Monday, June 28, 2010

Tech Apologies of 2010

Wired put up an article on the biggest tech apologies so far this year (link). The list is:

  • Google: Sorry about Buzz, Street View Privacy Issues (providing information to unwelcome Buzz "followers" and recording WiFi data while making Street View maps)

  • Adobe Apologizes For Old Flash Bug (failing to patch bug for 16 months)

  • McAfee’s Antivirus Snafu (releasing update that shut down computers running XP)

  • AT&T Begs Pardon for iPad E-mail Breach (allowed hackers to identify email addresses of iPad customers through a flaw in an authentication web site)

  • Facebook Apologizes for Privacy Shortcomings (Sort Of) (Mark Zuckerberg issues non-apology for constantly changing facebook privacy policies)

  • Ellen Degeneres Didn’t Mean To Hurt Apple’s Feelings (Apparently, a comedian made fun of Apple...and this made the list why?)

  • Apple: Sorry We Couldn’t Keep Up With iPhone 4 Orders (The description says it all)

Not separately counting the two separate Google apologies squished into the top bullet, that makes 3/7 apologies for privacy gaffes. The moral of the story - privacy mistakes are the gift that keeps on giving, at least in terms of bad publicity.

Sunday, June 20, 2010

Ontario v. Quon Decided

As described in this article from Computer World, the Supreme Court has issued its decision in City of Ontario v. Quon. A quick recap of the facts: the city of Ontario California issued Jeff Quon (a SWAT team member) a pager. Quon exceeds his text message allotment on the pager and is audited. The audit reveals the Quon has overwhelmingly used the pager for personal text messages. Quon is subsequently disciplined.

The decision was totally unsurprising - the police department was allowed to audit messages sent during work hours on the pager it provided. What was surprising, or at least, was something of a relief, was that the Court reached the expected result in a way that leaves a nascent right to employee privacy in electronic communications basically unscathed. Indeed, the Court seemed to go out of its way to avoid upsetting precedent like Stengart v. Loving Care, which had found that employees have at least some expectation of privacy in personal emails, even if sent on company computers. For example on page 14 of its decision, the Supreme Court specifically distinguished personal emails such as were at issue in Stengart:
OPD’s audit of messages on Quon’s employer-provided pager was not nearly as intrusive as a search of his personal e-mail account or pager, or a wiretap on his home phone line, would have been.

All in all, I think Ontario v. Quon was a good decision. Indeed, given the issues involved, and the potential for damage, it was probably the best that the Court could have done.

Sunday, June 13, 2010

Movement in the Streetview cases

Via this article from Wired's threat level blog, we learn that Google has begun its defense in the Streetview litigation by moving to have all the various lawsuits that have been filed against it consolidated in the Northern District of California (Google's motion can be found here). We also learned what is likely to be Google's defense (at least in the United States). According to the motion

Google will likely argue that even if plaintiff's allegations are true, Google did not violate the federal Wiretap Act (and similar state statutes) for a number of reasons, including the fact that open WiFi transmissions are "readily accessible" to the general public under 18 U.S.C. 2511(2)(g)(i).

(from page 18 of the pdf)
Actually, maybe learned is a bit too strong of a word, since it was generally expected (see, e.g., here) that Google would defend using the public accessibility exception to the wiretap act. However, it is nice to actually see it in writing from someone who has authority to speak for Google, rather than relying on second-hand prognostications from commentators with no particular relation to the case.

Sunday, June 6, 2010

Is Wireless Data Picked up by Google Publicly Accessible?

Some new developments in the Google Streetview WiFi monitoring controversy.

First, according to this article one of the lawyers suing Google is alleging that a Google patent application for increasing the accuracy of location based services by intercepting data communications indicates that the Google Streetview monitoring was intentional. I find this unconvincing. Unlike many other countries, the United States doesn't have a requirement that a company exploit patented technology. Absent some other evidence of intentionality, the patent application proves nothing (and, of course, if there was other evidence of intentionality, the patent application wouldn't be necessary).

Second, and more interestingly, some observers (e.g., here) have stated that the lawsuits against Google may have no merit because the electronic communications privacy act has a safe harbor for intercepting communications which are publicly accessible. It's an interesting argument, but I don't know it's a show stopper. The relevant statutory provision is 18 USC 2511(2)(g)(i):

(g) It shall not be unlawful under this chapter or chapter 121 of this title for any person—
(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;

"readily accessible to the general public" is then defined in 18 USC 2510(16):

(16) “readily accessible to the general public” means, with respect to a radio communication, that such communication is not—
(A) scrambled or encrypted;

That definition is the reason I don't think the publicly accessible argument is a show stopper. As I noted here, at least one of the parties bringing suit against Google has alleged that Google engaged in decrypting the communications it intercepted. I don't know what evidence they have to back that allegation. However, at this point, it doesn't matter, since at this stage in the litigation a court is bound to accept the allegations in the complaint as true.

Whether they have enough to get through discovery is another question entirely, but one which won't be raised until Google files its answer and moves for summary judgment.