Congressman Steps Up Pressure On Google, Facebook 120
crimeandpunishment and other readers noted the US government's increasing pressure on Facebook and Google. On Friday the head of the House Judiciary Committee, John Conyers, sent the two companies a letter asking them to cooperate with any government inquiries. It's not clear exactly what purpose the letter served, other than to make Google's and Facebook's lawyers squirm a bit more than they already were, with Germany and courts and the FTC looking hard in their direction; Conyers did not say his committee will be holding hearings. The FTC just asked Google to hold onto the Wi-Fi data that it says it accidentally collected while snapping Street View photos. And in response to the growing outcry since its F8 conference last month, Facebook offered some simplified privacy controls — though opinions vary on how much the new controls simplify things for users.
Accidentally or Tactically Aquired data (Score:2)
Re: (Score:2)
How do you accidently collect wi-fi data through Street View photos?
That was a poorly written summary. You can read through the many Slashdot stories which covered Google's logging of wifi data if you need more info.
Re:Accidentally or Tactically Aquired data (Score:5, Informative)
So while they were hoping for grabbing just this:
getSSID();
they got
getSSID();
getAllSnifableTraffic();
This is an oversimplification-guesstimate, but I think makes the claim more understandable. Are they telling the truth? Hard to say. Certainly we've all seen cut and paste errors in code like that. But you'd also think if someone was using code from a project designed to actually sniff traffic they would know to be careful what they cut and paste. So while it seems a bit fishy, it's absolutely plausible the whole thing was just an accident.
Re: (Score:2, Offtopic)
Or, you could have just answered his question in a sentence or two.
To do so would have been encouraging intellectual laziness. I expect the average Slashdotter to make a modicum of effort to educate themselves rather than posting a stupid question. In the time it took to ask the question and wait for an answer, the OP could have learned a fair bit and then come back with an interesting question instead of a stupid one.
Re: (Score:3, Insightful)
Really though, maybe if we spent a little less time telling each other to RTFM and a little more sharing info, we could save a lot of nonsense back and fourth like this.
I know you're trying to teach him to fish, but I'd like to give
Re: (Score:2)
It's better for someone to discover the answer on their own than have it handed to them IMO.
However, with simple requests for information, I don't think that rule generally should apply. Asking a complex question would be a good time to have someone seek out the answer, simply for the possible insights they may gain on the journey to that answer. A simple request for information ("What's the capital of Kansas?") is not going to provide any significant insights.
Of course, that being the case, the great-great
Re: (Score:3, Informative)
I know you're trying to teach him to fish, but I'd like to give people the benefit of the doubt and assume they will want to teach themselves to fish. They aren't going to go look something up because you called their question stupid.
Maybe it's about time we broke the stereotype of tech-people being unapproachable and snobbish in their unwillingness to tolerate those that know less than they do, no?
My response to the OP wasn't unapproachable or snobbish -- I would classify it as a "polite but terse RTFA", if you will. If the OP took my advice and looked for more info, he could have replied to my post saying "I looked it up and here is what I found" and maybe also made some other interesting commentary that added value to the discussion.
You asked why I didn't simply supply the answer, and that's where I explained that I thought the question was stupid. The way I see it, we have two choices here:
Re:Accidentally or Tactically Aquired data (Score:4, Informative)
Does anyone know what these computers in the Street View cars were running OS wise? Hardware wise?
Re: (Score:3, Informative)
So if your wifi logging happens to be detailed enough you could definitely "accidentally" collect that data just by having the wifi on with a default of connecting to any open network.
They did not connect to anybodies network. They simply sniffed over the air broadcasts. They did not actively do anything.
Re: (Score:2, Insightful)
"Sniffing" sounds active to me. Storing the data is definitely active.
Re: (Score:1, Insightful)
If I take a voice recorder with me as I walk down the street and use it to dictate the things I need to pick up at the store, I will also record what other people who walk by say. I will also record 1/2 of what some people say on there cell phones. (because they talk loud) This is against the law some places.
