Friday, May 28, 2010

I hate stupid people, part two.

Vicki Van Valin of Portland and Neil Mertz of Seattle have filed a class-action lawsuit against Google in Oregon District Court, for invasion of privacy, because Google disclosed that its Street View vehicles had inadvertently collected private data from unsecured WiFi networks.

Now, I'm all for privacy, and what Google did was a mistake at best, or a badly conceived idea at worst.  To their credit, it was Google that came out and announced that, upon inspection of their hard drives, that in fact personal data had been collected.  Subsequently, Google came out with SSL searches so that no one could look at what you were searching for.

But in their own complaint, these two brainless fools have made some incredulous claims.

  • They claimed that they had a reasonable expectation of privacy.
    • Mind you, they weren't using a third party's network, this was their own.  It was their decision to leave their networks wide open with no encryption key to access it.  Anyone could have used a publicly available packet sniffer to grab their data and look at the raw data, without any problems - such as having to break through encryption.
    • Do you suppose they've enabled encryption on their networks now?  And if they did, wouldn't that be an admission of knowledge that their open networks were...OPEN?
  • Van Valin claimed that she works in the high tech field (her linkedin profile says she works in the internet industry), and works from home, and therefore private company data was taken.
    • I have a problem, if she's working for an internet-related tech company, and said company did not REQUIRE her to set up a VPN (virtual private network).  Even if you operated over an open WiFi, having a VPN would have added a layer of protection with - assuming corporate IT has some sense - 512-bit (or higher) encryption.
    • Of course, I have a serious issue, if she's working in the internet field, to leave her WiFi completely open, and using it for work-related access.  You'd have to be pretty stupid to do something like that.
  • The two claim that their private searching was compromised.
    • Yeah, that's why you can't get anywhere on the internet, if you reject first-party cookies.  What sort of morons do we have here?  Their data is completely wide open to all sorts of companies on the internet, wherever they go.  Tracking cookies know where you've been and what you've searched for.  The only way to ensure private searches online, is to access via a proxy server.  If these two imbeciles created their own open networks, wouldn't it be hypocritical of them to assert a lack of privacy, if they weren't using proxy servers for their searches?
  • They claim that Google decrypted the data they collected and stored that data, accessible to the thousands of Google employees.
    • No where, not anywhere, has Google ever stated that they used secondary software to interpret the raw data.  What they did say, is that between collecting SSID and MAC information, they inadvertently included code that collected payload data. 
    • Further, if Google is like most other large corporations, they have a variety of servers, of which, depending upon your role and division in the company, your access is highly restricted to only that which you would normally need access to, to do your work.  Intel does this, IBM does this, HP does this...I don't imagine any company NOT having user rights segregating access to various servers.
    • If the raw data collected hasn't been interpreted, the only thing you've collected are the SSIDs and MAC addresses, none of which are personally identifiable on their own, unless someone would be dumb enough to use their own first and last names as an SSID.
  • They claim they should be awarded unspecified punitive damages, as well as statutory maximum of $10,000 per person (class action plaintiffs), per violation of the US Code Title 18, Chapter 2511 (Interception and disclosure of wire, oral, or electronic communications prohibited).
    • Here, they have to prove that Google intentionally collected payload data, which will be practically impossible to prove intent.  They will have access to emails and the raw data, and if nothing shows intent, the judge will summarily dismiss after discovery.
Now, if they were regular coffee shop internet users who surfed the net over open WiFi, or were using the library's open WiFi, I can see a more-valid argument.  However, even with data being open, most of your data that was personal in nature, would have been over SSL or SFTP (secure file transfer protocol), such as internet banking, shopping or emails.

And unfortunately for them, I know that they've just made themselves targets for war-driving hackers.  My advice for these two people, is to shut down their WiFi completely, and use a wired ethernet network with additional firewall software protection.  Seeing as they're idiots however, I'm guessing they won't take the necessary precautions...I mean heck...an OPEN WiFi??#!#!?!!

No comments: