FCC Investigating Google Street View Wi-Fi Data Collection 122
adeelarshad82 writes "The Federal Communications Commission is looking into whether Google's Street View Wi-Fi data collection violated the Communications Act. At issue is a May admission from Google that equipment attached to its Street View cars collected data that was traveling over unencrypted Wi-Fi networks, known as payload data. At first Google said it did not know if that data included personally identifiable information, but the company admitted last month that it did include entire e-mail addresses, URLs, and passwords. Google has pledged to work with the FCC."
Make it illegal to spew your broadcasts at me (Score:5, Insightful)
Why is it illegal for Google to listen as it drives down the street to something you're broadcasting into the street?
Make it illegal to broadcast it into the street in such a way that a normal consumer device won't hear it, THEN you can go after Google if they used something to cheat and listen in on people.
Right now they're being investigated because they drove down the street with a microphone and recorded all the idiots shouting out their private info to anyone willing to listen ... without special listening equipment!
I understand making it illegal for someone to use a laser mic to listen to my private in home conversations. I expect anything that normally would not be heard outside my home to be private.
Wifi most certainly is expected to be heard outside the home. Its not something that someone can claim ignorance on, people understand that television broadcasts and radio broadcasts travel many miles, so anyone claiming ignorance just doesn't count as they are too stupid to matter.
I really can't see how you can call google wrong in these case, if you broadcast it over the airwaves, and someone hears it, too damn bad. Encrypt it, or hell at least use WEP, where it might not be actually secure, but at least you can say you made it clear it was not intended for unauthorized parties.
Re:Why? WHY??? (Score:4, Insightful)
They didn't think about it at all. They just wanted SSIDs and MACs and the payload data came along for the ride. They obviously didn't think it would be a problem, and why would they? Everything they collected was transmitted in the clear on unregulated spectrum.
Re:Why? WHY??? (Score:3, Insightful)
Having played around with various wardriving tools, it seems to me it would be really hard to accidentally capture packet payloads.
Re:Why? WHY??? (Score:3, Insightful)
The software they used was had a log of the traffic data. They did not know about it, they didn't plan to collect it. And the moment they found out about it they told everyone. If they had just silently deleted it no one would have known. But Google felt it was best to be open about their mistake.
Your last point is highly debatable. Google only went public with this after the German government demanded to audit the data even though Google assured them that no private information was being collected.
From http://lastwatchdog.com/googles-wifi-data-harvest-draws-widening-probes/ [lastwatchdog.com] (this was covered many places in European press)
In April, Google admitted to German privacy regulators that vehicles specially-equipped to systematically shoot photos of street scenes for Google Maps also carried gear to collect data moving across unencrypted wireless networks situated inside homes and businesses. The company insisted at the time that only basic Wi-Fi location data was being collected. But after Germany requested an audit, Google subsequently disclosed that it had mistakenly collected personal data, as well.
Re:Make it illegal to spew your broadcasts at me (Score:2, Insightful)
> Why is it illegal for Google to listen as it drives down the street to something you're broadcasting into the street?
It isn't. There must be a reasonable expectation of privacy before listen is a problem. Unencrypted radio transmissions have no such expectation. For example, no one would consider that listening to an FM radio broadcast would be a problem. ClearChannel can't come along later and say, "uh, you can't listen to that signal we're beaming through your house!" Of course I can. If you don't want me to, don't beam it through my house.
Same applies here. There is no reasonable expectation of privacy if you use a radio to send signals into public spaces. If you encrypt them, there IS an expectation of privacy, and then google would be liable if they decrypted them. But that is not what happened here. There is no expectation of privacy if you shout data loud enough for everyone within 100m radius to hear it.
I don't like google or use their services. I think they violate privacy in many ways. But what they did here was not wrong, and *this* is not the way to deal with privacy issues. First, punishing Google but not addressing the root of the problem does not stop the next guy from doing the same, and he may not be as honest as google was. Second, it only sets a bad precedent that will come back to haunt all of us eventually when it is used against us.
Re:Why? WHY??? (Score:3, Insightful)
Except that Skyhook does not send a vehicle through your neighborhood to collect the information, unrequired; they calculate it and store it as part of the location-detection service that the user initiated.
So, if I access Google and request location information, then it's fine for them to catalog my MAC address and Wi-Fi network information in order to properly and accurately provide the service. However, if I don't use Google, I do not want them cataloging my network information, uninvited.
-dZ.
Re:Why? WHY??? (Score:3, Insightful)
I have a real problem with a technically-minded company like Google "accidentally" logging that kind of information. Even if it was an accident, they need to be punished for that through fines or something (as other companies have been punished for their privacy breaches), and the FTC's ending of its inquiry solely based on Google's promise to do better next time was bullshit.
