| This 155 message thread spans 6 pages: < < 155 ( 1 2 3 4  6 ) > > || |
|Google Street View WiFi Appears To Have Collected Email and Passwords|
System: The following message was cut out of thread at: http://www.webmasterworld.com/goog/4147311.htm [webmasterworld.com] by engine - 10:26 am on Jun 19, 2010 <small>(utc +1)</small>
Google's Street View Wi-Fi data included passwords, email | Networking - InfoWorld [infoworld.com]
|At the time, Google said it only collected "fragments" of personal Web traffic as it passed by, because its Wi-Fi equipment automatically changes channels five times a second. However, with Wi-Fi networks operating at up to 54Mbps, it always seemed likely that those one-fifth of a second recordings would contain more than just "fragments" of personal data. |
That has now been confirmed by CNIL, which since June 4 has been examining Wi-Fi traffic and other data provided by Google on two hard disks and over a secure data connection to its servers.
"It's still too early to say what will happen as a result of this investigation," CNIL said Thursday.
"However, we can already state that [...] Google did indeed record email access passwords [and] extracts of the content of email messages," CNIL said.
|... according to the French National Commission on Computing and Liberty (CNIL) |
[edited by: engine at 9:27 am (utc) on Jun 19, 2010]
[edit reason] extended quote [/edit]
Essentially this case is just a symptom of Google's default stance to data which is quite simply "See it, take it". Google believes it has the right to any and all data it can find - at some point in the near future someone is going to have to convince them otherwise. Perhaps this will be the turning point, but I doubt it.
Wheel - WE'RE NOT TALKING ABOUT GOOGLE. Everyone in this thread has agreed that what Google did was wrong. So what's the argument about?
You seem to be under the impression that the Law is all powerful and can prevent people from gathering data. You're wrong. Maybe you get Google to stop, sure, but that's not who we're talking about. We're talking about the kind of people who steal identities, the kind of people who are already breaking the law as it is.
So quit talking about Google, because this isn't about whether or not they had permission to do this: a criminal doesn't care if he has permission, and that's who you should be worried about.
And, quite frankly, if people had a healthy concern about this stuff and did what they were supposed to do (RTFM), the Google problem would never have been one.
Fauxsoup, but this IS about google. People are going to leave their networks open and unsecured. The concern is Google capturing that data, and what they could have done with it.
The biggest issue I have is the source code wasn't examined until 3 years later after the fact. Had it been noticed earlier, that unencrypted data would be written to a hard drive, I would imagine the code would have been changed to drop the data frames along with the encrypted packets it caught. All they really needed was the header info.
Alot of this thread I suspect it what alot of the case presentation will be about.
Personally, I'm less worried about what Google is going to do with my data than what the guy three houses down might.
There are two points being argued in this thread: Oh nos! Google recorded data! vs. You should have been protecting it. The members of the first group don't seem to care about the fact that this information was unsecured, because Google shouldn't be doing it. The members of the second group don't care that Google is doing it, because if you were protecting your data Google wouldn't have been able to (along with many, many more unscrupulous individuals who are much more dangerous).
People here have been trying to draw up an equivalent comparison to help illustrate the security argument. Here's my attempt:
Think of a site you purchase from regularly. To simulate a purchase, take a piece of paper. Upon this piece of paper write your name, address, and credit card number (with its expiration date and security code). Does the site you're buying from use SSL? Correctly? If so, scramble the letters around when you're writing the details. Repeat this process about a thousand times. Take these pieces of paper, go up to a roof, throw them into the air, and watch them scatter.
This is what happens every time you make a purchase online without wireless security in place. Now, a Google employee is walking along the street, drawing a map of the city, and sees the piece of paper, and of course he grabs it. He looks at the data on it, and, if he can read it, says "Hey! This is really useful stuff! With this information I know that so-and-so is really interested in Golf! I can now target advertising to him based on his Golf interest!"
Now, someone else comes walking down the street, stopping frequently to dig through trash bags and whatnot, looking for valuable information. He sees one of the pieces of paper, takes one look at it, and pockets it. He might not use the information immediately, he may not even use it himself, but it will be used. This is what he does for a living: he steals people's information for the purposes of identity theft.
The reason he doesn't use the information immediately is because he doesn't want you to figure out he has it. Instead, he'll come back fairly frequently, hoping to grab a bit more useful information, like, for instance, your social security number.
