Pickle Monger points us to the news that the group Privacy International is now claiming that Google had "criminal intent" in its accidental data collection from unencrypted WiFi access points. This is, frankly, ridiculous. It takes away pretty much all credibility from Privacy International. There are plenty of reasons why what Google did was bad, but "criminal intent"? That's silly and there's no evidence to support that at all. So far, the evidence shows that Google has pretty poor processes for managing projects like this, but to jump from that to criminal intent, without any facts is just fear mongering.
Google is going to end up getting in trouble around the globe for this. There's little doubt of that. Google haters are using this opportunity to attack the company. But the more you actually look at what the company did, the less troubling it is. If someone really did have "criminal intent" to snarf data on open WiFi networks (and there certainly are some folks who do have such criminal intent) they would have done a hell of a lot more than they actually did. Driving around, collecting little snippets of information is about the worst way to get anything useful off of a WiFi network like that. Again, Google never should have done this, but attacking Google for this, without recognizing that there are actual criminals who do much worse on open WiFi networks all the time is pretty bizarre. It's just an excuse to attack Google.
We've already covered one class action lawsuit filed against Google for its WiFi data slurping activities, and it appears that lots and lots of lawyers are trying to jump into the game. Eric Goldman has a list of at least seven such class action lawsuits that have been filed already. While we agree that Google's actions were bad, and do deserve some scrutiny, I find it difficult to believe these lawsuits can get anywhere. In the first one that we covered, we noted that one of the complaints was from a woman who sent confidential company data via her own, unsecured WiFi access point, and we couldn't figure out how that was Google's fault.
The real issue, though, is that it will be nearly impossible (if not impossible) for anyone in any of these lawsuits to first show that any of their specific data was recorded by Google, and secondly, that any harm came to them because of it. And, as we've noted multiple times, the courts seem to want to (a) see actual privacy being breached, rather than theoretical privacy being breached and (b) see actually harm come to the plaintiffs from those breaches. Without either of those things, it's hard to see these lawsuits getting very far.
As Goldman notes, not at all sarcastically:
It's remarkable that these lawyers were able to conclude to their satisfaction that their named plaintiffs in fact had their payload data captured in the process--presumably by confirming that payload data was actually being transmitted at the precise time the cars drove by. I'm not sure how I would research this issue sufficient to satisfy my Rule 11 obligation, but these attorneys surely didn't just assume Google captured their clients' payload data...did they?
Apparently, a security vulnerability in the way AT&T set up its network allowed hackers to capture the email addresses of 114,000 iPad owners. The breach was pretty basic stuff: if you fed an iPad ID number to a script that was publicly available on AT&T's website, it returned to you the email address associated with that ID. The hackers quickly set to testing out tons of likely IDs, and got back all those email addresses, including those of top execs at a bunch of big media companies, such as the CEO of the NY Times, CEO of Time, Inc., the President of News Corp, the CEO of Dow Jones and New York City mayor Bloomberg. Oh yeah, also a bunch of government emails: "Rahm Emanuel and staffers in the Senate, House of Representatives, Department of Justice, NASA, Department of Homeland Security, FAA, FCC, and National Institute of Health, among others." AT&T issued the expected "oops" statement soon after this was exposed.
As they had previously hinted, starting June 7th, AT&T's new smartphone customers will no longer be able to opt for the $30 unlimited data plan that was previously offered. Instead, two plans will be offered, both with monthly usage caps: $15 for 200MB or $25 for 2GB. Additionally, tethering is now available for an additional $20 a month. However, tethering is only available with one of the new capped plans. Those who already have the old $30 unlimited plan will be able to keep it... but won't be able to tether. So, existing power users have to decide between $30 a month for unlimited internet data without tethering, or $45 a month for 2GB of data with tethering -- of course, with tethering, data usage would likely go up... even as the amount of data you can use goes way down.
