If well-phrased heartfelt apologies got companies off the hook legally, there would be even less corporate accountability than there is today. I don't know the details of this case, but apologies and explanations after the fact shouldn't be a factor in deciding civil judgments.
That being said, I do wish the practice of "neither admit or deny wrongdoing" wasn't standard in class action settlements etc. eg. the employee poaching scandal
The article does not contain an apology. It contains an excuse ( old code ) and expresses Google's hope that the evidence can quickly be deleted. The words "sorry", "apology", or their derivatives and synonyms do not appear in the link.
Saying it was a mistake does not acknowledge the possible harm actual persons may have suffered. 'Mistake' references the possible harm Google suffered as a result of its actions, e.g. poor press.
> Google blamed the mistake on a piece of legacy code from an experimental project that had been re-used to programme equipment on the Street View cars
Somebody at some point specifically wrote code to sniff data off wireless LANs.
In order to make a map of which wireless LANs are available, you switch the radio in receive mode and then cycle through the channels, capturing all packets. Then, you filter the packets for beacons. I believe when you "scan" for wireless networks, your wireless device is going to be doing something similar under the hood.
It'd be easy to accidentally leave debug logging turned on for the parsing code. Alternatively, if you use something off-the-shelf like kismet, the packet logs are saved in /var/log/kismet automatically.
The data they wanted was the MAC addresses of the routers. With that information, then can then improve their maps geolocation by seeing what wifi networks are in range.
The problem is they grabbed more than just MAC addresses.
Do you disagree with United States v. Danny Lee, where the Ninth Circuit decided that you need a warrant to spy through someone's walls with a thermal camera?
It's all EM radiation, but monitoring one vs the other has very different real world implications.
In this particular instance, the plaintiffs had security options available on their wifi transmissions (unlike thermal emissions) and chose to transmit in the clear instead, so that's part of what the case is discussing.
What a bizarre process. So if these 22 people can't find their MAC in the .pcap then it's case closed? What if they weren't home at the time, and it's just beacons? So only if they happened to be streaming a video from Netflix at the time, causing enough continuous traffic load so that some actual L3 packets pop up in the scan, only then do we get to squeeze some billions from Larry and Sergey?
Don't get me wrong, I really like the idea of sending a strong signal to companies that driving a van up to my house and pcap'ing my packets is not acceptable. But I do hope it's proportionate. $1 per byte sounds about right, so 200GB = $200B. Don't worry, we can let them pay over 100 years. Oh wait, there's already a name for that. Taxes.
At least this will set a great precedent for suing the NSA next, right?
It can, although that hasn't been litigated yet - that's the class action part the article refers to. A lawsuit like that often starts with a smallish number of plaintiffs whose injuries (in the sense of being negatively affected by someone else) are similar enough for a case to be made that they're representative of a larger group, whereas if there was only one plaintiff it would be impossible to decide whether a pattern of behavior existed.
Lawyers love class action suits because while they may only generate a small payout for each plaintiff the law firm running the suit may collect 30% of the payout in return for administering the settlement (writing to all potential plaintiffs, advising them of their rights under the settlement, disbursing payments and so forth). That's a lot of administrative work but for a large settlement it can still bevery lucrative. So much so that in very large lawsuits there is sometimes litigation between competing firms about which is best positioned to represent the plaintiffs, before the main matter is litigated. ISTR that happened with the tobacco litigation by the states in the 1990s, which ultimately involved something like a $20 billion payout.
IANAL, so corrections are welcome, but my understanding is this:
To bring a civil suit against another party, you must have standing, which means you must be able to show that you, personally, suffered damage at the hand of the other party. These 22 people can't just sue Google for damages on behalf of everyone whose data was allegedly hoovered up by StreetView, they have to prove that their data was collected. If they can't, then other people could bring the same suit and look for their data in the evidence as well.
Once a defendant or defendants prove that they have standing to bring the case, they could then petition the judge to certify a class action, at which point the lawyers representing the class would ask for discovery to find and notify all the other class members.
I view this as a very valuable rule of law; without this, there are attorneys who would just spend all day filing speculative lawsuits in hopes of forming a class action.
One other notable places this rule has come into play in the recent past: in litigation around gay marriage, when the government refused to defend its marriage discrimination laws, religious groups tried to step in to take on the defense, only to be told they had no standing because they were not being harmed by other people getting married.
[1] http://www.theguardian.com/technology/2010/may/15/google-adm...