back to article Google pays out $13m to make Wi-Spy scandal go away: Bung goes to peeps and privacy orgs

Google has offered to pay out $13m to settle a class-action lawsuit over the infamous "Wi-Spy" incident – when its Street View cars were caught slurping data from unsecured Wi-Fi access points between 1 January 2007 and 25 May 2010, when they got caught. According to an investigation by the US Federal Communications Commission …

  1. Doctor Syntax Silver badge

    "It also agreed to surrender the data to authorities in the US and Europe for inspection, which went some way towards diffusing the situation."

    Diffuse as in spreading it about so that data fetishists in TPTB got their hands on it to trawl through?

    1. steelpillow Silver badge

      "Out of the mouths of babes and sucklings" as the saying goes.

  2. JohnFen

    Not enough

    The settlement is better than nothing, but hardly enough. $13m is pocket change for Google.

    The Wi_Spy scandal (or, more accurately, Google's response to it) was what finally opened my eyes to the fact that Google had become nefarious. So, in a weird sort of way, I'm grateful that Google was so brazen. If they had been more careful, they could probably have spied on everyone for a lot longer without many people wising up.

    1. overunder Silver badge

      Re: Not enough

      "If they had been more careful, they could probably have spied on everyone for a lot longer without many people wising up."

      They could have? They are.

      1. doublelayer Silver badge

        Re: Not enough

        Yes, they are. However, I have to agree with the original point. Around that time, in the late 2000s, I thought of Google as an ally. They had a pretty good search engine. They had just released their mobile OS and their browser as open source. They stood with us against stupid suggestions that would result in damage to the internet. When compared to other companies, I wasn't that afraid that they could abuse the data they got, and part of this is that I thought I knew what data they had. Knowing what they were truly doing helped me to decide to avoid some of their worse privacy invasions, and even some nontechnical people seem to have figured out that this is a problem. If they hid this for longer, I would still have figured it out, but probably a couple of years of handing them data later.

      2. Antron Argaiv Silver badge
        Big Brother

        Re: Not enough

        Google as a corporation has a strange interpretation of the phrase "Don't be evil."

        1. Fred Flintstone Gold badge

          Re: Not enough

          Nah, the phrase is simply incomplete.

          The full sentence is "Don't be evil to our shareholders"..

        2. Randy Hudson

          Re: Not enough

          They had to change it from the original "Do no evil", which people heard and often correctly written down as "Do know evil"

        3. Michael Wojcik Silver badge

          Re: Not enough

          Google as a corporation has a strange interpretation of the phrase "Don't be evil."

          Strange, perhaps, but very straightforward, when you understand that it's applied under the axiom that whatever is good for Google is an absolute good.

    2. big_D Silver badge

      Re: Not enough

      I agree, the sum is piddling.

      On the other hand, anyone who surfs on an unsecured Wi-Fi connection shouldn't be surprised that their data is being gobbled up, it is the equivalent of standing in the town square and shouting out your information as loud as you can...

      1. Anonymous Coward
        Anonymous Coward

        Re: Not enough

        On the other hand, anyone who surfs on an unsecured Wi-Fi connection shouldn't be surprised that their data is being gobbled up, it is the equivalent of standing in the town square and shouting out your information as loud as you can...

        Oh yawn, here is that old chestnut again.

        If you leave your door unlocked, it's still a crime to walk in and take whatever you like.

        You still have to access the network before you see the data - doing that without permission is a crime, password protected or not. The loudhailer idea is false equivalence.

        There really are no excuses for Google - I also want to know how it is possible that there was a fully functional backend prepared to receive all that juicy data, that's a strangely thorough "accident" in my book.

        1. big_D Silver badge

          Re: Not enough

          No, you don't have to join the network, you can passively sniff the unencrypted packets out of the air.

          To use your unlocked door analogy, this isn't like walking in and taking whatever you like. It is the equivalent of the house owner, writing all of their information in big letters on a whiteboard which stands in the window and can be seen from the street. (Or the user shouting the information out of the window.) The packets are there, "hanging" in the air outside, where anybody can hear them, without having to join the network.

          It was still wrong of Google to have sniffed those packets out of the air - they didn't join those networks, they just grabbed a few packets out of the "air" in passing. I'm not disputing that at all, I'm just saying that anyone who sends unencrypted information over public frequencies can't have any expectation of privacy.

          1. Ghostman
            Devil

            Re: Not enough

            So, in other words, since your cell phone conversations go over the "air" as you state, then it's ok to listen in on them?

            Don't you "own" those packets going over the "air" or are they public domain?

            How did they get passwords and other personal information over the "air"?

            The big question, why did they want to do this?

            Why are they not fined $1 million per password, name, IP address, any piece of personal information?

            1. JohnFen

              Re: Not enough

              "How did they get passwords and other personal information over the "air"?"

              Probably from people using an open WiFi without a VPN, and entering that data into web pages or including it in emails.

              1. big_D Silver badge

                Re: Not enough

                And email, back then, generally didn't use TLS, it was just plain text - webmail could be different, but SSH/TLS wasn't universal back then.

            2. big_D Silver badge

              Re: Not enough

              Wem, nowhere have I said it was ok to listen in on Wi-Fi signals, just that, because they aren't encrypted, unlike cell phone calls, which are encrypted since the mid 90s, they can be eves dropped in by anyone with a Wi-Fi scanner, which is just a pc or a smartphone with the relevant software.

              That is why you should always use at least WPA 2 encryption.

              1. big_D Silver badge

                Re: Not enough

                I hate autocorrect!

                That should be "erm, nowhere"!

