I'm not saying they don't expect privacy. They probably do. I'm saying they shouldn't expect privacy, because the technology doesn't provide it. There's a gap between reality and what most people believe, and the law shouldn't be making that gap worse - it should be making the reality clearer. If you expect privacy, turn on encryption. If you don't understand it, do what I do when I need something I don't understand fixed (like my car's brakes). Pay someone.

I get the difference. When it comes to visual images, watching and recording are both okay in public. Publishing requires permission from the subjects. Google didn't publish anything. I'm ... not sure what point you're trying to make.

People keep saying that, but when I search the web (yes, I used Google) the sites all say that, in Germany, I'm perfectly allowed to take photos of people in public, I'm just not allowed to publish them without getting consent. I haven't found anything specific about video.

I would expect that you would be violating public decency laws. I know that, where I live, it's illegal to perform a sex act (including a solo one) where you can be easily seen from a public place. If I go onto your private property to see you though, or if I use a telephoto lens to see something I couldn't otherwise see from public property, then I'm invading your privacy.

Lots of people where I live have this silly idea that you can't be photographed in public, even if the photo won't be published, as well. It sounds like it's a common misconception in Germany. I have heard that France has laws preventing you from photographing people in public, but perhaps that's as much an urban myth as the German ban is.

Publishing is different, and there are special laws dealing with it. Google didn't publish anything.

Common decency, but not illegal to neglect to. It's common decency to cover my mouth when I yawn too, but half the people I pass on the street in the mornings don't bother.

I've recorded one or two conversations in the past without telling the other party, but only when they were already being far from decent to me (the guy was trying to extort money out of me, and I needed proof to get the cops to arrest the guy). It was nice to be able to defend myself without becoming, technically, a criminal myself. For the record, the cops arrested the guy.

They didn't slurp up all the data that went over them. They grabbed one or two frames from each network, to get the SSID. They just didn't filter the rest of the packet out at the time, so they may have stored some incidental, unencrypted, and publicly broadcast traffic as well. If you had encryption turned on, they respected your apparent desire for privacy and didn't even store the SSID.

I don't live in the US. And I think it's probably against the law in ALL jurisdictions to steal cars.

So, the point you're trying to make is "different places have different laws"? You could just have said "different places have different laws", I don't think anyone would doubt you. Do go on.

So you're saying ... what Google did might be a crime, but might not? Depending on whether it's in that "whole damn library" (hint: one or two network frames is extraordinarily unlikely to contain enough information to "uniquely identify a natural person") and whether they met just the right circumstances? I can accept that too.

I didn't claim any of what you described was stupid. Well, maybe the bit where you think it's only against the law to steal cars in most jurisdictions. And I'm pretty sure none of phone, financial, or medical data came up. I'm not sure what phone, financial, or medical data would be doing unencrypted on someone's open WAP. I know most phone, financial, and medical sites I use which have my details use SSL, so even if I had an open WAP and Google was driving past at just the right time, they wouldn't have got any of it.

What I claimed was stupid was the idea that Google should be in trouble for collecting publicly broadcast data for the purposes of mapping out public AP locations.

My ISP shipped me a wireless router with WPA2 turned on. The key was printed on the bottom of the router. I believe that anybody who buys a device which will broadcast, unencrypted, everything they do on the 'net outside SSL to the whole neighbourhood has an action against the vendor. The people who feel "violated" here should be suing the people who sold them default insecure WAPs.

MasterCard were making me look at any wireless networks in the vicinity, dig deep (look at LOTS of packets, try to identify the people communicating, try to work out the context), and the owners were NOT people who were our customers. My intent was to protect our financial database by knowing as much as possible about any nearby wireless networks. Google's intent was just to store the publicly broadcast SSID.

That's one thing which annoys me. The level of recording? One or two packets from your network. For most people, this was a netbios broadcast packet, or a half a sentence from a public webpage, or a small blotch of red from a frame of a youtube video. It was a very low level of recording, and it's almost inconceivable that it would have been enough to both identify a person AND contain information that they'd want to keep private. The subsequent exposure? None at all. They deleted it. See? Not as bad as you thought.

Add to that the fact that the packet or two they did collect was also available to anyone within a few hundred feet of your house. And anyone but Google would probably have a lot more context, collect a lot more packets, and do a lot more with the information. So they grabbed packets which you shouldn't have expected to be private, took such a tiny amount that it COULDN'T harm your privacy, and then deleted it.

I don't believe he should have to. We're talking about unencrypted information which people are broadcasting to the public. I don't listen in on the conversation of the couple sitting in front of me on the bus, but at the same time, they don't have an expectation of privacy, and I'm not breaking the law if I DO listen. An open, unencrypted AP is a public network space. Anyone who has an understanding of the technology realises that open APs provide no privacy, and so nobody should expect any. It's like pinning personal letters up on the local library noticeboard and being surprised when people read them. If we react to situations like this by saying "no, people SHOULD have privacy" then we reinforce to the un-tech-savvy that they can turn encryption off and expect privacy. It just isn't true.

At the risk of a car analogy... If I fail to maintain my brakes, they fail on me, and I kill somebody, the law doesn't car that I don't understand car brake systems. The law expects me (to protect myself and others) to either learn, or pay someone to do it. Anyway, when I signed up for my ISP about two years ago, the WAP they sent me came pre-configured with WPA2. The key was printed on the bottom. The days of needing to understand wireless encryption are (partly? mostly? hopefully?) over. The law shouldn't tell people that they can expect privacy when a 12-year-old with free-off-the-net software can see what they're doing.

A wireless network isn't a home. There are lots of wireless networks which the owners are happy for me to use: they send me to a page where I can buy internet access through them with my credit card. There are some consumer-grade WAPs you can buy which do this out of the box! If there are some out there I'm allowed to use, and some I'm not, how do I tell? By looking at whether it's open or requires a key. If it's open, I assume I'm allowed to use it.

Google provided an explanation of this on day one. They were mapping public (= no key required) APs. Several other companies do this as well! Unfortunately, the library they were using to do it just stored the whole frame containing the SSID. This meant that sometimes it would contain incidental network traffic.

I think we need to keep fighting the privacy war. I'm all for privacy protections. But if we start building an expectation of privacy in things which clearly don't provide privacy, we make things worse. People don't understand technology, by and large, so if it gets ruled that they had an expectation of privacy in an open wireless network, people will continue to keep their wireless networks open, and privacy will suffer. The real culprits here are the companies which sold WAPs which were pre-configured to broadcast traffic unencrypted to the world.

I sometimes have to rely on public APs for 'net access. I need to be able to trust that the open ones are there for people to use (lots of them will take my credit card through a trustworthy gateway and let me on the net!) I shouldn't be risking getting in trouble for invading people's privacy by using a network which is configured for open access.

How? Do you think Google employees have wifi implants in their brains? The guy in the van probably didn't know half of what it was going.

But if you don't, you don't. And I can't see how this broke any privacy laws.

Sounds like a personal-interest law to me. The people writing the law were doing lots of things wrong, and were terrified of being busted. Thankfully, where I live, we have a sensible law: third-party recordings are illegal, but if you're a party to a conversation, you can record it secretly.

I don't disagree with any of that. I think you're quite right. But I think any law which creates an expectation of privacy in unencrypted wifi data is objectionable, because it criminalises things which people may expect to be legal. For example, surveying an area for public wifi spots.