Connecticut AG Opts For Street View Settlement, Without Seeing the Data 93
theodp writes "Verifying Google's data snare is crucial to assessing a penalty and assuring no repeat,' said Connecticut Attorney General Richard Blumenthal last December in response to Google's 'accidental' collection of payload data from WiFi networks. 'We will fight to compel Google to come clean-granting my office access to improperly collected materials and protecting confidentiality, as the company has done in Canada and elsewhere.' That was then. Luckily for Google, there's a new AG in town, and Blumenthal successor George Jepsen said Friday that his office will enter into settlement negotiations with the company without reviewing the pilfered data, which Google has steadfastly refused to share with it. 'This is a good result for the people of Connecticut,' Jepsen said in a statement. A separate Jepsen press release suggested some of the blame for the privacy offenses laid with Google's victims, who were advised to 'turn off your wireless network when you know you won't use it' to thwart those who 'may be watching your Internet activity without your knowledge."
Re: (Score:2)
If someone is shouting-out, "I'm going to check my email...... next I'm surfing over to pay my bank bills... and now I'm visiting playboy.com," such that everyone within a radius of 1 block can hear it
That doesn't make the listener an "evil" person.
That is precisely the point. Securing it would be a good step too. Suing a company for "hearing" broadcasts is just dumb.
Re: (Score:2)
Exactly! And if someone is naked in their bedroom, and I happen to climb on the roof opposite with a camera and a telescopic lens and take photos of them to post online then it doesn't make me an evil person!
Wait, what?
Re:So much for "Don't be evil" (Score:5, Insightful)
On the other hand, if someone is walking around outside naked, and you just happen to see them, you're not evil at all.
I'll be the first to condemn Google when they're in the wrong, believe me. But if you leave your wireless open, you are choosing that anyone within range of it can pick up any packets it's sending. Or you failed to learn even the basics of safely and securely operating a device that carries sensitive data. Either way, it is your fault, not the fault of everyone who steps into range.
Now, were someone to use the gathered data maliciously (posting it in public, for example), you might have a point. But to my knowledge, none of the gathered data here has ever been made public.
Re: (Score:2)
Taking snapshots of a naked person in a bathroom with a window only viewable using specialist tools and from an unexpected location would equate you purposefully cracking the encryption of a secured broadcast. That's a whole different matter. This is basically somebody walking down the street when they see a couple fucking on their front lawn, no fence.
Re: (Score:2)
Re: (Score:1)
>>>And if someone is naked in their bedroom, and I happen to climb on the roof opposite with a camera and a telescopic lens and take photos of them to post online then it doesn't make me an evil person!
>>>
But that's not what happened.
Broadcasting wireless unencrypted internet (my original example) is the same as putting-up a big screen TV that shows your bedroom 24/7. If someone takes a photo of said TV while you stride past naked, they are not evil. YOU the homeowner are the one at fault.
Re: (Score:2)
First of all, this debacle wouldn't have occured if Google hadn't said it happened in the first place. Secondly, there was no "checking their email" - it was raw a dump of packets. Secondly, the landline is "encrypted" insofar you have to deliberately break open or otherwise rewire the wirebox, which is a crime. Lastly, cell phone conversations are in fact encrypted (although not very securely in my PERSONAL opinion) and if you wanted to listen in, you would have to crack the protocol being used, which woul
Re: (Score:2)
Said secondly twice, second time should obviously be "thirdly".
Secure it and leave it on. (Score:5, Insightful)
'turn off your wireless network when you know you won't use it'
How about secure your wireless network and nobody except those you specifically allow will be able to use it?
Re: (Score:1)
That's like suggesting you not to take your cell-phone with you if you don't think you'll need it. Hell, it's like suggesting unplugging your land-line (haha, land-line) if you aren't expecting a call since a telemarketer might ring.
The whole point of these services is that they are available. I should be able to read a book and get an email even if I'm not intending on reading one, and I should be able to get a phone
Re: (Score:2)
<quote>turn off your wireless network when you know you won't use it</quote>
That's like suggesting you not to take your cell-phone with you if you don't think you'll need it. Hell, it's like suggesting unplugging your land-line (haha, land-line) if you aren't expecting a call since a telemarketer might ring.
