×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Google Releases Wi-Fi Sniffing Audit

Soulskill posted more than 4 years ago | from the no-harm-no-foul-right-guys dept.

Google 198

adeelarshad82 writes "In the wake of the controversy surrounding its Street View data collection processes, Google has published an independent audit of its practices, prompting a London-based privacy group to accuse Google of a 'criminal act.' The report provided some more in-depth, technical details (PDF) about what Google has already admitted to doing: storing wireless data packet information that was collected over unencrypted networks. According to the report, Street View cars collect data sent over wireless networks, and associate this information with data from a GPS unit in the vehicles. The technology used, known as gslite, then parses and stores certain identifying information about these wireless networks to a hard drive. That information includes the MAC address and the SSID amongst other things like e-mails addresses and browser history." Google also sent a letter to House Energy and Commerce Committee leaders acknowledging their mistake and claiming they have not "conducted an analysis of the payload data in a way that allows us to know exactly what was collected."

Sorry! There are no comments related to the filter you selected.

Parsed and stored? (0, Flamebait)

glrotate (300695) | more than 4 years ago | (#32536242)

Not an accident. This is certainly illegal in my jurisdiction. People should be going to jail.

Re:Parsed and stored? (2, Interesting)

jdgeorge (18767) | more than 4 years ago | (#32536316)

Just curious, what jurisdiction, and what laws were broken, and are those laws punishable by jail time?

Re:Parsed and stored? (1)

Shimbo (100005) | more than 4 years ago | (#32536624)

Just curious, what jurisdiction, and what laws were broken, and are those laws punishable by jail time?

In most European jurisdictions, probably. In the UK, it probably counts as an unlawful intercept under RIPA. Yes, you can get two years for it.

Re:Parsed and stored? (0)

Anonymous Coward | more than 4 years ago | (#32536920)

Australia too, it likely is a violation of the Telecommunications Interception and Access Act

Re:Parsed and stored? (4, Insightful)

ircmaxell (1117387) | more than 4 years ago | (#32536362)

It's most definitely NOT illegal anywhere in the USA. They collected data (note, they did not "access", that would be illegal) that was broadcasted unencrypted over public frequencies from public property. By the FCC's rules, you can receive any unencrypted data that you want (It's another story to transmit, which again would classify as access)... So no, nobody should go to jail, because nobody did anything illegal. Was it morally wrong? More than likely. Was it stupid? More than likely. Does that make it a jailable offense? No.

Re:Parsed and stored? (1)

snowboardin159 (1744212) | more than 4 years ago | (#32536496)

Maybe people shouldnt be such noobs and start using secured wireless connections. Theres nothing illegal or wrong going on here.

Most definately is a crime. (0, Flamebait)

glrotate (300695) | more than 4 years ago | (#32536648)

In my jurisdiction, Missouri a few laws apply. Here's one.

Mo.Rev.Stat. 569.099.

1. A person commits the crime of tampering with computer users if he knowingly and without authorization or without reasonable grounds to believe that he has such authorization:

(1) Accesses or causes to be accessed any computer, computer system, or computer network; or

(2) Denies or causes the denial of computer system services to an authorized user of such computer system services, which, in whole or in part, is owned by, under contract to, or operated for, or on behalf of, or in conjunction with another.

2. The offense of tampering with computer users is a class A misdemeanor unless the offense is committed for the purpose of devising or executing any scheme or artifice to defraud or to obtain any property, the value of which is five hundred dollars or more, in which case tampering with computer users is a class D felony.

Other statutes that apply include: 537.525, 569.095, 569.097.

Here's a link to the law for your jurisdiction: http://www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnology/ComputerHackingandUnauthorizedAccessLaws/tabid/13494/Default.aspx [ncsl.org]

Re:Most definately is a crime. (1)

ircmaxell (1117387) | more than 4 years ago | (#32536714)

Well, that's good and fair. Except that Google never accessed any computer/system or network. Access requires two way communication. All they did was listen to broadcast data. There's nothing illegal about that (so 1(1) is out). And they did not deny (or cause denial) any services to anyone, so 1(2) is out. So I fail to see how that's applicable here...

Re:Most definately is a crime. (1)

Arkem Beta (1336177) | more than 4 years ago | (#32536954)

While I'm not sure if the act's definition of access would require two way communication alternatively I'd suggest that Google could claim that they had reasonable grounds to believe that they were authorized to access the network based on the lack of encryption on the network.

Re:Most definately is a crime. (1)

ircmaxell (1117387) | more than 4 years ago | (#32537094)

Well, I don't think that would work. That's like saying that rape is allowed because of a lack of a chastity belt. Just because there are not security methods in place doesn't mean that you're authorized.

