Sorry about that privacy violation... did we mention where we're sending that data?

| Comments (1) | COMSEC
OK, so I get how Google could have accidentally captured packet payloads when recording data for Google Street View. Mistakes happen, etc.1 I also understand why if you were some national government you might want to investigate this sort of potential privacy compromise. That said, it's not clear that this is that great an idea:
A Google spokesman said Thursday that the data should be handed over within a matter of days. Last week, the company found itself in conflict with a privacy regulator at the German city of Hamburg, who wanted access to the data. Google said that it wasn't sure that handing over the data would be legal.

"The data protection authority in Hamburg has made a number of requests -- including to be given access to an original hard-drive containing the payload data, and to a Street View car. We want to cooperate with these requests -- indeed we have already given him access to a car -- but as granting access to payload data creates legal challenges in Germany which we need to review, we are continuing to discuss the appropriate legal and logistical process for making the data available," Google said in a statement last week.

Those challenges have apparently now been addressed.

The company plans to hand over data to German, French and Spanish authorities, according to the Financial Times, (FT) which first reported this latest development on Thursday.

This seems to miss the point a bit: the presumptive objection to Google capturing packet payloads is that it potentially contains people's sensitive information and someone might use it to learn that information. Turning it over the government presumably means that some larger set of people will have access to it. Of course, it's the government, so what could possibly go wrong?

1.Ironically, the opposite error is the common one for packet sniffing applications: by default tcpdump only records the initial bytes of a packet. So, when you record a protocol trace, if you forget the -s 0 flag, you only end up with the beginning of the packet, which can cause problems in applications that do full packet reassembly.


Interstingly current versions of tcpdump changed the default "snaplen" to 64k, so if you don't change your script, you might just capture more than you wanted.

Leave a comment