Data Engineer In Google Case Is Identified 186
Posted
by
timothy
from the under-the-bus dept.
from the under-the-bus dept.
theodp writes "Meet Engineer Doe. A NY Times report has
identified Marius Milner as the software engineer at the center of the uproar over a Google project that used Wi-Fi sniffing Google Street View cars to collect e-mail and other personal data from potentially millions of unsuspecting people. Milner, creator of the wardriving software NetStumbler, referred questions to his lawyer. Google declined to comment. A patent search shows the USPTO awarded Google and Milner a patent in June 2011 for protecting Internet users from 'hackers and other ne'er-do-wells [who] may seek to tap into communications on a network.'"
ftfy (Score:5, Insightful)
Data Engineer In Google Case Is Identified
Fall Guy In Google Case Is Identified.
FTFY
Re:ftfy (Score:1)
How could he be the "fall guy" if they kept his name anonymous?
Re:ftfy (Score:2)
Well, I don't think it happened in this case, but pretending to keep someone's name anonymous and then leaking it is a pretty common strategy in politics.
Re:ftfy (Score:1)
Re:ftfy (Score:2)
I thinks it's exceptionally clever of Google that they found a wifi hacker with street cred to write the sniffer,
Dude... there's nothing exceptionally clever about it. There are dozens of sniffers out there that are easy to configure and use. The fact that Google hired a guy who wrote one isn't clever; It's business. Clever is leaving this guy twisting in the wind, with no future job prospects, no stock options, and only a few months' unemployment to coast on before beginning his new career in retail -- thus protecting the Google brand identity and slogan "Do No Evil". Determining whether or not ruining someone's life for doing exactly what was asked of them by management qualifies as evil or not is left as an excercise for the reader.
Didn't RTFA? Just pull comments out of your ass! (Score:1)
Now a former state investigator involved in another inquiry into Street View has identified Engineer Doe. The former investigator said he was Marius Milner ... The former state investigator spoke on the condition that he not be identified because he was not authorized to speak. ... Although the F.C.C. declined to identify the engineer, a footnote in the full text of its report said Google told the agency the identity of Engineer Doe “only because it had disclosed his name to state investigators on December 17, 2010.” Google declined to comment.
That's clearly Google's fault. They shouldn't have told state investigators ANYTHING. I mean, they got reprimanded for "obstructing investigation" or somesuch anyways, what does one more bit held back matter?
Re:ftfy (Score:2)
What kind of twisted world view do you have in which corporate employees are transformed into mindless minions that have to obey every command? As an employee, you still have moral and legal responsibilities. If he had thought that this was the wrong thing to do, he could have said "no". In fact, the way Google works, he probably could have said "no" without consequences.
I think what rather happened is that he thought this was an OK thing to do. Good for him! I hope he makes that argument stick, because I think he's right and it's the principled position to take. However, it still comes down to the fact that he made that choice to go ahead, and he needs to now deal with the consequences. And the long term consequences may still be good for him and for all of us, in that people may come to realize that we shouldn't have useless and ineffective legal restrictions on recording publicly broadcast data.
Re:ftfy (Score:4, Interesting)
What kind of twisted world view do you have in which corporate employees are transformed into mindless minions that have to obey every command?
My 'twisted' world view is called 'capitalism'. And yes, if you want to stay employed, you do what the person signing your paycheck tells you to do.
As an employee, you still have moral and legal responsibilities.
Yes, the moral responsibility to keep eating, paying the rent so you can keep a roof over your head, etc. It's very easy to act all indignant that someone would choose to eat food instead of morals; It's a lot harder when you're the one choosing between keeping your job, or losing your car, house, family, etc.
In fact, the way Google works, he probably could have said "no" without consequences.
The evidence does not agree with your 'world view'. Also, although cliche, I have to say "Citation needed." You haven't claimed you work for google, nor provided any citation or information that might suggest Google is somehow above its fiduciary responsibility to its shareholders; Because before this guy got fired, the Board most certainly looked at the issue and determined one man's future was not worth Google getting raked over the coals in a PR disaster. To suggest that they would take the moral high ground on that is preposterous: All businesses react the same way to a perceived threat -- they jettison it and distance themselves from responsibility for it as quickly as possible.
I think what rather happened is that he thought this was an OK thing to do. Good for him! I hope he makes that argument stick, because I think he's right and ...
... And that'll be the last time he gets a job in this industry. What's the first thing a prospective employer does these days? Type your name into a search engine and see what it comes up with. And right there, as the #1 result for the rest of his life, will be "Caused PR disaster." Whether that's true or not is irrelevant; Future employers won't take the risk. Taking the moral high ground is not without its consequences; That is why so few people these days do it.
, in that people may come to realize that we shouldn't have useless and ineffective legal restrictions on recording publicly broadcast data.