Actually its nothing like that. The difference is that many people can use the router they bought without ever turning the wifi on. Many people only have a desktop computer and a crappy old phone that does not have wifi built in. I know this might come as an anathema to many slashdot geeks but we are probably also the type who make sure our wifi is secure anyway. There are some people however, who get given one of these things when they sign up for broadband and then just plug there desktop computer into it
Re:Secure it and leave it on. (Score:5, Insightful)
I was walking on the sidewalk by his house, and he shouted out the window that he just farted. I took out a notepad and wrote down that the guy just farted. Then he sued me for invasion of privacy.
---> Guy gets laughed out of court.
Same but then something difficult involving "computers and stuff"
---> Guy can make it stick ??!!??
Re: (Score:2)
Amen. This whole Street View debacle has been just absolutely ridiculous. Especially in a world of push-button WPS protection, it is just plain silly not to have encryption on your network.
Most people get their wifi from the router that comes with their high-speed Internet and most of those come with encryption enabled. How many people still are using unencrypted wifi anyway?
Re: (Score:2)
How many people still are using unencrypted wifi anyway?
Mostly people who don't know enough to properly put the password into their laptops but can somehow figure out how to turn the default encryption off. And then there are the ones stupid enough to think the hassle of giving the password to their friends when they come over is more important than the risk of getting hacked. *sigh*
Re: (Score:2)
Mostly people who don't know enough to properly put the password into their laptops but can somehow figure out how to turn the default encryption off. A
No, the union of those two sets defines the null set. No one smart enough to connect to their router and turn off encryption is also too dumb to enter a password in windows or mac. I simply don't believe these people exist.
If routers were not shipped with encryption OFF by default this would never happen.
If Geeks trying to solve problems for friends and relatives didn't resort to turning off encryption as their first diagnostic step this would never happen.
If routers would only work for an hour with encry
Re: (Score:2)
Routers do come with a brightly coloured label on the bottom with the WPA key from some ISPs in Australia. The problem is that once you start putting devices like gaming consoles on your wireless network, well, people fiddle around with it because they don't want to have to enter the key with the difficult to type with device.
Re: (Score:2)
Do once. Done.
Re: (Score:1)
Yea, right, that's what YOU think.
Try it with most any Belkin device.
Fuck, I have to change shit WEEKLY because Belkin just sucks that fucking much.
I don't even touch the PS3 now because the Belkin and almost every other router out there today are total pieces of shit.
Gigabit switch, bitch. Fuck your shit wireless.
Re: (Score:1)
Mostly people who don't know enough to properly put the password into their laptops but can somehow figure out how to turn the default encryption off. A
No, the union of those two sets defines the null set. No one smart enough to connect to their router and turn off encryption is also too dumb to enter a password in windows or mac. I simply don't believe these people exist.
I agree totally. I do run unencrypted WiFi at home purposefully though.
Re: (Score:1)
How many people still are using unencrypted wifi anyway?
I have unencrypted WiFi connecting my main box to a couple of laptops we have floating around the place. I can not foresee that this is a risk to us and/or our data.
Re: (Score:2)
GP also fails, however, as in court his "he farted" would be his word vs the guy's at best - while streetview is for all (billions) of people to see at any time they want
First of all, this is about Google picking up wifi payloads of networks as they passed by. They did not make this data publicly available. Secondly, If we revisit the "he farted" example, if instead of just writing it down, I had also gone online and posted publicly "Today, when I was walking down such and such street, when I passed house number #, I heard the man inside shout 'I farted!'." And then the man sued me for "invasion of privacy" he'd still get laughed out of court.
Re: (Score:2)
I was walking on the sidewalk by his house, and he shouted out the window that he just farted. I took out a notepad and wrote down that the guy just farted. Then he sued me for invasion of privacy.
---> Guy gets laughed out of court.
