Posted: June 21st, 2010 | Author: Matthew Derricott | Filed under: Copyright, Copyright Reform | No Comments »
An article by Danielle LaBossiere Parr, executive director of the Entertainment Software Association of Canada, appeared recently in the Calgary Herald. The article was titled “Why gamers should love copyright bill” and set about explaining why the new bill is good for gamers. Parr cites a “300 percent increase in the number of games illegally downloaded via Canadian ISP’s between 2007 and 2008″ as evidence that the Canadian government hasn’t been doing enough to protect creator’s rights. Insufficient protection, Parr says, is tantamount to forcing creators to “give their works away for free”. It is argued that better protection allows for more innovation and risk taking among producers and ultimately to better products in the hands of consumers.
Posted: June 15th, 2010 | Author: Matthew Derricott | Filed under: Intellectual Property | 1 Comment »
The Register reports that India recently submitted a document to the World Trade Organization which is critical of ACTA. One of India’s main concerns is that the agreement has the potential to destabilize existing international agreements and damage the economies of developing nations. They also argue that, when it comes to intellectual property reform, ACTA “does not represent a reasonable or realistic response” and that such an agreement “has to emerge from a multilateral and transparent process”.
Posted: June 8th, 2010 | Author: Matthew Derricott | Filed under: Intellectual Property, Patent | No Comments »
Networkworld.com is reporting that the lawsuit between Gibson and Harmonix, which was initiated in 2008, has been settled. Gibson was suing Harmonix for infringement of its virtual guitar patent in the popular Rock Band video game series. Gibson had already settled a suit with Activision, publisher of the Guitar Here series, last year regarding the same patent.
Posted: June 7th, 2010 | Author: Billy Barnes | Filed under: Featured, Privacy | No Comments »
Google CEO Eric Schmidt has announced that the company will be complying with demands that captured Wifi data be turned over to state agencies in Germany, France and Spain. The data has also been demanded by a US federal judge. This article discusses what Google did and why turning over the data is undesirable.
Technical Background
When you send data over any network, it is broken up into small packets. When it reaches the destination computer, the packets are reassembled into the original data. Before transmitting them by radio, a wireless network encapsulates these packets with information about the network (you can think of it like putting the data, or payload, in an envelope and writing the address on the outside). If the network has been configured to do so, the payload data is also encrypted. Receivers are able to pick up encapsulated packets from any network and intended for any computer, but normally they only care about packets addressed to them.
As Google’s Streetview cars drive around, they capture wireless data and read the envelope data. What was important to Google was one piece of information written on that envelope: the BSSID (broadcast service set identifier). For most wireless networks, the BSSID is a unique number assigned to the wireless access point by the manufacturer (the MAC address). Google maintains a database of these IDs and their locations using the car’s GPS. A computer or phone could then find its approximate location by simply scanning for nearby networks and querying this database.
Since they only needed the envelope data, Google should have been discarding the payload (the contents). Unfortunately, they did not do so. I won’t speculate about whether this was truly a mere oversight. The result is that Google ended saving the actual packets being transmitted over unencrypted networks; the payload data for encrypted networks would generally be unreadable. Depending on what the network users were doing at the time the Streetview car passed, this could include snippets of emails or web pages. It could include personal, even highly confidential, information. Of course, it could also just be pictures of cats.
Why turning the data over doesn’t make sense
Google has admitted that they captured the payload data and that it may contain sensitive personal information but they have not analyzed it and therefore don’t know precisely what information it contains. When Google first announced the problem, they said they intended to delete the data. That is precisely what they should do.
The reason stated by the European governments for why Google should hand over the data is that they wish to know precisely what Google was collecting. But we know what they collected. Google already admitted it: Wifi payload data potentially containing personal information such as email, web browsing, and even financial data. That admission should be enough. What data turns out to be on the hard drive is just a result of chance. It’s equally possible that not a single piece of sensitive information was collected or that sensitive information was collected about every person they drove past. From a regulatory perspective, the actual results of such random gathering shouldn’t be important. The question they should ask themselves is this: would Google’s conduct be any less serious if they luckily avoided capturing any sensitive data? The governments should instead be focusing on whether it was intentional, what policies Google had in place to prevent it, and what they will do in the future.
By asking Google to turn over the data instead of destroy it, the governments are just increasing the opportunities for the data to be compromised. The data will be disclosed to at least three government agencies and potentially to a number of contractors. It will have to be transported and stored in multiple locations. As the number of actors increases so do the odds that one will make a mistake. In addition, the very act of analyzing it completes the privacy invasion they are concerned about. As I’ve stated, the analysis will reveal nothing about Google, but it will potentially reveal a lot about their citizens. The report that is prepared will at least have statistics on the prevalence of unencrypted networks. It will also very likely disclose some of the browsing habits of citizens. While I’m sure that the report will not actually contain personal information, it will require the non-consensual processing of large amounts of it. This is precisely what privacy regulators are supposed to be discouraging.
No purpose is served by distributing the data any further. Any governments that wish to investigate Google on this manner should order that data destroyed and confine their investigations to Google’s privacy practices.
Recent Comments