[LINK] Google's WiFi bungle

Craig Sanders cas at taz.net.au
Wed May 19 13:03:42 AEST 2010 

On Wed, May 19, 2010 at 12:12:00PM +1000, Stephen Wilson wrote:
> Yet there is an complementary blindspot on the part of technologists as 
> to Information Privacy Principles and law. 

warning people that things are not as simple or B&W as they might
like, or that there are risks they are completely unaware of, hardly
constitutes a blind spot. it's those who refuse to listen that have the
blind spot.

> For all the bombast Craig, it's not clear whether you appreciate the
> following:
>
> - the "publicness" of personal information has little or no bearing on 
> whether a corporation can collect it and put it to other uses; 
> information privacy law simply forbids the collection and use of 
> personal information without a real need or without consent

of course i realise that.

but do you realise that human laws don't change physics?  or reality?

(i also realise that privacy laws aren't universal, they vary from
jurisdiction to jurisdiction. australian laws are moderately good. some
in europe are a little better. american laws are woefully inadequate).


> Further, you say that Google's collection of wifi information was 
> totally inadvertant given the way that wifi works (they were 'walking 
> around with their eyes open'). But that's not how Google themselves 
> describe their collection:
> 
> "an engineer working on an experimental WiFi project wrote a piece of 
> code that sampled all categories of publicly broadcast WiFi data. A year 
> later, when our mobile team started a project to collect basic WiFi 
> network data like SSID information and MAC addresses using Google?s 
> Street View cars, they included that code in their software?although the 
> project leaders did not want, and had no intention of using, payload data."

i don't see any contradiction between that statement and what i've said.

as i said, when you scan, you get everything that's being broadcast.  you
have to go out of your way (i.e. write code) to filter it out.

same as when you have your eyes open, you have to ignore stuff you're
not interested in (and your brain has had millions of years of
evolution plus years or decades of individual experience to filter out
"non-interesting" stuff).

the most that google can be accused of in this case is failing to write
100% perfect filtering code before they had any idea what kind of data
they'd pick up when they started scanning (and, BTW, writing such
filters requires viewing a representative sample so that you can find
patterns to match for exclusion).



> See 
> http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html?spref=tw
> 
> So it was not an accidental by-product of operating a regular wifi device.

yes, it was.

   "In that blog post, and in a technical note sent to data protection
    authorities the same day, we said that while Google did collect publicly
    broadcast SSID information (the WiFi network name) and MAC addresses
    (the unique number given to a device like a WiFi router) using Street
    View cars, we did not collect payload data (information sent over the
    network). But it's now clear that we have been mistakenly collecting
    samples of payload data from open (i.e. non-password-protected) WiFi
    networks, even though we never used that data in any Google products."

i.e. they gathered broadcast data they didn't want and weren't using.


the scope of what they collected was pretty minimal too:

   "However, we will typically have collected only fragments of
    payload data because: our cars are on the move; someone would need
    to be using the network as a car passed by; and our in-car WiFi
    equipment automatically changes channels roughly five times a
    second. In addition, we did not collect information traveling over
    secure, password-protected WiFi networks."

that's the wifi equivalent of hearing tiny snippets of conversations as
you walk through a crowded room.

there's a difference between accidentally overhearing something and
deliberately eavesdropping.


> If we take Google at their word, then they have not breached the Use
> and Disclosure Principles, but they have breached the Collection
> Principle.

they've breached it about as much as you do every time you walk down the
street or fail to close your eyes and block up your ears.


craig

-- 
craig sanders <cas at taz.net.au>

More information about the Link mailing list