You are. I'm from Australia.

People keep pointing me at the privacy law page, but I honestly can't see an invasion of privacy. My analogy is trying to point that out. If you have a public unencrypted wireless network, it's not private. Just like if you're standing on your front lawn. People keep telling me that it's illegal to photograph people without their permission in Germany, but when I try searching, all of the photography resource pages I can find about Germany tell me that it is, in fact, legal to take photos of people in public; just not to publish them without their permission (and even then, only if they're prominent in the photo).

If this is intended to apply to wireless networks and collecting unencrypted frames, that makes any use of a wireless network with more than two connected computers illegal. If you see a frame on the network and you collect it, but it wasn't intended for you, you've committed a crime. If you don't collect it, you don't know whether it's for you or not. Fortunately, the law says "with intent to obtain ... blah blah". To be guilty of this, Google would have to have intended to identify the sender, addressee, or contents once they knew it wasn't intended for them, which by all reports they didn't. They were only intending to collect the SSID from networks which broadcast it publicly.

I'm not confusing anything: I'm making a joke at the expense of anyone who thinks WEP is effective. You can buy key recovery dongles off ebay these days which will get a WEP key in about 15 minutes.

The analogy is way too stretched to think I'm suggesting it's not illegal to break WEP encryption.

I just want to address one line of that.

You're completely right. It's the network owner's call. And when the network owner set it up as a closed network, Google respected that (they could easily have collected that data too and taken it back for decryption: a single home PC is powerful enough to break WEP encryption, I'm sure Google could manage that). When the network owner instead set it up as an open network, Google took a peek. Because, you know. It was set up as open.

These people need to sue the person who sold them a WAP which was set up by default to broadcast unencrypted to the public.

Turns out (reference: a bunch of pages I got by googling "photography laws in germany", which all agreed) that you can take photos of people in public without their consent. You need their consent to publish photos of them, if the person is recognizable and the subject of the image.

There is a difference between buying a t-shirt and buying 10,000 t-shirts. There is a difference between running 1km and running 100km. That doesn't make buying 10,000 t-shirts or running 100km illegal. I get that there are differences. But in general, if doing something once is legal, doing it lots is also legal. You need specific laws (noise control, scalping, and so on) to make lots of something illegal when a little bit is okay.

A number of companies have done this before Google, and they're not in trouble. There's an iPhone app.

Hardly every detail about me. Actually, pretty much nothing about me (in this instance). I opted out by turning encryption on. People should be suing the companies that sold them WAPs with encryption off by default and didn't explain to them that they were broadcasting their traffic to the public by using it. Even if my encryption was off, one or two frames of network traffic is far from "every detail about [me]". I think you're panic mongering.

Google is not watching you everywhere. Panic monger. Google is driving around taking photos (this shouldn't really surprise anyone) and collecting information about public networks. Not much information, by the way - a little more than they intended to, but when they discovered that they stopped it, and disclosed. I just don't get the big deal. They didn't collect anything that any member of the public couldn't. When they realised they had more than they'd planned to collect, they disclosed and started deleting.

No matter how juicy the invitation? So you're saying that a girl wearing trashy clothes is a juicy invitation to rape? I disagree.

An open WAP, however, is an invitation: in fact, anyone walking past with a Windows laptop with the wrong box ticked in the network settings will automatically connect and start using the network! ipods did this by default when they first came out! The comparison to rape is not valid. Pretty much everyone accepts that rape is a crime. Lots of people don't accept that what Google did was a crime. Further, rape pretty much implies intent. Google has a very plausible explanation showing they didn't intend to do it.

Google were neither degrading nor stealing the service. That would be covered by those laws you're talking about: Unauthorized Access. Google weren't doing that. They were just recording public broadcast data.

If they were handling private data that you'd entrusted to them with this little care, it would be an oversight and they'd deserve to be blamed. They weren't. They were handling public data that anyone could access with this little care. It was unimportant public data that they didn't really care about, and which nobody had 'entrusted' to them.

I don't think you understand what you're saying. I almost want to ask you to take a Turing Test, except I know there really are people out there this technically unsavvy. Not that there's anything wrong with that... They just don't normally try to pretend to understand and then argue with people about it. Well, ... okay, they do that too. But I don't have to like it.

The crux of the argument is not about whether they had approval to "soak up data". The crux of the argument is whether they needed approval. People were sending this information out unrestricted. It's like complaining about people reading a sign you posted on your wall, visible to the street. There's a difference in degree, but not much else.

Decent ISPs do this already. My AP (sent out when I connected to my ISP) came with WPA2 turned on, and the key printed on the bottom of the router. We're still waiting for the hardware manufacturers to ship them this way, though. Maybe the people whose data was collected should be suing their WAP manufacturer instead? That might actually accomplish something.

... yes. But if I don't hire anyone in the first place, it's my fault.

It seemed to me that he was arguing the point of the analogy. If your tap is leaking, the water utility doesn't care: they just charge you for excess usage. It's up to you to call a plumber. I think he was saying that not using encryption is more like having a leaky tap than having a damaged water meter.

I think he meant "owns the AP". My ISP owns the AP I use, and it was a PITA getting in to set the network up how I wanted. It came pre-configured with an SSID and WPA2 key. I technically broke the ToS by changing the settings on it, but if I do a hardware reset using the little button on the back it puts it back to the settings the ISP sent it out with, so I can put it back if they ever send someone out to change something.

You say 'might' a whole lot. I still don't buy it. If I have a reasonable expectation of privacy when I set up an open WAP, then how do public APs work? When I go in to the city center, there are about 50 APs I can connect to as I walk down the road. Some of them have company names. Some have brand names. Some sound kind of personal. More than half of them, if I connect to them, take me to a credit card gateway which lets me buy Internet access through that AP. There are consumer APs you can buy which let you do this. Some ISPs ship APs which allow their users to 'roam' whenever they're near the AP of another subscriber.

But you're saying I can't even look at the data being broadcast on the network? None of the above products (some of them have huge businesses built around them) can work if I have a reasonable expectation that the frames I send over an open AP will never be inspected.

You bring up some pretty ludicrous examples. The sounds of the secret you told your partner were intended to be audible at such a short range that nobody else could record them. The sounds you make on your keyboard as you type your password are by-products of the process which you expect can't be re-constructed. Both of these maintain an expectation of privacy, and they're obviously very different to broadcasting unencrypted data at a strength intended to go a few hundred feet (tip: it tells you that on the box!) The light absorbed vs bouncing off your body? You're in trouble if you think that's private. Do you walk down the road naked every day and expect people to not look?

The point is that the reason for having a wireless AP is to allow data to be sent across the airwaves. Google isn't subverting the goal of the technology: they're using it the way it's intended. If you want privacy, there are simple steps to protect it. Leaving your AP open is advertising the fact that you don't expect privacy. That's why my mobile phone sorts wireless networks in range by whether they're encrypted or not! If I'm after one I can just connect to, I use one of the ones under 'Open'. If I have the key for one in particular, I go find it further down the list.