Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Google Privacy The Courts Wireless Networking Your Rights Online

Google's Streetview Privacy Snafu Prompts Lawsuit 418

shmG writes "Google's secret data collection has prompted a class-action lawsuit that could force the company to pay up to $10,000 for each time it recorded data from unprotected hotspots, court documents show. The incident, which the company claims to have been unintentional, has prompted the ire of governments and privacy groups around the world. Google collected information that could be used to identify users, including 'the user's unique or chosen Wi-Fi network name, the unique number given to the user's hardware ... [and] data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being sent over the network by the user,' the suit stated."
This discussion has been archived. No new comments can be posted.

Google's Streetview Privacy Snafu Prompts Lawsuit

Comments Filter:
  • by ClosedSource ( 238333 ) on Thursday May 20, 2010 @10:50PM (#32288966)

    If they lose the class-action suit they'll just have to pay the lawyers and give out discount coupons for Google search.

    • Re: (Score:3, Insightful)

      by plover ( 150551 ) *

      If they lose the class-action suit they'll just have to pay the lawyers and give out discount coupons for Google search.

      Maybe they'll have to offer free links to advertisements for people to put on their web pages.

    • Re: (Score:2, Funny)

      by timmarhy ( 659436 )
      ironically you just know the people who are most outraged about this will totally google for more information.
  • by microbee ( 682094 ) on Thursday May 20, 2010 @10:53PM (#32288980)

    So they collected some data, and then admitted it was unintentional. Then the privacy groups scream like an orgasm?

    How is it compared to, say, Microsoft "unintentionally" sent data by WGA?

    • Then the privacy groups scream like an orgasm?

      Perhaps you meant "scream like someone having an orgasm". Or perhaps, more fitting in the context of this story, "scream like someone who an orgasm is being had at the expense of"?

  • by OrwellianLurker ( 1739950 ) on Thursday May 20, 2010 @10:53PM (#32288984)

    Google collected information that could be used to identify users, including "the user's unique or chosen Wi-Fi network name , the unique number given to the user's hardware...[and] data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being sent over the network by the user," the suit stated.

    That should read:

    Google collected information that could be used to identify users, including "the user's unique or chosen Wi-Fi network name , the unique number given to the user's hardware...[and] data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being broadcasted publicly by the user," the suit stated.

    • Re: (Score:3, Funny)

      by MrLint ( 519792 )

      is 'Linksys' unique or chosen? I can't decide.

  • by williamyf ( 227051 ) on Thursday May 20, 2010 @10:56PM (#32289006)

    I mean, all those people were using WPA, WPA-2, or at the very least WEP.

    What I am really curious about is if this comment will be modded funny, or some other thing....

    • I've been following the issue. Google didn't collect traffic if it was encrypted in any way.

      I mean, I think you knew that and were being snide at the morons who think this is an invasion of privacy. I'm just clearing it up for those readers who aren't up to date.

      • by AHuxley ( 892839 )
        Just collecting the data packets then ?
        http://googlesystem.blogspot.com/2010/05/google-collected-data-packets-from-open.html [blogspot.com]
        "600 gigabytes of data was taken off of the Wi-Fi networks in more than 30 countries"...
  • Unencrypted Wifi (Score:5, Insightful)

    by Anonymous Coward on Thursday May 20, 2010 @11:04PM (#32289050)

    Vicki Van Valin ... said that their homes' wireless networks were infact not password protected... In connection with her work and home life, Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless network. A significant amount of the wireless data is also subject to her employer's non-disclosure and security regulations

    WTF. Her security was certainly broken, but not by Google - she broke it herself. She should be fired for not using encryption. I know it's wrong to wish ill upon somebody, but in this case, the security of her employer's data is more important than her job. If she does this kind of stupid stuff, she should get a job not involved with confidential data.

    The pair also claimed to have sent credit card and banking data over their networks.

    If you send your credit card info and bank info over unencrypted HTTP, you have bigger problems to worry about than Google.

    • The pair also claimed to have sent credit card and banking data over their networks.

      If you send your credit card info and bank info over unencrypted HTTP, you have bigger problems to worry about than Google.

      If your credit card and bank info is not being transited using SSL then you have much bigger problems.

    • WTF. Her security was certainly broken, but not by Google - she broke it herself. She should be fired for not using encryption.

      Fired? She'll be lucky if that's all that happens. She just admitted to a serious contractual breach ON RECORD. I expect the company will now take her car and her house. What a fucking idiot.

    • The point isn't for her to feel justice, or make money from this suit, it is for the lawyers representing her to get rich.

      Remember, in most lawsuits, the lawyers come out on top. If she wasn't the one making the claims, I am sure that the law firm sponsoring this action would find someone else that would be willing to.

