[LINK] google misdeeds and Australia's Privacy Commissioner
kauer at biplane.com.au
Wed Jun 23 11:51:24 EST 2010
On Wed, 2010-06-23 at 10:54 +1000, Craig Sanders wrote:
> the Privacy Act only covers personally identifying information ("PII").
> it does not cover other information. overhearing something - or even
> deliberately eavesdropping in public - is NOT illegal. not under the
> privacy act, and not under any other laws.
Yes, it is - if that information is being *collected*. Please try to get
your head around the difference between overhearing something and
systematically collecting what you hear.
> 1. merely asserting that the payload data contains PII is not enough.
> you need to prove it.
Quite right. Although I would argue that collecting payloads not
addressed to you is unethical even if not illegal.
> 2. merely claiming that google were "deliberately building a collection"
> is not enough. you need to prove it.
Um, we've gone over this ground quite a few times. Google had many
gigabytes of information - seems to me that "collection" is a fact.
Software does not write itself, nor do records in a database write
themselves. Ergo, Google was deliberately collecting it. It may have
been a mistake, it may have been inadvisable, or they may have had no
particular purpose in mind, but the fact that the data was deliberately
collected seems incontrovertible to me. That payloads formed part of the
collected data is also clear.
The only thing that is not clear is whether or not the deliberately
collected data contained personally identifying information. On the face
of it - i.e., statistically - it seems pretty certain that it did.
Let's also not forget that geolocation data was in the mix, possibly
allowing PII to be deduced even without any payloads containing such,
plus the possibility that people were using SSIDs with their names in
them and similar, meaning that PII might have been in non-payload data.
All in all, the very great likelihood is that the data collected *did*
Even if Google did not deliberately collect any PII, the discussion of
the ramifications of doing such a thing is still a good discussion to
If we could discuss only proven facts this would be a very boring list.
> there's also point 3, which is that for wifi networks, "overhearing" and
> "collecting" and "storing" are synonymous but that's delving back into
Aside from a miniscule amount of state required to handle the mechanics
(encryption, decryption, associations etc, and logging of some events),
wifi tech stores nothing and collects nothing, any more than routers and
switches do. This last statement of yours thus mystifies me.
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
More information about the Link