AT&T's motive behind this switch (beyond the obvious of boosting profits) is to attempt to address the network capacity issues that it has been experiencing, of late. As anyone on AT&T can attest, performance of the AT&T data network is far from stellar. The adoption of smartphones like the iPhone have made the internet a truly useful part of the mobile experience, and as such, data use on the AT&T network has risen dramatically as a result. Clearly, AT&T was not able to properly plan to handle the increased demand on its network, and as a result, is claiming it needed to respond by throttling the usage. Of course, one might argue an alternative would be to invest more in capacity, but that gets in the way of that boosting profits thing.
Amusingly (but not surprisingly), AT&T is trying to play this whole thing up as a big benefit to consumers:
"Some customers, up until now, have been hesitant to sign up for a $30 monthly data plan" for unlimited access, says Ralph de la Vega
Fair enough, but just because some people have been hesitant to sign up for the unlimited data plan doesn't mean you should do away with it altogether.
That said, there are actually a few things that AT&T has done right with this announcement. It's surprising that they are actually offering a cheaper tier for limited data -- something that they had not offered before. Also, with the limited plans, they have introduced a system of alerts that will notify users when they are near their caps. And, existing users with unlimited plans can continue as long as they want, without the tethering option, of course.
Even so, throttling usage could put a damper on the explosive growth of smartphone usage that we have seen in the past few years. There is an added cognitive transaction cost whenever a limit exists, so, by introducing these limits, AT&T has effectively made the iPhone less appealing. Recently, when asked about AT&T's capacity issues, Steve Jobs said "things, when you start to fix them, get worse before they get better. That's what I'm told. And if you believe that, things should start getting a lot better soon." It sounds like Jobs knew what was coming.
Every time we mention CSIRO, the Australian government-owned research group that claims to hold a patent on the basic concept behind WiFi, we get angry comments from people at CSIRO who claim that we've got it all wrong, and that even if they agree with us in general on patents, CSIRO's WiFi patent and the hundreds of millions of dollars it sucks from companies doing actual innovation, is perfectly reasonable. Uh huh. Of course, we still have problems with the idea that any government organization ought to be patenting anything. However, following the decision by a bunch of tech companies sued by CSIRO to pay $250 million to settle the giant patent lawsuit, CSIRO is coming back for more.
JohnForDummies was the first of a few of you to alert us to CSIRO's latest set of lawsuits against American tech companies, this time focusing on ISPs. Verizon Wireless, AT&T and T-Mobile have all been sued, even though none actually make WiFi equipment. However, since they all have WiFi-enabled devices (some of which were almost certainly made by the tech companies who already paid up) CSIRO claims they need to pay up again. Apparently patent exhaustion is not a concept CSIRO considers valid.
Oddly, the article in The Age about this lawsuit seems to side almost entirely with CSIRO, quoting people who insist that companies have "no choice but to pay up" and that CSIRO has the right to demand licenses from the "entire industry." It also quotes someone who falsely claims that the only reason companies would agree to settle is if they knew they were going to lose. That's not even close to true. Lots of companies settle patent disputes because it's often cheaper to do so. And, even if they think they can win, oftentimes their shareholders don't like the uncertainty and push for a faster settlement.
The Age article also provides some more background on the patents in question, highlighting that they're based on mathematical equations created in a 1977 paper. As JohnForDummies points out, mathematical equations are not supposed to be patentable...
As governments around the world continue to go overboard in their condemnations of Google's (admittedly bad) collection of open WiFi data via its Street View cars, much more interesting than the political grandstanding is the legal limbo mess that the collected data has been placed into. After realizing that it had accidentally collected this data, Google announced that it would stop collecting and begin deleting the data it collected (Update: more specifically, it said it wanted to delete the data, but would discuss with regulators before doing so). But that raised alarm bells from some, who worried that doing so would be deleting evidence for a possible lawsuit against Google. Then, governments started demanding that Google share the data with regulators, so they could determine how serious a privacy breach this really was. However, Google is noting that sharing the data would be a violation of privacy rights in many countries, pissing off regulators who put those privacy laws in place in the first place.