If their definition of access did not require inbound communication to the network, then that's a can of worms. You could argue that ALL electronic devices would then be illegal access to a computer network. Turn on your radio. It'll receive the WIFI signal on its antenna (Sure, it'll never get past the tuner, but that's besides the point, it still "received" the signal). Where's the line?

Re:Most definately is a crime. (1)

Arkem Beta (1336177) | more than 4 years ago | (#32537468)

IANAL but analogies rarely hold any legal water because the laws that govern each activity are completely separate.

The Missouri statute quoted above includes the 'reasonable grounds to believe that he has authorization' provision and I doubt that any sexual assault legislation would have a similar provision.

Whether or not a court would find that Google does have these 'reasonable grounds' is too complicated a question for me to more than guess at. It may be that the onus is on Google to prove that their belief was reasonable or alternatively there might be precedent about what constitutes 'reasonable grounds' that is applicable to the case.

Of course unless Google is charged with violating this particular Missouri law the question isn't particularly relevant.

Re:Most definately is a crime. (1)

MatthewCCNA (1405885) | more than 4 years ago | (#32537592)

A rape analogy, really? if I spry-paint my personal information in large letters on the side of my house should I be upset when you read it?

Re:Most definately is a crime. (1)

c0d3g33k (102699) | more than 4 years ago | (#32537694)

That's like saying that rape is allowed because of a lack of a chastity belt. Just because there are not security methods in place doesn't mean that you're authorized.

Oh please. If you're going to pull an analogy out of that dark place where the sun doesn't shine, at least try to come up with one that's even remotely applicable.

This is more like parking your car on a public road just outside the drive-in movie theater where you can see the screen and tuning your radio to receive the audio. The owners may not *want* you to do so, but if they have taken no measures to block the view or limit the signal they are broadcasting over the radio waves, enjoying the show from a nearby public location is fair game, IMHO. If something is meant to be private, make it private and don't require people to actively ignore something to protect your poorly secured private communications.

Here's another one: Posting stuff on a bulletin board in your front yard labeled "for my friends only" and getting upset when somebody drives by on the street and reads it, or maybe takes a picture to look at later. It's in plain view and visible from a public road. It's not private, even if you want it to be. Just because radio waves are invisible to our five senses doesn't mean they aren't equally visible to the surrounding public spaces.

If someone hast to actively ignore something in public view, it's not private.

Re:Most definately is a crime. (1)

wagnerrp (1305589) | more than 4 years ago | (#32537744)

Well, I don't think that would work. That's like saying that rape is allowed because of a lack of a chastity belt. Just because there are not security methods in place doesn't mean that you're authorized.

No. It's more like saying intercourse isn't rape if the accusing party did not fight back. If you didn't take any measures to prevent it from happening, and you were not otherwise coerced to prevent action, you were obviously OK with it at the time. You can't change your mind after the fact. As the saying goes, 'Ignorance of the law is not a defense.'

Re:Parsed and stored? (1)

Kymermosst (33885) | more than 4 years ago | (#32537032)

By the FCC's rules, you can receive any unencrypted data that you want

If this is specific to WiFi, then true. If to radio signals in general, not true.

Re:Parsed and stored? (1)

Bill_the_Engineer (772575) | more than 4 years ago | (#32537714)

It's most definitely NOT illegal anywhere in the USA. They collected data (note, they did not "access", that would be illegal) that was broadcasted unencrypted over public frequencies from public property.

That is probably not correct. I am not a lawyer, but the following seems to contradict your opinion:

Electronic Communications Privacy Act

The Electronic Communications Privacy Act (ECPA) sets out the provisions for access, use, disclosure, interception and privacy protections of electronic communications. The law was enacted in 1986 and covers various forms of wire and electronic communications. According to the U.S. Code, electronic communications "means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photo electronic or photo optical system that affects interstate or foreign commerce." ECPA prohibits unlawful access and certain disclosures of communication contents. Additionally, the law prevents government entities from requiring disclosure of electronic communications from a provider without proper procedure. The Legal Institute provides Title 18 of the U.S. Code, which encompasses ECPA.

By the FCC's rules, you can receive any unencrypted data that you want (It's another story to transmit, which again would classify as access)...

I believe you are talking about FCC's section 705. It was meant to decriminalize unintentional reception of a wireless communication. However if you use the communication for personal benefit which Google may have done, or divulge the contents of the communication then you have violated section 705.

Unsecured? (1, Funny)

Anonymous Coward | more than 4 years ago | (#32536244)

If you don't want people listening then don't run an unsecured network. It is like getting mad that people listened to you talk on the radio.

Re:Unsecured? (1)

Aeiri (713218) | more than 4 years ago | (#32537346)

Well technically you ARE talking on the radio when you communicate through wifi.