I know this "shouting" example gets thrown around a lot with question, but it's much more that he had private data (passwords, email, etc) on a big screen TV, which you can see clearly from the street. He could have done any number of things to secure it (turn the TV, close the blinds), and realistically he has no expectation of privacy, but in the end, it's a setup that he fails to understand the consequences of, rather than an action he takes over and over (vis a vis shouting).
Also, if you're routinely w
Re: (Score:1)
"Also, if you're routinely writing down things people yell out their window (or especially one person's house), that's exceptionally creepy behavior. I have no idea if it's illegal or not, but jeeeeeez."
Are you that ignorant to not know what gossip consists of?
Ouch, back to school for you. Preferably middle school, where this type of behavior typically begins.
Re: (Score:2, Insightful)
I was walking on the sidewalk by his house, and he shouted out the window that he just farted. I took out a notepad and wrote down that the guy just farted. Then he sued me for invasion of privacy.
---> Guy gets laughed out of court.
Same but then something difficult involving "computers and stuff"
---> Guy can make it stick ??!!??
Organise a paid group of people to walk down the streets of every major city, with explicit instructions (equivalent of computer code) to listen for and write down every private conversation they can overhear, and yes you probably will be sued and no it wouldn't be laughed out of court. And if you are arrested by the police and refuse to hand over the notebooks as evidence for the court, saying a big "up yours, cop, my name's Google and everybody knows I can't do anything wrong no matter what your pissy li
Re: (Score:1)
If someone is shouting-out, "I'm going to check my email..... next I'm surfing over to pay my bank bills..... and now I'm visiting playboy.com," such that everyone within a radius of 1 block can hear it
That doesn't make the listener an "evil" person. The person doing the shouting is at fault, and he should encrypt his wireless so the broadcast is not understandable by passers-by.
Really ... the didn't recommend encryption? (Score:5, Insightful)
A separate Jepsen press release suggested some of the blame for the privacy offenses laid with Google's victims, who were advised to 'turn off your wireless network when you know you won't use it' to thwart those who 'may be watching your Internet activity without your knowledge.
So from the actual link:
The consortium recommends:
Are you fucking kidding me? After all of this, the court case, the hearing, a formal consortium omits the single most important and critical suggestion... turn on WPA encryption and use a VPN or (at least) HTTPS if you're using a hotspot. You know ... the only things that will actually protect your data, rather than obfuscate it?
I mean, to their credit, the list isn't inherently bad. Hide or disable your identifier, don't use public hot-spots, be careful, etc. However, it leaves the user with a false sense of security. If a user followed every suggestion in that list, Google could just as easily sniff every byte of traffic. Talk about inept and ineffective.
Re:Really ... the didn't recommend encryption? (Score:5, Informative)
Actually that is the summary the Jepsen press release contained rather than the actual guidelines. Regardless, it is pretty appalling since it is likely most people will not bother to follow the link to the real guidelines.
The actual consortium guidelines (http://www.onguardonline.gov/topics/wireless-security.aspx, linked from the PDF in the article) has the following list:
Use encryption to scramble communications over the network. If you have a choice, WiFi Protected Access (especially WPA2) is stronger than Wired Equivalent Privacy (WEP).
Use anti-virus and anti-spyware software, and a firewall.
Most wireless routers have a mechanism called identifier broadcasting. Turn it off so your computer won't send a signal to any device in the vicinity announcing its presence.
Change the identifier on your router from the default so a hacker can't use the manufacturer's default identifier to try to access your network.
Change your router's pre-set password for administration to something only you know. The longer the password, the tougher it is to crack.
Allow only specific computers to access your wireless network.
Turn off your wireless network when you know you won't use it.
Don't assume that public "hot spots" are secure. You may want to assume that other people can access any information you see or send over a public wireless network.
Re: (Score:2)
"Most wireless routers have a mechanism called identifier broadcasting. Turn it off so your computer won't send a signal to any device in the vicinity announcing its presence."
