Google's snooping and our rights
New Zealand police are set to investigate whether Google has committed a crime by collecting data from wireless routers at the same time as taking Google Streetview images.
So what are our rights, what are the laws, and how did this happen?
First, let's look at what Google actually collected.
How did it happen?
As Google's cars drove the streets, they briefly accessed wireless networks, recording the network SSIDs or MAC addresses (the names of the networks) and the signal strength.
They also collected a small amount of "payload data" if the wireless network was unsecured.
The drama centres on this payload data, which is data being transmitted to and from wireless routers while you surf the net.
The data it collected was meant to help improve the quality of its online mapping and GPS location services by matching the location of those hot spots with known GPS coordinates, thus making locating yourself faster and easier.
However, Google has since admitted that it never meant to take that payload data at all, and it isn't even used in any of their products.
Google summed up the cause on its official blog:
"In 2006 an engineer working on an experimental Wi-Fi project wrote a piece of code that sampled all categories of publicly broadcast Wi-Fi data.
"A year later, when our mobile team started a project to collect basic Wi-Fi network data like SSID information and MAC addresses using Googles Street View cars, they included that code in their software although the project leaders did not want, and had no intention of using, payload data.
"As soon as we became aware of this problem," writes Google, "we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible.
"We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it."
A report on the code used to collect the information has been carried out and some countries are quizzing Google over what its intentions were, or even challenged the legality with lawsuits.
What's the harm?
Theoretically, the location of specific networks could be cross-referenced to track internet usage for commercial reasons.
There are also concerns that email, passwords or banking details could have been intercepted, although Google has said encrypted data such as banking details would have been discarded automatically.
Those who were using their network as a Streetview car drove past will have been at risk, with the amount of data collected varying by the amount of time the car was within range of the network.
There are also ethical concerns about Google not telling people in a suitable manner that it was collecting this data, especially when it claims to follow an unofficial "don't be evil" motto.
Google already has vast amounts of user data available via their Gmail service and other online applications, not to mention their search engine, and the WiFi data will add to their network or personal and geographical information.
Whose fault is it?
There are a couple of distinct sides to this argument. Some might say the wireless networks should have been secured and would therefore have avoided the payload data collection.
Then there are also those who say it shouldn't matter, and that Google should have had better checks in place and has invaded and intercepted private communications, however accidentally.
In the words of Assistant Privacy Commissioner Katrine Evans, "It is good practice to tell people in advance what information is being collected and what that information will be used for."
Most would probably agree with that sentiment, but the question will come down to the legality of what has already happened.
What are the laws in this area?
There are several laws covering this area in New Zealand. The interception of private data can lead to a two-year prison term, according to the Crimes Act 1961, No. 43, Section 216B (1):
"Subject to subsections (2) to (5), every one is liable to imprisonment for a term not exceeding 2 years who intentionally intercepts any private communication by means of an interception device."
However, the most important factor in that law is what is considered private.
An unsecured wireless network can be accessed by anyone within range, and Google could argue that it's the owner's responsibility to secure it.
Considering that WiFi works through radio waves, the Radiocommunications Act 1989 No. 148 may also come in to play, which states in section 133A (1):
"Every person commits an offence against this Act who receives a radiocommunication and who, knowing that the radiocommunication was not intended for that person-
"(a) makes use of the radiocommunication or any information derived from that radiocommunication; or
"(b) reproduces or causes or permits to be reproduced the radiocommunication or information derived from that radiocommunication; or "(c) discloses the existence of the radiocommunication."
What's going to happen?
Google has already admitted that it should have been more transparent in this process, but has stopped short of automatically deleting the data it collected.
It has so far deleted data collected from Austria, Denmark and Ireland, following complaints from authorities in those countries, but is challenging several lawsuits in the US, stating that US law does not prohibit the collection of data from open networks.
Even if Google does escape punishment, it will not escape the court of public opinion, which may leave it labelled as legally dubious and ethically questionable.
What do you think? Is this consistent with their "don't be evil" attitude? Was it an honest mistake? Did they know what they were doing? Are you concerned with Google's treatment of your privacy?
» Join Connector on Facebook, Twitter @lukeappleby or Email Luke at connectornz@gmail.com
» If you like this blog, vote for it in the NetGuide People's Choice Web Awards! Go here to cast your vote for it as Best Blog. Voting closes on July 30.
Sponsored links
Newest First
Oldest First
If it wasn't encrypted then it is a fair assumption that people want to be listened to.
This is why my network at home has the encryption on (for what it is worth, less than 5 minutes with a basic laptop will crack it) and SSID switched off.