  • by gbrandt ( 113294 ) on Thursday May 20, 2010 @11:15PM (#32289114)

    I am a programmer. I can honestly say that I have never saved data, via code, that I did know I was saving. There is no such thing as unintentional data.

    • by Darkness404 ( 1287218 ) on Thursday May 20, 2010 @11:21PM (#32289168)
      You are one programmer. Google is dealing with hundreds of programmers and -huge- programs. Some bit of old code they thought they deleted or disabled really wasn't, it got a bit of data, Google realized it, and is going to delete it. I don't see how this is sooooo terrible. This is less data per user than your neighbor with Wireshark running for 15 minutes would get, if you care about your privacy use encryption. Simple as that.
    • by ADRA ( 37398 )

      You have to capture frames in order to identify the SSID's of the AP's (the whole point of the exercise), so most likely there's a sniffer that just sit there running forever in the vans grabbing all captured frames, or at least the first of every unique AP found. When the van gets to Google central the logs were probably downloaded to a bulk data loader for eventual geo-location coding. It would seem that instead of wiping out the captured raw logs, they were retained as either 'malicious and nefarious use

  • Your wifi is sending everything you do 300' (more or less) in all directions. Encrypt it or STFU.
    and if it bothers you that one of Google's cars drove by and snagged your wifi access point's name then stop broadcasting your SSID too.
    Just because you don't understand how to configure your wireless network correctly gives you know rights to sue someone. Or at least win in court.

  • It sounds to me like people just want to get some more money... however the only people who will win this lawsuit are the lawyers..

  • Google was honest enough to actually tell everyone they got this information and that they are deleting it. They came clean and didn't use this data for anything. I'm not saying that we should just be completely "no harm no foul", but just think of how many companies collect much much more private data than that and just hide the fact that they collect it.

    I mean cmon in this day and age you should have security and all websites that have personal data use HTTPS. Give me a break, a lot of other corps warrant

  • the WiFi-based location services (such as the iPod Touch / iPhone support)?

    Those guys obviously war-drove all around collecting basically the exact same information in order to create the access-point-MAC-to-Lat/Log database that they use.

    If Google collected a whole frame of (gasp) unencrypted 802.11 traffic then that doesn't sound like much of a privacy risk.

    So I just don't get that Google is in trouble or frantically apologizing in this case. They're not the first nor probably the last to compile this sor

    • by AHuxley ( 892839 )
      Most parts of the world have anti wifi hacking laws.
      So you can run a cafe with wifi for your coffee drinkers and not some person on a park bench using your expensive bandwidth.
      Or your new 'open' by default wifi card gets used and you get a $1000+ data use fine for that month and they find who used you connection.
      Most have closed the "it was open loophole" with stiff trespassing laws.
      • Google wasn't accessing your network. They didn't send one single packet, so it would be hard to argue trespass or unauthorized access. They were just observing. You do this every time your computer pops up a list of nearby wireless networks: it captures packets flying about, filters out the information to find what it wants, and displays it to you. Google were doing the same, only saving it to long-term storage.

        You're right that ... well, some, I can't speak to 'most' ... parts of the world have anti wifi

  • Anything that can be viewed from a public place such as a street is not private in any sense of the word. A person who can be photographed is in a public situation.
                These privacy nuts are just that. It is time for people to take responsibility for their appearance, their actions and their whereabouts.

  • by no1home ( 1271260 ) on Thursday May 20, 2010 @11:35PM (#32289258)

    Some are complaining that this was some kind of breach of privacy, maybe breaking several laws (very debateable). Others are asking why this is even an issue since unencrypted wifi is freely viewable. So what on any of that!

    Why was the Google StreetView system collecting this data to begin with?

    Really, to collect this data, the street-team had to be running wifi in the vehical, purposely vacuuming all the data it could snif out of the air, and dumping it to a rather large drive. Why did this setup exist? Why was this system actively aquiring all this data? Was this being done by some of the streat-teams, or all?

    My thoughts are that this really was a simple mistake, likely from a misconfiguration. The likely intent was to gather open access points, like war-driving writ large, but a misconfiguration led to aquiring more than just the AP location/name/basic config- it grabbed whatever was being transmitted at that time. Of course, an oops like that, that was then allowed to continue (possibly), could be a firing-offense as it should have been better setup.