Nobody is saying what Google did was right, or at least I'm not. What we're saying is that Google isn't the problem here. The problem is that these networks are unsecured. If your network is unsecured, Google is the least of your problems.
|Nobody is saying what Google did was right, or at least I'm not. What we're saying is that Google isn't the problem here. The problem is that these networks are unsecured. |
thats got to be wrong surely.
you could just as well be saying this:
the problem isn't with burglers and thieves, its with people who leave their windows open. the problem isn't with muggers. the problem is with old ladies walking down the street with their handbags open. the problem isn't with drunk drivers, its with other road users not keeping a safe distance behind them. what's the difference? you've got someone committing a crime here (not in all countries, i know). they'e doing something they shouldn't be doing. it's an open and shut case.
it looks like google's defence is going to be "well people shouldn't be so dumb". and then all the dumb people will nod in agreement and praise the big G for helping to open their eyes.
I'm not defending Google, and all you're doing is trying to reframe what I'm saying.
Quite frankly, yes, if you closed and locked your windows you would be safer, because a criminal won't smash a window open when he knows the guy next door doesn't lock his. Similarly, if you had network security, mr. hacker isn't going to spend two weeks cracking your wep key, because the guy next door leaves his unsecured.
The drunk driving and mugger examples? Those are in poor taste, and have no relevance whatsoever to the argument at hand. We're not talking about any crime, we're talking about taking something (in this case personal information).
There's no law against doing what Google did here in the states, unless they have to bypass your security in order to do so. Secure your networks if you don't want Google or anyone else getting your information.
Also, don't take one quote out of context and base your argument against that. That's what politicians do, and we don't need any more of those.
Consider this. All those people who leave their keys in their cars and have them stolen? They're idiots, are they not? What did they think was going to happen? A law does not PREVENT a crime, it only punishes those who commit them, and you have to catch them to do that. If you want to PREVENT your information from being stolen, don't rely on a law: secure your network.
|There's no law against doing what Google did here in the states, unless they have to bypass your security in order to do so. Secure your networks if you don't want Google or anyone else getting your information. |
Interesting, you seem to know for a fact there's no law against what Google did, but Attorney General's from 30 states are looking into their actions... Maybe they should consult the people in this thread who know more about the laws of their states than they do to save the tax payers some cash, or maybe it's a pub. stunt, but somehow I doubt they would waste their time if they did not think a law had quite possibly been violated. My opinion only of course.
It may turn out there's hasn't been, but the mere fact they are even looking into it seems to say they're not quite as sure as some of those posting in this thread seem to be... If they were sure, personally, I think they would make a simple press statement and say, 'There was no violation of the law on Google's part, secure your WiFi if you don't want this to happen.', but I guess others don't think the same way about situations.
|I think, for pretty much any consumer anywhere, their attitude is that the default permission is 'NO', even if it's unencrypted. If you're going to make the argument that the default permission is 'yes' because people failed to protect themselves, |
I think you are missing one crucial piece to this puzzle. They are broadcasting on the public airwaves. When in public if you can see it you are allowed to look.
We are talking about public airwaves. They belong to us all, so yes the default permission in public is if it isn't secure you can tune in. Why wouldn't you? It is public.
|the problem isn't with burglers and thieves, its with people who leave their windows open. the problem isn't with muggers. the problem is with old ladies walking down the street with their handbags open. the problem isn't with drunk drivers, its with other road users not keeping a safe distance behind them. what's the difference? you've got someone committing a crime here (not in all countries, i know). they'e doing something they shouldn't be doing. it's an open and shut case. |
Really? Has the conversion degraded back to a strawman argument that somehow leaving a window open is the same as broadcasting your Internet use into public airspace without encryption. I don't think one person here would argue that someone walking down the street with their purse deserves to have it snatched. But again it is a strawman because no one here is argueing that.
Your analogy is so poor that it is even hard to make a counter point to it because it is so far off base.
It isn't like leaving your window open and a thief comes in your home.
It is like putting your passwords to your email on the windshield of every car within 2 blocks of your house.
It is like getting on a CB radio and reading your private emails to the airwaves.
Get a grip on reality. If you really believe broadcasting your info into PUBLIC airspace is akin to leaving your window open which is on your private property then you have no concept on wireless internet connectivity.
Slow down and think for a second. We are talking about people broadcasting information into the PUBLIC.
How you compare that to a purse snatcher I do not know.
