Data Engineer In Google Case Is Identified

theodp writes "Meet Engineer Doe. A NY Times report has identified Marius Milner as the software engineer at the center of the uproar over a Google project that used Wi-Fi sniffing Google Street View cars to collect e-mail and other personal data from potentially millions of unsuspecting people. Milner, creator of the wardriving software NetStumbler, referred questions to his lawyer. Google declined to comment. A patent search shows the USPTO awarded Google and Milner a patent in June 2011 for protecting Internet users from 'hackers and other ne'er-do-wells [who] may seek to tap into communications on a network.'"

ftfy

[girlintraining]

Data Engineer In Google Case Is Identified

Fall Guy In Google Case Is Identified.
FTFY

Re:

[Anonymous Coward]

How could he be the "fall guy" if they kept his name anonymous?

Re:

[khipu]

Well, I don't think it happened in this case, but pretending to keep someone's name anonymous and then leaking it is a pretty common strategy in politics.

Re:

[RealGene]

I thinks it's exceptionally clever of Google that they found a wifi hacker with street cred to write the sniffer, so that they could be shocked! SHOCKED! to find wifi sniffing was taking place in their establishment.

Re:

[girlintraining]

I thinks it's exceptionally clever of Google that they found a wifi hacker with street cred to write the sniffer,

Dude... there's nothing exceptionally clever about it. There are dozens of sniffers out there that are easy to configure and use. The fact that Google hired a guy who wrote one isn't clever; It's business. Clever is leaving this guy twisting in the wind, with no future job prospects, no stock options, and only a few months' unemployment to coast on before beginning his new career in retail -- thus protecting the Google brand identity and slogan "Do No Evil". Determining whether or not ruining someone's life

Didn't RTFA? Just pull comments out of your ass!

[Anonymous Coward]

Now a former state investigator involved in another inquiry into Street View has identified Engineer Doe. The former investigator said he was Marius Milner ... The former state investigator spoke on the condition that he not be identified because he was not authorized to speak. ... Although the F.C.C. declined to identify the engineer, a footnote in the full text of its report said Google told the agency the identity of Engineer Doe “only because it had disclosed his name to state investigators on December 17, 2010.” Google declined to comment.

That's clearly Google's fault. They shouldn't have told state investigators ANYTHING. I mean, they got reprimanded for "obstructing investigation" or somesuch anyways, what does one more bit held back matter?

Re:

[khipu]

What kind of twisted world view do you have in which corporate employees are transformed into mindless minions that have to obey every command? As an employee, you still have moral and legal responsibilities. If he had thought that this was the wrong thing to do, he could have said "no". In fact, the way Google works, he probably could have said "no" without consequences.

I think what rather happened is that he thought this was an OK thing to do. Good for him! I hope he makes that argument stick, because

Re:ftfy

[girlintraining]

What kind of twisted world view do you have in which corporate employees are transformed into mindless minions that have to obey every command?

My 'twisted' world view is called 'capitalism'. And yes, if you want to stay employed, you do what the person signing your paycheck tells you to do.

As an employee, you still have moral and legal responsibilities.

Yes, the moral responsibility to keep eating, paying the rent so you can keep a roof over your head, etc. It's very easy to act all indignant that someone would choose to eat food instead of morals; It's a lot harder when you're the one choosing between keeping your job, or losing your car, house, family, etc.

In fact, the way Google works, he probably could have said "no" without consequences.

The evidence does not agree with your 'world view'. Also, although cliche, I have to say "Citation needed." You haven't claimed you work for google, nor provided any citation or information that might suggest Google is somehow above its fiduciary responsibility to its shareholders; Because before this guy got fired, the Board most certainly looked at the issue and determined one man's future was not worth Google getting raked over the coals in a PR disaster. To suggest that they would take the moral high ground on that is preposterous: All businesses react the same way to a perceived threat -- they jettison it and distance themselves from responsibility for it as quickly as possible.

I think what rather happened is that he thought this was an OK thing to do. Good for him! I hope he makes that argument stick, because I think he's right and ...

... And that'll be the last time he gets a job in this industry. What's the first thing a prospective employer does these days? Type your name into a search engine and see what it comes up with. And right there, as the #1 result for the rest of his life, will be "Caused PR disaster." Whether that's true or not is irrelevant; Future employers won't take the risk. Taking the moral high ground is not without its consequences; That is why so few people these days do it.

, in that people may come to realize that we shouldn't have useless and ineffective legal restrictions on recording publicly broadcast data.

I'm sure he'll take great comfort in raising public awareness on this very important issue, while he's asking you if you'd like fries with that.

