[LINK] google misdeeds and Australia's Privacy Commissioner

Craig Sanders cas at taz.net.au
Wed Jun 23 09:09:58 AEST 2010 

On Wed, Jun 23, 2010 at 06:12:56AM +1000, Stephen Wilson wrote:
> Craig Sanders wrote:
> > On Tue, Jun 22, 2010 at 05:31:34PM +1000, Stephen Wilson wrote:
> > once again, i implore you NOT to make the false assumption that
> > "collecting payload data" is synonymous with "collect personally
> > identifiable information".
> >
> > fortunately, the rules of evidence for a court require more than just
> > unfounded assumptions.
> >
> > there may or may not be PII in the payload data. but you have to PROVE
> > it. merely claiming that it is there is not enough.
>
> I didn't know the Link list was a courtroom. 

please stop posting straw-man arguments based on deliberately fatuous
misinterpretations.


> I'm not tendering evidence your honour, instead I've said quite       
> clearly all along that if wifi transmissions contain personal         
> information then it doesn't matter that they are "public" -- they     
> are subject to the Privacy Act.  What I've been trying to counter in  
> this debate is a set of misconceptions about "public" information not 
> being subject to privacy law.                                         

nobody's ever said that it wasn't.  that's just another one of your stupid
straw-men arguments.

> How do you know my assumption that open wifi transmissions contain 
> personal information is "false"?  

it's false because it's unproved and unsupported by any evidence.

> Isn't it best to assume that it does?  

no.  assumptions are never best practice, especially when there is no
evidence or history to support them.

and in the current context, this is equivalent to asking "wouldn't it be
best to assume that the accused is guilty until proven innocent?".


> > by not encrypting, they are implicitly giving permission. 
> 
> Implied consent is a complex topic Craig.  You'll have to be rock
> solid on what appears to be an assumption of yours, or else err on the
> side of caution and not impute consent.

so if i walk into your office (or just walk past your office door or
window) and yell out my name, address, phone number, bank account
details, tax file number and so on you are guilty of storing PII, just
because you overheard it and your brain automatically remembers things
that it hears?

great. the world always need new ways to make people criminals against
their will.


before you quibble about brains not being anything like computers or
recording devices (a debatable notion in itself) - does it make any
difference if you happened to be using a voice recorder to make notes
at the time? or using a webcam so that my voice is not only recorded
but sent out on the internet? or if there was an AV security camera
covering that area? in a situation like this, why should MY action make
YOU guilty?


> > same as someone shouting their secrets into a megaphone is
> > implicitly giving permission for others to hear them.
>
> Maybe but how is shouting into a megaphone analagous to using wifi?

because they're both broadcasts into public spectrum using technological
devices to assist. it makes no difference that one is broadcasting sound
waves in a directly audible to human ears and the other is broadcasting
microwaves accessible to anyone using one of the hundreds of brands of
compatible devices.


> > you don't need to ask for permission to listen if someone's yelling 
> > in your vicinity.
> 
> What makes you so sure you sure that listening to someone yelling in the 
> street is comparable to a corporation collecting personal information 
> for the purposes of the Privacy Act?  Sorry to be pedantic -- actually 
> I'm not sorry, the law is kinda  pedantic -- but an individual 
> overhearing someone shouting isn't subject to the Privacy Act, whereas a 
> company recording personally identifiable information (without telling 
> anyone they're doing so, and then sending that information transborder 
> to another jurisdiction) is.

and, once again you keep claiming that there was PII without bothering
to prove it.

assertion is not proof.  accusation is not guilt.

> Many wifi users don't know how it works, don't know it's range, don't 
> have any inkling that a company might drive down their street and listen 
> in on their transmissions.  They didn't think they were doing anything 
> like shouting shouting into a megaphone, 

that's not the fault or responsibility of the listener, ignorance is no
excuse.

the information is readily available. it's not secret or hidden or
obscured in any way. the documentation (and/or configuration menus)
for the devices usually warn the user about privacy implications and
encourages them to set an encryption password.


> and they didn't give consent for Google to collect their network
> transmissions.

they didn't need to. they broadcast it publicly for anyone to overhear,
whether they knew that was what they were doing or not. 

it's NOT (and can not be for obvious practical reasons) the
responsibility of the listener to figure out whether a broadcast was
meant to be private or not, it the responsibility of the broadcaster to
take approporiate steps to encrypt their public transmissions.

if you want to keep a secret, it's best not to broadcast it to the
world.

craig

-- 
craig sanders <cas at taz.net.au>

More information about the Link mailing list