From TFA:

Oh, now they have to combine the two. Nothing like idly flicking away layers of tissue from the person at the other end of the teleconference while they're nattering on. And, you'll finally be able to verify that some people actually do have a heart.

The distinction is pretty important, and so long as it's not used as an argument to diminish rights it makes quite a bit of sense.

I agree that in a case of accidental nonsentient monitoring that isn't accessed, it's pretty inconsequential.

The natural concern is of course intentional, systematic monitoring, sentient or otherwise, that is or can be accessed effectively. And carefully evaluating who collected that data in the first place, and whether their motives for so doing were even valid and fair, is just a sensible part of data security approached from a societal, rather than a technological, means. Limiting the cases in which collecting the data in the first place is considered socially acceptable is a good place to begin in terms of limiting data loss.

This is because the difficulty occurs when personal data becomes retained by outside parties, because at that point it's pretty difficult for the original owner to establish with any certainty whether that data is accessible or not.

Case in point, when several of the CIA's laptops went missing a few years ago. They were concerned about the data when the laptops went missing, despite the fact that the information was almost certainly encrypted. It's a natural concern, when confidential data is retained by outside parties beyond the control and oversight of the initiating party. The CIA didn't stop to assess whether or not they supposed it could or would be successfully accessed before finding the incident a cause for concern; the mere possibility that it now could be, and they would have no way of knowing either way, was the problem.

There is very often a double-standard in evaluation that people make now, depending on whether the potentially damaged party is (a) a private citizen, or (2) a government agency or corporation. Somehow, there is typically a strong implied bias in the private citizen's disfavor there, and that should probably be noticed and assessed. The standard mentality seems to be that Joe Sixpack was negligent or mentally lacking for not better encrypting his data, and we're cautious to ask ourselves who it's really hurting anyway, but that if it happens to government agencies or corporations it's automatically considered a cause for concern because it represents a threat to state or trade secrets. And there is a disconcerting and counterintuitive propensity for that kind of thinking.

Oh dear.

I'm not sure which was worse: the title, the reasoning, or the fact that I counted the number of single entendres in the low single digits.

Love the way he aims it, phaser-like, at the viewer as he completes his delivery of the opening line.

Nice nickname. Tell me you created it just for comments on this story.

Eating of its fruit doesn't confer immortality per se, but many congenital defects abate, the skin regains elastin and the libido is enhanced significantly.

You've done all three in this instance, and so you will only have dialogues with people who tolerate that. Ta.

I think the distinction there would probably have to be intent, and basis.

By intent, I mean that there's a difference between engaging in a forum discussion, and deliberately attempting to intercept someone's comm traffic via their wifi signals. That's a close enough approximation to the guaranteed Fourth Amendment right of citizens to be secure in their papers (whether those papers are in the home, out outside of it) for me to equate them. Others may interpret that differently.

When I say basis, I mean that Google for example is a corporation with a stated basis of operation. While it's true that a lot of what I post could be searched for around the internet and compiled in a central database (Facebook does it), nothing authorizes Facebook to monitor citizens by doing this. They work for the Information Awareness Office, which compiles that information on citizens for the federal government's uses. Again, nothing authorizes the federal government to do that to its citizens, so there's a problem of it not being within its stated basis. Here, Google appeared to do it unintentionally and that would be a little different.

To intentionally violate someone's rights, there obviously must be intent and it must be acted upon. This is a distinction made in law, and it's a different way to distill the situation than the technological basis that most of the rest of Slashdot is using for this discussion. Still, I think it has the ability to get to the nitty-gritty about what expectations we have or don't have with other parties better than the technological perspective, without getting into direct morality which can rapidly get pretty nebulous indeed.

Impressive! I honestly don't have a response to that one right now. I'll have to think about that one for a while. Thanks for the new (to me at least) point. Very refreshing to encounter.

I can appreciate that. It's a very noble sentiment, and I feel it myself.