Re:

[khipu]

My 'twisted' world view is called 'capitalism'. And yes, if you want to stay employed, you do what the person signing your paycheck tells you to do.

No, your world-view is Marxist because you view employees as little more than slaves. In a capitalist system, people change jobs when their employer doesn't treat them right. And Milner would have had no problems finding another job if he didn't want to record this data; skilled networking software developers are in high demand.

The evidence does not agree with

Re:

[girlintraining]

No, your world-view is Marxist because you view employees as little more than slaves.

Your red-baiting [wikipedia.org] will not work here, Sith Lord.

Re:

[khipu]

Your view of Milner is that he is exploited by his company, alienated from his work, and unable to change jobs because of a labor surplus. That is, you hold the classical Marxist view of labor; that's just an objective fact. If you didn't know that was Marxist, start doing your homework.

The capitalist view of labor is that it operates in a free market, so workers can negotiate fair wages, prefer their current work to the alternatives, and can change jobs if another job offers them a better overall value.

O

Re:

[RealGene]

Sorry, forgot the "ironic" tag. The clever part is in finding the perfect fall guy, not the perfect coder.

like the phrase

[Trepidity]

If this guy is responsible for sneaking the phrase "hackers and other ne'er-do-wells" into an official legal document, I sort of like him already.

In general though I don't see much reason to single him out, when it seems fairly clear (from what evidence is available) that this was a Google project, not a "rogue employee" acting against management's wishes. There are cases where I'd support individual employees being held accountable, but I'm not sure this rises to that level; whether this turns out to be ri

Re:

[second_coming]

It all depends as to whether he added the code without permission from the higher ups.

I must admit, it sounds to me like he's being turned into a sacrificial offering.

Marius Milner's Software Downloads

[DarkStarZumaBeach]

NetStumbler for Windows and MiniStumbler for Windows CE downloads are at: NetStumbler.com [netstumbler.com]

Downloads are free but PayPal donations are accepted.

Re:

[Sipper]

NetStumbler for Windows and MiniStumbler for Windows CE downloads are at:
NetStumbler.com [netstumbler.com]

I've been told that the software that actually did the sniffing wasn't NetStumbler, but rather it was Kismet [kismetwireless.net]. I don't know the original source of who knows this firsthand though, so I can't verify this. However if this is true it's interesting, because it would mean A) Google was likely using a non-Windows system to do the wireless packet sniffing, B) the author of NetStumbler was using another sniffing utility to do the work rather than his own tool, which would be an interesting irony.

Re:

[Sipper]

Adding to this, Netstumbler can't even capture data as its hopping channels. The only way to accomplish this if the author wrote another program that used another wireless card to sniff on the selected channel, which seems highly unlikely.
If word got out what software Google was doing to accomplish this, wouldn't you think it would inspire someone to find ways to break it when a Google car is in your neighborhood? Presuming of course, they simply turned off the pcap capturing and continue to use it.

Interesting -- NetStumbler sounds like a very different tool than Kismet is. Concerning the packet sniffing Google did, my understanding is that the main issue was sniffing and storing of unencrypted packets, so yes, that would generally be easy to fix by turning encryption on. My understanding is that Google was likely mostly interested in sniffing and storing the SSIDs of access points along with GPS data on where they were located, and context like whether the AP was encrypted. In other words, they we

Idiots

[StoneyMahoney]

I guess it would be beyond expectation for someone to tell anyone complaining their data was "stolen" that they should have been pumping it into the local atmosphere for all to read without any encryption or other basic protection.

Yeah, holding people accountable for their own idiotic actions would make too much sense. Beside, we make far too much money out of idiots who bought cool stuff with no clue how it actually works - me especially, a lot of my tech support clients use Macs.

Re:

[StoneyMahoney]

Take note kids, this is what happens when you post dehydrated.

Re:

[Desler]

I guess it would be beyond expectation for someone to tell anyone complaining their data was "stolen" that they should have been pumping it into the local atmosphere for all to read without any encryption or other basic protection.

Most people didn't set up their home network and probably had expected that it wasn't publicly accessible. In most cases, these people had their WiFi setup done by whoever came from their ISP to set it up. They had an expectation of privacy. This is really no different than the fact that you can't just record phone calls without consent either.

Yeah, holding people accountable for their own idiotic actions would make too much sense.

Like holding Google accountable for someone purposefully going around sniffing people's traffic?

Re:

[Bigby]

I'm going to open a radio station and broadcast a private station. Every couple minutes it will say "this is a private feed and it is illegal for you to listen to it without permission". Then I will sue everyone that does...

Profit!