I'm sure he'll take great comfort in raising public awareness on this very important issue, while he's asking you if you'd like fries with that.
Re:ftfy (Score:2)
No, your world-view is Marxist because you view employees as little more than slaves. In a capitalist system, people change jobs when their employer doesn't treat them right. And Milner would have had no problems finding another job if he didn't want to record this data; skilled networking software developers are in high demand.
You fabricate the idea that Milner was forced to collect that data. Then you fabricate the idea that Milner will be fired over this. And you fabricate the idea that Milner is now unemployable. Where is your evidence?
If you think that recording this data was wrong, then the "moral high ground" would have been to quit before recording the data, in which case Milner wouldn't have this on his record.
Re:ftfy (Score:2)
No, your world-view is Marxist because you view employees as little more than slaves.
Your red-baiting [wikipedia.org] will not work here, Sith Lord.
Re:ftfy (Score:2)
Your view of Milner is that he is exploited by his company, alienated from his work, and unable to change jobs because of a labor surplus. That is, you hold the classical Marxist view of labor; that's just an objective fact. If you didn't know that was Marxist, start doing your homework.
The capitalist view of labor is that it operates in a free market, so workers can negotiate fair wages, prefer their current work to the alternatives, and can change jobs if another job offers them a better overall value.
One can argue about whether the Marxist view of labor applies to unskilled factory workers (and that observation alone wouldn't amount to a full-scale endorsement of Marxist ideology), but it certainly does not apply to Google engineers. Milner had a choice whether to collect this data or not, and he wouldn't have starved if he had chosen not to.
So it looks like you are now adding fabricated outrage to fabricated facts.
Re:ftfy (Score:2)
like the phrase (Score:2)
If this guy is responsible for sneaking the phrase "hackers and other ne'er-do-wells" into an official legal document, I sort of like him already.
In general though I don't see much reason to single him out, when it seems fairly clear (from what evidence is available) that this was a Google project, not a "rogue employee" acting against management's wishes. There are cases where I'd support individual employees being held accountable, but I'm not sure this rises to that level; whether this turns out to be right or wrong, I think Google as a company should own the actions.
Re:like the phrase (Score:1)
I must admit, it sounds to me like he's being turned into a sacrificial offering.
Marius Milner's Software Downloads (Score:1)
Downloads are free but PayPal donations are accepted.
Re:Marius Milner's Software Downloads (Score:2)
NetStumbler for Windows and MiniStumbler for Windows CE downloads are at:
NetStumbler.com [netstumbler.com]
I've been told that the software that actually did the sniffing wasn't NetStumbler, but rather it was Kismet [kismetwireless.net]. I don't know the original source of who knows this firsthand though, so I can't verify this. However if this is true it's interesting, because it would mean A) Google was likely using a non-Windows system to do the wireless packet sniffing, B) the author of NetStumbler was using another sniffing utility to do the work rather than his own tool, which would be an interesting irony.
Re:Marius Milner's Software Downloads (Score:2)
Adding to this, Netstumbler can't even capture data as its hopping channels. The only way to accomplish this if the author wrote another program that used another wireless card to sniff on the selected channel, which seems highly unlikely.
If word got out what software Google was doing to accomplish this, wouldn't you think it would inspire someone to find ways to break it when a Google car is in your neighborhood? Presuming of course, they simply turned off the pcap capturing and continue to use it.
Interesting -- NetStumbler sounds like a very different tool than Kismet is. Concerning the packet sniffing Google did, my understanding is that the main issue was sniffing and storing of unencrypted packets, so yes, that would generally be easy to fix by turning encryption on. My understanding is that Google was likely mostly interested in sniffing and storing the SSIDs of access points along with GPS data on where they were located, and context like whether the AP was encrypted. In other words, they were essentially "war driving" while collecting map data. I don't think they had any ill intent, and likely just forgot to turn the logging off. *shrug*
Idiots (Score:3, Interesting)
I guess it would be beyond expectation for someone to tell anyone complaining their data was "stolen" that they should have been pumping it into the local atmosphere for all to read without any encryption or other basic protection.
Yeah, holding people accountable for their own idiotic actions would make too much sense. Beside, we make far too much money out of idiots who bought cool stuff with no clue how it actually works - me especially, a lot of my tech support clients use Macs.
Re:Idiots (Score:1)
Take note kids, this is what happens when you post dehydrated.
Re:Idiots (Score:1)
I guess it would be beyond expectation for someone to tell anyone complaining their data was "stolen" that they should have been pumping it into the local atmosphere for all to read without any encryption or other basic protection.
Most people didn't set up their home network and probably had expected that it wasn't publicly accessible. In most cases, these people had their WiFi setup done by whoever came from their ISP to set it up. They had an expectation of privacy. This is really no different than the fact that you can't just record phone calls without consent either.
Yeah, holding people accountable for their own idiotic actions would make too much sense.