I see this all the time and it's just retarded advice. If you turn SSID broadcast off, it still gets sent with every packet, it just doesn't respond to requests to announce it. It makes it slightly harder for someone who knows nothing to find it, but they arne't a threat anyways. Use an unique SSID, set your WPA2 key to something reas
Re: (Score:2)
You realize that when you turn off the identifier, that doesn't prevent the router from broadcasting its existence, it just has an empty string where the the SSID would be...
Re: (Score:3)
What confused me:
But if you're not using it, how is there any of your Internet activity for someone to watch?
Re: (Score:1)
And they forgot MAC filtering too. I believe this is the best security measure you can use, obviously on top of all the others, since this one can't be guessed (it can be spoofed, but the spoofer would need to know your MAC first).
Re: (Score:1)
Why spread the data around? (Score:5, Insightful)
Ok, Google has it...
They said they will destroy it, either they do or they don't, it doesn't matter because they will do what they choose. But why go handing a copy over to every state who asks for it?
Really, if you're concerned about privacy, you want this information in the LEAST number of hands possible.
Re: (Score:3)
Really there could have been an easy compromise. The AG gets to send someone in to review the data, and confirm it is what google claimed it to be. This person would not be allowed to copy the data. This way the AG gets confirmation that the acquisition was accidental, and the data isn't copied.
Re: (Score:2)
Sure that might happen. When pigs fly.
Blumenthal would be prohibited from destroying it by law. Its evidence once its in his hands.
And when the next level of government demands it? Will Blumenthal say No?
Re: (Score:1)
Google is still one of the few companies i
Re: (Score:1)
If the purpose of the Google data collection effort is to build a database of the physical location of routers as identified by hardware addresses, then it is hard to see why they would be collecting any payload data at all. Having an independent look at what they did collect might shed some light on what they were trying to achieve by doing so.
Re: (Score:2)
They already gave a pretty simple reason for why they did so. And given that explanation matches the data they gathered - *everything* -- what light are you expecting?
Re: (Score:2)
This has been asked and answered a thousand times on the net.
Why weigh in with this now, when doing so reveals you are willfully ignorant of the situation?
A simple programming error recorded all packets instead of just beacon packets. Period. End of Story.
Google noticed it, reported it, and made no use of it. The actual content has been validated by
other agencies, but not by being given wholesale access to it.
The cars drive by at about 25mph, or highway speeds in rural areas. The amount you can get
when y
Re: (Score:2)
Connecticut is a political agency, and has no law allowing them to keep this information secret.
Tax, medical, and financial data is all that most states have statutory authority to keep secret.
Has Connecticut ever revealed publicly the nature or existence of data that came into their possession by accident? NO.
Has Google? Yes.
Who's more accountable?
What part about being dragged thru court in every country on earth AFTER PUBLICLY FESSING UP do you consider unaccountable?
Re: (Score:1)
"What part about being dragged thru court in every country on earth AFTER PUBLICLY FESSING UP do you consider unaccountable?"
The fact the entire fucking company isn't shut down for violating the privacy of practically every citizen on the planet.
The company should be 100% dismantled, its assets liquidated and the money given to everyone else.
Anything LESS is a full LACK of accountability.
Re: (Score:3)
Exactly.
Turning someone's accidentally sniffed passwords over to State Government buffoons is the height of stupidity. This simply compounds the problem. It effectively places it all in the public domain, since is is not medical, tax, or banking information, which is all most states are allowed to protect.
I'm glad Google stood its ground. I'm incensed government asked for that data.
Re: (Score:1)
Ok, Google has it...
They said they will destroy it, either they do or they don't, it doesn't matter because they will do what they choose. But why go handing a copy over to every state who asks for it?
Because it is evidence of an (alleged) crime. In the next episode of CSI ... "No, no, destroy that DNA right now -- I don't care if the killer will get away with it, we musn't invade anybody's privacy!"
Re: (Score:2)
If it is entered as evidence, won't that make it more likely that someone takes advantage of the legal system and spreads it around further?
So what if it does. The primary function of a prosecution is to charge and convict an (alleged) perpetrator, not to agonize about whether the evidence will be stolen. Court cases can be held "in camera" to prevent information spread, but the legal system's duty to uphold the law is not negated by the chance of someone (illegally) stealing the evidence if it is handed in.
