Pietro Paganini, PhD is the Executive Director of the European Privacy
Association
Yesterday, Alex highlighted Nick Clegg’s speech in which he reaffirmed his party’s – and I suppose, this government’s – dedication to preserving our individual liberties. It was, as one individual on ConservativeHome commented,
as if the deputy prime minister had “just cut and pasted Big Brother Watch's manifesto.”Amongst his pledges, Clegg stated that the government would end the plethora of intrusive IT projects, ranging from ID cards to a national identity register, as well as ensuring that CCTV was “properly regulated.” In pledging to bring “an end to spying on people,” it’s clear Clegg has signaled his intent to form a new individual liberties contract between the state and the people. However, as the European Privacy Association and Big Brother Watch celebrate a tiny victory in public life, attention continues be drawn to events in the private realm.
The Daily Telegraph has a piece on Google’s Eric Schmidt and his attendance at the Zeitgeist conference in London. Following revelations that Google’s Streetview had been collecting private information from WiFi networks Schmidt remarked that it was “highly unlikely” that Google captured any “useful” information. Although Google has denied deliberately storing a user’s private internet traffic, they did intend, as the Financial Times claims, to “collect network names and serial numbers of WiFi hardware.” Google’s justification is that an unsecured WiFi network is akin to a public broadcast.
Meanwhile the Information Commissioner’s Office has called on Google to destroy all of the information they harvested through Streetview. And therein lies the problem. If we want to shed a light on Google’s activities, why on earth should we want Google to destroy this information? In addition, far from halting any further investigations, the ICO must continue to pursue this matter and ensure that Google comes clean about their activities and all the information they gathered. Questions concerning whether an unsecured network is “public”, is a completely different issue altogether, and one that the Justice Select Committee may have an interest in pursuing.
Big Brother Watch has documented public concerns surrounding Streetview on a number of occasions. But the storage of personal data is an issue of grave concern and a sinister development. The European Privacy Association, Big Brother Watch and others have spent a great deal of time fighting against state bent on intruding into our daily lives. But it doesn’t stop there. The storage of personal data by a private behemoth – without one’s knowledge – is just as concerning.
A few utterances from Mr. Schmidt does not go far enough to assuage public concern. We need to see action.
Unsecured networks are clearly public, since all the traffic on them is being broadcast by the aerials in the devices using the network. Indeed, even for secured networks, the SSIDs (network names) and router MAC addresses (unique identities) are public if the routers are set to broadcast them – which most are. This isn't "akin" to a public broadcast. It *is* a public broadcast.
To claim otherwise is like claiming that walking down the street with a loud-hailer shouting a personal conversation to your spouse is "not public" because "other people shouldn't be listening".
As regards what Google *intentionally* captures, my understanding is that they look at the SSIDs and MAC addresses of routers so that Google Maps can provide enhanced location data to other devices by spotting particular SSID/MAC address combinations. This is actually very useful, because GPS coverage is far from complete (especially inside buildings), and location data derived from 2 or 3G telecoms equipment is often pretty unreliable.
As regards the data that was captured unintentionally, from what Google has said on the matter it consists of individual network frames from unsecured WiFi networks. It is mischievous in the extreme to portray this as "storage of personal data", since 99.9% of network frames will contain no such data, and of those that *technically* do, most will be encrypted using SSL anyway and therefore unrecoverable even if Google were malicious. Eric Schmidt is right, therefore, to state that it is highly unlikely that Google captured any "useful" information.
(Oh, and for the record, I don't work for Google, but I *do* work in the computer industry and prior to that in telecoms; on these kinds of topics I don't think it would be unfair to describe me as an expert. It is, perhaps, a shame that Mr. Paganini didn't talk to an expert on this topic before this piece was posted.)
Posted by: alastair | 20/05/2010 at 01:08 PM
@alastair: In general what you say makes sense but may I ask why you would expect "most" data packets on an unsecured wifi network to be encrypted using SSL? I'm only averagely clued-up about network packets but I'd expect most of them to be plain text unless a specifically secure transaction was in progress?