Like holding Google accountable for someone purposefully going around sniffing people's traffic?
Re:Idiots (Score:2)
I'm going to open a radio station and broadcast a private station. Every couple minutes it will say "this is a private feed and it is illegal for you to listen to it without permission". Then I will sue everyone that does...
Profit!
Re:Idiots (Score:3)
The big cat in the room. (Score:3, Interesting)
Posting anonymous so this will not haunt me forever through the net (unless you are tracking me already har har).
Has anybody actually been hurt? Because, uh, I'm just asking. I'm all for privacy but I don't see anyone poring over my data in this case. So has anybody been hurt? Where is the victim?
Or are we talking about hurting the feelings of those poor electrons that used to mean something, however fleeting, before being vacuumed up by a hateful engineer?
And you know every atom whose state you have ever modified has certain inalienable rights..
I am pretty damned cynical about big corporations and those who presume to rule them, but there are plenty of white collar criminals in power in America and I have yet to see any at Google.
And for your info I think Sergey's and Larry's excellent space adventure shows me enough where those guys stand. I prefer to support Google and Man's Future In Space. The rest of the establishment, their cops and politicos and bastards who talk out the sides of their mouths, the warhawks and smack sellers, and all the self righteous fucks who turn a blind eye to killing, and the fucktards who find a moral pinnacle somewhere in there, they can all go off and fuck themselves until they die.
As for Milner? Well he is either completely innocent or a geek who has been hypnotized until robotic. Happens every day in America. There are one thousand other cases more worthy of prosecution.
Re:The big cat in the room. (Score:2)
Would you have preferred that they waited to deal with this after someone actually got hurt?
Google's not going to go out of business here, and even those who believe this was less of a mistake and more of a "project", don't think that it was necessarily going to be used as more than some sort of research into something else.
That said, Google has set the bar for itself, and it needs to be consistent about it. The company needs to actually enforce its core values or they are going to be seen as either a good idea that would never work in the "real world" or worse, an egomaniacal expression that actually means "Evil is what we say it is".
Re:The big cat in the room. (Score:1)
Thanks for replying though I was AC.
I think you are correct on all points. However I object to the media fest and attempt to destroy this man's career.
Perhaps Google needs to be taught a lesson certainly the words of Schmidt in the past indicate callousness to privacy although that is probably moderate compared to most corporate CEOs. So yes Google cannot afford to take both high and low ground at the same time. Though being arbiter of morality might appear to be bad for their bottom line in the short term.
Still, my point remains. Someone is having their career destroyed because Google is a big fat target and yet, no victims exist. Being on the cutting edge and pushing things to see where the law will step in is perhaps how they do business even, however it is sufficient to erase the excessive data and make legislation. The impression is that Google is not as good at lobbying as say the RIAA, Tobacco or Oil are. The difference of course is that when Google oversteps unclear bounds, still nobody has actually been hurt. Whereas when RIAA, Tobacco or Oil overstep much clearer bounds, you get things like spammed prosecution of the innocent and a protection racket (RIAA), death (Tobacco) and destruction of water resources and the atmosphere (Oil). Google's visibility makes it risky for people to work there it seems.
Doesn't seem to be a "rogue employee" (Score:5, Insightful)
Google long maintained that the engineer was solely responsible for this aspect of the project, which resulted in official investigations, some still unresolved, in more than a dozen countries. But a complete version of the F.C.C.’s report, released by Google on Saturday, has cast doubt on that explanation, saying that the engineer informed at least one superior and that seven engineers who worked on the code were all in a position to know what was going on.
The F.C.C. report also had Engineer Doe spelling out his intentions quite clearly in his initial proposal. Managers of the Street View project said they never read it.
Depicting his actions as the work of a rogue “requires putting a lot of dots together,” Mr. Milner said enigmatically Sunday before insisting again he had no comment. He said he was closely following the news reports on the issue.
If that's all to be believed, Milner reported on what he was doing, and sent it to his boss(es). They opted to "not read" the report. If at least six other engineers were in a position to know, then this sounds more like a "no, don't put this in writing or tell us what you're doing" situation than a rogue employee. If bosses aren't responsible for their employees, what are they there for?
Re:Doesn't seem to be a "rogue employee" (Score:1)
If this were anyone other than Google, Slashdot group think would be shouting "incompetent company!" as loud as they could...
Re:Doesn't seem to be a "rogue employee" (Score:5, Insightful)
If bosses aren't responsible for their employees, what are they there for?
To provide individual profit without individual responsibility. Unless, of course, profit is threatened, in which case sacrificing an individual is a reasonable response. See also: The reason most people over the age of 30 are fired. I can't tell you how many times I've heard someone blubber "But I did what they asked me to..." on the way out the door. I've worked corporate jobs long enough to know that when someone asks you to do something you think might backfire, you smile, agree, and work as slowly as possible on the project while working as quickly as possible at finding another job and getting your name off the reports. Corporations will not hesitate to throw their employees under the bus -- afterall, it's not like you're unique or important... there's fifty more just like you a phone call away.