I am guessing they just recorded full unencrypted packet expecting to grep out the SSID's later...
Re: (Score:2)
If it costs money, it's active.
Are you saying storage is free?
Re: (Score:1)
Nope. Sorry. You fail.
It's active if someone actually had to act with intent.
If all they had to do is start a service that by default sent its output to syslog, that's definitely passive.
Besides, disk is cheap.
Re: (Score:2)
No it's not.
WiFi data for geolocation? (Score:1)
FTC? (Score:1)
Why does the FTC want Google to hold on to that data?
Re: (Score:2, Insightful)
Data mine it for information on terrorists. Duh.
Re: (Score:1)
Oh, snap. I better destroy all my equipment before the Federal Government catches on to my mission to the weaknesses in security in and around Washington DC and New York city...namely Bill Clinton's bedrooms.
Re: (Score:1)
I doubt there's much going on in there anymore. She definitely should have had him neutered by now.
Re: (Score:3, Informative)
Uh so the evidence isn't destroyed obviously. Presumably because the FTC is investigating.
"It's not clear what purpose the letter served..." (Score:5, Insightful)
There is an election this fall.
Re:"It's not clear what purpose the letter served. (Score:4, Insightful)
Close. It's part of the campaign itself: If you're an incumbent, it helps to appear to have done something during your term. But your constituents won't remember anything you did before march of the election year, if you're lucky. So, a cheap way to get cameral-cred is to be part of some kind of investigatory commission.
Like when the US congress thought it would be a good use of their time to interview every f'king baseball player to see if they'd ever used f'king steroids. Steroids. In sports. Considered important enough for f'king Congress to have weeks of hearings. Brilliant.
Anyway, stuff like this gets their name in the news for free which is even better than spending your hard-grifted campaign cash on advertising.
Re: (Score:3, Insightful)
I wish they had spent more time on the steroid issue. It's a far less damaging way for them to spend their time than normal.
Comment removed (Score:5, Informative)
Government (Score:5, Insightful)
So in government-land, the way to fix the problem of data accidentally collected is to order that said data be KEPT, instead of immediately deleted??
Re: (Score:2, Insightful)
There is no data. We were never at war with Eurasia. Pick up that can citizen.
Re:Government (Score:4, Insightful)
For some reason, the United States is the only country on Earth where accidents don't happen – it's always somebody's fault, and you can sue that somebody for neglect.
Re: (Score:2)
For some reason, the United States is the only country on Earth where accidents don't happen – it's always somebody's fault, and you can sue that somebody for neglect.
Only when "somebody" has money. When "somebody" is poor, or when "somebody" is the government and can't be sued, then it's really the fault of society and it can only be resolved by raising taxes on somebody else with money.
Re: (Score:2)
Re: (Score:2)
http://www.heritage.org/budgetchartbook/top10-percent-income-earners [heritage.org]
Re: (Score:3, Insightful)
To answer the grandparent:
It's called preserving evidence.
To answer the parent:
If the United States was a place where a deliberate and intentional decision to perform an action could be ca
Re: (Score:2)
It was a accident, because ALL the data was being scanned then a filter was applied to see what to keep. The filter just happened to not be tight enough.
Re: (Score:2)
If the filter wasn't tight enough, it was because someone decided not to tighten the filter.
You cannot 'accidentally' write code, run code, collect data, and put it into a database. Period.
Re: (Score:2)
Somebody at Google decided to write the function into the code and the database schema to collect and store that data - there is no possible way for it to have occurred accidentally.
You must have first-hand knowledge of this in order to make such a claim.
Re: (Score:2)
Yeah, in the same way I have first hand knowledge that breathing is vital to my continued existence.
Seriously, what fucking drugs are you smoking that you can honestly believe that code wrote itself, and then ran on a computer, all without human intervention?
Re: (Score:2)
Seriously, what fucking drugs are you smoking that you can honestly believe that code wrote itself, and then ran on a computer, all without human intervention?