    • by AHuxley ( 892839 )
      Testing wifi ads for local shops? Triangulation of wifi - poor persons gps? The cost of a drive by - get everything you can on the first pass?
      or a covert open MAC hunt to find open wifi and other details for someone wanting deniability?
      Misconfiguration would be a first roll out in one city -opps we sucked up gb after gb of data -tell gov, tells press, clean up - turn off in all over cities.
      Get govs ok in all other cities if they wanted to do it after that first 'error'.
      Google seems to have sucked up al
      • Misconfiguration would be a first roll out in one city -opps we sucked up gb after gb of data -tell gov, tells press, clean up - turn off in all over cities.

        Why do you think they would necessarily have found out about a bit of extra data straight away? They did eventually notice it, and it went pretty much as you said. Tell gov, tell press, clean up, turn off in all StreetView vans... And then get sued. I guess next time they'll have learned to just shut their mouths and not tell anyone.

        • by AHuxley ( 892839 )
          The person in the van, suv, car running the visual street capture software would have known of the wifi strength?
          If your going to the trouble of paying for wifi capture, making sure it works, testing and installing - the bit of extra data is the end result and would be of interest from first the day in the first city.
          And yes if you break data privacy laws you get sued.
    • Re: (Score:2, Informative)

      by oddTodd123 ( 1806894 )

      Why was the Google StreetView system collecting this data to begin with?

      Google intended to collect SSID and MAC address data from WiFi routers in order to improve their mobile location-based services (i.e., if they know what router you are sending your packets through, they can narrow down where you are). To save time, the engineers working on the Street View code borrowed code from another Google project that was related to WiFi sniffing in some respect. Since this was never going to be publicly released code, they did not bother vetting the code they borrowed from their colle

    • by Dahamma ( 304068 )

      My guess is that it was to gather Latitude/Longitude on any APs broadcasting info in order to make assisted GPS on mobile phones more accurate. AKA "GPS by Starbucks".

      I don't think they had any interest in recording any private data, and it probably didn't beyond the basic stuff these APs were broadcasting. It's just a moronic loophole in a law "preventing snooping on open wifi" or something like that...

    • by ShinmaWa ( 449201 ) on Friday May 21, 2010 @01:16AM (#32289784)

      Why was the Google StreetView system collecting this data to begin with?

      To build a database of open wifi hotspots for Wi-Fi Geolocation [arstechnica.com] to add location-based services to Android, much like how the iPhone and iPod Touch use Skyhook [skyhookwireless.com] to do the exact same thing.

      Glad I could help.

  • This is a reminder that lawyers just can't be trusted not be complete assholes when aiming for selfish profit.

    People are usually fond of class-action lawsuits because most of the times the companies are actually being evil (i.e. Sony). So it's easy to forget or ignore the fact that class-action lawsuit do nothing substantial which benefits the consumer / end-user - they just enrich lawyers.

    Now we can see that they just don't care and will even try to paint as evil a company which is disclosing information p

  • by pclminion ( 145572 ) on Friday May 21, 2010 @12:04AM (#32289418)
    This'll send Google a clear message -- honesty doesn't pay off. If you fuck up and overstep your bounds, for crissakes do NOT let anyone know you did it.
  • Let's see. (Score:2, Insightful)

    by Anonymous Coward

    We have....

    • millions of privately installed security cameras
    • millions of government-installed security cameras
    • the ability of governments to monitor all financial transactions
    • the ability of the government to look at your banking account at any given time for any reason whatsoever
    • until a few weeks ago, the obligation for every telco to keep detailed records of all your activities, and that's probably returning in some form sooner or later
    • politicians who want blacklists for the internet that nobody except the fe
  • This is a joke. If people are stupid enough to leave their networks open its their own fault. Its like claiming you still own the items in your trash once its out in the street.
  • NetStumbler can collected SSIDs and tie them in with the location via a GPS receiver.. but it doesn't store captured packets. It seems that the technology is already commonly available, so why did Google manage to screw it up so badly?

    Also, I really can't see the point in doing this. I know that in theory you can use the SSIDs for geolocation, but GPS is cheap these days and so much better for most applications. Besides, wireless networks change over time and the mapping will surely go out of date very qu

    • by QuantumG ( 50515 ) *

      NetStumbler is way too slow. Capturing every packet you see and doing offline processing for SSIDs is a lot more effective.

  • Google is evil (Score:4, Insightful)

    by JeffSpudrinski ( 1310127 ) on Friday May 21, 2010 @05:28AM (#32291032)

    Google is evil. Period.

    Why do people insist in acting surprised when they find that Google can't be trusted. Google's object is to know as much as possible about YOU. They will find that out, then attempt to find ways to exploit that information without actually doing anything illegal. They got caught in this instance and realized that they should tell someone they did it rather than a whistleblower...which would have been even worse.

    Greed = Google.

    Just my $0.02.

    -JJS

Programmers do it bit by bit.

Working...