.comment-link {margin-left:.6em;}

Sunday, October 24, 2010

The continuing threat to civil liberties

This morning´s Sunday Telegraph is a timely reminder that it is not just government that poses a threat to our privacy and our civil liberties.

They report that Google has admitted that it downloaded personal data from wireless networks when its fleet of vehicles drove down residential roads taking photographs for its controversial Street View project.

It is bad enough having one´s home pictured on the internet for all to see without this sinister off-shoot. The paper reports for example that individuals could be seen in the photos included a man emerging from a sex shop in London's Soho; children throwing stones at a house in Musselburgh, Scotland; a man vomiting outside a pool hall in east London; and three police officers arresting a man in Camden, north London.

Apparently, the vans had also been gathering information about the location of wireless networks, and as an unintended consequence also harvested entire emails and URLs, as well as passwords from those networks that were not protected by a password.

The lesson is clearly to secure your wireless network but that is not enough. This is a clear breach of British data protection laws and the company should be prosecuted.


...but with the CPS have the bottle to bring a prosecution?
Sorry Peter, but I think your argument is basically bullshit. A failure to secure ones wireless network, when nearly all wireless equipment warns you by default that failing to secure traffic over it will risk ones privacy and expose personal data to the world, is a personal failure. Google is not at fault here - a failure to encrypt a Wireless network could, following your logic, also lead to the owner of said network being prosecuted under the DPA, would that be correct? There are countless unsecured wireless networks that I can pick up from my living room in Cardiff, all of which I could probably harvest facebook/twitter/email logins from, feasibly entirely accidentally if I'm scanning all available IPs on an unsecured network for an access point, or for malicious reasons if I so chose. If that process is automated and entirely unmalicious should I really be prosecuted?

It should be a basic principle of IT that every single item of traffic you put onto a network should be encrypted if you're not happy with your mum, dad and employer knowing it. One of the areas where I do think the onus should be on the user, not the provider.
You will notice that I acknowledged that encrypting ones wireless network was an adequate defence against such harvesting of information. However, that is besides the point. Sending vans around every street to collect this sort of data, however inadvertently is a different kettle of fish from accessing your neighbour´s wireless network. It is a data theft on a mass scale. That is why I believe that google should be prosecuted.
How is it data theft to access an open wireless network? People were broadcasting this data publicly - it's not theft to access something which is being publicly and openly broadcasted. Google should not be held responsible for the technical ignorance of the general public in this case.

If I run a radio station broadcasting my bank details for all to hear, is it really theft if people start taking money from my account? Legally perhaps, but morally?

I really don't get it.

I also don't get how this is a breach of Data Protection Laws as the data isn't personally specific?

Plus, my hypothetical offence in the post above is no different Google's supposed offense in the eyes of the law right? Especially when Tech like this exists

If you're not comfortable that these things exist a) secure everything with encryption or b) don't use wireless networks.
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?