[LINK] [PRIVACY] Google wifi collection: WiSpy

Stephen Wilson swilson at lockstep.com.au
Mon Jun 14 13:57:10 AEST 2010 

If you look at the public discourse about this episode -- like many of 
the reactions on the Link list, and the recent Sydney Morning Herald 
site comments http://bit.ly/bjrhYw -- a large proportion of people see 
no wrong whatsoever in what Google did.  There is a widespread 
misconception that if data is "public" then the individuals concerned 
have foresaken their right to privacy.  Many are adamant about this, in 
ignorance of the technicality that information privacy law still applies 
even if the source of personal information is the public domain.

So my guess is that a fair number of people inside Google actually did 
know what was going on with the wifi payload collection but thought 
there was nothing wrong with it. 

I reckon that anyone who has read and understood information privacy 
principles would be alert to the fact that "collection" is a broadly 
framed concept -- largely blind to the manner of collection -- and that 
the obligations that go with collecting personal information are 
profound.  Any organisation that claims to have a privacy sensitive 
organisational culture needs to make sure it's based on what privacy law 
actually says rather that what engineers simply guess privacy to mean. 

Cheers,

Steve.

Stephen Wilson
Managing Director
Lockstep Group

Phone +61 (0)414 488 851

www.lockstep.com.au <http://www.lockstep.com.au>
Lockstep Consulting provides independent specialist advice and analysis
on digital identity and privacy.  Lockstep Technologies develops unique
new smart ID solutions that enhance privacy and prevent identity theft.



Jan Whitaker wrote:
>
>
>   *Google CEO blames 'WiSpy' fiasco on rogue hacker-employee*
>
> http://www.itworld.com/print/110114
>
> June 5, 2010 ­
>  
>
> In an interview with the Financial Times this week, Google CEO Eric 
> Schmidt blamed the whole "WiSpy" fiasco on a single, rogue employee 
> operating outside company rules.
>
> Google is being investigated in multiple countries for using its 
> Street View cars to harvest personal data from every home and business 
> Wi-Fi network the cars drove past.
>
> Schmidt said 
> <http://www.ft.com/cms/s/2/bdec0ee8-6f4f-11df-9f43-00144feabdc0.html> 
> that an internal software engineer violated company policy by 
> inserting code into the Street View software that was undetected by 
> anyone else at the company. He said Google is investigating the employee.
>
> Unless I'm misreading Schmidt, he's implying that a Google software 
> developer created software that secretly piggybacked on legitimate 
> Google equipment to wardrive the world, hijacking hundreds or 
> thousands of Google Street View cars in dozens of countries over at 
> least three years.
>
> Does that sound far-fetched to you?
>
> First of all, the Street View cars would need equipment for seeking 
> out Wi-Fi networks and harvesting and decoding available data. Google 
> must have had some official purpose for this equipment. Did the 
> company intent to capture MAC addresses only, and associate those 
> addresses with GPS coordinates for later location-oriented services? 
> If not, why did the Street View cars have all that special equipment 
> turned on?
>
> Second, the captured data need to be stored, transmitted to Google, 
> backed up and generally managed like any other data. And all this went 
> undiscovered? How did the rogue employee hide the data so well that it 
> went undetected for several years?
>
> And finally, there's some speculation that the unnamed software 
> engineer performed this hack of the century as a "20 percent time" 
> project. Google encourages employees to spend 20 percent of their time 
> on some personal project that could become a Google product. Gmail and 
> Orkut are two examples of "20 percent time" projects that made the big 
> time. Does Google need to revisit the oversight process for its 
> engineers' personal projects? Are there other projects in motion that 
> are harvesting the personal data of unwitting victims right now? If 
> Google didn't know about the WiSpy hack, how would it know about any 
> other similar rogue projects?
>
> Schmidt is probably being straight with the press when he says one 
> employee caused the whole WiSpy controversy. But the company has a 
> much larger responsibility to prevent employees or anyone else from 
> using its equipment to violate the privacy of people who aren't 
> necessarily even Google customers. Google also has the responsibility 
> to tell us the whole story as soon as they know it. Blaming one rogue 
> employee just doesn't make sense.
>
>
> Melbourne, Victoria, Australia
> jwhit at janwhitaker.com
> blog: http://janwhitaker.com/jansblog/
> business: http://www.janwhitaker.com <http://www.janwhitaker.com/>    
>
> Our truest response to the irrationality of the world is to paint or 
> sing or write, for only in such response do we find truth.
> ~Madeline L'Engle, writer
>
> _ __________________ _
>

More information about the Link mailing list