I had mixed emotions until... (Score:5, Insightful)
Government should be protecting privacy. It seemed reasonable for a state to want to know exactly how the privacy of its citizens was infringed on. I could see the other side, that knowing what was in the records wouldn't improve anyone's privacy and could actually harm them if their state government representatives turned out not to have the most pristine of ethics.
That "turn off your wireless network when you know you won't use it" comment sent me clear over to Google's side. The last thing I want is someone who believes that's the appropriate response to be poking through people's personals.
Re:I had mixed emotions until... (Score:4, Insightful)
If you want privacy then build a Faraday cage. Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever. If I can see what you're doing from outside of your property, you're not handling your privacy correctly. It's your fault. Stop trying to legislate solutions for a problem that only you can fix.
Re: (Score:2)
There seems to be a misunderstanding. Since I'm not affected by this particular issue directly, I humbly submit that this was neither my fault, nor can I fix it. The broader issue however affects all of us, it is an issue of what should be private, what shouldn't have an expectation of privacy and what role the government should take in protecting privacy.
I can agree that it is my own responsibility to protect my own privacy, but I have trouble with the idea "Once you emit any electromagnetic radiation out
Re: (Score:1)
Applying this to windows (the transparent kind) I conclude I should paint them in order to have any expectation of privacy.
Re: (Score:2)
Re: (Score:3)
If you want privacy then build a Faraday cage. Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever. If I can see what you're doing from outside of your property, you're not handling your privacy correctly. It's your fault. Stop trying to legislate solutions for a problem that only you can fix.
So those pesky Eastern European communists, who did the equivalent of Google's actions (paying people to listen in on your conversations throughout all the major cities, noting down everything they could overhear), those were fine hey? No need to legislate against things like that?
Re: (Score:1)
"If I can see what you're doing from outside of your property, you're not handling your privacy correctly. It's your fault."
Then you better keep your ass in the house, because I see what the fuck you're doing on your front yard. Don't bother mowing the grass, or I'll be spying on you.
What you suggest is bullshit and you're a fool for suggesting such.
Re: (Score:1)
WTF slashdot? This was to go to AC, NOT williamhb.
Fix your shit, site designers/coders, or go back to school to learn how to create proper CSS.
Even my site has FAR FEWER errors than yours, and I admit I can't do CSS for shit.
Looks like you going corporate made you as dumb as your parent corporation.
Re: (Score:1)
"Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever."
What a load of shite.
I believe the US Supreme court decided in a 4-3 decision that there are expectations of privacy, and just because you can observe/listen in a public place doesn't give you a right to do so. (I can't find the case, i believe it was over cops using powerful heat cameras to find and raid weed growing operation houses).
And damned right!.
As it is there are technolo
Re: (Score:1)
""Once you emit any electromagnetic radiation outside the bounds of your property, you have no expectation of privacy whatsoever."
What a load of shite."
You're dead fucking wrong, sir. FCC regulations - learn them, live them, love them, or shut your mouth about that which you do not understand.
You LOSE, good day sir.
Re: (Score:2)
I don't know, but would like to think that someone with authority to determine if they did, does know. I question what expectation of privacy an unencrypted connection user has. However, if someone is using WEP, even though it is not reliable security, do they have a reasonable expectation of privacy, and a right to it?
I'm not trying to provoke an argument, I'm actually curious if Google decrypted WEP traffic. I wouldn't trust my own security to WEP, but I believe it creates a reasonable expectation of priv
Re: (Score:1)
That "turn off your wireless network when you know you won't use it" comment sent me clear over to Google's side. The last thing I want is someone who believes that's the appropriate response to be poking through people's personals.
What makes you think that's not a Google recommendation? This is the same company who's CEO said that if you don't like what Google is doing, just change your name [telegraph.co.uk].
Could it be... (Score:2, Interesting)
That Then-AG Blumenthal was pandering to the masses as part of his campaign for the US Senate?
