19 comments

[ 3.1 ms ] story [ 59.3 ms ] thread
"If you don't encrypt your traffic, then by implication, you don't care if people eavesdrop on it."
Isn't that like saying "if you don't lock your mailbox, then by implication you don't care if people read your mail"? Or, "if you don't lock your telephone junction box, then by implication you don't care if people tap your phone"?

Although I don't agree with your quoted statement, I don't think Google's capturing of data should be considered criminal, either.

More like "If you shout loudly in your apartment, expect others to hear you."
The difference is wifi broadcasts that information.
Of course. I agree that it shouldn't be illegal to access it; however, simply being trivially accessible doesn't necessarily mean people don't care.
There are several comments below the article which noted that Google had turned over data to external French auditors, who reported finding passwords, emails, and other sensitive information in the WiFi data captured by Google. Personally, I would be more worried by external auditors having access to the data than Google.
Google having it is the same thing as external auditors having it. They've said as much on several occasions (e.g. "If you don't have anything to hide...").
Wrong. Google has a vested interest in protecting the information (whether or not they internally exploit it for contextual advertising is another issue). External auditors have more incentive to leak the information to increase public outrage at Google.
Google's vested interests are irrelevant. The government can take any or all of their information any time they want to.
Surely Google knew they were saving the packet payloads, even if they didn't have any intended use for them. That is not the kind of detail a programmer can simply overlook. Calling it an "accident" is certainly disingenuous. The only accident was not realizing that people would care so much.
Consider it a favor from Google to point out how insecure wifis are if you don't use any encryption.
Consider it a favor when criminals break into your improperly secured house and steal all your stuff.
Except that Google did not steal, they only warned people and shown that it's possible.
If someone got a key logger and logged your bank account name and code would that be considered stealing or "warning you what's possible"?
It depends on what he would use it for.
Interesting. I agreed with you until I realized something -- wifi is essentially broadcast radio waves. Unless the information is encrypted, there is not only no intent to hide it, but it is being actively transferred at you. I think a better analogy for sniffing unencrypted wireless traffic may be your neighbor yelling all his personal information across the street to someone in plain view. How is that supposed to be a private conversation?
It would have been nice if the incident prompted actual public discourse of the difficult issues involved, but instead the media went for the jugular, Google went into damage control mode and the general public didn't get any wiser. I think if Google had taken the high road in this case, they would have had a pretty good chance of coming out on top, but I can't blame them for chickening out (and lying).

The reaction to the whole affair demonstrates pretty clearly that most people expect their internet traffic to be private, regardless of how easy it is to intercept, a detail to which they are oblivious. As others have pointed out, some degree of voluntary respect for privacy and property is necessary in a civil society.

On the other hand, there are limits on how far we are expected to go to respect those rights. For example, if you have no signs, fences, or intrinsic indicators of ownership on your land, it may not be reasonable to expect people not to trespass. If you leave an old chair on the sidewalk, you probably can't call it theft when someone takes it away. If you are having a loud conversation in a public place, you should expect others to listen in, and so on.

There is presently very little consensus on which expectations are reasonable with regard to info tech. There is obviously a huge rift between the technoratti and the layperson, but neither of those subsets has a stable consensus either. The domain is changing too fast for even experts to establish lasting standards.

In the particular matter of wireless data, I would hope, ultimately, that nobody will expect data they are broadcasting through the air, for 100 meters in every direction to be private, especially when that supposed privacy could be breached as an unintended side effect of various benign activities, and when the capability to encrypt the data is readily available to everyone.

An interesting thought: should we blame Google or should we blame the unencrypted wifi hot spots?

The fact that it's so easy to sniff unencrypted wifis should be more worrying. I mean Google turned over the raw data, I may do the same and intentionally sniff even more data, steal everybody's password and not admit it.

Like the author said, you can punish Google, but that won't make those hotspots more secure. And you never know when will a real evil guy come to the neighborhood.

Looks like some trolls decided to go on a downvote spree.