Here's a scenario:
Someone at Google gets a change request for the Street View vehicles to start collecting SSID names as they roam. It's a simple project, so they hand it off to a summer intern who goes to SourceForge or GitHub or whatever and starts looking for SSID libraries because, after all, he doesn't want to reinvent the wheel. He finds a great SSID library and incorporates it into the project, runs his unit tests to verify that it works according to spec, and they deploy it into the field.
Later on
Re: (Score:2)
Unless his spec included 'capturing and storing packets to a database previously provided', then his unit tests will fail.
Your contrived scenario is utterly and completely full of shit.
If the situation can adequately be explained by incompetence (or inexperience), you'd have a point.
Re: (Score:2)
Your contrived scenario is utterly and completely full of shit.
Here's the actual scenario:
http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html [blogspot.com]
It follows pretty closely with the scenario I put forth. You assert that there was deliberate and intentional storage of data, something which is contrary to the explanation that Google has put forth. Google claims it was a mistake, and their actions following this discovery do not indicate otherwise.
If the situation can adequately be explained by incompetence (or inexperience), you'd have a point. But it cannot be so explained - unless you'd have me believe a bug existed that could not only capture the data, but also define a database field to store it in?
Oh, now you have knowledge of the storage mechanism they used on the laptop and the schema that was used? Do
Re: (Score:2)
In what world does an intern's code make it to production without review?
I realize that most people here live in an ideal world, however based on my experiences I must conclude that I live in an alternate world. Note that in this case, "production" means a laptop in some cheap little rigged-up car that is driving around the streets rather than a public-facing web service that millions may rely upon.
Re: (Score:3, Insightful)
So in government-land, the way to fix the problem of data accidentally collected is to order that said data be KEPT, instead of immediately deleted??
If you caught a corporate spy trying to leave your company premise with a USB drive containing "accidentally collected" company data, do you also immediately wipe out the USB drive? No, you would have KEPT the drive to use as evidence and for further investigation to proof exactly what had happened and how the data got there.
That is just plain common sense.
The Google fanboys in /. are really amazing, you guys(*) would even advocate destroying evidence when Google broke the law!
(* - there are many other pos
Re: (Score:3, Insightful)
In your corporate espionage scenario, that's my own data the spy has got. If I'm looking at my own data, no foul.
This is random Web access data from the general public. The result of government obtaining it is that the government will paw through it. This is a whole new level of scary from a privacy perspective.
If the goal is to preserve the privacy of the people whose data this is, then this makes no sense.
Re: (Score:2)
> In your corporate espionage scenario, that's my own data the spy has got. If
> I'm looking at my own data, no foul. This is random Web access data from
> the general public.
Which, to the government, is their own data.
Come on. Don't you believe in government of the people?
Re: (Score:3, Insightful)
Re: (Score:2, Redundant)
So what's the point of the order to keep it, then? If this data is so unimportant and un-sensitive, then who cares anyway?
Re:Government (Score:4, Insightful)
So what's the point of the order to keep it, then? If this data is so unimportant and un-sensitive, then who cares anyway?
How about as evidence to proof Google violated the law in court?
Isn't that the whole analogy with corp spy about, and the purpose as evidence part was explicitly spelled out in the post as well.
Really, this is quite a unique experience for me! To see, first hand, where otherwise technically competent people suddenly unable to understand simple things (i.e. illegally collected data is evidence) when it contradicts with their beliefs (Government==bad, and Google can do no wrong).
Re: (Score:1)
Re: (Score:2)
Hasn't google already conceded said data exists and was accidently collected? If they've already publically admitted it exists, keeping it around only worsens and extends any possible privacy violations.
Wow. Just, wow.
Has it ever occurred to you that when someone (even Google) broke the law, it may come one day when it will go before a court, and the judge would possibly like to see the evidence from the prosecution before giving a guilty verdict? And the judge would possibly also like to see the extent of the violation when he consider the penalty for the guilty party?