Can a purse snatcher take a copy of your purse without you knowing and while you still have possession of the purse before, during and after the thief took it
Can a thief break into your home and make a copy of all your TVs and take them home with him? Leaving your copy of the TVs right where they were, and you didn't even know that a thief made a copy and took it? ? In fact can a theif break into your house from the public street and make copies of your TVs from the street without even having to go onto your property?
Let's get realistic here and stop trying to draw comparisons of COPYING data that is in the PUBLIC airspace with TAKING of objects that are in the personal possession of their owners.
For serious they aren't even close to comparable.
Yeah, I would say the biggest question about the legality here probably has to do with the quote I posted earlier from the FBI agent who said 'wardriving' is not inherently illegal, and as long as you have permission to access the network it's fine... My guess is there may be a 'technicality' about some types of communications on a network and whether Google needed permission to access the network and then record the data.
Those are the two 'legal sticking points' I would see...
1.) Did they need permission to access the network.
2.) Did they need permission to record the data transmitted.
I'm sure there are those who think 'no', but the laws vary from state to state here and it may be there is something written in to the laws of some states that is 'more protective' than others, and what's considered 'freely public information' in one may not be in another, so it'll be an interesting situation to see investigated, because there are 'little nuances' to these types of laws EG in some states you need all parties to consent to a call being recorded, but in others anyone on the call can record it. Federal law is only 1, some states are all parties, some are single party, and it gets a bit sticky with interstate calls, because in some states (if I remember correctly it's been a long time since I looked) a call is considered to be in the state of origination, and in others if you are in the state and on the phone interstate, the laws of the state are said to apply regardless of where the call originated.
So, again, if I remember correctly, WRT recording calls you could actually be on the phone legally recording a call in a state where only one person needs to give permission and be violating the laws of another state by recording the call without all parties giving permission if the other party is in a state where they are protected from a call being recorded without all parties consenting to the recording... IOW: You may think you're right and be right based on where you are, but be 'doing something wrong' in another state without even being present there or knowing you are... IMO It's crazy, nutty, strange that the laws could be totally different and that it could even be possible for something like that to happen based on the laws of two states, but they're definitely not all the same WRT recording, etc.
Anyway, that's just one example of the possible subtle differences between states and their laws here in the US.
Google employs smart people (don't question this please). I know that they know about secure networks and unsecured networks. Someone at one point should have said "don't write unencrypted data to a hard drive". Period. Had that basic function been used, we wouldn't be debating about unencrypted networks since it would be a non-issue. One would have thunk that with all the privacy issues Google and others have faced, that would have been resolved in the planning phase, if not the alpha phase.
I really think it's going to come down to Google not preventing this all from happening, not the consumer preventing himself from being exposed.
This is borderline psychopathic behavior on the part of google, total disregard for others.
It's worth noting that the Google gears geo location API was using WIFI data back in 2008. It's also worth pointing out that Google aren't the only people doing this. Skyhook have been driving about sniffing packets to create their own WiFi database.
[edited by: mack at 1:23 am (utc) on Jun 26, 2010]
Google did not need to store potentially private data in order to implement some sort of wifi geolocation service.
The issue is not the sniffing, it's the storage of data. As I understand it, encrypted data was discarded whilst unencrypted data was stored. Since the vast majority of data would be encrypted (I hope) if any service required the absence of encryption, that service would be rubbish.
|Slow down and think for a second. We are talking about people broadcasting information into the PUBLIC. |
How you compare that to a purse snatcher I do not know.
because its AGAINST THE LAW (not in all countries, i know). it doesn't matter that its being broadcast publically. all this public airwaves stuff has got nothing to do with it. everytime google says "its okay because its public" they are serving up a red herring hoping the dopey people will eat it. they are using it like a 'get out of jail free' card. its as if 'being public' trumps the law.
google are bound by the law like everyone else. and if the law says they cant harvest and store this stuff then they cant harvest and store this stuff.
im guessing that the people who drew up the law were well aware of the public nature of the broadcasts and that was precisely WHY they drew it up - to give us a measure of protection against all these people who think they can just come along and use it for their own corporate benefit.
google have one of the most dubious attitudes to law in business. they do it with copyright too. rather than abide by the spirit and established usage of the law they'd much rather cross the line and wind up in court, hoping they'll beat the rap.
i reckon we'll have to start passing laws with riders attached saying "yes google, this does apply to you too."