So... Google can't collect this data, but it can't delete the data it accidentally collected. Regulators want to see the data to see if it's okay for Google to delete it, but they can't see it, because that would violate privacy regulations. But, regulators feel they need to see it, to see if Google violated privacy regulations. So, basically everyone's stuck in a state of limbo.
Remember Zer01? The company that made really quite stunning claims about being able to offer a VoIP-based mobile phone that would offer unlimited voice and data on smart phones for a low price? After some investigations by reporters like Nancy Gohring and our own Derek Kerton it became pretty clear that the whole thing was pure vaporware, tied to a multi-level marketing (MLM) scheme that had a questionable past. It certainly sucked in lots of folks, a bunch of whom showed up in our comments insisting that the phones were real and we'd be proven wrong soon enough. Of course, multiple promised launch dates came and went with nothing to show for it. Laptop Magazine, whose credibility took a big hit, rescinded its "best of show" award for the product, and eventually the company tried to blame everyone else for its problems, suggesting that it was its MLM partner, Global Verge, who was the real problem. Oh yeah, and all those journalists who asked tough questions and weren't satisfied with the non-answers they received. As part of that Zer01 "dissolved" its relationship with Global Verge (the "parent" operation of Buzzirk Mobile, which was set up to sell Zer01 -- or, more accurately, to sell the "dream" of being a Zer01 sales rep, in typical MLM fashion).
Of course, if it was really everyone else's fault, you would imagine that somewhere along the line, Zer01 would show up with an actual product. One that people could see and actually use -- just as Derek had asked to use the "demo" phone at CTIA, a request that was denied. But, of course, none of that happened. Earlier this year, Zer01's website just disappeared. It also turns out that Global Verge sued Zer01, and has now been awarded $43 million. Of course, considering that Zer01 seems to have disappeared entirely, you can consider that $43 million to be worth about the same as $43 million in Monopoly money. Apparently, Zer01's boastful CEO, Ben Piilani lost his lawyers after "he stopped replying to contact from his counsel." In other words, Piilani has disappeared.
Assuming that Piilani doesn't re-emerge and appeal, then Global Verge may try to take any assets it can, which may include some apparent patent applications that Zer01 claimed it had -- though, the details were never explained, so I wouldn't hold my breath on the actual existence of such patent applications, or the likelihood that they get approved. Of course, as Gohring's latest piece on the saga points out, many people are still upset with Global Verge for convincing them to sign up to sell these non-existent phones. Global Verge tap dances around all this:
"One of the misnomers out there is that with Zer01 that we were charging people to come into the company to sell the Zer01 service. We never charged any of our distributors one dime for any service or any phones or any of the ability to sell the phones or the service," he said.
Yet, Robbins himself spoke repeatedly on conference calls for associates last year that were almost exclusively about the Zer01 service and the potential benefits of becoming an associate in order to sell the service.
Robbins maintains that associates who signed up to become part of the marketing program last year did so in order to get other benefits of being part of Global Verge, such as national ID recovery, back-end management systems to manage their businesses, a video conferencing program and travel sites to save money on travel.
Of course, it seems that many of those who signed up don't agree. Gohring notes that two dozen complaints have been filed against Global Verge to the Missouri state attorney general's office. Yet another reminder that if something seems to be too good to be true... it probably is.
There's just something about mobile operators that they love to make claims that are just sorta kinda true, while not really being true in spirit. This is the industry, of course, that has perfected "up to" marketing. As in "you should get speeds 'up to' xMbps" which, is technically true since any speed below that is covered, even if you'll never get a speed anywhere near the defined "x."
The other popular tactic is to lie about what kind of wireless network you're actually offering. There were the claims that any wireless broadband solution was "WiMAX" back before the WiMAX standard was even set. So you started to get companies calling their solution "WiMAX" and then including all sorts of fine print about how it was "pre-WiMAX" and would certainly be upgraded to WiMAX once WiMAX actually existed.
