D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] The Wi-Fi database that shamed Google

 

On 01/05/2010 00:00, Roland Tarver wrote:
On Fri, Apr 30, 2010 at 11:40 PM, Michael Mortimore
<nospamformike@xxxxxxxxxxxxxx>  wrote:
On Fri, 30 Apr 2010 22:42:03 +0100, Roland Tarver
<roland.tarver@xxxxxxxxxxxxxx>  wrote:

http://www.newscientist.com/article/dn18844-innovation-the-wifi-database-that-shamed-google.html

Sneaky!

best wishes
roly :-)

I don't see what the problem is.

--
The Mailing List for the Devon&  Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html


I just thought it was a bit crafty - especially since they did not
tell the people who gave them permission. OK, the story says they did
not break any laws; but, like I said - still a bit sneaky???

Best wishes
Roly :-)

If they didn't break any laws I'm the Pope! I'm pretty sure the DPA Principles conflict with that to a very large degree.

I believe the combination of my router's MAC address, network name and location is identifiable as belonging to me and therefore personal data. Since so many manufacturers have the default ESSID as the router make/model and there are numerous websites listing default usernames and passwords the WiFi database is a hackers dream. Not forgetting that it gives them a huge database of MAC addresses to spoof and their geographic locations.

1: Personal data must be processed fairly and lawfully.
The data subject must know why their information is being collected, what it will be used for and if it will be shared and by whom. The individual must give permission for the use of the data unless the processing is necessary for legal or contractural reasons.

Comment: Since Google didn't even tell anyone they WERE collecting it, much less WHY that's them flat on their faces to start with. Plus the small matter that *I* did not give permission.

Principle 2: Personal data must be processed for specific purposes and in an appropriate manner. Data must not be collected unless there is a specific and valid reason. Personal data collected for one reason must not be used for other purposes. Consent cannot be inferred from silence or failure to respond to a request for consent.

Comment: What's the SPECIFIC valid reason?  Re consent see above.

Principle 3: Personal data must be adequate, relevant and not excessive.
Information must not be collected just because it may be useful in the future.

Comment: There we go again. Google can't state a reason for needing the data NOW.

Principle 4: Personal data must be accurate and up-to-date.
n/a

Principle 5: Personal data should not be kept for longer than necessary.
n/a

Principle 6: Personal data is processed in accordance with the rights of the data subject.
n/a

Principle 7: Personal data is protected by appropriate security.

Comment: Google are how good at data security? Oh that's right - only our government is worse.

Principle 8: Personal data is not transferred out of the EEA without adequate controls.
Exemptions are provided where the data subject has given prior consent.

Comment: Since nobody knew the data was being collected NOBODY has given consent, and now all the data is in America.


Once again I'm happy that a) my WiFi is turned OFF when I don't need it and b) it's not transmitting the ESSID so the devious ____s won't have it. Oh and c) I'm planning on getting a new router if this one starts making me reboot it anymore often, so that's Google's 'accurate and up-to-date' shot in the face too!

Kind regards,

Julian

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html