That is the raisin de etre for a corporation: Individual profit without individual responsibility.
Re:Doesn't seem to be a "rogue employee" (Score:2)
Re:Doesn't seem to be a "rogue employee" (Score:1)
Murdoch (Score:2)
personal project to study WiFi spots gone bad (Score:2)
It would be like adding some metric measurement software to what we ship customers. Then have that send back these data. Our customers may be unsure then if their personal data in this software is being compromised.
pursue and punish where it does some good (Score:4, Insightful)
If you broadcast information publicly and without sufficient encryption, the public can listen in and record it.
Apart from the question of who is right in the abstract, punishing Google or other people isn't going to deter anybody who actually wants to do you harm, since passive listening is pretty much impossible to detect. What we might restrict and punish is the use of such information, for example rebroadcasting it, using it in legal proceedings without a prior warrant, or reselling it.
The real question we should be asking is how people are punished that broadcast private information (e.g., hospitals that use unencrypted networks).
Re:pursue and punish where it does some good (Score:3)
If you find a neighbor's wifi network is open, that doesn't give you carte blanche to use it and snoop their devices and data; especially in the countries where privacy laws afford some protection against that sort of snooping. This spills over into a grey area regarding data on encrypted networks. What happens if I record your encrypted wifi data, and 10 years from now computers have gotten fast enough that what was sufficient encryption at the time of the recording can be broken in a few seconds? Do I get to say "tough, you broadcast that data on public airwaves using insufficient protection; it's now mine to do with as I wish"?
Your private data has to be afforded some legal protection regardless of the amount or strength of encryption. The dividing line has to be whether the user had an expectation of privacy when transmitting that data. I think most courts would buy the argument that you don't have an expectation of privacy only on openly public networks (e.g. Starbucks). I think wifi is new enough for non-tech people that for a home network, most courts would agree the owner had an expectation of privacy even if he failed to turn encryption on.
Re:pursue and punish where it does some good (Score:2)
But we have a long-standing principle that if you use the public airwaves, people have a right to listen. Why do you want to change that principle and suddenly criminalize behavior that's been legal for as long as we have had radio?
I do not have a right to use it, nor is anybody arguing that you should. Use requires broadcasting and interfering with the access points. I should have a right to passively listen and record whatever my neighbor broadcasts, just like any other radio transmission.
If you broadcast your private information over the radio, if you print it on fliers, if you have loud conversations about it sitting at Starbucks, it ceases to be private. Whether information is private is not defined by the information, it's always defined by what you have done with it in the past. If you publish it, it ceases to be private.
Catering to people's stupidity isn't going to protect them from criminals. The only way to keep your private information from criminals is for people to use encryption. So, we could outlaw unencrypted connections, or we could require companies to print big warning labels. But making listening in to broadcast over the public airwaves illegal has no benefits and only threatens basic and important rights that we all have.
We found a witch! (Score:2)
May we burn her?
Re:If you have something that you don't want (Score:5, Insightful)
Or in this case, if you have something that you don't want anyone to know, maybe you shouldn't be broadcasting it over the airwaves to the public at large.
Just a thought.
UK Law prohibits it, encrypted or not (Score:2)
this is UK law, not US law but direct from OFCOM: http://stakeholders.ofcom.org.uk/enforcement/spectrum-enforcement/guidance [ofcom.org.uk]
"It is an offence if a person ... uses wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of any message whether sent by means of wireless telegraphy or not, of which neither the person using the apparatus nor a person on whose behalf he is acting is an intended recipient."
It doesn't matter if I'm broadcasting unencrypted data. If you are not the intended recipient then you are breaking the law by sniffing it.
Re:If you have something that you don't want (Score:2)
Or in this case, if you have something that you don't want anyone to know, maybe you shouldn't be broadcasting it over the airwaves to the public at large. Just a thought.
https is your friend. Seriously on any wifi network you should use https for anything secure.
You can't be that stupid. I live in a place that has wifi where you log in with password. It is encrypted, but after logged in you can still sniff everyone else on the network. It still doesn't make it right to do so. Likewise, your internet traffic goes unencrypted when it leaves your house. It doesn't make it right for me to plug in to that in between your house and ISP and capture that data. Google and Marius Milner can go fuck themselves.
Re:If you have something that you don't want (Score:1)
https is your friend. Seriously on any wifi network you should use https for anything secure.
MITM attacks on public wifi hotspots are mostly trivial. Yeah, keep believing that using HTTPS is securing anything.
Re:If you have something that you don't want (Score:3)
https is your friend. Seriously on any wifi network you should use https for anything secure.