I could protest, I suppose... (3, Interesting)

ibsteve2u (1184603) | more than 4 years ago | (#32536260)

...or I could congratulate Google for making more people aware that just because they cannot visualize their wireless traffic does not mean that car or truck that is sitting outside isn't recording their "innocent" online chat with that hot babe they'd just as soon their spouse doesn't know about.

Then again, perhaps I'm jaded because my very first job out of high school involved...eavesdropping. I know it is possible; I know it happens; I know encryption is your only friend.

Re:I could protest, I suppose... (0)

Anonymous Coward | more than 4 years ago | (#32536604)

Eavesdropping can take many forms and has been practiced since the dawn of communication without being considered a criminal act. It was your responsibility to exercise common sense in the manner and venue that you employed as a communicator.

Nothing has really changed except that folks are too ignorant to understand what they are doing, and they think criminalizing a natural act will modify nature.

Good luck with that.

Re:I could protest, I suppose... (0, Offtopic)

TooMuchToDo (882796) | more than 4 years ago | (#32536616)

That "hot babe" is probably a dude. Even more motivation for your wife not to find out =) Not that there is anything wrong with that.

Re:I could protest, I suppose... (2, Interesting)

jd (1658) | more than 4 years ago | (#32536698)

In the days CRT ruled supreme, it was entirely possible to grab video images from any television or computer monitor directly. Up until the scrapping of analogue TV, anyone with a standard TV areal plugged into a DVD player, cable box, or whatever, was unknowingly broadcasting EVERYTHING they watched. An areal is a two-way device.

(The British discovered this when the fifth broadcast channel started up at the same frequency as a few million Nintendos and a few million more VCRs. This was the ultimate in DDoS attacks, with each and every one of those devices acting as a jamming device. It cost the Government of the day a small fortune to repair, though I'm not sure their solution of re-tuning every household electronic device was the most practical of the options.)

But this signal is entirely possible to intercept and display. Even if that information is something like a home-made sex tape or some other sensitive material. Which means anyone who HAS watched such material on an unsecured device has risked that information being grabbed by a drive-by. This has been known, and done, for decades. Joe and Jane Average just don't give a damn. Well, until it affects them, at which point the fact that it's bloody obvious and something they've only heard about on news stories for most of their lives will completely escape them and they'll protest they could never have known.

Re:I would congratulate them too (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#32536952)

Then again, perhaps I'm jaded because my very first job out of high school involved...eavesdropping. I know it is possible; I know it happens; I know encryption is your only friend.

Indeed. When driving around looking for someones house (whom I only met once at a restaurant), I got lost so I pulled out my laptop and drove around, hitting enter to refresh the wifi every few seconds. When I finally got something I pulled up Google maps and re-entered the address. (Turns out I had written a 7 but meant 1, so I was a few streets away).

I remember this was the first time I grew curious of exactly how much information I could get by just setting up the traffic watcher I use at home to gauge my room mates. I deduced there was a bit of Live Messenger and uTorrent going on. At that point I decided it best I head off to the meeting before I do something potentially incriminating.

Also, about 2 years back, my neighbour at my old house had insecured WiFi. Knowing the dangers I looked at his printer on the network, grabbed the drivers, and printed to it, giving him instructions on how to secure his WiFi, and why it was important. I know, I know, its a dick move, its as bad as Fax-spams, using up his Ink and Paper, but I thought it would be the best way to STRONGLY get the message across. (I wasn't about to hack onto their computer and place a text file, I think that'd be worse).

Part of me wants to try and grab as much sensative information I can with nothing but a basic knowledge of how windows knowledge works, an insecure wifi, and perhaps a script or two meant for legit business practices. Then I want to take the information I gather, sensor out the personal details, and give a public talk on the subject matter. But theres never enough time.

Re:I would congratulate them too (1)

Mathinker (909784) | more than 4 years ago | (#32537210)

I know, I know, its a dick move, its as bad as Fax-spams, using up his Ink and Paper, but I thought it would be the best way to STRONGLY get the message across.

I look at that and personally think that the only reason it's a "dick move" is that it could possibly get you into a lot of trouble personally (if, for example, your neighbor turns out to be the brother of some hyperactive FBI cybercrime specialist).

Do you also believe that infringing the copyright on an obviously orphan work, which means that no economic damage is done to anyone, is also a "dick move"?

The range of opinion/belief I find in humanity always amazes and refreshes me (even if sometimes it also saddens and angers me --- I'm not talking about you).

Re:I would congratulate them too (1)

DutchUncle (826473) | more than 4 years ago | (#32537298)

...my neighbour at my old house had insecured WiFi. Knowing the dangers I looked at his printer on the network, grabbed the drivers, and printed to it, giving him instructions on how to secure his WiFi, and why it was important. ...