People need to take responsibility for this stuff and not expect everyone to hold their hand. A simple search will tell you what the secuity issues are with a wireless connection. Maybe even the 'experts' at the local electronic store should tell them about this stuff.
"If it wasn't encrypted then it is a fair assumption that people want to be listened to" is as stupid as saying "If the door wasn't locked the it is a fair assumption that the people wanted to be burgled".....
Google may cry innocence in their statement that it was unintentional gathering, but why not delete it?
If you are broadcasting your information over an open channel (no password/encryption etc) then it is public, not private, and your own fault that someone was able to access it. There shouldn't be a legal issue here.
Ethically (as usual) it's a different story. I don't think there is anything particularly nefarious that Google would be doing with the information, but it's interesting that they are only deleting the data from countries where they are having legal tangles. If it was captured by mistake, making a show of good faith and erasing the whole lot shouldn't be a problem.
Google hasn't followed its "Don't be Evil" tagline for sometime. Its a bit like people liking apple for being non-corporate....they are as bad if not worse than micro$oft these days.
nicely summed up luke ... maybe im not as guarded about certain types of information (my wifi is secured and always has been) but seriously i think people need to get over google collecting a bit of payload data - cmon people youre not that important that anyone really cares about a lot of your personal info - except of course your bank details :)
Flas #4 said there are no legal issues. Yes there is...
Let's give a direct comparison: Can someone on the street point a sensitive shotgun microphone to pick up conversations inside or outside a private residential property and then record those converations? Of course not. The same principle applies here to wireless routers.
"a sensitive shotgun microphone"? No, just a computer. A more useful comparison would be to drive past with the windows wound down and record whatever radio station people had playing nice and loud. If you play it loud and it's audible from the street, it's public. Same with your wireless network - if you broadcast it out of your property and it's unencrypted, it's de facto public.
I stopped using Google as my primary search engine a few months ago & changed to Bing because Google is primarily a data miner & hoarder which is the basis for their "targeted" ads service, which is why someone who does a lot of searches for World Of Warcraft related terms winds up with dating services ads on the right hand side of their search pages. It's even worse if you use Chrome, while the media has been touting the browser's "increased security" when it comes to malware & other such attacks, there's been little to no mention of the fact your entire browsing history is included in the catchment.
As for the "leaving the door unlocked invites burglars" analogy, the people touting both sides forgot a couple of things. Firstly the state of the door lock is irrelevant to the fact that people walking in & stealing your stuff is still a crime - you can still file a police report & in theory they'll investigate it (in practise it'll sit with child abuse cases & everything else deemed less of a priority than traffic enforcement) if you forgot to lock the door on your way out in the morning - your insurance won't pay you out though. Secondly - this is nothing like leaving your door unlocked or someone using your unsecured wifi for free internet on their laptop - it was a deliberate effort to gather wifi network data using specialized equipment & specific software to do so. There was no accident if the official blog is to be believed, it was the direct result a lack of supervision by the "leaders" of the Street View project.
Having said all that, why would Google need to ask regulatory bodies how to dispose of the data when they could just use their own search engine? If they didn't want the data in the first place, why isn't it gone already? Why are they holding on to said data so vehemently, to the point of defending multiple, expensive lawsuits, if they didn't want to collect the data in the first place?
Family Guy #7 - How about a more realistic analogy. You're walking down the road and someone is inside their house with the door open shouting into a megaphone ...is that eavesdropping if you happen to listen to them? :P
The problem with wireless routers etc is that they tend broadcast to public areas from the home. So if you don't want people to listen in, then don't broadcast something that is easily listened to.
Pop music star Whitney Houston dies
Wellington woman found safe in motel
Kiwis land big Aussie contract
Piri Weepu stakes his claim for No 10
Pop music star Whitney Houston dies
Facebook can alienate people further - study
Lydia Ko blitzes amateurs at Australian Open
Ussher wins fifth Coast to Coast title
Hurricanes thumped by Crusaders in warm-up
Trust me, I've had worse experiences with Streetview than Google collecting publicly available wifi data. Our landlord looked up our address on Streetview & then attempted to threaten us with eviction because we'd installed an unauthorised Sky dish. Turns out it wasn't us, or even the previous tenants. It was the tenants before them - the dish was over 2 years old, on a property which was always leased on a fixed term lease. Needless to say, we decided to leave that property & management company ASAP.
It's a tough one, because on one hand if you're outside the US (& possibly Europe), the data's likely to be completely out of date. It's over 3 years since the Streetview cars went through Christchurch, from what I can tell. But that doesn't mean collecting it in the first place wasn't a bad idea.