Posted by: Redacted | 20/05/2010 at 02:13 PM
"Unsecured networks are clearly public, since all the traffic on them is being broadcast by the aerials in the devices using the network"
No, if I'm "broadcasting" from my network that stream of data is copyright to me, since it's my "performance".
Google did little more that wardriving, for four (4) years then claimed it was "accidental" .... some accident !!
Those guys at Bing must be relishing this Google-mess ...
Posted by: Purlieu | 20/05/2010 at 07:20 PM
"Schmidt said that society faced some soul-searching about what privacy compromises they were prepared to accept in the digital age."
Oh, does it? What is this *society* of which you speak Mr Schmidt? I think that each person needs to be free to make his or her own choice. To do that, we need transparency from companies like his, so that we know what choices we are actually making. I don't want some vague "society" making that choice for me, thanks. I want control of my situation.
With "free as in beer" Internet services, you are told what you gain, but the price you pay is usually unspecific. What other commercial transaction works like that? What is the actual monetary value of the personal data with which I pay? Am I being overcharged?
He apparently argues that: "pictures and personal information shared on social networking sites could be more damaging than the data it [Google] collects through its search engine."
Well no doubt it *could* be so in some cases. I personally don't have any social networking accounts however, so why would the attitudes of people who use those services have to be imposed on me as well? 400 million flies can't be wrong, eh?
Yes, you can be sure Google takes privacy concerns seriously. If too many users rebel against having their every action recorded and cross-referenced, Google's business gets hurt. We already see Google diversifying to an extent. I don't doubt they understand that the monolithic data-server model of interaction is going to come under increasing scrutiny and will very likely face competition before long.
Posted by: Redacted | 20/05/2010 at 09:16 PM
@ Alastair
If you want to make the poor analogy that unsecured wi-fi is akin to a public broadcast then here's another one you may like: people's windows are like televisions if they leave their curtains open. Does that give you the right to go up and peer inside? Try it out and see what reaction you get from the householder.
Posted by: Johnny Lilburne | 21/05/2010 at 03:40 AM
It makes little sense to apologize for taking a position that so many data protection authorities have also taken on this matter. However I would first like to thank Mr. Alistair for his technical explanation of how Google was capturing information. While this is always something that I wish I could address when discussing this issue, it can be difficult to understand.
However, I would like to emphasize that this breach of privacy is indeed an issue that merits investigation, not least because of the apparent disregard for individual privacy. Mr. Alistair's analogy of the bull horn is misplaced, as nobody is actively seeking to publicly disseminate their personal information, regardless of their network security. I do not believe that someone should be at risk of their privacy being compromised simply because they do not understand how to encrypt their network.
Furthermore, let's not fall in Google's trap. This is not merely an engineering problem. Were that the case, there would be very little reason for Google to feel the need to apologize, much less refrain from bringing this to light much sooner. This concerns the amount of data that Google could collect by matching data captured by several sources (search, Buzz, advertising, etc). It has to do with Google's lack of transparency and repeated “accidents” when releasing new products or being caught violating simple privacy standards. The fact that it took a passing glance by a German regulator for people to become aware of the WIFI mapping clearly demonstrates a complete disregard for informing the public and engaging in a constructive dialogue.
It is clear that you are not concerned by your privacy being violated, and this is great for you. Should Google continue with their WIFI mapping and request people's consent, I am sure that you will give it. Unfortunately, no one was offered this choice. Individuals have the right to choose when to be left alone.
For the benefit of the discussion, I suggest this piece published in the European Voice by my EPA/IIP partner Dr. Luca Bolognini, who addresses some of our concerns.
http://www.europeanvoice.com/article/2010/03/privacy-and-digital-communism-/67559.aspx
Posted by: Pietro Paganini | 21/05/2010 at 08:38 AM
@Redacted:
It does depend what you regard as "personal information". I think most members of the general public (as opposed to privacy advocates) generally think of things like their bank details, not the somewhat wider definition that privacy campaigners like to use that includes even such things as peoples' names.
It's perhaps worth saying also that most of this stuff, whatever your views on what is and is not "personal", is plain text, so *even if* it is being transmitted in the clear, it takes up very few packets (probably in most cases, one), and in order for Google to have captured that one packet, it has to be broadcast at exactly the right time, such that the Street View car is both in range *and* is in the five-second window during which it has hopped to your WiFi network.