What I have to keep in check, though, is that a desire to shape public policy - even in this case for something like technological education - does not enable myself or anyone else to remake the law in ways that violates someone's rights. The desire to reshape society for what often started out as noble goals as you've described, is now often misused when politicians play on emotions to gain public support for further erosion and inroads into the legal structure and the political assessment about what rights we have. Two hundred years of this stuff has caused the the average person to misremember the basis of the political and legal structure that prior generations of citizens had designed. And this is all to the temporary benefit of politicians in power. So I'm careful to keep my ideas of "what's right for people" from coloring my determinations about their rights, and must refer to what had originally been put in place. Common sense dictates that, legally, personal data is private and since you can't get at it without trying you have every reason to expect privacy.

We both know that's not true technologically, but from a legal standpoint it could work. There are any number of things which could be done technologically, that are against the law. Since the laws were designed to uphold rights, this should probably be one of them - and my understanding of American Common Law is that it probably already is. Common Law doesn't rely on a lot of legislation being passed, but on the operation of basic rights in a common sense manner.

It's all well and good to have laws about this stuff. We COULD enact a law making sniffing unencrypted WiFi illegal. IMO, it's far far better to just encrypt the damn thing and be done with it than hope when someone does capture your traffic, that you'll find out. Realistically, unless it's a high profile case like this, you'll never know.

You're talking about passing legislation specifically forbidding it. I think it probably makes sense, to deter people from packet sniffing personal data. Yes, from a technological standpoint people should probably be encrypting anyway. And if the cost-to-benefit ratio prompts them to do that, they will. The law, however, isn't supposed to tamper with the cost-to-benefit ratios of people who aren't violating the rights of others, just to prompt them into one choice or another. That would violate freedom as well, and today it happens frequently when politicians attempt to set public policies. They're not supposed to. The law is there to preserve rights, and by making a determination about whether rights to personal data privacy are guaranteed or not, the law would be doing its job.

I think it's already done this, but clarifying it would be good if there's public disagreement about that point.

You're saying that the onus on people if they don't want others to take advantage of them is to hide all their vulnerable points. And I'm saying that's the sign of a lawless anarchy where people aren't presumed to have rights.

A very apt parallel. Under American Common Law, your likeness - as well as your signature - is your private property. People can no more snap you without your consent without being liable for violating your property rights than they can take an image of your signature and print it onto whatever they like. American Common Law remains in effect, but has been forgotten amid a heap of baseless legislation that lacks the authority to actually be law. People in the U.S. have forgotten their system, in favor of a johnny-come-lately. As one result, basic concepts and premises of law ("maxims") have been lost to them, and we get news stories in which some new situation brought about by new technology makes it all seem like an open question again. It's not.

And they now have lasers that can be pointed at windows and pick up conversations based on how the glass vibrates. The laser and the person using them are both located outside the house, so according to your reasoning it's perfectly fine as well. So, be sure to pick up some air pumps made for aquariums at the pet store and tape them to your windows, or it's your fault for being lax on the data security.

If my neighbors are installing surveillance equipment in order to overhear me shouting at my wife, and they couldn't overhear it any other way, they're not going to last as my neighbors for long.

I'm typing this reply from my laptop, in a public location. As I type, there is cash in my wallet as we speak. Just sitting there. For anybody to pick up and take! Mind you, they'd need to have developed certain skills in order to do so. But they could do it! And it sounds like according to your reasoning, if they did it would be my fault because I expected the rest of the world not to deliberately attempt to pick my pocket. Whereas I'm more in favor of the traditional Middle Eastern response to people who are caught pickpocketing, in order to discourage it.

Of course it's no different, if you're arguing the issue in the context they've handed you.

The actual difference is that before things like the DMCA, before a lot of this corrupt baseless legislation got passed, there were no victimless crimes in this country! You weren't hauled in before a magistrate and tried in a chancery court for offenses "against the state". You were brought to court when there was an injured party: you had either detrimented their right to life, liberty or property, or you'd defaulted on a contract with them. That's it! Today, the whole legal system's been turned on its ear and we now routinely talk about crimes in terms of what legislation someone did or didn't contravene, but the premise of the law as something designed to deal with personal injuries and detriments against the rights of ordinary citizens has been so long lost that most people have even ceased to think about the law in those terms. When that's the very purpose for which we initially designed it!

I understand your point. And if the data on those papers requires certain software to read and decode, that is a form of encryption. Someone has to make a deliberate effort to get at it, meaning it's not just lying in the street for anyone to read. Further, if the data is your own, you have a right to your privacy despite the fact that it doesn't lie within the walls of your house. Not because it's trademarked or copywritten for business purposes, but simply because it's your private property and that's a basic right.