Re:

[madmark1]

So let me see if I understand your argument. People aren't stupid, because they don't know the implications of unsecured wifi. Or put another way, people aren't stupid because they are ignorant and lazy instead? Every freakin router manual you will ever find, as part of the 'simple setup steps' tells you to change the default SSID, and turn on some sort of encryption. If they don't do that, then it sure sounds stupid to me.

The big cat in the room.

[Anonymous Coward]

Posting anonymous so this will not haunt me forever through the net (unless you are tracking me already har har).

Has anybody actually been hurt? Because, uh, I'm just asking. I'm all for privacy but I don't see anyone poring over my data in this case. So has anybody been hurt? Where is the victim?

Or are we talking about hurting the feelings of those poor electrons that used to mean something, however fleeting, before being vacuumed up by a hateful engineer?

And you know every atom whose state you have ever modified has certain inalienable rights..

I am pretty damned cynical about big corporations and those who presume to rule them, but there are plenty of white collar criminals in power in America and I have yet to see any at Google.

And for your info I think Sergey's and Larry's excellent space adventure shows me enough where those guys stand. I prefer to support Google and Man's Future In Space. The rest of the establishment, their cops and politicos and bastards who talk out the sides of their mouths, the warhawks and smack sellers, and all the self righteous fucks who turn a blind eye to killing, and the fucktards who find a moral pinnacle somewhere in there, they can all go off and fuck themselves until they die.

As for Milner? Well he is either completely innocent or a geek who has been hypnotized until robotic. Happens every day in America. There are one thousand other cases more worthy of prosecution.

Re:

[tnk1]

Would you have preferred that they waited to deal with this after someone actually got hurt?

Google's not going to go out of business here, and even those who believe this was less of a mistake and more of a "project", don't think that it was necessarily going to be used as more than some sort of research into something else.

That said, Google has set the bar for itself, and it needs to be consistent about it. The company needs to actually enforce its core values or they are going to be seen as either a good

Re:

[Anonymous Coward]

Thanks for replying though I was AC.

I think you are correct on all points. However I object to the media fest and attempt to destroy this man's career.

Perhaps Google needs to be taught a lesson certainly the words of Schmidt in the past indicate callousness to privacy although that is probably moderate compared to most corporate CEOs. So yes Google cannot afford to take both high and low ground at the same time. Though being arbiter of morality might appear to be bad for their bottom line in the short term.

Doesn't seem to be a "rogue employee"

[aclarke]

Here's a choice tidbit from the article:

Google long maintained that the engineer was solely responsible for this aspect of the project, which resulted in official investigations, some still unresolved, in more than a dozen countries. But a complete version of the F.C.C.’s report, released by Google on Saturday, has cast doubt on that explanation, saying that the engineer informed at least one superior and that seven engineers who worked on the code were all in a position to know what was going on.

The F.C.C. report also had Engineer Doe spelling out his intentions quite clearly in his initial proposal. Managers of the Street View project said they never read it.

Depicting his actions as the work of a rogue “requires putting a lot of dots together,” Mr. Milner said enigmatically Sunday before insisting again he had no comment. He said he was closely following the news reports on the issue.

If that's all to be believed, Milner reported on what he was doing, and sent it to his boss(es). They opted to "not read" the report. If at least six other engineers were in a position to know, then this sounds more like a "no, don't put this in writing or tell us what you're doing" situation than a rogue employee. If bosses aren't responsible for their employees, what are they there for?

Re:

[Richard_at_work]

If this were anyone other than Google, Slashdot group think would be shouting "incompetent company!" as loud as they could...

Re:Doesn't seem to be a "rogue employee"

[girlintraining]

If bosses aren't responsible for their employees, what are they there for?

To provide individual profit without individual responsibility. Unless, of course, profit is threatened, in which case sacrificing an individual is a reasonable response. See also: The reason most people over the age of 30 are fired. I can't tell you how many times I've heard someone blubber "But I did what they asked me to..." on the way out the door. I've worked corporate jobs long enough to know that when someone asks you to do something you think might backfire, you smile, agree, and work as slowly as possible on the project while working as quickly as possible at finding another job and getting your name off the reports. Corporations will not hesitate to throw their employees under the bus -- afterall, it's not like you're unique or important... there's fifty more just like you a phone call away.

That is the raisin de etre for a corporation: Individual profit without individual responsibility.

Re:

[reve_etrange]

On pense que quelqu'un ne comprende pas la difference entre les infinitifs et les conjugations.

Re:

[Wheatie]

If I were a shareholder, this sort of loose operations control would seriously worry me. I know that Google was at least partially built on letting creative people run off and do what interests them, but there also needs to be a decent level of oversight and guidance to ensure that employees don't inadvertently (or even intentionally) get themselves into legal troubles.