p.s. what about this example... if paul mccartney sings a song in concert and i tape it, does that mean i can sell it? no. the fact that the song went out "on the public airwaves" has got nothing to do with it. just because the sound is "up in the air" doesn't mean i can copy it and use it for my own corporate benefit.
if i switch the telly on and record all the movies onto a video camera does that mean i can sell them? no. but those pictures are "in the air" as well.
what is the difference between mccartney broadcasting sound waves from a concert, a tv station broadcasting pictures from their aerial, and me broadcasting data from inside my house? there is no difference.
you might argue that the first two things are protected by copyright, and you would be right. but our wifi data is protected by law too -- that is what this whole thing is all about. so why does one law apply to google and the other one doesn't?
why does google get to choose which laws to abide by?
"and if the law says they cant harvest and store this stuff then they cant harvest and store this stuff."
Show me the law. Is eavesdropping illegal? In a bar? Could I not sit a few stools down from some people and transcribe a conversation I overheard? Is that illegal too? If it is, is it just the copying of personal information? Can I write down the really good point I heard in that political discussion?
MadScientist - Fair enough. I personally know of no (EDIT: this was know of know) law that restricts a person or organization from recording data that was broadcasted on public airwaves. AFAIK, it only becomes a crime when a person uses it.
The reason I stated so boldly that there was no law is because, quite frankly, the law doesn't matter. It's not the point of the discussion. The point is that you shouldn't be broadcasting personal information over an unencrypted wifi connection, because, even if there was a law, someone can still record it.
The point is, if you don't understand something, hire someone else to do it! I'm not a bear trainer, but I would like to watch a bear ride a bike. I could go to the woods with a bike and try to train a bear myself, or I can go to the circus where they have all of the horribly mistreated bears riding bikes I could ever hope to see!
Unfortunately, I went with the first option. The bear mauled me half to death. I think it should be a law that bears cannot maul people half to death.
Laws do not prevent the crimes they define, and the kind of people doing what Google has done are the kind of people who will commit crimes to do it.
|it doesn't matter that its being broadcast publically. all this public airwaves stuff has got nothing to do with it |
This is why we so heavily disagree.
I believe that it being in public has everything to do with it.
I believe that the public airwaves are for use by the public at large.
The fact that this was done in public really is the crux of this whole case.
If you don't want anyone to know you have blond hair then don't go in public or don't show your hair in public. But if you are in public don't tell me I am not allowed to notice your blond hair. Don't tell me I can't record that the guy living at 555 example street has blond hair.
Don't tell me I can't sit on your corner and record how many people have blond hair, how many have brown hair and so on because I am in public and so are you.
Would it be sleazy if I did do that then tried to sell the data to hair coloring companies... ya it would, but should it be disallowed under the law? Not in my opinion.
songs are broadcast over the public airwaves every single day of the year, all the time, all over the world, and so are TV shows, movies, and hundreds of other things. bazillions of different things, in fact. but no one thinks that they are 'public property' the minute they enter the airwaves. no one is allowed to harvest them and use them for their own private profit, which is what google is effectively doing with our wifi stuff. (well, some people do, obviously, but that doesn't mean its right.)
people are suggesting that because its broadcast over the public airwaves it suddenly becomes anyones to do with as they please. but that is completely wrong. there are plenty of examples in life where the complete opposite is true.
That you can do - it's gathering statistical information.
|Don't tell me I can't sit on your corner and record how many people have blond hair |
Google, on the other hand, recorded personal information (such as account username/password details) albeit accidentally. Whilst this may need to be tested in court, it almost certainly means that Google broke UK data protection laws.
Some people seem to think that because Google employ smart people, Google must have checked the legality of their actions (probably a bad assumption). These same people seem to think that by arguing that Google didn't do anything wrong they can demonstrate how smart they are themselves (because they think Google are smart). Unfortunately, Google got this one wrong and arguing otherwise is not going to impress anyone.
As for this argument about unencrypted public airwaves, I defy anyone to find fault with the following logical analogy...
Is that my fault? Of course not. And even if you think that it is my fault, the money does not now lawfully belong to the schoolboy.
- I'm sitting on my own on a bench in a corner of a local park.
- I phone my bank.
- I instruct them to transfer monies from one account to another.
- I prove my identity by answering certain questions.
- 50 metres away, a schoolboy with a rifle-mic is listening to the whole conversation and the next day manages to empty my accounts.