Is it that hard a concept to understand? The data is EVIDENCE in this case, you don't go about destroying evidence in the normal course
Re: (Score:1)
Re:Government (Score:4, Insightful)
(apologies for the double reply)
Let's consider this scenario: I'm diagnosing some problem with my wireless network, setting my radio to promiscuous mode and recording the results. I happen to record a few minutes' worth of traffic from the access point of you, my next door neighbor. Which of the following would you prefer:
a) To protect your privacy, I immediately delete the data.
b) To protect your privacy, I "turn myself in", sending a copy of what I recorded to the FBI, CIA, John Conyers, and anybody else who feels it's his job to "safeguard privacy".
You're arguing for b), which is the wrong answer.
Re: (Score:2)
I choose A with a modification.
Immediately delete the data, then turn yourself in.
Re:Government (Score:4, Insightful)
Let's consider this scenario: I'm diagnosing some problem with my wireless network, setting my radio to promiscuous mode and recording the results. I happen to record a few minutes' worth of traffic from the access point of you, my next door neighbor.
See if your analogy still make sense if you add the following:
1. You have been recording for the past 3 years' data from my access point, instead of a few minutes, and you have been processing those data for the whole time instead of just letting them sit there. Kind of hard to say you are not aware of those data are there for the whole time, huh?
2. For the sake of argument, there are relevant laws in your country that exactly prohibits such recording. (you may consider, as example, covertly recording telephone conversations in countries that requires consent from both parties)
3. Turning yourself in means sending what you recorded to the relevant authorities, != every 3 letter agencies you can imagine.
Still unconvinced? Consider another analogy:
A peeking tom living nearby has been secretly taking pictures of your daughter for the past 3 years. And (for the sake of argument) there are local laws that forbids exactly this kind of tracking/following/photo-taking activity. Now you find this out, but you have no idea what kind of pictures have been taken, you confronted the peeping tom and he promised to delete all the pictures.
Do you prefer to:
a) To protect your daughter's privacy, let the peeping tom delete all the pictures, trust him that he will actually do it.
b) To protect your daughter's privacy, call the police, knowing that they will need to take the pictures as evidence to prosecute the peeping tom?
You are arguing for (a), that may be the right answer for you, but don't judge others arguing for (b) as "wrong".
Re: (Score:1)
Consider another analogy:
A peeking tom living nearby has been secretly taking pictures of your daughter for the past 3 years. And (for the sake of argument) there are local laws that forbids exactly this kind of tracking/following/photo-taking activity. Now you find this out, but you have no idea what kind of pictures have been taken, you confronted the peeping tom and he promised to delete all the pictures.
Do you prefer to:
a) To protect your daughter's privacy, let the peeping tom delete all the pictures, trust him that he will actually do it.
b) To protect your daughter's privacy, call the police, knowing that they will need to take the pictures as evidence to prosecute the peeping tom?
You are arguing for (a), that may be the right answer for you, but don't judge others arguing for (b) as "wrong".
(c) Grab peeping tom by the scruff of his neck, drag him into his house, and go through his crap looking for the pictures. Take what you need as evidence against him, destroy what you need to. Break his fingers, etc.
2 wrongs don't make a right? Nope, but peeping tom will probably think twice about peeping again. or at least, getting caught at it.
He who lives by the sword... (Score:2)
An interesting approach. What if:
(a) Said peeping tom is bigger/stronger/more violent/better trained/better armed/better connected/all-of-the-above than you are?
(b) You don't find any evidence but instead get sued both criminally (assault) and civilly, financially ruining you and your family?
Re: (Score:2)
Big problem with this logic, the peeping tom could just as easily make duplicates of the photos.And having the police confiscate them means nothing because of it and the police have no way of knowing if he did.
So on the point of privacy, does it matter either way if the peeping tom have hidden a copy somewhere? How can any 3rd party be sure the copy destroyed is the only copy?
However, for the prosecution POV, how do you propose the DA to present the case to the judge if they don't even have a copy of the pictures? "Your honor, we are sure the peeping tom has broken the law, but for the subject's privacy, we decide to delete all the evidence immediately. However, we did get a confession out from the suspect, so
Re: (Score:2)
Kept and then mined. Screw your privacy.