Murdoch

[ThatsNotPudding]

Just like Rupert, Google is claiming 'We had no idea what our minions were doing; our job is merely to be wealthy.' #YeahRight

personal project to study WiFi spots gone bad

[peter303]

He said it was an add-on to study WiFi use around the world as part of his 20% project. I dont know if you have report or get approval for your 20% projects at Google or elsewhere. But after this is may be a good idea to have some supervision.

It would be like adding some metric measurement software to what we ship customers. Then have that send back these data. Our customers may be unsure then if their personal data in this software is being compromised.

pursue and punish where it does some good

[khipu]

If you broadcast information publicly and without sufficient encryption, the public can listen in and record it.

Apart from the question of who is right in the abstract, punishing Google or other people isn't going to deter anybody who actually wants to do you harm, since passive listening is pretty much impossible to detect. What we might restrict and punish is the use of such information, for example rebroadcasting it, using it in legal proceedings without a prior warrant, or reselling it.

The real question we should be asking is how people are punished that broadcast private information (e.g., hospitals that use unencrypted networks).

Re:

[Solandri]

I tend to fall on Google's side on this (because other companies do the same thing or worse; Google only got "caught" because they did the honest thing and publicly admitted their mistake). But placing blame entirely on people who fail to encrypt their wireless is going too far in Google's favor. If I don't lock the door to my house, yeah it's my fault if I get robbed. But that doesn't make the robbery legal.

If you find a neighbor's wifi network is open, that doesn't give you carte blanche to use it a

Re:

[khipu]

But placing blame entirely on people who fail to encrypt their wireless is going too far in Google's favor. If I don't lock the door to my house, yeah it's my fault if I get robbed. But that doesn't make the robbery legal.

But we have a long-standing principle that if you use the public airwaves, people have a right to listen. Why do you want to change that principle and suddenly criminalize behavior that's been legal for as long as we have had radio?

If you find a neighbor's wifi network is open, that doe

We found a witch!

[Errtu76]

May we burn her?

Re:If you have something that you don't want

[SaroDarksbane]

If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.

Or in this case, if you have something that you don't want anyone to know, maybe you shouldn't be broadcasting it over the airwaves to the public at large.

Just a thought.

UK Law prohibits it, encrypted or not

[cyclomedia]

this is UK law, not US law but direct from OFCOM: http://stakeholders.ofcom.org.uk/enforcement/spectrum-enforcement/guidance [ofcom.org.uk]

"It is an offence if a person ... uses wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of any message whether sent by means of wireless telegraphy or not, of which neither the person using the apparatus nor a person on whose behalf he is acting is an intended recipient."

It doesn't matter if I'm broadcasting unencrypted data. If yo

Re:

[Chrisq]

If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.

Or in this case, if you have something that you don't want anyone to know, maybe you shouldn't be broadcasting it over the airwaves to the public at large. Just a thought.

https is your friend. Seriously on any wifi network you should use https for anything secure.

You can't be that stupid. I live in a place that has wifi where you log in with password. It is encrypted, but after logged in you can still sniff everyone else on the network. It still doesn't make it right to do so. Likewise, your internet traffic goes unencrypted when it leaves your house. It doesn't make it right for me to plug in to that in between your house and ISP and capture that data. Google and Marius Milner can go fuck themselves.

Re:

[Desler]

https is your friend. Seriously on any wifi network you should use https for anything secure.

MITM attacks on public wifi hotspots are mostly trivial. Yeah, keep believing that using HTTPS is securing anything.

Re:

[Chrisq]

https is your friend. Seriously on any wifi network you should use https for anything secure.

MITM attacks on public wifi hotspots are mostly trivial. Yeah, keep believing that using HTTPS is securing anything.

Written by someone who obviously doesn't understand how https works. Your site URL is validated against a server-side certificate. The protocol starts with an exchange of public keys, then uses session keys for the session. This makes a man in the middle attack impossible.

Re:

[6ULDV8]

Golly! I guess my Palo Alto firewalls are lying to me.

We use these to prevent internal data loss, filter malware, virus, etc... and decrypt all SSL traffic as normal policy. The client never knows the difference because the firewall has its own cert issued by a trusted CA. You could always do the same yourself, but the process has been made trivial with an appliance.

Re:

[Anonymous Coward]

... I live in a country that has been serving fake certs and other trickery even when trying to login ...

So, by "trivial" you mean "Easy, you just need to be a government official with a leverage over certificate authority, or you could simply hack a CA and issue a fake certificate. Trivial!"