If your argument were correct, newsstands would have had no way to prosecute shoplifters all these years.

No, it was half-in, half-out. By that I mean it was being used in their homes, and "leaked" out because that's what airwaves do. Which isn't typically a big deal, since one hardly expects people to be sitting outside trying to pick it up. That's why this story is such a big deal; this time, someone was. I realize that it [purportedly] was unintentional, which is the only exonerating factor.

You argue that no, the exonerating factor was that Google should have been allowed to do this intentionally if it so desired. That the onus is on the private citizens to encrypt everything just in case someone is out there actively trying to sniff their data. Which is a distinct difference in mentality.

There's nothing technologically complicated about using a handgun either, and using one could certainly save you from a violent mugging. Whenever you leave your home, there is also a slight chance that it will rain no matter what the weather report says. You might get slammed by a car as you cross the street, therefore you should never leave the house without a pair of clean underwear on, in case you have an unanticipated ambulance ride to the hospital to worry about. And you might run into some tourists from Spain who don't speak English while you're out. Therefore, you should never leave the house without a loaded handgun, a large umbrella, a pair of clean underwear on, and a Spanish-to-English translation dictionary. Otherwise, it's your own damn fault.

They were using Kismet, so you're technically correct.

My point, however, remains. Kismet does not come standard, you have to purposely install it - usually to sniff another person's otherwise-private network traffic. If Google's sniffing had been deliberate, my point is that they would have been in the wrong for so doing. You seem to be adopting the position that no, that's perfectly alright, the citizenry had no reasonable expectation of a right to privacy there. That packet sniffing, as deliberate as it usually has to be, is just as easy to do and probably as someone glancing in your window. And that is wrong.

I think you missed my point there. I know this is Slashdot, but when I mentioned Zero-Days I was getting at legal exploits, not literal technological ones. Stuff without a lot of case precedent about it yet, such as intercepted wifi data, which Google - if they had done it deliberately, and happily this appears not to be the case - would have been able to take advantage of. In other words, using the fact that technology innovates faster than case precedent is established, to take advantage of people.

You have now dispensed with a free society's right to have open, unencrypted wifi hotspots in order to support an argument that anybody should be allowed to play Peeping Tom on someone else's data, just because they have the technological ability.

If we tried the same argument with personal defense, society would become an arms race in which everyone had to pack an AK-47 and Kevlar before leaving the house, because any random schmuck could light them up on their way to work. After all, they have no right not to get shot at and taking the appropriate precautions are very technologically simple to learn. They could be taught to our kids in kindergarten.

And I'm pointing out that the point of having a government is to preserve our rights against those who would encroach upon them, precisely so that society doesn't have to become a situation in which the best-armed, or the most-technologically-literate, or the most-anything-else, don't hold the rest of us in sway. The point, in short, is to have a reasonable expectation of a society which upholds our rights and freedoms. So that we don't have to all go out with Kevlar and AK's every day.

Hopefully you now understand the point I'm trying to make there, and aren't just trying to avoid hearing it.

Yes, when do we go after Microsoft for leaving that packet sniffing option on as a default installation option?

You're right of course.

Sending out vans en masse to peoples' neighborhoods with equipment and software that's specifically designed to pluck wifi traffic out of the airwaves is no different from strolling down the sidewalk and happening to glance into someone's window. Why, just the other day I was on my way home, glanced over, and idly picked up several packets of someone's e-mail and a bit of their usenet traffic before I could think to look away. How silly of me.

Thank you, no.

The wifi data was half-in, half-out of their private homes. It was meant to be used by them, in their homes, and technology had to be specifically modified and sent out in order to intercept it. There's the basis of a reasonable expectation of a right to privacy right there. For someone to obtain that data, they have to go out of their way to nab it. If Google itself had condoned it, there would be little difference between that and seeking to obtain Zero-Day exploits to commercial systems - with the exception that these are private individuals, not mere corporations.

With all the hullabaloo from the MPAA and RIAA about ownership rights to for-profit data, we have at least as much right to our data as private citizens. Otherwise there's no point to having a government, if it doesn't uphold our rights.