UNLIMITED SHITTING ON GOOGLE THREAD :-D

[Triple Zero]

(renamed thread)

Google accused of criminal intent over StreetView data - http://news.bbc.co.uk/2/hi/technology/10278068.stm

Google is "almost certain" to face prosecution for collecting data from unsecured wi-fi networks, according to Privacy International (PI).

The search giant has been under scrutiny for collecting wi-fi data as part of its StreetView project.

Google has released an independent audit of the rogue code, which it has claimed was included in the StreetView software by mistake.

But PI is convinced the audit proves "criminal intent".

"The independent audit of the Google system shows that the system used for the wi-fi collection intentionally separated out unencrypted content (payload data) of communications and systematically wrote this data to hard drives. This is equivalent to placing a hard tap and a digital recorder onto a phone wire without consent or authorisation," said PI in a statement.

This would put Google at odds with the interception laws of the 30 countries that the system was used in, it added.

Scotland Yard

"The Germans are almost certain to prosecute. Because there was intent, they have no choice but to prosecute," said Simon Davies, head of PI.

In the UK the ICO has said it is reviewing the audit but that for the time being it had no plans to pursue the matter.

PI however does intend to take the case to the police.

"I don't see any alternative but for us to go to Scotland Yard," said Mr Davies.

The revelation that Google had collected such data led the German Information Commissioner to demand it handed over a hard-disk so it could examine exactly what it had collected.

It has not yet received the data and has extended the original deadline for it to be handed over.

The Australian police have also been ordered to investigate Google for possible breach of privacy.

"The idea that this was a work of
a lone engineer doesn't add up"
Simon Davies, Privacy International

'Systematic failure'

According to Google, the code which allowed data to be collected was part of an experimental wi-fi project undertaken by an unnamed engineer to improve location-based services and was never intended to be incorporated in the software for StreetView.

"As we have said before, this was a mistake. The report today confirms that Google did indeed collect and store payload data from unencrypted wi-fi networks, but not from networks that were encrypted. We are continuing to work with the relevant authorities to respond to their questions and concerns," said a Google spokesman.

"This was a failure of communication between and within teams," he added.

But PI disputes this explanation.

"The idea that this was a work of a lone engineer doesn't add up. This is complex code and it must have been given a budget and been overseen. Google has asserted that all its projects are rigorously checked," said Mr Davies.

"It goes to the heart of a systematic failure of management and of duty of care," he added.



My view on the case is, on some level it must have been intent. And I don't believe that is the level of a single scapegoat / rogue engineer, which would of course be the most favourable thing Google would like us to believe.

I have to add for fairness of the matter, in another blog I read that the total amount of recorded unencrypted traffic is in fact very small. Something on the order of a thousand megabytes, IIRC. Which is really not that much as I believe this was the number for all of Europe. Or maybe Germany. I forget.

The point is, would Google, as a corporation want this data if they could get away with it? Hell yes. I don't doubt that for a second.

The other point is, they were already treading on thin ice. Photographing all the streets in large panoramas, with actual people on it. Additionally collecting wifi accesspoint data and MAC addresses linked with GPS location info (that's pretty much what I was trying to do with my netbook last year, but failed for lack of GPS).

This already is highly sensitive privacy stuff. So should have been extra mega careful about what they do collect and what they don't collect. That's what all those fucking privacy statements are for in the first place!

So even if it was (on some level) a mistake, they fucked up badly and it was a spectacular huge fucking stupid mistake, because they should have been checking and double, triple checking the data-collection software they sent those Google cars out on our streets with.

It is a huge project, coming with a huge responsibility and fucking this up just shows again that they simply don't care, and in this case, criminally so.

If it had been an honest bug, like an accidental misconfigured piece of code that happened to switch to the wrong data channel to record, then maybe, though I would still be pissed off and at least want to fine them.

But this was not a bug, it was a complete software module, written with the intent to do exactly this. Then it was packaged with the software that these Google cars were sent out on our streets with. And then it was switched on, executed and used. And THEN and this is what pisses me off most, now that I think of it, which is inexcusable, there must have been at least hundreds of these google cars? It's not a trivial task to collect, merge, communicate, transmit and centralize all that data. And an extra stream of data that they accidentally recorded should just not have been collected, right?