The absence of encryption does not grant anyone any rights whatsoever to record and/or use private information. Anyone who thinks it does is a complete idiot!
"songs are broadcast over the public airwaves every single day of the year, all the time, all over the world, and so are TV shows, movies, and hundreds of other things. bazillions of different things, in fact. but no one thinks that they are 'public property' the minute they enter the airwaves."
These things are intellectual property, but here's the kicker: you are allowed to record them. So long as you don't attempt to profit from someone else's intellectual property you can do what you want with it (mind you EULAs and other licenses fall under a different aspect of law).
NOTE: This is US Intellectual Property law; your laws may vary.
"The absence of encryption does not grant anyone any rights whatsoever to record and/or use private information. Anyone who thinks it does is a complete idiot!"
Kaled, I'm interested in where you found the legal distinction between statistical and personal information, because I don't believe there is one here in the states. The only functional difference between the two is that you can't use statistical information to steal someone's identity.
This line is just hilarious: "(because they think Google are smart)"
My buddy once wrote his Social Security Number on a piece of paper, and I read it. I remember it, to this day. Am I a criminal?
So, your analogy is convoluted, because you have a very specific detail which changes things should you change it. The fact that the schoolboy is 50 yards away with a microphone makes it not your fault, the reason being that he had to actively engage in listening to your conversation and use a device to do so. However, if you were, instead, sitting on a bench next to someone you didn't know (please, Kaled, note that this scenario is FAR more likely) doing the same, then it's your fault.
When you're handling personal information, it's your responsibility to make sure you keep it personal, and if you're transferring your funds in a public park? Someone wasn't thinking ahead.
That doesn't change the fact that what the schoolboy did was wrong and illegal, it just means you weren't careful enough. Once again, making something illegal does not stop anyone from doing it, it only punishes them if they do. This is sufficient deterrent for businesses, but there are real criminals out there who will not be stopped by the law.
So, even if it was made illegal to record info off the public airwaves, it doesn't mean no one will do it. Do you not realize that? Is it incredibly difficult to understand that there are Bad People in the world who Want Your Personal Information No Matter What It Takes Or Costs? If you know that, and you don't take every reasonable measure to ensure that no one takes it, how can it not be your fault?
You knew people would want the information. You knew you were broadcasting it. You knew it wasn't encrypted. Why didn't you secure your connection? It doesn't matter that they're not supposed to take it, because they're going to regardless.
For the grandmas and grandpas who don't know what they're doing? They're not at fault because they didn't know. That's why standard practice should be to set up wifi security for customer's, or you should, at the very least, encourage people to RTFM.
|songs are broadcast over the public airwaves every single day... These things are intellectual property |
thats the point i was trying to make. they are still protected by laws. and the fact that they were broadcast unencrypted over the public airwaves doesnt make a blind bit of difference -- they are still protected by laws. and no one thinks to question it.
our wifi data is the same. the fact that it is sent unencrypted over the public airwaves doesnt make a blind bit of difference -- it is still protected by laws. it's just a different law, thats all.
so the fact that is sent over the public airwaves doesnt mean anything.
what question are we trying answer? if we are asking whether google did something wrong and deserve to be prosecuted (in those countries where the law applies) then how can they not?
it doesnt matter what the user has done. being lax with your peronal security doesnt give the big bad wolf leave to eat your porridge.
[edited by: londrum at 3:51 pm (utc) on Jun 29, 2010]
This thread has just persuaded me to play with streetview for the first time. I never had a modern enough PC before.
So I navigated pretty quickly to my house, my car was there, as was my neighbours, I wandered about checking the area. Pretty cool so far.
But what a way to case a joint, no need to be there and raise suspicions, spot where the expensive cars are parked, etc .. dual use at least I would say, good for goodies and also for baddies!
|Wi-Fi networks operating at up to 54Mbps |
My WiFi(PW secured) is a lot faster than that. So that makes for quite a bit of data that can be gulped by the Gorg as it's streetview cars idle by.
And I got my WiFi so I can use my laptops anywhere on the property, from a store with no ISP/techs to help set it up. Bit of pain really, and I've been in the business for decades.
Do you really think that the average Joe who won't ask for driving directions, or read assembly instructions will want to even look at a technical computer manual. They just want to plug it in, and have it work.
And for anybody that believes that BEAST didn't know what they were doing and pushing the gray areas as far as possible, there's this bridge............
You should go into politics - that's a lot of words that say nothing new...
