[LINK] [PRIVACY] Google wifi collection: WiSpy

Richard Chirgwin rchirgwin at ozemail.com.au
Mon Jun 14 14:16:52 AEST 2010 

Stephen Wilson wrote:
> If you look at the public discourse about this episode -- like many of 
> the reactions on the Link list, and the recent Sydney Morning Herald 
> site comments http://bit.ly/bjrhYw -- a large proportion of people see 
> no wrong whatsoever in what Google did.  There is a widespread 
> misconception that if data is "public" then the individuals concerned 
> have foresaken their right to privacy.  Many are adamant about this, in 
> ignorance of the technicality that information privacy law still applies 
> even if the source of personal information is the public domain.
>   
Oh, what the hell, if I say anything I'll get yelled at so I might as 
well go all the way ...

Frankly, I believe (entirely without proof) that much of the "it's 
public so it's ok" is just self-justification. People are justifying 
Google because they don't want to face up to the idea that not only is 
their own habit of reading any unencrypted wifi they happen to see 
*very* ill-mannered, but also illegal. That, in my opinion, is the 
subtext to much of the "don't touch Google" screaming.
> So my guess is that a fair number of people inside Google actually did 
> know what was going on with the wifi payload collection but thought 
> there was nothing wrong with it. 
>   
They collected the data. If they did pull out the SSID and MAC address 
information, Google also had personnel who viewed the data and made a 
decision that (a) is what we want to keep and (b) is not; and therefore 
determined the nature of (b) - as in, "we don't want that bit, it's the 
payload". If not, then why collect anything in the first place?

Frankly - as has happened before - Schmidt is going off at the mouth to 
get out of trouble and making things worse.

RC
> I reckon that anyone who has read and understood information privacy 
> principles would be alert to the fact that "collection" is a broadly 
> framed concept -- largely blind to the manner of collection -- and that 
> the obligations that go with collecting personal information are 
> profound.  Any organisation that claims to have a privacy sensitive 
> organisational culture needs to make sure it's based on what privacy law 
> actually says rather that what engineers simply guess privacy to mean. 
>
> Cheers,
>
> Steve.
>
> Stephen Wilson
> Managing Director
> Lockstep Group
>
> Phone +61 (0)414 488 851
>
> www.lockstep.com.au <http://www.lockstep.com.au>
> Lockstep Consulting provides independent specialist advice and analysis
> on digital identity and privacy.  Lockstep Technologies develops unique
> new smart ID solutions that enhance privacy and prevent identity theft.
>
>
>
> Jan Whitaker wrote:
>   
>>   *Google CEO blames 'WiSpy' fiasco on rogue hacker-employee*
>>
>> http://www.itworld.com/print/110114
>>
>> June 5, 2010 ­
>>  
>>
>> In an interview with the Financial Times this week, Google CEO Eric 
>> Schmidt blamed the whole "WiSpy" fiasco on a single, rogue employee 
>> operating outside company rules.
>>
>> Google is being investigated in multiple countries for using its 
>> Street View cars to harvest personal data from every home and business 
>> Wi-Fi network the cars drove past.
>>
>> Schmidt said 
>> <http://www.ft.com/cms/s/2/bdec0ee8-6f4f-11df-9f43-00144feabdc0.html> 
>> that an internal software engineer violated company policy by 
>> inserting code into the Street View software that was undetected by 
>> anyone else at the company. He said Google is investigating the employee.
>>
>> Unless I'm misreading Schmidt, he's implying that a Google software 
>> developer created software that secretly piggybacked on legitimate 
>> Google equipment to wardrive the world, hijacking hundreds or 
>> thousands of Google Street View cars in dozens of countries over at 
>> least three years.
>>
>> Does that sound far-fetched to you?
>>
>> First of all, the Street View cars would need equipment for seeking 
>> out Wi-Fi networks and harvesting and decoding available data. Google 
>> must have had some official purpose for this equipment. Did the 
>> company intent to capture MAC addresses only, and associate those 
>> addresses with GPS coordinates for later location-oriented services? 
>> If not, why did the Street View cars have all that special equipment 
>> turned on?
>>
>> Second, the captured data need to be stored, transmitted to Google, 
>> backed up and generally managed like any other data. And all this went 
>> undiscovered? How did the rogue employee hide the data so well that it 
>> went undetected for several years?
>>
>> And finally, there's some speculation that the unnamed software 
>> engineer performed this hack of the century as a "20 percent time" 
>> project. Google encourages employees to spend 20 percent of their time 
>> on some personal project that could become a Google product. Gmail and 
>> Orkut are two examples of "20 percent time" projects that made the big 
>> time. Does Google need to revisit the oversight process for its 
>> engineers' personal projects? Are there other projects in motion that 
>> are harvesting the personal data of unwitting victims right now? If 
>> Google didn't know about the WiSpy hack, how would it know about any 
>> other similar rogue projects?
>>
>> Schmidt is probably being straight with the press when he says one 
>> employee caused the whole WiSpy controversy. But the company has a 
>> much larger responsibility to prevent employees or anyone else from 
>> using its equipment to violate the privacy of people who aren't 
>> necessarily even Google customers. Google also has the responsibility 
>> to tell us the whole story as soon as they know it. Blaming one rogue 
>> employee just doesn't make sense.
>>
>>
>> Melbourne, Victoria, Australia
>> jwhit at janwhitaker.com
>> blog: http://janwhitaker.com/jansblog/
>> business: http://www.janwhitaker.com <http://www.janwhitaker.com/>    
>>
>> Our truest response to the irrationality of the world is to paint or 
>> sing or write, for only in such response do we find truth.
>> ~Madeline L'Engle, writer
>>
>> _ __________________ _
>>
>>     
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>
>

More information about the Link mailing list