Re: (Score:3, Insightful)
Sounds like a loophole to get around the 4th amendment.
Google just needs to ask him "how much?" (Score:5, Insightful)
Re:Google just needs to ask him "how much?" (Score:4, Informative)
No joke, it's just a corrupt Detroit politician shaking down big corporations for money.
The guy's wife got put in jail for doing the same thing when she was on the Detroit city council: http://en.wikipedia.org/wiki/Monica_Conyers [wikipedia.org]
There is something deeper going on (Score:5, Insightful)
I have a random suspicion about this...
Microsoft has been looking to use the big lobbyist network they acquired when they decided that the antitrust trial happened because they hadn't bought off the government and their competitors had (because, you know, they couldn't have done anything wrong!). They've been angling on Google for a long time.
I think they haven't gotten any action because while congresspeople like lobbyists and money, they can't actually act in a way that shows it obviously is the driving force. They have to sort of look like they're actually carrying out the political will of the people, more or less.
The Facebook debacle and Google's mistakes with Wi-Fi harvesting are garnering enough negative public attention that congresspeople can now actually take action against those companies without looking too obviously like they're in Microsoft's pocket.
I do think Facebook has definitely done something wrong, and I'm really curious as to the whole decision process that led to Google doing what they did with Wi-Fi data. But I don't think, on an ordinary day, that congresspeople would generally care at all. I think the reason they're putting on the appearance caring is money and lobbyists from Microsoft.
I'm sorry to be so cynical, but I think congress is hopelessly and nearly irreparably corrupt.
Re: (Score:2, Insightful)
Re: (Score:3, Insightful)
I'm sorry to be so cynical, but I think congress is hopelessly and nearly irreparably corrupt.
In my opinion it's getting better, because of public scrutiny. Really the only way it can get better is if people are paying attention, and it's so much easier to pay attention with all our modern information devices.
An example of how it is getting better is military spending. True, big companies still have influence with how the money is spent, but now they at least try to make it look like there is a legitimate process. 50 years ago they didn't even do that, the 'favors' were right there in the open.
Re: (Score:2, Interesting)
Both Messrs Page/Brin and Zuckerberg have made statements in recent memory that can only be called tactless. Statements like "the age of privacy is over" or "people should not expect privacy" etc...etc...
When you run one of the world's largest social network and search engine, I am surprised that these gentlemen bandy about making such statements in such a callous manner. They certainly may be geniuses in their res
Re: (Score:1)
Well, I think you're correct, but I don't think that makes my post wrong. But you are right that the respective firm's PR gaffes might well be enough without any third-party political prodding.
Re: (Score:2)
Lordy - I'm going to go buy tin foil stock, as that has to be the most convoluted way to justify Slashdot's "blame Microsoft, Google is innocent no matter what" mindset I have ever seen.
Re: (Score:1)
I think Twitter just came out of hiding.
Re: (Score:2)
All communications should be opt-in; make opt-out communications a felony.
+1 I concur
Comment removed (Score:4, Funny)
No unreasonable search and seizure (Score:3, Interesting)
should go beyond people granting their permission. Especially with people who hold your data. As far as I see, ISPs and webmail and other such entities hold as many of people's secrets as a lawyer/doctor and should be almost treated as such. Not quite perhaps, but close to it.
I don't see blind fishing expeditions of thousands of people at a time isn't unreasonable search.
Re: (Score:2)
ISPs and webmail and other such entities hold as many of people's secrets as a lawyer/doctor and should be almost treated as such.
What's the ISP/webmail/social-network equivalent of disbarment or removal of license to practice for divulging client information? Make social networks follow something like HIPAA. Soon.
A new privacy issue I saw today: (Score:5, Informative)
It's not as bad as some of the other crap, but this is an example of where they don't think their "ease of use" through.
Re: (Score:3, Interesting)
Have you tried with a clean browser? Maybe it only does this if you have a facebook cookie for a previous login.
Re: (Score:2)
You are using an incompatible web browser.