Mod up. Probably the only way to convince most people that there really *is* a danger, and that their computer with all of its personal data is just as vulnerable.

Re:I would congratulate them too (1)

UberMorlock (1391949) | more than 4 years ago | (#32537634)

(I wasn't about to hack onto their computer and place a text file, I think that'd be worse)

I actually did exactly that about 5 years ago. A neighbor in the apartment building I was living in had an unsecured wireless network. So, I took the time to type up instructions on how to secure their wireless network and saved the text file to their hard drive. The only difference is that I didn't have to "hack" their computer to do this. All I had to do was switch my workgroup to the Windows default WORKGROUP and I could upload files to, and download files from, their computer. Really, in most cases there shouldn't be any "hacking" required. After all, if they are unsophisticated enough to not secure their wireless network, then their computer is not going to be any harder a target.

My neighbor never did secure their network. So, I can only guess they never found the text file.

Buy more GOOG (0)

Anonymous Coward | more than 4 years ago | (#32536276)

It's googleishus, and good for you, and bad for AAPL. So BUY BUY BUY. BUY today!!!!

don't broadcast that stuff (3, Insightful)

SoupGuru (723634) | more than 4 years ago | (#32536310)

So if I were to set up a radio transmitter that transmitted certain info, can I then accuse whoever looks at that info of being a criminal?

Re:don't broadcast that stuff (-1, Flamebait)

jd (1658) | more than 4 years ago | (#32536498)

If you're running Windows over an unencrypted link, almost certainly yes. If you're running Linux over a Roofnet, almost certainly no. Remember, Microsoft says Linux is Un-American, which means judges will have to rule against it or be accused of being Communist Sympathizers.

Re:don't broadcast that stuff (3, Interesting)

mukund (163654) | more than 4 years ago | (#32536564)

So if I were to set up a radio transmitter that transmitted certain info, can I then accuse whoever looks at that info of being a criminal?

Yes, if you can prove malice.

You have a private conversation about your MP3 collection with your friend in the park. A 3rd party picks it up with a mic. Don't broadcast that stuff?

You route your data through your ISP. Your ISP records whatever it wants. Don't broadcast that stuff?

You post a comment on Facebook. It's forever in Facebook's database. Don't broadcast that stuff?

Your phone calls are recorded by your phone provider, who gives you a "convenient web-based interface to replay conversations whenever, wherever you want." (Gosh, all email is like this, and people are fine with it.). Don't broadcast that stuff?

No, the data is really private to you and whoever you intended it for. Anyone who thinks otherwise is either stupid or malicious.

Re:don't broadcast that stuff (2, Informative)

Wrath0fb0b (302444) | more than 4 years ago | (#32536790)

You have a private conversation about your MP3 collection with your friend in the park. A 3rd party picks it up with a mic. Don't broadcast that stuff?

Yes. If you want to have a private conversation, a public park is not the best place for it.

You route your data through your ISP. Your ISP records whatever it wants. Don't broadcast that stuff?

Use SSH/SSL.

You post a comment on Facebook. It's forever in Facebook's database. Don't broadcast that stuff?

The entire purpose of Facebook is to broadcast stuff. I would be very upset if I posted a comment to Facebook and it wasn't immediately available for everyone to see.

Your phone calls are recorded by your phone provider, who gives you a "convenient web-based interface to replay conversations whenever, wherever you want." (Gosh, all email is like this, and people are fine with it.). Don't broadcast that stuff?

The Stored Communications Act places certain statutory legal restrictions on these activities. Phone conversations (when not conducted on a bluetooth headset so loudly that everyone on the bus can hear you) are protected from third-party recording (and, in some states, first-party).

No, the data is really private to you and whoever you intended it for

Here we agree. It's just that you seem to think "intended" means "what recipients you had in mind" not "what recipients you know will be able to read/listen".

If I send Facebook a status update, I must intend for Facebook LLC to receive it.
If I have a conversation in a public place, I must intend for anyone walking by to hear it.
If I paint the outside of my house pink, I must intend for anyone walking by to see it.

Re:don't broadcast that stuff (1)

mukund (163654) | more than 4 years ago | (#32537164)

Yes. If you want to have a private conversation, a public park is not the best place for it.

It was an example :) With technology available these days, it doesn't matter if you are in a park or not. TEMPEST [wikipedia.org] is old stuff. You put out a lot of signals out there. Try and enumerate the information one can access (if they could) based on the signals that you transmit (don't automatically think just of devices built as radio transmitters).

Use SSH/SSL

I am a techie. But how about my relatives who live two doors down? They use WiFi. They don't know what makes it all work, except that it lets their laptops "use the internet" without any wires. Read your wireless router's documentation. It most probably uses fancy words like WPA, encryption keys, etc. How many of the general public really understand it? Encryption is VERY difficult to get right and one of the main elements is educating the proper use of it.