You have to hold companies with this much power and information accountable. Basically, you have to keep them in line and remind them to be on their toes at all times.
Re:Why? WHY??? (Score:2, Insightful)
That's a big problem for Google, then. They need to start thinking about this shit.
Actually, the Communications Act prohibits the use of public radio waves in that way.
Re:Make it illegal to spew your broadcasts at me (Score:1, Insightful)
> "Reasonable expectation of privacy" doesn't really apply because people don't understand the technology.
Disagree. I think "reasonable" should mean "reasonable to someone who has at least a layman's understanding", and anyone with that is going to understand that radio waves can be picked up at a distance. It shouldn't mean, "reasonable to the most clueless people it's possible to find".
If we let the most clueless among us dictate public policy, that will lead nowhere good. That's how you end up with all the irrational laws we have on the books today. The better way to cope with this is to educate people, not to dumb society down so that nobody ever has to know anything about anything. That leads to a society ripe for abuse by a tiny few. In the land of the blind, the one eyed man is king. I want to help more people see, not let them muddle along with blinders on.
Re:Make it illegal to spew your broadcasts at me (Score:4, Insightful)
Actually, federal law prohibits the unauthorized publication or use of messages intercepted over radio networks. Contrary to popular opinion on Slashdot, "wardriving" is illegal for this reason (among others) in many areas. There is a reasonable expectation of privacy, just as you wouldn't consider having an unlocked door to be an invitation for people to stroll into your living room and take pictures of your stuff.
As for claiming that people can't claim ignorance about Wi-Fi technology...what planet are you living on? You seriously think people are aware of how Wi-Fi works and that they didn't simply go down and buy a cheap Linksys router from Wal-mart and hooked it up according to the little brochure of instructions given to them by their ISPs, unaware that they're broadcasting personal information into the streets? You think they equate the mysterious computer network in their homes to television and radio or that they expect it to have enough range to reach out past the walls of their house?
That's where your analogy to "shouting" falls apart. People shouting are intentionally broadcasting information. People with unencrypted networks are not intentionally broadcasting information and are most likely unaware that they are. Just because they don't know they're doing it doesn't make it okay to exploit that fact. That a major corporation is driving vans around doing just that, and that people are defending said company, is simply amazing. If this was Microsoft or Apple, the tone of the comments would be totally different. Microsoft collecting people's emails and passwords would be a huge scandal around here.
I get that this is Slashdot which means defending everything Google does, but they deserve to be punished as a deterrent and to remind them to be that much more careful handling personal information next time, regardless of how they acquire it. Sometimes, it feels as if people excuse Google's behavior simply because Google uses Linux or works on open source projects or puts out an image that it's an "open" company (okay, so where's the source code for the search engine then?) in order to attract the Slashdot-browsing technical crowd.
I mean, we're talking 600 gigabytes of data here, collected over the span of three years. For three years, they didn't notice they were collecting emails and passwords? If their engineers were so neglectful that they incorrectly configured their data scanners, and their database admins didn't notice they were collecting much more data than they were looking for, then Google should be punished for that incompetence alone. They're handling personal information here. How about a little incentive for them to pay attention?
You guys attack other companies for doing much less than what Google gets away with constantly. By "you guys," I mean the contingent of defenders that have begun to sprung up in every one of these articles, automatically getting +5 Insightful, drowning out criticism of Google. This is a company whose CEO said that only people who have something to hide care about privacy. When is the other shoe going to drop? Why is it okay to have Google browsers running Google searches and browsing Google email while chatting via Google Talk and taking calls on Google phones, archiving and indexing all your information for advertisers? But Microsoft and Apple, they're evil monopolies in their markets and must be stopped!
Come on.
Re:Why? WHY??? (Score:3, Insightful)
Why is that eh-veel?
Did you somehow thing your unencrypted wifi signal was private?
You DO understand its a radio don't you?
Re:Why? WHY??? (Score:5, Insightful)
Yes that is exactly what they are telling you.
They used common off the shelf linux utilities to collect this information. The collected beacon information, wrote it to disk with the current location information.
Rather than a "database" it was a simple flat file of location plus beacon data.
Someone forgot to filter it so that only beacon packets were written.
So in the 5-10 seconds the car was within range of an unencrypted wifi some other data might have been geo-tagged and written.
Don't try to make more of it that it was. It was not a relational database. Its no where near that sophisticated. And google was unaware that they were even collecting the information till they noticed their disk were filling faster than they should. Since all they wanted was Beacon packets they never even looked at the rest.
And guess who reported this to government: Thats right, Google.
No one goes to jail for a harmless mistake.
The only way this data gets sold is when the governments that demanded it for their witch-hunt release it under freedom of information requests.
Now run along and go turn your wireless encryption on and put your tinfoil hat back in the closet.