          2. JohnFen

            Re: Not enough

            "No, you don't have to join the network, you can passively sniff the unencrypted packets out of the air."

            Indeed. Many years ago, I lived near a courthouse and accidentally captured WiFi packets from the courthouse WiFi, which was being run open. I did not join the network, I passively captured the data in the air.

            Since the data included emails from lawyers about cases they were involved in, I (anonymously, just in case I was on the wrong side of the law) informed the courthouse of the issue. I never checked to see if they fixed it.

        2. Antron Argaiv Silver badge
          Pirate

          Re: Not enough

          Yeah, in the US, even if the wifi is not protected, you're going to be up on charges of unauthorized use of a computer network, and the Feds take that very seriously (as long as you're not a major campaign donor, that is)

          1. Spanners Silver badge
            Boffin

            Re: Not enough

            If I set up a WiFi that is not encrypted, I am giving implicit permission for anyone to connect to and use it.

            Yes, anyone who did so would be breaking the law but surely I would be helping someone perform an illegal act? My only defence would to say that what they were doing was not unauthorised. This would get them out of trouble too.

            Even weak encryption is a statement of "authorisation required".

            1. Anonymous Coward
              Anonymous Coward

              Re: Not enough

              If I set up a WiFi that is not encrypted, I am giving implicit permission for anyone to connect to and use it.

              Nope, not even in the widest interpretation of applicable laws, and not just here in Europe. That's actually one of the problems with the facility in mobile phones to hop on any open network and use it. From a legal perspective, if you do that without permission you are breaking the law. It's pretty, er, binary.

              The only thing you can use of a third party WiFi network is any SSID it broadcasts, which is what some companies combine with geolocation to improve positioning. An SSID that is broadcast is like a house number, but as soon as you gain access to the facility and the data behind it without permission you are in the wrong - secured or open makes zero difference.

              but surely I would be helping someone perform an illegal act?

              Nobody is under obligation to access an open network, the decision to do so irrespective of the law is the mens rea part of what would get you into trouble.

            2. JohnFen

              Re: Not enough

              "If I set up a WiFi that is not encrypted, I am giving implicit permission for anyone to connect to and use it."

              Sadly, legally this isn't true.

              Fortunately, most people don't know or care. I run an intentionally open WiFi access point specifically for my guests and any neighbors or others within range to use. There is no shortage of people who use it.

          2. JohnFen

            Re: Not enough

            "you're going to be up on charges of unauthorized use of a computer network"

            I don't know... if you haven't joined the network or otherwise are not sending any packets to the network, are you really "using" it? I would argue that you aren't.

            1. Anonymous Coward
              Anonymous Coward

              Re: Not enough

              if you haven't joined the network or otherwise are not sending any packets to the network, are you really "using" it? I would argue that you aren't.

              .. in which case I would wonder why you bothered in the first place :)

    3. Sir Runcible Spoon
      Mushroom

      Re: Not enough

      They should also be made to pay for lying.

      1. Fred Flintstone Gold badge

        Re: Not enough

        Nah, paying is too much of a get-out, that just becomes a rounding error in the accountant's spreadsheet.

        I'm all for the return of tar & feathers, or, more animal friendly, tar and glass fibre insulation. Without underwear.

  3. Jay Lenovo
    Black Helicopters

    For every roach you see...

    There never seems to be enough pesticide to keep Google out your private business.

    Or at least, I wouldn't rely on any type that takes 9 years to work.

    1. Anonymous Coward
      Anonymous Coward

      Re: For every roach you see...

      Indeed.

      Google's new slogan should just be: "Don't Be Google"

  4. Anonymous Coward
    Anonymous Coward

    $3 million divided amongst 22 plaintiffs?

    I guess lawsuits can be lucrative for someone other than the lawyers if you can avoid having your lawsuit going class action!

    1. doublelayer Silver badge

      Re: $3 million divided amongst 22 plaintiffs?

      That's $136K per plaintiff, or $15150 per year. Not bad to have, but nothing compared to what the lawyers get.

      1. NetBlackOps Bronze badge

        Re: $3 million divided amongst 22 plaintiffs?

        And money to the Google favored usual suspects.

  5. Anonymous Coward
    Anonymous Coward

    Moving on.

    And now that they have home assist in which in their eyes they have the right to sift through your stuff, listen to your conversions and order any old crap due to an error in interpretation. Who needs cars. Google already knows your Ssid and network password because you gave it to the through your shiny new mobile.

    1. Anonymous Coward
      Anonymous Coward

      Re: Moving on.

      Also their DNS and VPN services, etc.

  6. TVU

    Google pays out $13m to make Wi-Spy scandal go away

    It's not the only thing that's gone away. "Don't be evil" also went away a long time ago.

  7. adam payne

    Four months later, the ICO pulled a major U-turn after Google admitted the data included full URLs, emails and passwords. The regulator then stated that the search giant had indeed broken the law.

    Typical ICO, spinning around like a record player.

    it simply made Google sign a commitment to improve data handling and introduce a requirement for engineers to maintain a privacy design document for every new project before it is launched.

    Slap on the wrist and a finger wag, now don't do it again.

  8. Zog_but_not_the_first
    Devil

    Er....

    Does that mean Google is evil now?

    1. Spanners Silver badge
      FAIL

      Re: Er....

      These things are relative.

      In comparison with how they originally wanted to be, definitely.

      In comparison with Apple, FB or Microsith, they are becoming unremarkable.

    2. JohnFen

      Re: Er....

      It means Google is a megacorporation that is run like any other megacorporation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021