[LINK] Google's WiFi bungle

Tue May 18 17:38:08 AEST 2010

This is a classic case of the worlds of privacy and technology being 
totally blind to one another.  Craig's world view doesn't recognise 
privacy principles, and typical privacy policy wonks don't know how IT 
works. 

Privacy law doesn't apply to individuals, only to corporations and 
agencies.  So Craig, you haven't broken the law by collecting my name. 

There are technical breaches of privacy law occuring all the time as a 
side-effect of how IT systems work within companies.  I spend a lot of 
professional time alerting non-technical clients to the unapprehended 
privacy impacts of how their systems operate.  A classic is the rich 
personal data logged by e-commerce servers.  Peoples' shopping habits 
represent personal information and e-merchants absolutely are in breach 
of the law if they are retaining this data without an express need.  
Worse, if the purchases include medicines and even herbal remedies, the 
e-merchants are holding "Sensitive Information" and this puts them in a 
special category under privacy law. 

Whether these sorts of breaches are regarded as really serious or not 
depends on many factors.  Mostly on whether the collection in question 
was really for some commercial gain. 

It's hard to see the collection by Google of wifi data including paylod 
samples as being entirely innocent, given that company's propensity to 
join up information and make money from it.

Cheers,

Steve Wilson
Lockstep.

Craig Sanders wrote:
> On Tue, May 18, 2010 at 03:22:16PM +1000, Stephen Wilson wrote:
>   
>> It's not a bullshit story.
>>     
>
> yes, it is.
>
>   
>> Craig Sanders wrote:
>>
>>     
>>> google collected publicly available data that people were broadcasting
>>> for anyone to see. so what? big deal.
>>>       
>> The big deal is that under the Privacy Act you cannot in general collect 
>> personally identifiable information without a real need to do so, 
>> without telling people you're doing it, and without controls on what you 
>> then do with that information.  Whether it's publically available or not.
>>
>> Steve Wilson.
>>     
>
> you've just broadcast your name - "personally identifiable information"
> - to a public mailing list. I am subscribed to this list, so i have
> collected it.
>
> Have I broken the law according to Privacy Act by collecting it?
>
> my mail server logs details about every message received - including
> envelope sender email address, date, time, ip address, host name,
> message-id, etc. does that mean i have broken the law?
>
> my mail practices including archiving every email i ever send and every
> non-spam email i receive. have i broken the law now?
>
> my procmail config also feeds a copy of every email i receive into a
> program called lbdb (little brother's database) so that i can search for
> seen email addresses when writing an email in mutt.  Is that breaking
> the law?
>
> none of those things are illegal. neither was google receiving and
> processing data which had been broadcast.
>
> this is not a privacy infringement issue. it's a media beat-up fueled by
> technical ignorance and the ever-present desire for sensationalism and
> scandal (whether real or not).
>
> this might be arcane technical knowledge that is difficult for some
> people to comprehend, but if you don't want other people knowing your
> name, then don't go out of your way to wear a huge flashing neon sign
> saying "my name is..."
>
> craig
>
>   