You appear to disagree with my analogy but have not identified a single fault.
Frankly, I didn't bother to look for one since it's blindingly obvious. Perhaps you'd like me to find the legal definition of life too - see below.
|I'm interested in where you found the legal distinction between statistical and personal information |
If you disagree with my analogy, please identify the fault concisely, i.e. without waffling. Alternatively, if you can find a legal ruling (anywhere in the English-speaking world) that specifies that the absence of encryption does indeed grant rights to others to record and/or use personal information, please reference it.
Just to be clear, I specified a rifle-mic since it is a specialist piece of equipment used to listen to a conversation, just as special equipment (or software) is needed to listen to unencrypted wireless network traffic. The analogy I used is not in any way convoluted, it is merely an accurate sound-wave model for what Google did on a massive scale with wireless network traffic. Of course, Google haven't raided any bank accounts but it is clear that they did record private information. In the UK, that almost certainly means they broke data protection laws. They probably also broke laws with respect to mis-use of telecommunications equipment too - that's a criminal matter (i.e. possible jail time if a patsy can be found).
An attorney, cross-examining the local coroner, queried, "Before you signed the death certificate had you taken the man's pulse?"
"No," the coroner replied.
"Well, then, did you listen for a heart beat?"
The coroner answered, "No."
"Did you check for respiration? Breathing?", asked the attorney.
Again the coroner replied, "No."
"Ah," the attorney said, "So when you signed the death certificate you had not taken any steps to make sure the man was dead, had you?"
The coroner rolled his eyes, and shot back "Counselor, at the time I signed the death certificate the man's brain was sitting in a jar on my desk. But I can see your point. For all I know he could be out there practicing law somewhere."
|thats the point i was trying to make. they are still protected by laws. and the fact that they were broadcast unencrypted over the public airwaves doesnt make a blind bit of difference -- they are still protected by laws. and no one thinks to question it. |
Yes, but they are protected by Different Laws for Different Reasons. Your personal information is not "Intellectual Property" as defined legally, meaning you can't sue someone for profiting off, say, your address listing (I say address because names are a bit different; you can run a sole proprietorship under your name, and, in that case, your name is technically a trademark).
Music and television are artistic works created for the purposes of profit (not true, but there aren't many IP suits where something WASN'T for profit). Your credit card number and passwords are not, so they are not protected by copyright laws.
Copyright laws are federal (and global to an extent), whereas the laws protecting your personal information and recording are typically handled at the state level (for the US, not speaking about other countries), so there's a great deal more variety in terms of what you can and cannot do.
Someone else already stated that in some states you need every party's consent to record, and some states where only one party needs to know. These are the applicable public airwaves laws.
|being lax with your peronal security doesnt give the big bad wolf leave to eat your porridge. |
Exactly, I was never saying it does. I'm saying that the big bad wolf (who, in my arguments, is an identity thief, not Google) doesn't really care if he has leave to eat said porridge.
|You should go into politics - that's a lot of words that say nothing new... |
You shouldn't. Politics is awful if you take things too personally.
First of all:
|Frankly, I didn't bother to look for one since it's blindingly obvious |
It's important because we're talking about recording information, not using it. If we were using the information then yes, obviously there are different laws applied to it, but what's the legal difference between grabbing, in an automated fashion, the nasdaq numbers versus someone's personal email? Are you positive it's illegal to capture this information? Are you positive it's illegal to store this information?
Additionally, assuming one exists (i'll bet you ten bucks it doesn't, rendering half your argument moot), what's the legal boundary between statistical and personal? I'm of the opinion that tracking someone's hair color is closer to personal information than, say, what browser they're using, but apparently I have to inform a user that I'm recording said browser info. I doubt that, in your example, I'd have to inform the target that I'm tracking their hair color.
Next: No fault? Here is your fault:
|So, your analogy is convoluted, because you have a very specific detail which changes things should you change it. The fact that the schoolboy is 50 yards away with a microphone makes it not your fault, the reason being that he had to actively engage in listening to your conversation and use a device to do so. |
But, you say...
|Just to be clear, I specified a rifle-mic since it is a specialist piece of equipment used to listen to a conversation, just as special equipment (or software) is needed to listen to unencrypted wireless network traffic |
So why am I still saying that's a fault? Because you don't need any special equipment. A standard wireless card, radio (car or home stereo), or a friggin graphing calculator hooked up to an antenna could record unencrypted network traffic in a manner that could be read later. Though, granted, I think the calculator would run out of memory pretty quick. Oh, and the cassette tapes you could use for the radio might have some artifacts from converting from digital to analog, but everything should still be readable.