MITM attacks on public wifi hotspots are mostly trivial. Yeah, keep believing that using HTTPS is securing anything.
Written by someone who obviously doesn't understand how https works. Your site URL is validated against a server-side certificate. The protocol starts with an exchange of public keys, then uses session keys for the session. This makes a man in the middle attack impossible.
Re:If you have something that you don't want (Score:2)
Golly! I guess my Palo Alto firewalls are lying to me.
We use these to prevent internal data loss, filter malware, virus, etc... and decrypt all SSL traffic as normal policy. The client never knows the difference because the firewall has its own cert issued by a trusted CA. You could always do the same yourself, but the process has been made trivial with an appliance.
Re:If you have something that you don't want (Score:1)
So, by "trivial" you mean "Easy, you just need to be a government official with a leverage over certificate authority, or you could simply hack a CA and issue a fake certificate. Trivial!"
Re:If you have something that you don't want (Score:2)
So, it's the tools problem when the user refuses to use it correctly?
God help us all when the butter knives get fed up with it.
Re:If you have something that you don't want (Score:2)
Written by someone who obviously doesn't understand how https works. Your site URL is validated against a server-side certificate. The protocol starts with an exchange of public keys, then uses session keys for the session. This makes a man in the middle attack impossible.
Yeah, who here doesn't understand things. I live in a country that has been serving fake certs and other trickery even when trying to login to fucking Slashdot using HTTPS. If you believe that there is no way around or no tricks to use against users you are being unbelievable naive and/or idiot. Hell, even Slashdot allows this because it has non-https components even if you browse with https. Go back to your noob-box and get some clue.
Bullshit, Certificates are international, and whenever certificate authorities have been compromised their issuing certificates have been revoked.
Re:If you have something that you don't want (Score:2)
So, instead of just insulting people - do you plan on backing anything up?
Re:If you have something that you don't want (Score:2)
Re:If you have something that you don't want (Score:2)
The cert was not a kroger cert, it was something else and I did actually call the police because I thought it was a rouge access point someone had set up on the parking lot. It appears to be in the store's deli. I'm debating whether I should follow up to ascertain if they are aware it is set-up the way it is and how that could potentially open them up to liability.
Re:If you have something that you don't want (Score:2, Insightful)
Your reasoning is along the same as "you shouldn't go out if you don't want to get stabbed". It is not reasonable suggestion.
Do you even have the ability to grasp granularity of magnitude that isn't all on or all off?
HTTPS isn't the issue here. THERE IS NO PRIVATE NETWORK ON OPEN WIFI. A secured connection, a dedicated connection from an ISP, these are PRIVATE connections. OPEN WIFI is a PUBLIC ONE.
You don't want people listening in on your phone calls? Don't have them outside in a public place, the hobos might steam your trade secrets (or whatever paranoia types like you subscribe to).
You don't want people listening in on your data? Don't transmit it on a "public" medium.
Re:If you have something that you don't want (Score:4, Insightful)
Re:If you have something that you don't want (Score:2, Insightful)
If you leave your house unlocked, no, that doesn't allow me to go in and take whatever I want, because the DOOR IS CLOSED. Now, if you opened your door, and put a sign on the porch saying "Hey, I have stuff in here", then yes, it is your fault. Same as if you were broadcasting unencrypted wifi signals.
And while we are on the topic, let me educate you a bit. If you send out an unencrypted radio signal, and I do nothing more than receive it, then I did not "go into the network" to get anything. I received exactly what was sent to me. See the difference?
Re:If you have something that you don't want (Score:2)
No, it's not OK even then. Only if I put up a sign saying "Hey, I have stuff in here AND YOU CAN HAVE IT."
I would argue that's exactly what you're doing if you broadcast unencrypted WiFi across your neighborhood. You cannot scream across the EM spectrum at the top of your lungs and demand the world not listen. People are not going into the public's house to get their wifi traffic. Ignorant members of the public are blasting it across an area greater than a football field with their house in the center.
Re:If you have something that you don't want (Score:2)
Re:If you have something that you don't want (Score:2)
Don't know about the US but in the UK the law is clear regarding radio transmissions - whether clear or encrypted, whether audio or data : You need the permission of the transmitter (the person, not the equipment) to listen in. This covers everything, e.g. air traffic control is not encrypted but that doesn't mean you're allowed to listen to it. Same goes for CB chats between two trucker friends and also peoples WiFi.
So as you can see, arguing that "the wifi AP didn't have a password therefore the auto-negotiation between my laptop and their router constituted permission" will get you nowhere.
Re:If you have something that you don't want (Score:2)
Care to provide citations? Especially considering the legal status of Wi-Fi.
Because a) it might fall under general transmission and not require any special permission to receive (just as it doesn't require any special permission to transmit), and b) your interpretation makes even just scanning for networks around you criminal - as in that screen which shows available networks in your phone settings and such. You see, I didn't give your phone a permission to receive my SSID and protection state - even though they are transmitted in the clear. I transmit them only for my laptop and phone.