Do you know how SSL works? Have you kept track with all the latest in how SSL clients validate certificates, OCSP, what the various classes of CA validation are and what difference does it make in practise? If you use SSL, are you sure a rogue CA in China won't help its government thanks to the Chinese CA certificates registered in your web browser?

Encryption is a layer I use for my peace of mind, knowing that my data is very likely not listened to by some MITM. But this has no bearing on whether listening in is legal or not.

The entire purpose of Facebook is to broadcast stuff. I would be very upset if I posted a comment to Facebook and it wasn't immediately available for everyone to see.

I am upset that Facebook keeps stuff that I have deleted in their records.

Re:don't broadcast that stuff (0)

Anonymous Coward | more than 4 years ago | (#32537766)

Yes, TEMPEST is old stuff.

Pickup up CRT signals. Hmm. No, I sold my CRT ten years ago.

Powerful serial signals from 12V unshielded keyboard cables? No, I have a USB keyboard, that's 5V shielded pairs with a much higher data rate.

20-30 years of technological improvement haven't turned TEMPEST from a tricky secret police thing with vans full of equipment into something anyone can do with a laptop and a coat hanger. They've turned it into an irrelevant curiosity. The same outfits who were buying special TEMPEST shielded gear in the 1980s are now buying smart card based two factor authentication systems. The risk factors changed, nobody is stealing personal data through eavesdropping this decade, instead they just find a laptop full of data left on the train, or unencrypted backups on a DDS tape in a dumpster.

Re:don't broadcast that stuff (1)

SoupGuru (723634) | more than 4 years ago | (#32537178)

Broadcast. Broad cast. Broad: a large area. Cast: throw or disseminate. Broadcast: throwing your crap over a wide area.

The problem is that we want convenience with our electronic and communications. In order for that to work seamlessly, our access points are spewing out crap non-stop, advertising its existence for all to hear and explaining what kinds of connections it offers and what you'll need to connect to it. It's really convenient to do it that way because then we just turn the wifi on the laptop on and click OK when the dialog pops up asking to connect to your random access point.

But that convenience comes at the price of your access point spewing crap over as wide of a range as possible. Hell, even marketers highlight the range of their products as desirable. "You can spew your crap over a much broader range than our competitors!"

So either sacrifice convenience for extra privacy or realize that you're spewing crap all over the place and accept the fact anyone strolling by can listen in. And pray that he doesn't sue you for your radio waves penetrating his skull and giving him brain cancer or something ludicrous.

Bullshit (1)

rakslice (90330) | more than 4 years ago | (#32537432)

>Yes, if you can prove malice.

So, you're it's illegal for me to listen to the radio if I'm not in a good mood?

Re:Bullshit (1)

rakslice (90330) | more than 4 years ago | (#32537456)

you're saying

Re:don't broadcast that stuff (0)

Anonymous Coward | more than 4 years ago | (#32537024)

Maybe. [wikipedia.org] And since this seems to all revolve around a London-based company, it's possible. A lot of Slashdotters are defending Google by working under the assumption that this is US-based. It's not, and the EU has restrictions on personal data collection. It's been a few years since I read up on the Data Protection Act, but I think this does fall under a violation. And any lawyer will tell you that ignorance of breaking the law isn't going to fly in a court.

Collection of data in an automatic manner (1)

egork (449605) | more than 4 years ago | (#32537160)

and personally identifiable or communication data, this is what matters.

Technically you could fish out letters out of a letterbox. You are breaking the law if you do it even if you do not open and read them, right? Here Google was reading and even copying the messages.
Also it was doing it over the property border lines, which may also be prohibited n Germany but IANAL.

Re:don't broadcast that stuff (1)

Yvanhoe (564877) | more than 4 years ago | (#32537304)

The law cares more about intent than what is technically feasible. I tend to agree with you, but in the head of a jurist (or of about any non-technical person) they expect their mails and history to be private and well-behaved people to not go look in their trashes. They expect criminals to be able to do it and government as well (you know, hollywood says they have hackers 'n stuff). They just don't expect a company to do that on an industrial scale and make profits lawfully that way.

I hope that this will help people realize what informations they are broadcasting (wishful thinking !) and gladly label those that expect the informations broadcasted unencrypted to be confidential as "uninformed or dumb", but I agree with them that a company that has "don't be evil" as a motto should be expected to not do this kind of things.

Re:don't broadcast that stuff (1)

DMiax (915735) | more than 4 years ago | (#32537682)

I like your analogy, but I am afraid you forget that every packet has the intended recipient embedded. Some receivers will not even look at other packets and do not have a monitor mode. You have to go out of your way to listen to everything, contrary to the radio broadcast case.

