Canada Says Google Wi-Fi Sniffing Collected Personal Data 136
adeelarshad82 writes "Canada's privacy commissioner, Jennifer Stoddart, has announced that Google's recent Wi-Fi sniffing was a serious violation of Canadians' privacy rights and included the collection of personally identifiable information. Stoddart's team, who traveled to Google's Mountain View headquarters to examine the data, found complete e-mails, e-mail addresses, usernames and passwords, names and residential telephone numbers and addresses. Google has been asked to do four things before the Canadian Government would consider the matter resolved."
What about the companies that leaked the info? (Score:2, Interesting)
Re:Pay attention class... (Score:3, Interesting)
Expectation of Privacy (Score:5, Interesting)
If you stand on a public street, it is legal to take pictures of anything you see: there is no expectation of privacy in public.
If you stand naked in your front yard, you have no expectation of privacy.
If you stand on your front porch and shout out your Visa number, you have no expectation of privacy.
If you buy a toy AM transmitter from Radio Shack and broadcast your SSN, you have no expectation of privacy.
But put it in cleartext on an 802.11g router... and you expect privacy?
Re:Expectation of Privacy (Score:4, Interesting)
Strangely, Canadian privacy law seems to make a distinction between individuals and corporations. If I hear you yell out your credit card number on the street I can write that in my diary (but I can't USE it for anything). If a corporation hears you, it is NOT allowed to write it in it's diary.
As for radio, if I hear you broadcast your SSN on the radio, I may listen, but I may not use that information, or tell anyone about it. I think that one is actually the same in the US.
Re:Pay attention class... (Score:3, Interesting)
If I remember correctly Google said they would keep the data until the Canadian authorities had stated they had finished examining it to determine what laws were breached. Once the evidence had been evaluated and they get authorization, they will delete it. Basically they are saying they won't delete evidence of a possible wrong doing until the appropriate authorities say it is OK. This means that they have to hold on to the data collected in each country until they get permission from that country's authorities. Sounds like and administrative nightmare.
Its also a perfect example of how the laws don't reflect how the technology was designed to work. WAPs are designed to handle two situations:
From the technology design point of view if you run across an open WAP then you "know" they want to share. If its closed then you know they don't. I agree that it gets very grey when you knowingly start to collect user ids and passwords. If its an automated download of everything that is available, sort of like a wget, then you can argue the stuff should have been secured.
The laws try to protect the group of people who are too lazy to learn how and why you should secure a WAP as well as your data. The problem is how to differentiate between those open WAPs that people want to share from those where people don't.
Re:.... COME ON! (Score:2, Interesting)
Why is it the fault of google that the data people send out over wireless is unsecured?
Google doesn't care whether the data is secured or not, they're just interested in mapping the wireless points, not in the data itself, so anyone broadcasting unsecured data over wireless must inherently want that data to be open to everyone.
Here the blame isn't on google, it's stupid, stupid wireless users, and they should be told its their responsibility to keep things secure.
For once, just once, I'd like to see the right people smacked for being stupid, in this case, the public.