Re:If you have something that you don't want (Score:2)
Nevermind, found some fresh news from UK [theregister.co.uk].
Seems like initial investigation was on Data Protection Act grounds, not just "listening in", though that part might be investigated now under other act.
Citation (Score:2)
From OFCOM: http://stakeholders.ofcom.org.uk/enforcement/spectrum-enforcement/guidance [ofcom.org.uk]
This page is specific guidance about VHF Scanners, but cites laws regarding "transmissions" in general:
"...it is illegal to listen to anything other than general reception transmissions unless you are either a licensed user of the frequencies in question or have been specifically authorised to do so... "
and
"The services that can be listened to under the definition of general reception are:
licensed broadcasting stations;
amateur and citizens' band radio transmissions; and
weather and navigation transmissions
"
Re:Citation (Score:2)
You're quoting wrong parts, as every Wi-Fi device uses same "frequencies in question" and "licensed user" is any certified Wi-Fi card.
But further down the page there's applicable excerpt from RIPA:
".. intentionally and without lawful authority to intercept, at any place in the United Kingdom, any communication in the course of its transmission by means of:
a public postal service;
a public telecommunication system."
Which seems to mean that because it was seen as accidental before, it was not included, and now that it seems to be intentional, there might be a new investigation - see my previous message.
Re:If you have something that you don't want (Score:2)
Re:If you have something that you don't want (Score:5, Informative)
I don't think you understand how radio works. It's like sound.
Your neighbor blares his stereo? Well, you can hear his music because of that.
You blare your unencrypted data? Well, I can read it.
Re:If you have something that you don't want (Score:2)
It is assumed. Am I to cover my ears when I walk by a house where someone is shouting?
Re:If you have something that you don't want (Score:2)
Lets be proper about this.
Nobody picked it up off the street, they merely looked at it, and made a record in their journal.
Re:If you have something that you don't want (Score:3)
> It's like sound.
Which in most states is illegal to record without the consent of at least one party?
And further, I'd also mention that the Supreme Court has ruled that people have an expectation of privacy with regards to their infrared emissions, which is a much better analogy. There is a huge difference between actual sensory data which you incidentally encounter, and data that you can only receive by using a specialized piece of equipment and specifically decoding it. (Mind that even unencrypted wireless is still encoded by the protocol. You cannot make sense of the data by simply 'listening', you need to actually identify the noise, devices, packets, retransmissions, etc.)
Re:If you have something that you don't want (Score:2)
-A persons loudly blares music
-A person has sex on their front lawn
-A person posts a sign in front of their house
In each of these cases, the person is extremely aware of what they are doing. Now, granted, you are correct - people are broadcasting their unencrypted data, which any one can collect. However, in this case, they are completely oblivious of the fact. Now, we can put on our nerd hats and proclaim that everyone should be intimately familiar with everything that we consider important, but I have to say, that isn't ever going to be reality.
Given the public's lack of understanding of the technology, it is reasonable to say that they can have an expectation of privacy for their wireless communication. As another poster pointed out, you need to purchase "specialized" equipment to collect this data. I don't simply walk down the street and have this data rudely forced upon me.
Re:If you have something that you don't want (Score:2)
OK, then i'll argue this way: you require specialist equipment to broadcast this internet. If you have it, you need to understand at least the super basics of how it works.
If suppliers are not ensuring you do, they are not exercising the due care that they should (yes, i know they are not required to. that's part of the problem)
Re:If you have something that you don't want (Score:2)
Three key words: You have the *right* to leave your house doors open, but if you do, you'll find your *insurers* take a dim view of your sense of *responsibility*.
The analogy may or may not apply well to wifi.
Re:If you have something that you don't want (Score:5, Insightful)
Actually, it's more like putting a speaker outside your house, then playing personal information over it for anyone driving down the street to hear, and then getting angry that someone had the gall to record the audio that you were broadcasting to the world at large.
Re:If you have something that you don't want (Score:2)
so if i dont put up curtains that gives you free reign to peer into the windows of my house and make an inventory?
Um, pretty much yes?
Re:If you have something that you don't want (Score:2)
Generally, yes - as long as I do it from a location I am authorized to be (such as my own property or the sidewalk in front of your house). If my actions were associated with some crime (such as a conspiracy to murder) or in violation of court order (such as if you had a restraining order preventing me from being within 100 yards of your house) of course it is not okay.
Re:If you have something that you don't want (Score:2)
Apparently, you could watch it, but in most of the US recording the act would be illegal.
(You can check [wikipedia.org] the validity of this analogy for yourself).
Re:If you have something that you don't want (Score:2)
The school kid hacked the account.