Similarly, nearly a decade ago, when all the talk was about the upcoming "3G" networks, the mobile carriers all started pushing claims that they were offering "3G" when they absolutely were not. There were some interim "2.5G" steps, and some aggressive marketers just decided to round up. And, it looks like they're doing that again. T-Mobile is going around claiming its HSPA+ network offers "4G speeds," which, of course, is not to be confused with actual 4G. And, of course, this is an "up to" situation, where the network could, theoretically, sorta, kinda touch on "4G speeds," but probably won't for most people.
You may recall the news story from last year about some teenaged girls in Pennsylvania who were being threatened with child porn charges, after taking "nude and semi-nude" photos of themselves on a mobile phone during a party, and sending them to others. The judge halted the potential lawsuit, noting that the nude photos didn't appear to depict any sexual acts (as per the law), but the local prosecutor still wanted to file charges. As more and more details came out, the whole thing got increasingly ridiculous. Apparently, the girls in question were given a choice to either take a "re-education" class, or face charges.
And now, reader Pickle Monger points out that one of the girls, along with the ACLU, is suing the school district itself, claiming that it violated the girl's privacy. Apparently, the way the school found out about the photos was that it had confiscated her mobile phone, after she was caught making a phone call on school grounds, against school rules. There's no problem with confiscating the phone, of course, but then the school searched through the phone and found those photos. It's the search that the ACLU and the student are questioning. The school had no reason to search through the phone, or to look at the photos stored on the phone after it had confiscated it.
Late last week, of course, Google 'fessed up to the fact that it was accidentally collecting some data being transmitted over open WiFi connections with its Google Street View mapping cars. As we noted at the time, it was bad that Google was doing this and worse that they didn't realize it. However, it wasn't nearly as bad as some have made it out to be. First of all, anyone on those networks could have done the exact same thing. As a user on a network, it's your responsibility to secure your connection. Second, at best, Google was getting a tiny fraction of any data, in that it only got a quick snippet as it drove by. Third, it seemed clear that Google had not done anything with that collected data. So, yes, it was not a good thing that this was done, but the actual harm was somewhat minimal -- and, again, anyone else could have easily done the same thing (or much worse).
That said, given the irrational fear over Google collecting any sort of information in some governments, this particular bit of news has quickly snowballed into investigations across Europe and calls for the FTC to get involved in the US. While one hopes that any investigation will quickly realize that this is not as big a deal as it's being made out to be, my guess is that, at least in Europe, regulators will come down hard on Google.
However, going to an even more ridiculous level, the class action lawyers are jumping into the game. Eric Goldman points us to a hastily filed class action lawsuit filed against Google over this issue. Basically, it looks like the lawyers found two people who kept open WiFi networks, and they're now suing Google, claiming that its Street View operations "harmed" them. For the life of me, I can't see how that argument makes any sense at all. Here's the filing:
Basically, you have two people who could have easily secured their WiFi connection or, barring that, secured their own traffic over their open WiFi network, and chose to do neither. Then, you have a vague claim, with no evidence, that Google somehow got their traffic when its Street View cars photographed the streets where they live. As for what kind of harm it did? Well, there's nothing there either.
My favorite part, frankly, is that one of the two people involved in bringing the lawsuit, Vicki Van Valin, effectively admits that she failed to secure confidential information as per her own employment requirements. Yes, this is in her own lawsuit filing:
Van Valin works in the high technology field, and works from her home over her internet-connect computer a substantial amount of time. In connection with her work and home life, Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless connection ("wireless data"). A significant amount of the wireless data is also subject to her employer's non-disclosure and security regulations.
Ok. So your company has non-disclosure and security regulations... and you access that data unencrypted over an unencrypted WiFi connection... and then want to blame someone else for it? How's that work now? Basically, this woman appears to be admitting that she has violated her own company's rules in a lawsuit she's filed on her behalf. Wow.
While there's nothing illegal about setting up an open WiFi network -- and, in fact, it's often a very sensible thing to do -- if you're using an open WiFi network, it is your responsibility to recognize that it is open and any unencrypted data you send over that network can be seen by anyone else on the same access point.
This is clearly nothing more than a money grab by some people, and hopefully the courts toss it out quickly, though I imagine there will be more lawsuits like this one.