Re:

[X0563511]

So, it's the tools problem when the user refuses to use it correctly?

God help us all when the butter knives get fed up with it.

Re:

[Chrisq]

Written by someone who obviously doesn't understand how https works. Your site URL is validated against a server-side certificate. The protocol starts with an exchange of public keys, then uses session keys for the session. This makes a man in the middle attack impossible.

Yeah, who here doesn't understand things. I live in a country that has been serving fake certs and other trickery even when trying to login to fucking Slashdot using HTTPS. If you believe that there is no way around or no tricks to use against users you are being unbelievable naive and/or idiot. Hell, even Slashdot allows this because it has non-https components even if you browse with https. Go back to your noob-box and get some clue.

Bullshit, Certificates are international, and whenever certificate authorities have been compromised their issuing certificates have been revoked.

Re:

[X0563511]

So, instead of just insulting people - do you plan on backing anything up?

Re:

[pnutjam]

I discovered an access point at my local kroger that decodes and SSL certs and replaces them. I'm curious how many phone apps will even notice this is happening. I plan to do some testing.

Re:

[pnutjam]

Opera on my phone threw a cert warning. I plan to test some apps to see if they send any sort of warning. It probably depends on the programmer. I wonder how many apps actually use https instead of http...

The cert was not a kroger cert, it was something else and I did actually call the police because I thought it was a rouge access point someone had set up on the parking lot. It appears to be in the store's deli. I'm debating whether I should follow up to ascertain if they are aware it is set-up the way i

Re:

[Anonymous Coward]

Your reasoning is along the same as "you shouldn't go out if you don't want to get stabbed". It is not reasonable suggestion.

Do you even have the ability to grasp granularity of magnitude that isn't all on or all off?

HTTPS isn't the issue here. THERE IS NO PRIVATE NETWORK ON OPEN WIFI. A secured connection, a dedicated connection from an ISP, these are PRIVATE connections. OPEN WIFI is a PUBLIC ONE.

You don't want people listening in on your phone calls? Don't have them outside in a public place, the hobos might steam your trade secrets (or whatever paranoia types like you subscribe to).
You don't want people listening in on your d

Re:If you have something that you don't want

[jimbolauski]

So if I leave the door to my house unlocked it's OK for you to go in and take what ever you want? How much responsibility falls on the home owner? If they lock their doors and arm a security system but the system is old and easy to bypass and the thief has a bump key is it the owners fault. Google identifying open wifi while driving around is not the problem it's that they went into the network and collected data. If they sniffed any VOIP traffic then they committed a felony the only reason they have not been charged is that email and other communication are not protected under law.

Re:

[madmark1]

If you leave your house unlocked, no, that doesn't allow me to go in and take whatever I want, because the DOOR IS CLOSED. Now, if you opened your door, and put a sign on the porch saying "Hey, I have stuff in here", then yes, it is your fault. Same as if you were broadcasting unencrypted wifi signals.

And while we are on the topic, let me educate you a bit. If you send out an unencrypted radio signal, and I do nothing more than receive it, then I did not "go into the network" to get anything. I received

Re:

[SecurityGuy]

If you leave your house unlocked, no, that doesn't allow me to go in and take whatever I want, because the DOOR IS CLOSED. Now, if you opened your door, and put a sign on the porch saying "Hey, I have stuff in here", then yes, it is your fault.

No, it's not OK even then. Only if I put up a sign saying "Hey, I have stuff in here AND YOU CAN HAVE IT."

I would argue that's exactly what you're doing if you broadcast unencrypted WiFi across your neighborhood. You cannot scream across the EM spectrum at the top o

Re:

[yabos]

I'd liken it to you having sex with your wife on the front lawn and then getting mad that someone took pictures of it.

Re:

[cyclomedia]

Don't know about the US but in the UK the law is clear regarding radio transmissions - whether clear or encrypted, whether audio or data : You need the permission of the transmitter (the person, not the equipment) to listen in. This covers everything, e.g. air traffic control is not encrypted but that doesn't mean you're allowed to listen to it. Same goes for CB chats between two trucker friends and also peoples WiFi.

So as you can see, arguing that "the wifi AP didn't have a password therefore the auto-nego

Re:

[anonymov]

Care to provide citations? Especially considering the legal status of Wi-Fi.

Because a) it might fall under general transmission and not require any special permission to receive (just as it doesn't require any special permission to transmit), and b) your interpretation makes even just scanning for networks around you criminal - as in that screen which shows available networks in your phone settings and such. You see, I didn't give your phone a permission to receive my SSID and protection state - even though

Re:

[anonymov]

Nevermind, found some fresh news from UK [theregister.co.uk].