Sorry, we're not cool enough to support your browser. Please keep it real with one of the following browsers:
Mozilla Firefox
Safari
Microsoft Internet Explorer
WTF? Did they hire someone from 1996 to code their homepage? "Sorry, Netscape not supported."
Re: (Score:2)
Re: (Score:2)
Re: (Score:1, Redundant)
Re: (Score:2, Interesting)
I'd like to see Facebook offer some serious authentication options. Not just emailing if someone gains access with a new machine, which provides zero real protection, other than notifying the account owner that they are fscked.
1: Contract with Vasco or RSA and have a rebranded ID token. PayPal does this. eBay does this. Blizzard does this. Even AOL used to offer this for users.
2: Offer an app, not just for the iPhone, but for Android, Java (for the low end phones), Windows Mobile, Symbian, Blackberry
Re: (Score:1)
1: Contract with Vasco or RSA and have a rebranded ID token. PayPal does this. eBay does this. Blizzard does this. Even AOL used to offer this for users.
PayPal uses a Verisign ID, it's essentially a rebranded "Verisign Identity Protection" token.
And Facebook should use something like that, so the tokens are not specific to their site.
I sure as hell don't want to have to carry around 30 security tokens to be able to login to 30 different websites.
Conyers is a crook (Score:5, Insightful)
Watch out Google and Facebook. One of the most crooked congressmen of modern times wants your "cooperation". He can't use his government staff as personal valets anymore since he got caught. And his wife was recently sentenced to 3 years in prison for taking bribes.
If he asks you for a private meeting, you'll want to either bring a checkbook or a tape recorder.
Wireless Tapping? (Score:1)
Re: (Score:2)
While it might be nice, I assure you that nobody sniffing, recording or accessing your encrypted (and cracked) wireless access point will ever be charged with "wiretapping". There does not appear to be any right to privacy on wireless computer communications at this point.
Google's 2009 Oh-So-Cute Street View Privacy Video (Score:2)
Street View: Behind the Scenes [youtube.com]. The Google Privacy Channel's cutesy explanation of Street View's privacy safeguards. Looks like Wi-Fi sniffing was left on the cutting room floor. :-)
Facebook (Score:5, Interesting)
I'm sick of Facebook's attitude to privacy. Their settings page is designed to be confusing and time-consuming.
As far as I'm aware I have everything set to "friends only" and no apps or third-parties are allowed to see my data. Yet just this evening I went to a photo hosting site that I'd never been to before, and it prompted me to post a comment -- with me logged in using my Facebook account and my profile photo.
It's maddening.
Re: (Score:2)
I got fed up with FB months ago, "deactivated" the account to see if I missed it.
Haven't yet so I'll be deleting it Monday.(yes, I know about the petition).
Perhaps you should consider similar steps?
Re: (Score:2)
And yet you still have an account there.
I don't like my power company. They advocate the use of fossil fuels, and engage in unethical business practices.
However, I'm sure as hell not going to turn my power off.
Same thing with Facebook. I can simultaneously disapprove of their company, and still continue to use their service. It's become an essential tool for certain demographics (of which I happen to be a member). I'm not about to cut myself off from my peers over some privacy issues.
Re: (Score:2)
However I would say you are comparing primates to mushrooms, the two are not even on the same evolutionary branch.
To each their own. I hope you will still feel the same way when you have no privacy left.
Re: (Score:2)
The thing that REALLY scares Mark Zuckerberg is the possibility he could be subpoenaed to testify before Congress over Facebook's privacy policies, and if he lies to Congress over this matter, Zuckerberg could face real jail time for contempt of Congress.
Well, Mr. Conyers (Score:1)
Are we getting a little boost from BP if you can throw up a small smoke screen to draw some fire?
Here's to having you voted out... One can hope
The real problem with Facebook privacy controls (Score:5, Insightful)
facebook will never value my privacy profits (Score:1)
mark zuckerberg is a jerk. he will never value my privacy more than his company's ability to rake in money. so fuck facebook, i'm off.
John Conyers is old, tired, confused, (Score:2)