Congressman Steps Up Pressure On Google, Facebook

crimeandpunishment and other readers noted the US government's increasing pressure on Facebook and Google. On Friday the head of the House Judiciary Committee, John Conyers, sent the two companies a letter asking them to cooperate with any government inquiries. It's not clear exactly what purpose the letter served, other than to make Google's and Facebook's lawyers squirm a bit more than they already were, with Germany and courts and the FTC looking hard in their direction; Conyers did not say his committee will be holding hearings. The FTC just asked Google to hold onto the Wi-Fi data that it says it accidentally collected while snapping Street View photos. And in response to the growing outcry since its F8 conference last month, Facebook offered some simplified privacy controls — though opinions vary on how much the new controls simplify things for users.

Re:Accidentally or Tactically Aquired data

[spleen_blender]

The cameras are hooked up to a computer. The computer has wifi. The cars have GPS. All of the logs for each of these are synchronized since they are all on the same computer. So if your wifi logging happens to be detailed enough you could definitely "accidentally" collect that data just by having the wifi on with a default of connecting to any open network.

Does anyone know what these computers in the Street View cars were running OS wise? Hardware wise?

Re:Google just needs to ask him "how much?"

[binarylarry]

No joke, it's just a corrupt Detroit politician shaking down big corporations for money.

The guy's wife got put in jail for doing the same thing when she was on the Detroit city council: http://en.wikipedia.org/wiki/Monica_Conyers [wikipedia.org]

A new privacy issue I saw today:

[Culture20]

After typing my password wrong a couple hours ago, I noticed the new facebook "wrong email/password pair" page does the GUI login interface: it changed my email address into my Full name and profile picture. So now random Joe can find out someone's profile picture without even having a Facebook account. Also, it ties your email address to your real name, even if you don't make your email address visible. All random Joe needs is an email address. It's not like spammers don't have millions of email addresses, and botnets to do the intentionally failed logins.

It's not as bad as some of the other crap, but this is an example of where they don't think their "ease of use" through.

Re:FTC?

[Peach Rings]

Uh so the evidence isn't destroyed obviously. Presumably because the FTC is investigating.

Re:Accidentally or Tactically Aquired data

[phantomcircuit]

So if your wifi logging happens to be detailed enough you could definitely "accidentally" collect that data just by having the wifi on with a default of connecting to any open network.

They did not connect to anybodies network. They simply sniffed over the air broadcasts. They did not actively do anything.

Re:"It's not clear what purpose the letter served.

[Cornwallis]

More likely to steer attention away from his wife who was a Detroit City Council member and is due for some jail time over (SURPRISE!) bribery charges.

Re:Accidentally or Tactically Aquired data

[beakerMeep]

Or, you could have just answered his question in a sentence or two. From what I have read, Google was collecting publicly broadcast SSIDs on purpose to help with geo-location and their Maps service. However they (claim) the code they used to gather this data was accidentally cut an paste from a research project that demonstrated how much more than just SSIDs could be captured.

So while they were hoping for grabbing just this:

getSSID();

they got

getSSID();
getAllSnifableTraffic();

This is an oversimplification-guesstimate, but I think makes the claim more understandable. Are they telling the truth? Hard to say. Certainly we've all seen cut and paste errors in code like that. But you'd also think if someone was using code from a project designed to actually sniff traffic they would know to be careful what they cut and paste. So while it seems a bit fishy, it's absolutely plausible the whole thing was just an accident.

Re:Accidentally or Tactically Aquired data

[nacturation]

I know you're trying to teach him to fish, but I'd like to give people the benefit of the doubt and assume they will want to teach themselves to fish. They aren't going to go look something up because you called their question stupid.

Maybe it's about time we broke the stereotype of tech-people being unapproachable and snobbish in their unwillingness to tolerate those that know less than they do, no?

My response to the OP wasn't unapproachable or snobbish -- I would classify it as a "polite but terse RTFA", if you will. If the OP took my advice and looked for more info, he could have replied to my post saying "I looked it up and here is what I found" and maybe also made some other interesting commentary that added value to the discussion.

You asked why I didn't simply supply the answer, and that's where I explained that I thought the question was stupid. The way I see it, we have two choices here:

1. Encourage people to post questions easily answered with a few minutes of research.
2. Encourage people to research their questions first, then post a question if there was something they didn't understand.

The first choice ends up turning Slashdot into a helpdesk for dummies, where stupid questions are encouraged because people know that someone's going to supply the answer to them. The second choice leads to people understanding that they're going to get called out if they ask a 'Let Me Google That For You' question.

However, let's say that I did answer the OP's question. If we reward simple questions, here's how it might look:

Q: "How do you accidently collect wi-fi data through Street View photos?"
A: "You don't. Google also collects SSID information at the same time it snaps Street View photos."
Q: "What is SSID?"
A: "It stands for Service Set ID, a part of wifi."
Q: "What does this have to do with Street View?"
A: "They do this to improve location based services."
Q: "What are location based services?"
A: "They are services which make use of location data to provide additional information."

And so on. Had the OP done some of this research up-front, they might have run across this blog post [blogspot.com] which explains, in detail, the what and why of everything. Then, they might have asked a different question, such as:

Q: "I understand that the MAC address is being collected as it's guaranteed to be unique to each device, but what value is there in collecting the SSID names along with it since most of them will have the same default name?"

This would have spawned a far richer discussion, with others commenting on the uniqueness of MAC addresses, the possible applications of SSID names, and so on. And hopefully the discussion won't get mired down in people replying with "What is a MAC address?" or "What is the default name?" etc.