Who cares? (4, Insightful)

ibpooks (127372) | more than 4 years ago | (#32536322)

They collected information which was publicly available from the street. Big deal.

Range, Scope. (0)

Anonymous Coward | more than 4 years ago | (#32536458)

The range of a wireless transmitter is limited by the FCC.

Google has essentially made my broadcast information worldwide.

If I am running an SSID of "SLEEP WITH MY WIFE FOR CASH", that broadcast is meant to be only seen within 100 meters of my location.

Google now knows where I am, who I am (based upon IP info, geolocation, etc) and has the ability to grab my MAC addresses and pinpoint where/when/who purchased that router.

Re:Range, Scope. (2, Informative)

jd (1658) | more than 4 years ago | (#32536540)

Err, not really. The FCC limits the power of transmission, yes, but the Bluetooth Rifle (range 1.1 miles) and even the Pringles Reflector show that you can massively boost range without boosting power. If you want to be fancier, I'm pretty sure the Voyager deep-space probes were using less power than is permitted for WiFi. Ok, the data rates suffered a bit, but then what else is XZ for?

Re: I don't think so... (2, Insightful)

colinnwn (677715) | more than 4 years ago | (#32536642)

And how did they broadcast your information worldwide? Hummm...

They've already said they have not used any of the inadvertently captured information in any product, nor did they realize they had it sitting on their development hard drives, until the dustup and review.

Presumably all they wanted was open WiFi's MAC and SSIDs so they could do basic geolocation on products that only have WiFi and not GPS. But even then, it sounds like they haven't released a product based on their collected data.

You have NO GUARANTEE that your SSID won't be available beyond your FCC mandated transmitting range, encrypted or not. Though truthfully any data you send over open WiFi you place out there at your own risk.

"pinpoint where/when/who purchased that router."
No they can't. MAC addresses are not registered like that, and SSIDs can be created and changed at your leisure. The only thing a MAC address tells you is who built the router, assuming it isn't being spoofed.

Re:Who cares? (0)

Anonymous Coward | more than 4 years ago | (#32536632)

Isn't that like standing on the street and using a laser listener (Google it) on your house is OK?, after all it is in plain sight, and it's only sound waves being recorded through light waves.

I don't think that just because data is obtainable, makes it OK to harvest it en mass.

I think that the data This Corporation was collecting, was data being transmitted with a reasonable expectation of privacy.

Subbtle difference: No barrier (1)

DrYak (748999) | more than 4 years ago | (#32536976)

Isn't that like standing on the street and using a laser listener (Google it) on your house is OK?, after all it is in plain sight, and it's only sound waves being recorded through light waves.

The subbtle difference is that the WiFi data was transmitted on the clear to begin with. It's information which is available to anyone else in the same street.
Whereas, in the laser listening, the people have supposedly closed their windows, because (at least) they probably expected some privacy.

The WiFi equivalent of the laser-listener, would be Google breaking weak WEP-protected wifi and mining that for data. The WEP shows that the people expected some privacy.

The voice equivalent would be listening to what people are saying loudly in their garden in front of their house : it's something every one else on the street can over-hear too. They shouldn't discuss sensitive informations openly where anyone else can easily hear.

Complaining on the ground of privacy when google scans open SSIDs, is like complaining for copyright infringement when google indexes publicly available web pages.

Re:Subbtle difference: No barrier (1)

Johnny Mnemonic (176043) | more than 4 years ago | (#32537588)


Complaining on the ground of privacy when google scans open SSIDs, is like complaining for copyright infringement when google indexes publicly available web pages.

Or takes your picture from the street, and then puts it onto StreetView.

Google has only captured publicly available information, and images. They just were smart enough to collect it, aggregate it, and use it in a valuable way. The outrage should not be over the collection of the data, but a realization that it's out there at all. Google has been doing us a favor, really, by demonstrating that that stuff is available. If Google stopped, the data would still be just as much out there, and less scrupulous persons than Google would still know how to collect it and get to it.

Re:Who cares? (1)

egork (449605) | more than 4 years ago | (#32537028)

IANAL but was reading up on this subject.
In Germany there are laws governing harvesting of the personal information. So not all publicly accessible information may be collected and used in an automatic manner.
Also the fact that one does not need to license the wifi installation does not mean mean that it is legal to establish a connection to a private network of somebody else. The keyword here is communication over the propertly border lines.
This is just to give an idea what is problematic with Googles action, not a definitive explanation.

Last time I checked the photons coming from your (0)

Anonymous Coward | more than 4 years ago | (#32537452)

They collected information which was publicly available from the street. Big deal.

Last time I checked the photons coming from your face and body are publically available from the street.