Question. Are the people who think this is a crime really that fucking stupid when it comes to technology on this site?
Or are they just so blinded by their own ideology that the stuff they used to know goes "poof" never to be seen again?
Re:If you have something that you don't want (Score:2)
If you broadcast your voice over public airwaves it is legal to intercept it. It doesn't matter if you *think* it's a landline, it simply does not have the same protection.
Cordless phones many of which are unencrypted fall into your description, yet it is illegal in every state for a third party to monitor the phone call without consent of all participants. Most state laws also specify cellular and cordless calls, and others use all “electronic” communications, to cover ANY phone call. The protection is for any phone calls no matter how they are made.
Better analogy (Score:2)
You don't want people listening in on your data? Don't transmit it on a "public" medium.
But google wasn't just incidentally listening to peoples data (like seeing the router name and signal strength). They were doing the equivalent of setting up a ladder on the sidewalk and taking multiple telephoto photos through each house's front windows on each block, in every town, in every state, then compiling and analyzing the data so they could better advertise to each household. If I'm in my kitchen doing dishes and someone looks at the kitchen windows while walking down the sidewalk that's one thing. But if a fellow sets up a ladder, climbs it, then whips out a camera with a telephoto lens, is that fellow just capturing light that I am broadcasting into the public medium? Sort of, but he's also making a substantial effort to see things that aren't intended to be public. To knowledgeable people the most that a wardriver would see is the router name and the signal strength. That's like the incidental glancing at the window, no big deal. That is public. Google was using advanced packet sniffing software to effectively get on the ladder and take telephoto pictures of what was going on inside. You try out the ladder/camera trick and see how long before the local police show up and toss you in the clink for being a peeping tom.
Re:Better analogy (Score:2)
No they were not.
They were driving by listening to ambient sounds when you went outside and screamed at your wife that just because you had your ass pummeled by the plumber once does not make you gay. They recorded it. Then they did not publish it. But you got scared and sued Google because they heard it.
Re:If you have something that you don't want (Score:2)
The ISPs and device vendors who sold UNSAFE PRODUCTS to consumers are the folks we should be mad at.
Car analogy: Do you get mad at the guy who slowed his car in front of you, or the auto manufacturer who sold you a car with the brakes detached from the brake pedal?
Re:If you have something that you don't want (Score:2)
The people they were snooping on weren't intentionally running an open WiFi and had an expectation of privacy.
A false one. Ignorance is not an excuse.
Re:If you have something that you don't want (Score:2)
Why not?
Re:If you have something that you don't want (Score:2)
"To me, there is no expectation of privacy if your communication is not encrypted."
Some people aren't capable enough to even program the clock on a VCR, yet you expect them to know how to magically set up encryption. The expectation of privacy is still there. It never goes away.
Re:If you have something that you don't want (Score:2)
When you need knowledge you don't have, you hire a consultant. People have been doing it with their cars for years, it's no different with a computer. And yes, you can get screwed in both cases. It's called the real world.
If you're incompetent, pay for someone who is competent. It's that simple. People just act different 'cause it's a fucking computer and they have some sort of mental block that prevents their intelligence from working properly.
Re:If you have something that you don't want (Score:2)
"Just because you're stupid doesn't mean the law MUST protect you."
Actually, that's what laws are for.
"People just need to learn to RTFM, all the routers now have manuals with Big Friendly Pictures and Big Friendly Setup Wizards which tell you to set the password."
Mine didn't come with a manual, nor a setup wizard. It just came with a slip of paper with the login code for the router, and the default wireless encryption key (and the wireless encryption was turned off by default.)
Re:If you have something that you don't want (Score:2, Insightful)
Neither of those analogies are appropriate, and your reaction is awfully spiteful for someone who likely wouldn't be on an unencrypted wi-fi network in the first place.
In one of your examples, you're given access to a private system with the idea that you won't mess with other.
In the other, you're tapping into a private circuit with the intent to steal data.
If anything, home routers should come pre-encrpyted, with the random default key on a sticker on the bottom, and display a warning and disclaimer for people who wish to run unencrypted wi-fi.
Someone before made the analogy about this being like having sex with the windows open, and then saying anyone who happens to stare for a few extra seconds can go fuck themselves and deserves to die. What kind of person ARE you???
Re:If you have something that you don't want (Score:2)
Re:If you have something that you don't want (Score:2)
No, it's more like walking down the sidewalk and noting how you and your boyfriend really are loud sex partners.
Since you can hear it from the sidewalk.
Re:If you have something that you don't want (Score:4, Insightful)
You can't be that stupid...
If the system is open, an easily sniffable, you're an idiot for using it with stuff you don't want publically accessible.
* I don't use WiFi at home (easy enough to wire a place up, a simple weekend project).
* When I do use WiFi...
** If it is encrypted, then I will use things like email, etc. But only if they are on a secure pipe (such as https / pops / etc.). I still won't use it for anything financial.