Obviously at some point in that chain there should have been a manager that should have stopped this from happening. Of course all the managers claim they didn't know. Well of course that's bullshit, because if there is a possibility that a single developer can singlehandedly insert a piece of software in ALL those Google cars that have been scanning and photographing our entire fucking world, then that developer wields a pretty fucking huge amount of power (really, he could have done so much worse) and not checking that is a pretty spectacular security failure, I would call criminal neglect.

In other words, fuck you Google. Fuck you in the nose. Fuck you in the ear. Fuck you in the eye. I hope they hang you. You fucked up. Fucked up bad. I already didn't trust you, not since a long time, but once more you show your real face. The face of the future. A future that is so bleak, it is completely transparent.

[Requia ☣]

Er, correct me if I'm wrong, but the total time collecting from any given access point won't be more than what, 6 or 7 seconds?

[LMNO]

Hush.  We're getting apocalyptic up in here.

[Triple Zero]

Requia, yes, so?

and LMNO, sorry but what?

I said the data was probably very little. But that means shit fuck all in EU privacy legislation and Google knows that very well. The fact that it still happened just shows that they are completely careless on these matters.

It's not a simple understandable mistake to accidentally include a complex piece of recording software into hundreds of little cars you send all over europe and then accidentally neatly collect all that data back.

[LMNO]

I was just commenting on a trend.  Someone posts a scary/outrageous piece of news, and then Requia someone else will undoubtedly say, "well, it's not that bad, is it?"

It's more fun when we're all outraged and pretending it's the end of all we know that's right and proper. 

[Cramulus]

it's definitely fucked up! They're going to wear that "do no evil" motto like an albatross around their neck.

So what kind of data, exactly, do they have?

[P3nT4gR4m]

A list of unsecured wireless access points v's secured ones EVERYTHING OMMGZ THEY KNOW WHAT EACH AND EVERY ONE OF US HAD FOR LUNCH A WEEK PAST THURSDAY !!!!  

[Triple Zero]

it's definitely fucked up! They're going to wear that "do no evil" motto like an albatross around their neck.

So what kind of data, exactly, do they have?

afaik, nothing really sensitive.

but it's the END OF THE WORLD and I enjoy righteously bitching on Google.

[LMNO]

THEY'RE GONNA STEAL ALL MAH STOLEN MUSIC!
    \

[Triple Zero]

A list of unsecured wireless access points v's secured ones

not just that, that bit was their plan, and apparently would have been legal.

it's just that if you run a tool like WireShark (formerly Ethereal) on an unsecured network, you're gonna catch actual traffic. which is illegal (you can actually sniff passwords like that). for some reason, the streetview google cars had software with them that sort of did exactly that. and logged it.

and indeed as Requia said, because the average time they'd be in the neighbourhood of any unsecured network would be about 6 or 7 seconds, they probably didn't log much traffic, but the outrage is that they actually had that software in their cars and used it.

[Cramulus]

it's weird, right?

because if a private corporation randomly recorded 6 or 7 seconds of my phonecalls, of course I'd be outraged, even if they didn't hear anything compromising.

sort of like if you found out your local police station had a torture rack, isn't that a little suspicious, even if they claim they've never used it, and don't know who authorized it?



...and yet -- I connect to unsecured wireless networks all the time 

[AFK]

THEY'RE GONNA STEAL ALL MAH STOLEN MUSIC!
    \

[P3nT4gR4m]

Give Google a break - they're trying their best!

[ñͤͣ̄ͦ̌̑͗͊͛͂͗ ̸̨̨̣̺̼̣̜͙͈͕̮̊̈́̈͂͛̽͊ͭ̓͆ͅé ̰̓̓́ͯ́́͞]

[Triple Zero]

Google doesn't practice what it preaches. They always bitch about "responsible disclosure" whenever someone finds another security hole
in one of their many web applications, but when a Google security researcher finds a vulnerability in some Windows XP Help Center auto
update thing, it's perfectly allright to give Microsoft less than 5 days to fix the bug before they fully disclose the hole:

http://ha.ckers.org/blog/20100610/windows-help-centre-vuln/