Peter Fleischer, Global Privacy Counsel, Google:
I’ve considered your offer to not add my wireless network to your location database in exchange for appending “_nomap” to the SSID. I am rejecting it out of hand and laughing at the idea that this is “greater choice for wireless access point owners.”
To start with, I’m not going to reconfigure all the wireless clients I support. I’m sorry that Google is facing increased scrutiny, legislation, and legal action for raping the world’s privacy in order to sell things, but changing an SSID is a big deal for everybody. Doesn’t matter if it’s grandma’s little wireless network or a giant intercontinental wireless hotspot setup, it’s a big pain in the ass to “protect” our privacy this way.
Second, my SSIDs are carefully chosen. I suspect it’s the same for many organizations, and that in some cases the SSIDs are even trademarked and hard-coded into things. Your proposal disrespects these choices and situations.
Third, I fully expect that all the data you’ve collected up to this point will remain in your database, especially since you were careful to not address this issue. SSIDs are not unique; multiple access points may broadcast the same SSID. MAC addresses are unique. To determine location you are most likely pairing GPS coordinates with my access point’s MAC address & signal strength. Since SSID is irrelevant in the context of your previously acquired data I don’t see how changing my SSID now will benefit me.
Fourth, your hope that this is “adopted universally” is absurd. None of your competitors are going to honor this. For example, Apple is using iOS 5 on millions of handsets to build a “crowdsourced” database of access points for their location database. Are they going care about _nomap? No.
Fifth, this is completely voluntary from your point of view. There is nothing that says that if I do all the work to change all of my networks & clients that you won’t change your mind in 90 days and index my access points anyhow. In fact, I fully expect you to, as limiting your options here does not increase shareholder value, especially considering that your competitors continue to do this same work.
So, in summary, your proposal is ridiculous, and demonstrates both an enormous ego and a complete lack of thought about the problem at hand. My recommendation to you is either to take a page from Apple’s playbook with iOS 5 and just shut up about how you’re collecting all this data, or get a spine and take the stance that your own Eric Schmidt has been espousing for years: people have no privacy. In fact, a position of “all your access points are spewing signals into the public domain, screw you we’re going to collect them, don’t broadcast and you’ll stay out of the database” would have been much more respectable than what you just did. And much more in-character.
Comments on this entry are closed.
Added bonus point: Every organization participating in the European Eduroam Federation has a contractual obligation to offer the eduroam-service under the ‘eduroam’-SSID. The only exception is if two different participants are close enough together for their wireless networks to overlap.
There are good operational reasons why this is a Good Idea(tm) , that basically boil down to that every effort should be made to enable the user to use the same network configuration from their home institution when visiting other institutions.
Some institutions offering ‘eduroam’ and some offering ‘eduroam_nomap’ would break that, making it on a whole a rather ridiculous idea.
You’re missing the context here. Google is not doing this entirely voluntarily. They were asked by regulators to provide an opt-out mechanism, so they do. You may not like it, but your suggestion they’ll ignore it in the future is bit lame.
This is all basically a non-problem. You have a bunch of numbers correlated to GPS coordinates. There’s no link to people so no personal data.
Provide a solution that does better and we can have a serious discussion.
If there’s no link to people, and no actual privacy problem, then why did Google do this at all? It’s a terrible idea technically. A better solution would be legislative, because it isn’t just Google we have to worry about here. They’re just the people that stuck their necks out.
The data is going to be pretty identifiable and linkable to a person in many cases because it’s linked to a place and that place is linked to a person
You’d be *AMAZED* at how many WAP’s in my neighborhood are configured with the user’s first AND LAST name..
Usually those are the same ones that are running unsecured…
It’s hilarious actually..
In sufficiently dense neighbourhoods, people quickly start to understand why it’s important to secure their wireless networks.
I live in a townhouse complex, and there’s not a single unsecure network out of the 20 or so available networks that come up on my laptop.
I don’t understand what the point of this rant is supposed to be, is it that by offering an opt-out they are not bending you over the barrel … and you miss it? Point by point:
1) What other technical method do you propose to signal this information? You know enough about the technology to know what options are available, the only other viable option than using the SSID to signal info would be to have a web form to input the APs MAC address but you didn’t mention that or advocate for it.
2) unfounded assertion with insufficient backing data. Maybe offering a second _nomap SSID would be enough to remove the AP from the database regardless of any other SSIDs since you already mention that it’s the MAC address which is unique and which must be the data which is being tracked.
3) unfounded assertion with no backing data.
4) non sequitur. They are hoping that others follow their lead but obviously can make no guarantees. I’m not sure what you expect to be different.
5) another unfounded assertion. they probably have plenty of information, a few privacy wonks who remove themselves will not significantly change their results. How does presuming they are insincere help?
Either participate or don’t but I fail to see how providing an option is evil.
The opt-out mechanism is unfeasible for most, at best, and should not be seen by anybody, including legislators and judges, as a real opt-out option. The evil part is glossing over the real debate, and punishing one company when a number of others are doing the same thing. There really just needs to be a ruling about who owns the data being broadcast into the public airspace. Perhaps the RIAA/MPAA has already set that precedent…
And yes, I have made some assumptions here, based on the requirement that corporations increase shareholder value and that the lawyer doing the original posting omitted many things in the post. The only lawyer I trust is my own, and past experience on boards and as executive management of organizations has taught me the art of omission, too.
Given their request for others to pick up on the scheme I would think they are trying to pre-empt further regulation by negotiating a workable solution rather than having something they like less handed down to them.
In any event, a ruling that gathering this kind of data is illegal, full stop, is very unlikely to ever happen. A technical opt-out mechanism, like to Do Not Call registry may be prescribed but data gatherers have an interest in the technical details of how it is implemented, which probably shouldn’t be left up to legislators who are going to design something stupid if given the chance.
Frankly, a mechanism where I can remove MAC addresses would be very acceptable (to me, at least).
Who should be allowed to remove MAC addresses from the database? The owner of the AP? Anyone who has ever connected to the AP?
How do those people (once it’s been decided who they are) prove their identity to Google? What’s to stop someone from deregistering APs at random, disrupting location services for other people?
While I agree needing to change SSID is a massive operational burden, it does have the one redeeming property that only the administrator of each network can register/deregister their devices.
I still don’t understand the part about how broadcasting the SSID to anybody in range is somehow private information.