** If it is unecrypted, then I will only do casual browsing - no stuff with user names or passwords.
* Wired is treated like secure/encrypted WiFi, except I will do financial things (if it is a network I trust)...
Remember, on the internet, paranoia is your friend because everyone IS out to get you.
Re:If you have something that you don't want (Score:2)
I use wifi away from home only when it is a necessity. And only at when times I don't have an option. End even when I do use it, I restrict what I do (as stated previously, sorry if this mildly complex set of use-cases confused you). Also, it keeps anyone from accessing my home network via WiFI, should they manage a successful breakin. Using wifi elsewhere won't allow them to break in to my home network via wifi. If you need an explanation why, please go back to eating your crayons and glue.
If what I do is too complex for you, that's your problem, not mine. But I don't feel like wasting 10-15 mins on the phone to cancel a credit card, dealing with issues of someone having gotten into my filesystems because they've run rampant on my network, or having the cops come after me because someone hacked my network and started using my internet for illegal purposes.
Re:If you have something that you don't want (Score:3)
HTTPS and SSH cannot be sniffed on your wifi, nor does either one "go unencrypted" when it leaves your house. Broadband providers using DOCSIS [comcast.com] protocols also are not sniffable by your neighbors.
However, I recommend you should worry more about "is it possible" and "is it likely" rather than "is it right". Our government and the big corporations (that's redundant, I know) clearly aren't at all concerned about your ideas of right and wrong.
Re:If you have something that you don't want (Score:2)
Re:If you have something that you don't want (Score:2)
mod parent up (Score:2)
Re:If you have something that you don't want (Score:2)
Good luck decrypting it, though.
Re:If you have something that you don't want (Score:2)
Actually using that information to break into your account and take money would be theft, of course, but have you proved that Google did anything untoward with the data that they were given (yes, given)? If not, your analogy does not hold.
Re:If you have something that you don't want (Score:2, Informative)
Your hate towards Marius Milner is so strong, you saw this article in the future and registered just in time to post this comment with same timestamp as the article?..
Tech(NY|LA|Cars|nicalExpert), you're so unsubtle :(
Re:If you have something that you don't want (Score:4, Insightful)
But how could he not write the sniffer program? A co-worker of mine wrote a fun screen-saver. It posted each image sniffed over wifi in a random place on the background, creating a real-time collage of what people were viewing on the Internet. He wrote the program and showed it to his boss, and fortunately being at a start-up, he found it amusing. He also hacked our WEP security in a few hours with some hacker software, leading us to upgrade our protection rather than get pissed. It is the nature of good engineers to be curious, and Joe Engineer does not offend me. It's the government that scares me [scpr.org].
Re:If you have something that you don't want (Score:3)
I certainly don't condone anyone collecting WiFi data that most people expect to be private, but correct me if I'm wrong - they didn't crack WEP/WPA/hack their way into routers to obtain this data. That means it was floating free and unencrypted over the air for anyone to observe. It's shady and makes Google look bad, but technically it's not much different from receiving FM radio signals; perhaps short range walkie talkie conversations are a more apt comparison - still not illegal and not patently immoral.
Re:If you have something that you don't want (Score:1)
I don't know about that, they knowingly assigned a well-known writer of war-driving software to the street view team. It is kind of obvious what is going to happen next. That was the reason Google hired him in the first place.
Re:Only the unencrypted information is useful (Score:1)
You (and the 100 other posts with the same sentiment) are frickin' morons.
Yes you should protect you data as much as possible, but there are always
ways around that and looking through other peoples stuff is wrong. just because
you *can* doesn't mean you *should*. If you mail a letter, I could grab it out of you
mailbox shine a light or something to read the contents (or unseal/read/reseal).
would your response be "Well, I guess I should have put the letter in a stainless steel
box and welded it shut"
Re:Only the unencrypted information is useful (Score:2)
Re:Inflammatory Headline - Paid Astroturf Spot (Score:2)
If you check out the name of the person who made first post, along with the time stamp you'll see why it was written as inflammatory as possible.
I'm finally coming around to the opinion that /. is taking money for some story submissions such as this one.
Re:Which one is it? (Score:2)
I think part of the problem is that we are dealing with different standards in different countries. I'm in the USA and while I think what they did was inadvisable I don't think it was completely wrong. The problem is that I think it is against the law over in Europe where they have much stronger data privacy laws. That's the sort of thing that could easily catch the engineers involved by surprise, but it appears that they covered that base by suggesting that the project be run by the legal team. It seems like that didn't happen which is likely a management issue, even though no one is admitting that because they don't want to take on that responsibility and the legal implications.
Re:double standards (Score:2)
Yea, I noticed that. He felt it was fine to potentially ruin someone's career by identifying him but isn't willing to put his own name behind his statement?