@Purlieu:
Copyright is a total red herring. Most of the public broadcasts you're used to (both TV and radio) are copyrighted too; sometimes the broadcaster holds the copyright, sometimes not.
And, in point of fact, *you* probably don't hold the copyright over a lot of the data traffic on your WiFi network anyway, since most likely you're doing things like browsing the 'Net, watching movies and listening to music, in which case the copyright belongs to other people, unless you're viewing content you personally created.
@Johnny Lilburne:
You're mistaken. Peering through someone's window requires a deliberate act - you have to *go* to the window and look in.
That's quite different from an unsecured WiFi network; WiFi uses radio, and radio is a broadcast medium - like sound, where if you make a noise, anyone in range can hear you. Now, you may very well say, when having a conversation on the street, that it is rude for others to listen in. That doesn't stop them from doing so, however, and if you went to a police officer and complained that someone was listening in to your "private" conversation, he or she will point out that you are in a public place.
Contrast that with someone looking into your window. Call the police about that, and they will take it seriously. Well, we hope, anyway.
Nor does the situation change, actually, if you are at home (in a private place) and making so much noise that your neighbours can hear you. The police rightly won't investigate that either, but they might well be interested if your neighbour listens at your keyhole.
The situation is exactly the same with WiFi; your signal is broadcast to the world. Indeed, if someone had a sufficiently sensitive antenna, it could be received many miles away; Google it and you'll see that someone has received a WiFi signal from 125 miles away. Are you certain you trust everyone in a 125 mile radius not to listen in? No? Neither am I.
If you want privacy when using WiFi, you must either use encryption, or you must set your network up so that radio signals do not radiate outside your property. The sound analogues here are, of course, talking in code, or having your private conversation somewhere where it cannot be overheard (either because you're being very quiet, or because it's soundproofed).
Posted by: alastair | 22/05/2010 at 03:57 PM
@Pietro:
The bullhorn analogy is actually very apt. The people with the bull horn in the analogy weren't seeking to disseminate their private information either - their reaction was to decry the fact that someone else was listening, which is exactly what you (and, you are right, the data protection authorities) are doing.
I do take your point that some people might not understand how to set their WiFi network up to be encrypted, but really I don't see how you have a right to privacy if you use an unencrypted WiFi network that radiates off your property any more than you would if you chose to communicate between your back garden and the upper floor of your house with a bull horn in a normal residential neighbourhood. (Communication by bull horn between the grounds of a country house and the house itself *might* however be private, if the sound didn't carry off the property. Just the same as WiFi, see?)
Also, let's not conflate the WiFi mapping with the unintended collection of WiFi data. I can't think of any privacy problems OTOH with the WiFi mapping, but I can see why the unintentional data collection might raise concerns, even if I do think it's all a bit overblown. FWIW, I think ICO got this right when it just said that yes, it probably was a technical breach but that Google should just delete the data.
Posted by: alastair | 22/05/2010 at 04:29 PM
@alastair: Well Google has admitted they were at fault. They re-used experimental code that had more features than they needed. They definitely should have tidied that code up before deploying it in the field. That they didn't is negligent. What this case again shows is that Google operates within a "full steam ahead and patch up the casualties later" paradigm. For a naive startup that would be understandable. For Google, huge as it now is, it really isn't okay anymore, not with me anyhow. You will take your own view of course.
Their response (emphasising that it was unintentional) shows they know they are only just to one side of falling foul of communications interception laws with this, which in some countries is taken seriously. Remember they weren't connecting to an open LAN as ordinary users, they were deliberately sniffing whatever network packets were present as they passed and recording them, cross-referenced to the car's location.
At least they have been open about it, although they really had no choice because to try and cover it up would have damaged trust even more. Without our trust they would be in trouble, and they know that.
Until wifi equipment is sold so that it is secure by default (setup enforces security), assuming that unsecured networks are that way with the knowledge and understanding of the owner, amounts to assuming what incidentally just happens to make your life simpler, rather than what is more likely - that the owners are naive.