Also, no special software needed, just the ability to specify the frequencies being used.
I've turned computers into routers which use their network cards to find other networks and then share the connection with the rest of my network. It's incredibly easy, and all the functionality is built right into Windows.
Packet sniffers? That's also a setting you can change in windows; you just need to turn on logging and turn another switch off (which discards packets which don't belong to the computer at hand), though it's not terribly useful if you have a gateway/router, unless you want data from the local network. Oh, wait.
Now, I'm repeating myself so often because you are either refusing to listen or misunderstanding me greatly, so I will repeat it again: laws do not prevent a crime, so why does it matter if it's illegal? Identity thieves are breaking the law by stealing your identity, so why would they care if they have to break another law along the way to do it?
I'm beginning to suspect that the only reason people are so riled up about this is because they're upset at how easy it is to get their information, but that isn't Google's fault. For clarification, the reason I believe this is because Google exposed the, uh... "security hole" (absence?), leaving everyone feeling vulnerable, you know, psychologically. I mean, they are vulnerable, literally, but they are also feeling vulnerable, triggering the "fight or flight" response
|"dual use at least I would say, good for goodies and also for baddies! |
To an extent. If you were casing a place for a break-in you'd probably want to know things like the occupant's schedules, entrances which aren't visible from the street, neighbor activity (ie, neighborhood watch, close friends). Also, do they have a home security system, are their doors and windows regularly locked? I think it's very funny that people say street view is a great way to case a place, but no one really has the experience to know if that's true.
Not that I do, but I'm prone to speculation.
The absence of encryption does not grant anyone any rights whatsoever to record and/or use private information. Anyone who thinks it does is a complete idiot!
I agree that they can't use the info for fraud as you laid out. If someone poses as you using your info to access your bank accounts it doesn't matter how they got the info they are committing fraud. Having heard your deatils in public won't excuse that. I don't think anyone here is even suggesting that.
However in your scenario if that school boy records your bank info but only uses it for statistical data. Ie, 35 white male from Exampleton USA, using example bank of america on example street.. then that is ok.
I think that you missed the point that what someone does with the data is of paramount importance when assessing wrong doing.
If Google gathers emails and passwords and never uses that info for fraud, but instead they disseminate the data to use for stats, like who is using what email service then I think that should allowed and expected if you are broadcasting that info into public. Just like counting blonds on the corner.
The boy listening and recording your conversation in public isn't breaking the law until he uses that info to commit fraud or some other crime.
|I think that you missed the point that what they do with the data is of paramount importance when assessing wrong doing. |
it is of no importance whatsoever.
i appreciate that you're looking at this from an american viewpoint (i think), and america's laws are different. but in lots of european countries it is the COLLECTING of the data that is illegal, not the use of it.
if google made no use of the data at all, and just stored it away to gather dust (like they have already promised to do, to try and get themselves off the hook), then they would STILL have broken the law.
it is the COLLECTING of the data that is illegal. that is what has been alleged. and that is what the police are investigating.
Google's current defence is that it was collected by accident, caused by some code that they'd written for another purpose. they are claiming that they never intended to collect it. what they did with it afterwards is only of secondary importance. hence why they promised to store it away and never access it.
|laws do not prevent a crime |
I don't even know where to begin with the stupidity of this comment, however...
Of course laws do not prevent crimes - laws define what is and what isn't a crime. I would expect the average six year old child to understand that.
|so why does it matter if it's illegal? |
So, I guess it's ok to do anything you want, whether it's illegal or not, just so long as you don't get caught.
You are clearly educated, unfortunately you didn't ever learn to think logically. Doubtless, in your mind you're a clever guy, but as the genuine article, I have to tell you that you are utterly deluded. It's possible to be educated and knowledgeable whilst being as thick as a brick. For instance, a computer running windows with a wireless card running packet-sniffing software and logging the data that it finds definitely qualifies as "specialist equipment". You may think otherwise, but a sound engineer would not consider a rifle-mic to be specialist equipment either.
As to what constitutes private data and what constitutes personal data I'll try to explain by example (but those with the intellect of an average 12 year old or above can skip this).
Mary Smith is 35 years old and dies her hair blonde.