Seems like initial investigation was on Data Protection Act grounds, not just "listening in", though that part might be investigated now under other act.

Citation

[cyclomedia]

From OFCOM: http://stakeholders.ofcom.org.uk/enforcement/spectrum-enforcement/guidance [ofcom.org.uk]

This page is specific guidance about VHF Scanners, but cites laws regarding "transmissions" in general:

"...it is illegal to listen to anything other than general reception transmissions unless you are either a licensed user of the frequencies in question or have been specifically authorised to do so... "

and

"The services that can be listened to under the definition of general reception are:

licen

Re:

[anonymov]

You're quoting wrong parts, as every Wi-Fi device uses same "frequencies in question" and "licensed user" is any certified Wi-Fi card.

But further down the page there's applicable excerpt from RIPA:

".. intentionally and without lawful authority to intercept, at any place in the United Kingdom, any communication in the course of its transmission by means of:
a public postal service;
a public telecommunication system."

Which seems to mean that because it was seen as accidental before, it was not included, and now that it seems to be intentional, there might be a new investigation - see my previous message.

Re:

[madmark1]

Actually they did, by broadcasting it freely, unencrypted over the airwaves. This isn't "sniffing". You could receive that signal with a random piece of wire. If you broadcast something, it is, sort of by definition, BROADCAST. Get it? You not only left the door open, you threw your stuff out the window, then complained when someone came by and picked it up off the street.

Re:If you have something that you don't want

[X0563511]

I don't think you understand how radio works. It's like sound.

Your neighbor blares his stereo? Well, you can hear his music because of that.

You blare your unencrypted data? Well, I can read it.

Re:

[Bigby]

It is assumed. Am I to cover my ears when I walk by a house where someone is shouting?

Re:

[X0563511]

Lets be proper about this.

Nobody picked it up off the street, they merely looked at it, and made a record in their journal.

Re:

[Artraze]

> It's like sound.

Which in most states is illegal to record without the consent of at least one party?

And further, I'd also mention that the Supreme Court has ruled that people have an expectation of privacy with regards to their infrared emissions, which is a much better analogy. There is a huge difference between actual sensory data which you incidentally encounter, and data that you can only receive by using a specialized piece of equipment and specifically decoding it. (Mind that even unencrypted w

Re:

[tooyoung]

You, along with many others commenting on this story are making the assumption that the common man is aware of how radio works. In each of the analogies being provided, I'm seeing examples of deliberate behavior:

-A persons loudly blares music
-A person has sex on their front lawn
-A person posts a sign in front of their house

In each of these cases, the person is extremely aware of what they are doing. Now, granted, you are correct - people are broadcasting their unencrypted data, which any one can co

Re:

[X0563511]

OK, then i'll argue this way: you require specialist equipment to broadcast this internet. If you have it, you need to understand at least the super basics of how it works.

If suppliers are not ensuring you do, they are not exercising the due care that they should (yes, i know they are not required to. that's part of the problem)

Re:

[PigleT]

Three key words: You have the *right* to leave your house doors open, but if you do, you'll find your *insurers* take a dim view of your sense of *responsibility*.

The analogy may or may not apply well to wifi.

Re:If you have something that you don't want

[timholman]

They didn't "go into" the network. They collected data that was floating on the airwaves around them. The proper analogy isn't with walking into an open door, but taking a photo through an open window. From the street.

Actually, it's more like putting a speaker outside your house, then playing personal information over it for anyone driving down the street to hear, and then getting angry that someone had the gall to record the audio that you were broadcasting to the world at large.

Re:

[niado]

so if i dont put up curtains that gives you free reign to peer into the windows of my house and make an inventory?

Um, pretty much yes?

Re:

[uncqual]

so if i dont put up curtains that gives you free reign to peer into the windows of my house and make an inventory?

Generally, yes - as long as I do it from a location I am authorized to be (such as my own property or the sidewalk in front of your house). If my actions were associated with some crime (such as a conspiracy to murder) or in violation of court order (such as if you had a restraining order preventing me from being within 100 yards of your house) of course it is not okay.

Re:

[reve_etrange]

Apparently, you could watch it, but in most of the US recording the act would be illegal.

(You can check [wikipedia.org] the validity of this analogy for yourself).

Re:

[Dishevel]

The school kid hacked the account.
Question. Are the people who think this is a crime really that fucking stupid when it comes to technology on this site?
Or are they just so blinded by their own ideology that the stuff they used to know goes "poof" never to be seen again?

