fucking wrong, sir. FCC regulations - learn them, live them, love them, or shut your mouth about that which you do not understand.

          You LOSE, good day sir.

    • by coaxial (28297)

      That "turn off your wireless network when you know you won't use it" comment sent me clear over to Google's side. The last thing I want is someone who believes that's the appropriate response to be poking through people's personals.

      What makes you think that's not a Google recommendation? This is the same company who's CEO said that if you don't like what Google is doing, just change your name [telegraph.co.uk].

  • Could it be... (Score:2, Interesting)

    by kenh (9056)

    That Then-AG Blumenthal was pandering to the masses as part of his campaign for the US Senate?

    No, that couldn't be it - kinda like he had a really, really good reason for going after legally earned bonus/balloon payments for AIG employees - despite the fact he couldn't cite any law that justified his attempts. None. When grilled on one talk show on the justification, he had nothing, sputtering about a responsibility to see the Gov't money was well-spent (despite the fact that the bonus/balloon payments were

  • by Anonymous Coward

    Google listened to publicly broadcasted info and mined it for wireless network SSIDs. Some idiots were broadcasting passwords and other private info that got picked up. Google wasn't looking for that data, doesn't care about that data, and promised to destroy the data. It was barely a story to begin with, it's even less of a story now, and yet Slashdot keeps reposting flamebait from theodp about it almost every week. Why? No one cares except anti-google shills trying to create a controversy where there

    • by AHuxley (892839)
      Some idiots were broadcasting passwords and other private info that got picked up. Google wasn't looking for that data, doesn't care about that data, and promised to destroy the data.
      Google fitted their cars world wide with wifi, signed off on the code that was used and kept the data collected.
      Parts of the world do have laws protecting any network from any 3rd party keeping data and google understood local laws about wifi capture.
      Recall http://googlepolicyeurope.blogspot.com/2010/04/data-collected-by-g [blogspot.com]
    • by Qwavel (733416) on Sunday January 30, 2011 @02:10PM (#35049628)

      It is getting a bit sickening, isn't it: seeing this same story repeated over and over again with minor variations for every district.

      And every time we see this story it seems to get more confused and inaccurate.

      Someone I know got outraged upon reading a recent version of this story. Since they were seeing yet another story they assumed this meant that Google had been caught again - that Google was refusing to stop doing it. I was barely able to convince them that all of these stories were from the original incident and that Google had stopped the program entirely long ago.

      My understanding is that there are tons of nuisance, class action lawsuits against Google over this (on top of the legit privacy suits). The purpose of those suits is to create as much bad publicity as possible for Google in order to induce them to settle out of court, and let the lawyers take the majority of the settlement. Apparently this is a common scenario. Promoting the same story many times, like theodp is doing, is an important part of what these guys do, so it is quite possible that theodp is simply doing his job.

  • ...why would you want it handed over to the government?

  • by hyades1 (1149581) <hyades1@hotmail.com> on Sunday January 30, 2011 @12:28PM (#35049178)

    When, for the love of pizza, is encryption going to catch on?

  • When the government wants data from Google, Google can "steadfastly refuse". But when the government wants data from Average Joe, they just bust his door down with a SWAT team and confiscate everything.
    • by drcln (98574)

      When the government wants data from Google, Google can "steadfastly refuse". But when the government wants data from Average Joe, they just bust his door down with a SWAT team and confiscate everything.

      Google has lawyers. (Haven't you been paying attention?)

  • by ErikTheRed (162431) on Sunday January 30, 2011 @12:36PM (#35049236) Homepage

    George Jepsen is a Democrat. (Disclaimer: I am not a Republican - I can't stand either major party).

  • I'm not sure what the obsession with the data is. I mean, it was already being broadcast in the clear to anyone listening. Everything from those homes has to be considered compromised regardless of what Google did or didn't receive. Just because Google doesn't have it doesn't mean a black hat wasn't listening in on it. Google having it confirms it's compromised, but you knew that already just from it having been broadcast in the clear. If this bothers you, why was your network wireless, broadcast-to-the-wor

  • Alan Eustace, Senior VP of Google Engineering & Research, started off 2010 by touting Google's 'guiding Privacy Principles' [blogspot.com], but would later have to apologize for the company's Street View privacy breach [blogspot.com], saying that the company was 'mortified' by the 'mistake'. Last week, Bloomberg reported that Google gave Eustance a $10 million equity award [bloomberg.com] in 2010 for his efforts.

  • I think the summary has mis-characterized the note. #5 of several, fairly good, security suggestions was to "Turn off your wireless network when you know you won’t use it. " This hardly seems to be saying that the victims are to blame.

    I personally keep my wifi on all the time (with other protections), but there's no question it would be a whole lot safer unplugged.

  • I don't understand how the privacy commissioner of Canada (who has actually no powers at all, all she can do is recommended things) got to see the logs, while the AGs of several states (who actually do have a lot of legal power) can not.

From Sharp minds come... pointed heads. -- Bryan Sparrowhawk

Working...