Yesterday's revelation that Google's StreetView cars collected more than just anonymized pictures of buildings and cars (and some comical situations) came as a surprise to many, including regulatory bodies in a number of countries that are now considering miscellaneous lawsuits and penalties, according to the BBC.
To wit, the issue was that these 'photographic cars' included the ability to sniff wireless data from open networks as they drove around neighbourhoods, so they likely collected the various device and network identifiers along with some snippet of content that happened to be transferred at that particular moment.
People feel violated. Privacy advocates smell blood and lawyers are rubbing their hands in anticipation.
The company has apologized profusely in writing and on television, but the damage has already been done.
Or has it?
Let's see:
- Google surreptitiously picked up network data, but that data was as free as AM and FM radio waves, completely unprotected. Ostensibly no encrypted data was ever compromised and Google certainly made no attempts to penetrate anyone's adequately protected network with or without authorization.
- According to Google, and so far there's no actual evidence to the contrary, there was no malicious intent. Sure, at some early point during the StreetView project Google wanted to offer additional functionality to its users based on the individual router locations but that didn't happen and they apparently never even realized the additional traffic was being intercepted.
- What was so bad about what was done? The network traffic was in the clear so users had no expectation of privacy for those few bytes that were inadvertently intercepted. Nor for any others for that matter.
- Google is now securely deleting – based on regulatory body guidance – the data that it didn't know it possessed and they're probably happy about clearing all that hard drive space that had been taken up for the past 3 years.
- Where's the damage? What can be done with the data? Sure, I can blue-sky endlessly about mining the mountains of snippets collected and find a password here and there, but collected information was not (hopefully) left unprotected during these three years, so does anyone really need to over-react here?
Apparently so, as Germany's minister of consumer protection, Ilse Aigner, called this incident "alarming", which I do not dispute. However, she went on stating that "Google has for years penetrated private networks, apparently illegally" and I think that's going a bit too far.
What do you think?
For most of us, the carousel of headlines breathlessly announcing – and denouncing - foreign government sponsorship of hacking is a distant, a...
This may hint at my advancing years, but I distinctly recall being in awe, at least a couple of decades ago, at the ambitious scope of an internatio...
What do you know about food security? Same here. Located in the permafrost of a remote Norwegian island, the Svalbard Global Seed Vault provides ...
In light of a recent breach of student information at a local school, I sent my comments to editorial desks in the Greater Toronto Area. Here is that ...
Security assessments are always interesting. I know, I do them all the time. You can never guess what you'll find when you're investigating a breach a...
More shocking than the fact that yet another teenager has opted to take her own life as a direct result of (cyber)bullying is the public response to t...