10% of women between 32 and 38 years of age dye their hair blonde.
You see, it's not that difficult - the personal data contains information that can be attributed to a single, identifiable individual whilst the statistical data does not.
Now, why should anyone take a blind bit of notice of anything someone says that can't figure that out for themselves?
So, let's bury this discussion and just remind everyone that Google stands accused of having logged email username and password details (albeit infrequently). It also logged other random information together with geolocation and, presumably, SSID details and maybe other identifying details for every unencrypted wireless connection encountered that was in range and in use. To do this legally in the UK, I would expect that they would have to apply for licenses from OFCOM and the ICO (Information Commissioner's Office). Furthermore, I would not expect either authority to grant such a license.
If Google had merely logged the relative numbers of encrypted and unencrypted routers in use, then that would probably have been ok - that would have been statistical information only - however even logging the geolocation of each SSID without permission might be considered a breach of the law.
Doubtless, the law is different in the US - I DON'T CARE! That is absolutely irrelevant since I have restricted my comments to the UK. That said, I doubt Google was wholly within the law anywhere, but maybe I'm wrong about that.
Maybe the members here can answer 2 questions.
1. Do you think Google intentionally and knowingly captured and saved to disk unencrypted wireless packets?
2. How did the collection of email and passwords by Google first come to light?
|I don't even know where to begin with the stupidity of this comment, however... |
Of course laws do not prevent crimes - laws define what is and what isn't a crime. I would expect the average six year old child to understand that...
You are clearly educated, unfortunately you didn't ever learn to think logically. Doubtless, in your mind you're a clever guy, but as the genuine article, I have to tell you that you are utterly deluded...
but those with the intellect of an average 12 year old or above can skip this
See, I was going to say this was passive aggressive, but after re-reading it, it's just flat-out aggressive. If you're trying to make a point, this is not the way to do it; typically it simply triggers a defensive reaction, causing the reader to respond in kind, resulting in the flame wars forums are famous for.
First, regarding laws: you take this statement:
out of context.
|so why does it matter if it's illegal? |
Much of the debate we've been having has been about whether or not what Google did was illegal. As I, and others, have pointed out the legal status of their actions varies from state to state and certainly country to country, so, why does it matter if it's illegal? In the places where it is legal it still blurs that line between right and wrong, and it's not even relevant to the point I'm trying to make, which is that securing your wireless network should be required for very good reasons that have nothing to do with Google. For the record, I'm not saying their should be a law stating this anywhere, but it should be standard practice for ISPs, and the default setting on routers (this at least is easier said than done).
|For instance, a computer running windows with a wireless card running packet-sniffing software and logging the data that it finds definitely qualifies as "specialist equipment". |
I'm not going to press this point, but I would love to hear you explain to a judge how altering two settings on a standard windows installation counts as specialist equipment. There is no packet sniffing software necessary; when data is broadcast over the wireless channel it acts the way a hub does, sending the packets to every computer (wireless in this case) and allowing them to figure out who it's for. One setting in Windows prevents you from discarding these packets, another causes you to log all inbound packets.
But, like I said, I won't press the point, and I'll grant it's certainly possible that a judge would consider it specialist equipment.
|As to what constitutes private data and what constitutes personal data I'll try to explain by example |
I'm not asking for an example, I'm asking for a legal definition. If you want to argue, in a court, that someone collected personal information you need to be aware of what is, by your state or country's laws, protected as personal information. I can promise it's not as simple as your definition. For instance, a social security number is definitely protected as personal information, but are you sure your email address is? I have several, and for more than one there is literally no way to figure out that it is my email address (I keep one personal email address which would be directly linkable to me, use the others with pseudonyms when I suspect I may be subjected to spam or need one for an anonymous account).
I'd like to point out, as you have, that I've restricted my comments to my country (the US in this case).
given that google have already admitted that they scooped up some email addresses, email messages and passwords, i think it is clear that they collected personal information. unless you're suggesting that every message we send by email is public property.
saw an amusing thing in the news today, about those 10 russian spies that they just caught in the States.
apparently one of their tricks was to sit with their laptop in Starbucks and transmit all their stuff by wifi to the Russian diplomat's car as he drove past.
that shows you how much data it's possible to collect when you drive past. maybe the russians will use google's excuse and say they only managed to scoop up fragments.
| This 155 message thread spans 6 pages: < < 155 ( 1 2 3 4  6 ) > > |