There is a matter which I have been following with some interest over the past few months.
It started, as far as I can find, in The Register - out of UK -
It surfaced again in Granny Herald and many other major syndicated news broadcasters. It has simmered on since; NZ has the Police looking into it; Australia's Privacy Commissioner has said outright that it is an invasion of privacy and illegal; in the past few weeks there has been growing rumbles coming from the legal system in the US...
From The Register -
Google has said that its world-roving Street View cars have been collecting information sent over open Wi-Fi networks, contradicting previous assurances by the company.
This means that Google may have collected emails and other private information if they traveled over Wi-Fi networks while one of the cars was in range. Previously, the company said no payload data was ever intercepted.
In a blog post [1] published on Friday afternoon, the company said that it collected the data by "mistake" and that the data has not been used in any Google products. Street View cars have now been grounded, according to the post, and the company has promised to delete the data. But before doing so, it will be asking regulators in "the relevant countries" how this should be done.
Google declined to comment on the matter, instead pointing us back to its blog post. It arrives less than three weeks after the company said that such data was not being collected. But since then, Google conducted a review of the data being collected by its Street View cars after the data protection authority (DPA) in Hamburg, Germany requested such an audit.
Ginger McCall, a staff counsel with the Electronic Privacy Information Center (EPIC), a public watchdog, calls the data collection a "violation of customers' trust," and she questions Google's claim that it was collecting the data by mistake. "People need to ask why was Google was collecting this information," McCall told The Reg. "It's difficult to believe that this would be done accidentally.
"This really flies in the face of their assertion that customers should just trust them."
On April 27, in response to a complaint from the German DPA, a Google blog post [2] said that in scanning open Wi-Fi networks its Street View cars were collecting only the SSIDs that identify the networks and MAC addresses that identify particular network hardware, including routers. Google uses this data in products that rely on location data, such as Google Maps.
But the company now says that when Street View cars began collecting this data, it accidentally included some additional code with the cars' software. "So how did this happen? Quite simply, it was a mistake," today's blog post reads. "In 2006, an engineer working on an experimental Wi-Fi project wrote a piece of code that sampled all categories of publicly broadcast Wi-Fi data.
"A year later, when our mobile team started a project to collect basic Wi-Fi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software — although the project leaders did not want, and had no intention of using, payload data."
At this early point, there were two separate "causes". The first was the fact that Google was collecting SSID's from open Wifi's. On the face of it, that might seem to be relatively innocuous and innocent. The second cause was the accusation, and partial acknowledgement by Google that they had also "accidently" collected other data at the same time; things like stray emails and the like, or Dad's porno movie that the boys were watching in the back bedroom while "the game" was on tv. This is what has really caused the blow-out in the news.
Personally, I think that Google are very happy that their somewhat tentative acknowledgement is taking all of the heat. How so? Because it is not what they were really after. Think about it for a moment. Those "street cars" were not stationary. They drive past at about 40kph. That means they would have been outside my house for about a minute or so. The chances of extracting anything more than a fleeting glimpse of the traffic on one wifi network? Virtually nil.
The scary part of this news is the actual collection of SSID's, not the remote possibility of tapping traffic from a private network. This is the far more insidious data, when you consider that SSID's are tagged against every piece of data that goes out onto the web; and given the average level of system security much of what is not (intentionally) sent out into the wider world but gets there through the universal virus and trojan horse infections.
It goes further.
Off topic, or so it might seem, for a moment. Recall the news not six months back that Google (and others) were accedeing to the RPC Government's request to censor the global access from China. The usual example was Tianenmen Square did not exist; Wiki was not available; the list goes on...
Back to topic again.
The scariest thing - when you start talking about personal rights - is what you do not know. If you do not know that your government has an unhealthy almost prurient interest in your daily doings (because you are a terrorist, or associate with criminals, or belong to Falun Gung, or are an Elder in LDS, or whatever) then your image of personal freedom is going to get a sudden and very cold shock.
If the likes of Google can do a deal with the PRC Government in the interests of commercial growth and profit then who can be sure that similar agreements do not exist with other governments, even most particularly the US.
Think about it for another moment before you dismiss the idea out of hand, or blame it on just another Obama socialism plot (it dates from 2006 - the midst of the Bush second term).
How much traffic is monitored on behalf of the US government through sites such as Waihopai? Very little, they say. Only those parts that are "of interest".
Let's not worry too much at the moment what "of interest" might imply. It might be only terrorism threats, or the Cosa Nostra, or the Triads. That is not the point.
What is important is that that traffic, every little bit of it, is tagged with SSID's.
Now, through Google, those SSID's can be tracked to a very specific address.
So, be very afraid. The 1970's B-grade sci-fi flicks might well have gotten their definition of "artificial intelligence" wrong.
No comments:
Post a Comment