Re:

[jimbolauski]

If you broadcast your voice over public airwaves it is legal to intercept it. It doesn't matter if you *think* it's a landline, it simply does not have the same protection.

Cordless phones many of which are unencrypted fall into your description, yet it is illegal in every state for a third party to monitor the phone call without consent of all participants. Most state laws also specify cellular and cordless calls, and others use all “electronic” communications, to cover ANY phone call. The protection is for any phone calls no matter how they are made.

Better analogy

[ukemike]

You don't want people listening in on your data? Don't transmit it on a "public" medium.

But google wasn't just incidentally listening to peoples data (like seeing the router name and signal strength). They were doing the equivalent of setting up a ladder on the sidewalk and taking multiple telephoto photos through each house's front windows on each block, in every town, in every state, then compiling and analyzing the data so they could better advertise to each household. If I'm in my kitchen doing dishes and someone looks at the kitchen windows while walking down the sidewalk that's one thi

Re:

[Dishevel]

No they were not.
They were driving by listening to ambient sounds when you went outside and screamed at your wife that just because you had your ass pummeled by the plumber once does not make you gay. They recorded it. Then they did not publish it. But you got scared and sued Google because they heard it.

Re:

[jdgeorge]

The ISPs and device vendors who sold UNSAFE PRODUCTS to consumers are the folks we should be mad at.

Car analogy: Do you get mad at the guy who slowed his car in front of you, or the auto manufacturer who sold you a car with the brakes detached from the brake pedal?

Re:

[X0563511]

The people they were snooping on weren't intentionally running an open WiFi and had an expectation of privacy.

A false one. Ignorance is not an excuse.

Re:

[Your.Master]

Why not?

Re:

[Khyber]

"To me, there is no expectation of privacy if your communication is not encrypted."

Some people aren't capable enough to even program the clock on a VCR, yet you expect them to know how to magically set up encryption. The expectation of privacy is still there. It never goes away.

Re:

[gparent]

When you need knowledge you don't have, you hire a consultant. People have been doing it with their cars for years, it's no different with a computer. And yes, you can get screwed in both cases. It's called the real world.

If you're incompetent, pay for someone who is competent. It's that simple. People just act different 'cause it's a fucking computer and they have some sort of mental block that prevents their intelligence from working properly.

Re:

[Khyber]

"Just because you're stupid doesn't mean the law MUST protect you."

Actually, that's what laws are for.

"People just need to learn to RTFM, all the routers now have manuals with Big Friendly Pictures and Big Friendly Setup Wizards which tell you to set the password."

Mine didn't come with a manual, nor a setup wizard. It just came with a slip of paper with the login code for the router, and the default wireless encryption key (and the wireless encryption was turned off by default.)

Re:

[Anonymous Coward]

Neither of those analogies are appropriate, and your reaction is awfully spiteful for someone who likely wouldn't be on an unencrypted wi-fi network in the first place.

In one of your examples, you're given access to a private system with the idea that you won't mess with other.
In the other, you're tapping into a private circuit with the intent to steal data.

If anything, home routers should come pre-encrpyted, with the random default key on a sticker on the bottom, and display a warning and disclaimer for pe

Re:

[madmark1]

Nah, it's really much closer to "go around the city, looking at every house, and find several people broadcasting video of them having sex", since nothing Google did violated the internal network, all they did was receive a radio signal that was unencrypted.

Re:

[X0563511]

No, it's more like walking down the sidewalk and noting how you and your boyfriend really are loud sex partners.

Since you can hear it from the sidewalk.

Re:If you have something that you don't want

[ByOhTek]

You can't be that stupid...

If the system is open, an easily sniffable, you're an idiot for using it with stuff you don't want publically accessible.

* I don't use WiFi at home (easy enough to wire a place up, a simple weekend project).
* When I do use WiFi...
** If it is encrypted, then I will use things like email, etc. But only if they are on a secure pipe (such as https / pops / etc.). I still won't use it for anything financial.
** If it is unecrypted, then I will only do casual browsing - no stuff with user names or passwords.
* Wired is treated like secure/encrypted WiFi, except I will do financial things (if it is a network I trust)...

Remember, on the internet, paranoia is your friend because everyone IS out to get you.

Re:

[ByOhTek]

I use wifi away from home only when it is a necessity. And only at when times I don't have an option. End even when I do use it, I restrict what I do (as stated previously, sorry if this mildly complex set of use-cases confused you). Also, it keeps anyone from accessing my home network via WiFI, should they manage a successful breakin. Using wifi elsewhere won't allow them to break in to my home network via wifi. If you need an explanation why, please go back to eating your crayons and glue.