Heck, the infrared signature, chemical processes and other data about you is also available from the street.

So I will just go ahead and xray/infrared scan you, your family, your spouse and your children from the street and sell it on some questionable sites.

I am sure you will be OK with this because, after all, it was publically available from the street. (rolls eyes)

FAIL

Re:Who cares? (1)

beh (4759) | more than 4 years ago | (#32537508)

By the same standard, extracting AT&T's iPad data was also perfectly fine - it was all publicly available from the Internet...

The problem is - if I leave my home unlocked and you enter it, it's still an illegal trespass, making off with some of my belongings, even copying documents I might store at home, would still be considered illegal... The same applies for WiFi hotspots - the hotspot IS someone's property - sure you might be somewhere where you can SEE that there is a hotspot, much like you may see a house on the premises - but actually picking off data from it is still illegal.

There might be some mildly extenuating circumstances, if the hotspot wasn't locked - but copying data from it would still be an illegal act.

WiFi discovery by definition needs to look at data to find SSIDs, and since it's being necessary to do it that way, it's legal. But the SSID discovery does not need to look at the actual IP packet payload - and normal discovery discards it.

Re:Who cares? (1)

westlake (615356) | more than 4 years ago | (#32537720)

They collected information which was publicly available from the street. Big deal.

Available - but only with high-tech monitoring gear.

Available - but only because wireless networking is new to most folks.

Available - because the default wireless set-up is insecure - and who do we have to blame for that if not the geek who programs these systems at the OEM level?

Suspicion (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32536328)

Why do I suspect that the government is eager to get its hands on this data, which it could not have legally gathered itself, so that the data can be filed away somewhere and searched later at the government's leisure?

Google should have quietly erased this data rather than announcing that it had it.

Where's the Issue? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32536334)

It must be a geek thing but I don't get what the problem is here. The networks were unencrypted, people were broadcasting these things over the air anyway, like a radio signal, er, wait, it *is* a radio signal. If they would've encrypted the data and google would've had to crack the encryption or brute forced the password, whatever, then it's a criminal thing. But collecting data being broadcast over shared frequencies is criminal? Is there a reasonable expectation of privacy on a wireless network? I don't believe so, but again, it must be a geek thing.

Re:Where's the Issue? (2, Interesting)

rumith (983060) | more than 4 years ago | (#32536550)

That's the way the law is written. The problem is not that Google intercepted it, the problem is that Google saved their unencrypted transmissions to their hard drive while not being authorized to do so.
I condemn groups like Privacy International for using Google's screwup as a cheap PR resource to promote themselves. You want to claim that it was intentional, prove it in the court! Where's the libel law when you need it?

Summary is wrong (as usual) (0)

Anonymous Coward | more than 4 years ago | (#32536350)

While gslite parses the header information from all wireless networks, it does not attempt
to parse the body of any wireless data packets. The body of wireless data packets is where user-
created content, such as e-mails or file transfers, or evidence of user activity, such as Internet
browsing, may be found. While running in memory, gslite permanently drops the bodies of all
data traffic transmitted over encrypted wireless networks. The gslite program does write to a hard
drive the bodies of wireless data packets from unencrypted networks. However, it does not attempt to analyze or parse that data.

Keybaords (1)

jamesyouwish (1738816) | more than 4 years ago | (#32536402)

We just upgraded all our wireless conference room keyboards to be encrypted. Never thought that someone sitting outside our office could get every key stroke.

Re:Keybaords (1)

natehoy (1608657) | more than 4 years ago | (#32536526)

Good for you! Seriously, no sarcasm intended.

That's one thing that a lot of people don't think about. Anything, and I mean ANYTHING that is wireless is unsafe unless it is encrypted.

Anything that is wired is unsafe unless you check the connections, too. It's pretty trivial to throw a sniffer inline, let it sit there for a few days, and gather it up later. So if you're going to do something on one of those conference room machines where security is extremely vital, don't forget to take a quick peek at the back of the computer for any odd-looking add-ons between the keyboard and the computer.

Paranoid? You betcha! It won't be MY name on the report when a company I work for has a breach.

My big sign. (4, Funny)

onion2k (203094) | more than 4 years ago | (#32536424)

I've printed all my private data on a giant sign that I've put on top of my house. If you read it you can expect a visit from the authorities. Please, while I might not have bothered to secure my data, I do expect you to respect my privacy.

Re:My big sign. (1)

mukund (163654) | more than 4 years ago | (#32536668)

I've printed all my private data on a giant sign that I've put on top of my house. If you read it you can expect a visit from the authorities. Please, while I might not have bothered to secure my data, I do expect you to respect my privacy.

If I leave my door unlocked, I don't think it's right to strangers to come in and snoop around.

