[LINK] google misdeeds and Australia's Privacy Commissioner

Stephen Wilson swilson at lockstep.com.au
Wed Jun 23 06:12:56 AEST 2010 


Craig Sanders wrote:
> On Tue, Jun 22, 2010 at 05:31:34PM +1000, Stephen Wilson wrote:
> once again, i implore you NOT to make the false assumption that
> "collecting payload data" is synonymous with "collect personally
> identifiable information".
>
> fortunately, the rules of evidence for a court require more than just
> unfounded assumptions.
>
> there may or may not be PII in the payload data. but you have to PROVE
> it. merely claiming that it is there is not enough.
I didn't know the Link list was a courtroom. 

I'm not tendering evidence your honour, instead I've said quite clearly 
all along that if wifi transmissions contain personal information then 
it doesn't matter that they are "public" -- they are subject to the 
Privacy Act.  What I've been trying to counter in this debate is a set 
of misconceptions about "public" information not being subject to 
privacy law.  It's really important that ICT professionals understand 
what information privacy law is all about.  The implications are at odds 
with the way some technologies work or they way they are commonly 
operated. 

How do you know my assumption that open wifi transmissions contain 
personal information is "false"?  Isn't it best to assume that it does?  
Wouldn't it be extraordinary to not have any individuals' names ever 
transmitted over a network?  What do you say to the French authorities 
who looked and did find personal information in Google's collection?

And if we're in court, then let's have the legal basis for thise clangers: 

> by not encrypting, they are implicitly giving permission. 

Implied consent is a complex topic Craig.  You'll have to be rock solid on what appears to be an assumption of yours, or else err on the side of caution and not impute consent. 

> same as someone shouting their secrets into a megaphone is implicitly
> giving permission for others to hear them.

Maybe but how is shouting into a megaphone analagous to using wifi? 

> you don't need to ask for permission to listen if someone's yelling 
> in your vicinity.

What makes you so sure you sure that listening to someone yelling in the 
street is comparable to a corporation collecting personal information 
for the purposes of the Privacy Act?  Sorry to be pedantic -- actually 
I'm not sorry, the law is kinda  pedantic -- but an individual 
overhearing someone shouting isn't subject to the Privacy Act, whereas a 
company recording personally identifiable information (without telling 
anyone they're doing so, and then sending that information transborder 
to another jurisdiction) is.

Many wifi users don't know how it works, don't know it's range, don't 
have any inkling that a company might drive down their street and listen 
in on their transmissions.  They didn't think they were doing anything 
like shouting shouting into a megaphone, and they didn't give consent 
for Google to collect their network transmissions.

Cheers,

Steve Wilson
Lockstep
www.lockstep.com.au.

More information about the Link mailing list