If what I do is

Re:

[Medievalist]

I live in a place that has wifi where you log in with password. It is encrypted, but after logged in you can still sniff everyone else on the network. It still doesn't make it right to do so.

Likewise, your internet traffic goes unencrypted when it leaves your house. It doesn't make it right for me to plug in to that in between your house and ISP and capture that data.

HTTPS and SSH cannot be sniffed on your wifi, nor does either one "go unencrypted" when it leaves your house. Broadband providers using DOCSI [comcast.com]

Re:

[pnutjam]

Neither HTTPS or SSH can be sniffed if you can properly authenticate your endpoint. I can still perform a Man-in-the-Middle attack if you are careless or uneducated. Given the right circumstances, I may be able to get my CA added to your browser.

Re:

[madmark1]

Sure. Oh wait, except that to do so, you would have to break the encryption, which is against the law. In fact, now that I think about it, that makes your analogy completely useless, doesn't it? You *do* see the difference, right?

mod parent up

[ukemike]

mod parent up

Re:

[SaroDarksbane]

Actually, I'm fine with that. I don't feel that I have a right to stop people from using the data I voluntarily send straight to them.

Good luck decrypting it, though.

Re:

[SaroDarksbane]

If you're handing out checks to everyone who passes within several hundred feet of your house, then you can't complain that someone has your banking information.

Actually using that information to break into your account and take money would be theft, of course, but have you proved that Google did anything untoward with the data that they were given (yes, given)? If not, your analogy does not hold.

Re:

[Anonymous Coward]

Your hate towards Marius Milner is so strong, you saw this article in the future and registered just in time to post this comment with same timestamp as the article?..

Tech(NY|LA|Cars|nicalExpert), you're so unsubtle :(

Re:If you have something that you don't want

[WaywardGeek]

But how could he not write the sniffer program? A co-worker of mine wrote a fun screen-saver. It posted each image sniffed over wifi in a random place on the background, creating a real-time collage of what people were viewing on the Internet. He wrote the program and showed it to his boss, and fortunately being at a start-up, he found it amusing. He also hacked our WEP security in a few hours with some hacker software, leading us to upgrade our protection rather than get pissed. It is the nature of good engineers to be curious, and Joe Engineer does not offend me. It's the government that scares me [scpr.org].

Re:

[minerat]

I think it was stupid, but it doesn't look like it was a vast Google conspiracy to inhale as much data as possible for the takeover of the world. It looks like a stupid decision by an engineer and a layer of incompetent management.

I certainly don't condone anyone collecting WiFi data that most people expect to be private, but correct me if I'm wrong - they didn't crack WEP/WPA/hack their way into routers to obtain this data. That means it was floating free and unencrypted over the air for anyone to obs

Re:

[DarkAce911]

I don't know about that, they knowingly assigned a well-known writer of war-driving software to the street view team. It is kind of obvious what is going to happen next. That was the reason Google hired him in the first place.

Re:

[Anonymous Coward]

You (and the 100 other posts with the same sentiment) are frickin' morons.
Yes you should protect you data as much as possible, but there are always
ways around that and looking through other peoples stuff is wrong. just because
you *can* doesn't mean you *should*. If you mail a letter, I could grab it out of you
mailbox shine a light or something to read the contents (or unseal/read/reseal).
would your response be "Well, I guess I should have put the letter in a stainless steel
box and welded it shut"

Re:

[madmark1]

Uhm, no, my response would be tampering with the mail is a federal offense. Receiving unencrypted, publicly accessible radio transmissions isn't. If you are broadcasting unencrypted wifi signals, you do not have an expectation of privacy, any more than broadcasting an FM radio signal does. If I seal an envelope and mail it, and you steam it open, or shine a light through it to read it, you know you are looking at something you shouldn't, because it was SEALED. Get it?

Re:Inflammatory Headline - Paid Astroturf Spot

[Jeng]

If you check out the name of the person who made first post, along with the time stamp you'll see why it was written as inflammatory as possible.

I'm finally coming around to the opinion that /. is taking money for some story submissions such as this one.

Re:

[nanoflower]

I think part of the problem is that we are dealing with different standards in different countries. I'm in the USA and while I think what they did was inadvisable I don't think it was completely wrong. The problem is that I think it is against the law over in Europe where they have much stronger data privacy laws. That's the sort of thing that could easily catch the engineers involved by surprise, but it appears that they covered that base by suggesting that the project be run by the legal team. It seems li

Re:

[nanoflower]

Yea, I noticed that. He felt it was fine to potentially ruin someone's career by identifying him but isn't willing to put his own name behind his statement?