No, that couldn't be it - kinda like he had a really, really good reason for going after legally earned bonus/balloon payments for AIG employees - despite the fact he couldn't cite any law that justified his attempts. None. When grilled on one talk show on the justification, he had nothing, sputtering about a responsibility to see the Gov't money was well-spent (despite the fact that the bonus/balloon payments were
Why is theodp's troll crap on slashdot at all? (Score:2, Insightful)
Google listened to publicly broadcasted info and mined it for wireless network SSIDs. Some idiots were broadcasting passwords and other private info that got picked up. Google wasn't looking for that data, doesn't care about that data, and promised to destroy the data. It was barely a story to begin with, it's even less of a story now, and yet Slashdot keeps reposting flamebait from theodp about it almost every week. Why? No one cares except anti-google shills trying to create a controversy where there
Re: (Score:2)
Google fitted their cars world wide with wifi, signed off on the code that was used and kept the data collected.
Parts of the world do have laws protecting any network from any 3rd party keeping data and google understood local laws about wifi capture.
Recall http://googlepolicyeurope.blogspot.com/2010/04/data-collected-by-g [blogspot.com]
Re:Why is theodp's troll crap on slashdot at all? (Score:4, Insightful)
It is getting a bit sickening, isn't it: seeing this same story repeated over and over again with minor variations for every district.
And every time we see this story it seems to get more confused and inaccurate.
Someone I know got outraged upon reading a recent version of this story. Since they were seeing yet another story they assumed this meant that Google had been caught again - that Google was refusing to stop doing it. I was barely able to convince them that all of these stories were from the original incident and that Google had stopped the program entirely long ago.
My understanding is that there are tons of nuisance, class action lawsuits against Google over this (on top of the legit privacy suits). The purpose of those suits is to create as much bad publicity as possible for Google in order to induce them to settle out of court, and let the lawyers take the majority of the settlement. Apparently this is a common scenario. Promoting the same story many times, like theodp is doing, is an important part of what these guys do, so it is quite possible that theodp is simply doing his job.
If this data is so private... (Score:2)
...why would you want it handed over to the government?
Why is common sense so rare? (Score:3)
When, for the love of pizza, is encryption going to catch on?
Can someone please explain to me how it is that (Score:2)
Re: (Score:2)
When the government wants data from Google, Google can "steadfastly refuse". But when the government wants data from Average Joe, they just bust his door down with a SWAT team and confiscate everything.
Google has lawyers. (Haven't you been paying attention?)
Just for those keeping score... (Score:3)
George Jepsen is a Democrat. (Disclaimer: I am not a Republican - I can't stand either major party).
Why the worry about the data? (Score:2)
I'm not sure what the obsession with the data is. I mean, it was already being broadcast in the clear to anyone listening. Everything from those homes has to be considered compromised regardless of what Google did or didn't receive. Just because Google doesn't have it doesn't mean a black hat wasn't listening in on it. Google having it confirms it's compromised, but you knew that already just from it having been broadcast in the clear. If this bothers you, why was your network wireless, broadcast-to-the-wor
Google Privacy Principles Guy Got $10MM Bonus (Score:2)
Alan Eustace, Senior VP of Google Engineering & Research, started off 2010 by touting Google's 'guiding Privacy Principles' [blogspot.com], but would later have to apologize for the company's Street View privacy breach [blogspot.com], saying that the company was 'mortified' by the 'mistake'. Last week, Bloomberg reported that Google gave Eustance a $10 million equity award [bloomberg.com] in 2010 for his efforts.
I hate to defend the AG but... (Score:1)
I think the summary has mis-characterized the note. #5 of several, fairly good, security suggestions was to "Turn off your wireless network when you know you won’t use it. " This hardly seems to be saying that the victims are to blame.
I personally keep my wifi on all the time (with other protections), but there's no question it would be a whole lot safer unplugged.
Why did Google share it with us and not the US? (Score:2)
I don't understand how the privacy commissioner of Canada (who has actually no powers at all, all she can do is recommended things) got to see the logs, while the AGs of several states (who actually do have a lot of legal power) can not.