Posted by: Redacted | 22/05/2010 at 08:32 PM
@ Alastair
I was speaking about stuff that goes OUTwards as the 'performance' this is not other people's material it is my creation (keystrokes etc)
Posted by: Purlieu | 23/05/2010 at 12:06 AM
Sorry, Alastair, but you are the one that is mistaken. You say that looking through someone's window is a deliberate act. So is what Google did. They didn't accidentally fit the cars with a wi-fi aerial and they didn't accidentally store 600 GB of data. it was a deliberate act.
Posted by: Johnny Lilburne | 23/05/2010 at 01:38 PM
@Redacted:
Sure, Google admitted that it was a mistake running that code on the cars. Hardly "negligent" though - I mean, are people (and companies *are* run by people) not allowed to make mistakes any more?
And this isn't interception, any more than someone who was in hearing range of a bull-horn could have been said to be "intercepting" a conversation between bull-horn users. To characterise it as such is simply ridiculous; again, just like sound, WiFi is a broadcast medium. Broadcast unencrypted, and everyone hears you.
Posted by: alastair | 25/05/2010 at 03:13 PM
@Purlieu:
Very little data is sent by normal users; vanishingly small amounts. It's true that you hold the copyright, but it's in such a minority that the likelihood of Google having captured any is very small indeed.
Posted by: alastair | 25/05/2010 at 03:14 PM
@Johnny:
You've missed the point. The difference is quite fundamental. WiFi is like sound; anyone in the vicinity receives it, and in order to listen to a specific conversation (or a particular WiFi link), you simply ignore the ones you are not interested in. It's usually considered polite, of course, to ignore other peoples' conversations (and perhaps by extension their WiFi links), but the nature of the communication means it is highly public and the only way to make it private is to talk quietly or in code (same with WiFi).
Peeking through windows is quite different. In that case, the person doing the seeing has to actually go up to the window. The person being spied upon isn't broadcasting his or her image to the world (whereas the WiFi user with an unencrypted link very much is doing just that). The equivalent with light would be projecting your image out into the street, then insisting that it was private and people shouldn't look at it.
Posted by: alastair | 25/05/2010 at 03:30 PM
@alastair: The likelihood that in this case the information gathered was fragmentary and unlikely to be very interesting, is a mitigating factor, but not an exonerating one. The problem with it as an excuse is deciding where exactly to draw a line. Exactly how much of this is allowed before it is considered bad? Google isn't a teenage netjunkie wardriving for kicks, it is a global corporation with a staggering capability for mass data gathering and processing. We are entitled to scrutinise them back.
Sorry to go on and on but, the idea that running an unsecured wifi access point effectively amounts to consent to snooping is surely just rubbish. Only explicit consent amounts to consent. Failing to protect your wifi network amounts to naivety, nothing more.
Is it okay for someone to walk by my house with a compatible DECT handset and download my phone directory to its local sim, just because I may have not read and understood every page of the manual and have therefore failed to realise that I should set a PIN to protect against such access? Google assumes what suits its business requirements.
How many of those people would have volunteered any of the information concerned if explicity asked for consent? We can't know, because they *weren't* asked.
As for not being allowed to make mistakes, well how many are they allowed to make before it's okay to criticise them? If not confronted, they will keep pushing their luck and trotting out the same old "duh, sorrreee" routine in the event they upset people. The streetview project is a large, expensive project and could certainly afford a technically competent person to review its design before release. If I make mistakes, my business suffers, so I endeavour not to. If my customers just shrugged them off, why would I care?
Is it legally "interception" or not, IANAL as the saying goes. However, I can understand suggestions I have read to the effect that if this had been deliberate it would have been at risk of being so construed. Data transmissions that were not intended for Google were captured and recorded - that's a straight fact.
As I have said above I think that since, on this occasion, Google has been at some pains to emphasise that this was accidental, it rather suggests that Google is concerned about legal action on some level. Otherwise we'd just get the old "noone cares about privacy any more" California-soundbites.
http://www.eff.org/deeplinks/2009/12/google-ceo-eric-schmidt-dismisses-privacy
Posted by: Redacted | 25/05/2010 at 06:53 PM
Back in time there has been some fading. But not defective.
Posted by: replica chanel watches | 13/11/2010 at 02:33 AM