I don't know what you'll think.. whether I am naive or you are.

Re:My big sign. (1)

Wrath0fb0b (302444) | more than 4 years ago | (#32536826)

If I leave my door unlocked, I don't think it's right to strangers to come in and snoop around.

There is a difference between not locking your door (inaction) and broadcasting the data to the world (action).

Google did not "come in and snoop around", they passively listened from the street -- hence the analogy to a big sign on top of the house. If they have connected to the network and started making requests (e.g. connecting to SMB shares, reading shared iTunes playlists) then your analogy would be absolutely correct.

Re:My big sign. (0)

Anonymous Coward | more than 4 years ago | (#32536970)

When did the users take this "action"? This is due to their "inaction".

Re:My big sign. (1)

kalirion (728907) | more than 4 years ago | (#32537030)

There is a difference between not locking your door (inaction) and broadcasting the data to the world (action).

Google did not "come in and snoop around", they passively listened from the street -- hence the analogy to a big sign on top of the house.

How about if you leave your blinds open, and I sit in a car outside your house with a telephoto lens taking pictures of everything I can see inside, and storing them in a database?

Re:My big sign. (1)

cawpin (875453) | more than 4 years ago | (#32537602)

As long as you're on public property they can't do anything.

Google was not looking IN, the signal was be broadcast OUT.

Re:My big sign. (1)

mukund (163654) | more than 4 years ago | (#32537370)

There is a difference between not locking your door (inaction) and broadcasting the data to the world (action).

You broadcast a lot of information anyway. Don't think of just devices built as radio transmitters.

TEMPEST [wikipedia.org] was available eons ago. Think what is possible with technology today.

I don't know if it's legal to snoop or not. I don't think we can even tell if this data collection was malicious or just a stupid mistake, going by the information that is available to us. It's for the courts to judge.

But the possibility of data that might have been collected by such passive listening alarms me. It is not compatible with their "Do no evil" ethic. No corporation should be allowed to collect data like this. You can also add all sorts of excuses like "Use encryption", etc. As a techie, my data and network are secure. But not everybody in the general public is savvy about such things.

Re:My big sign. (1)

arose (644256) | more than 4 years ago | (#32536856)

What if you throw your stuff all over the curb?

Re:My big sign. (1)

natehoy (1608657) | more than 4 years ago | (#32537520)

This is a very commonly-used analogy, which (no offense) does not change the fact that it's utterly and completely flawed.

If you are running a router, and it is broadcasting signals that leave your property, you've lost any expectation of control over those signals. You are now broadcasting signals in a public space, and if someone else hears them, they are under no legal obligation to cover their ears and shout "LA LA LA LA!!" so they can't hear them. Similarly, if you go on your front porch and shout your credit card number, you can't sue or arrest someone for writing it down. If you want some level of protection, encrypt the signals. People can still (legally) record them, but you make it unlikely in the extreme that anyone can do anything wrong with them.

In the US, FCC regulations are quite clear on this matter. If you broadcast on an unlicensed frequency, the frequency is not exclusively your property just because you happen to be using it at the time. If you want exclusive access to a frequency, spend the money and get a license to a frequency, then use a frequency you have an exclusive license to. Anyone else who uses that frequency without a license is breaking the law. But 802.11a, b, g, and n are all unlicensed bands. You can't tell someone else to not listen on them, any more than you can tell everyone else on the train not to listen to your shouted cell phone conversation, or yell at everyone else on a CB frequency to get off it because it's yours. If you use a public resource, you have to accept that other people have access to it. That whole "sharing" thing you hopefully learned in kinnygarden really does apply here.

"Sharing" does not mean that you need to allow anyone else access to the resources behind that signal, but it means that if you want to protect those resources that's your job, not the job of society around you.

A better set of analogies for different network configurations is as follows:

  - ANY STATUS, provided the signal does not reach public space: You've left the stuff in your house. Locked or no, anyone who comes to even look at something is at least trespassing. Other laws may also apply, but trespassing is sufficient to state that it's illegal AND unethical. In this case, Google couldn't record your signal without violating your private property, but that also means you've set things up so the signal stops where your property line does.

All other scenarios assume that the radio signal from your router reaches some form of public space.

  - OPEN, SSID Broadcast: You took all your belongings, put them in the middle of the street, and installed a blinking neon light above them that says "FREE SHIT, COME TAKE IT, PLEASE!!!" No laws are broken if someone helps themselves to a couch (connects and uses your connection to access the Internet).

  - OPEN, SSID not broadcast: You took all your belongings, put them in the middle of the street, but installed a sign saying "please do not take". Laws may or may not be actually broken, but taking a couch would be (at least) very rude. But someone could photograph the couch (what Google is doing with the WiFi data).

  - SECURE (WPA/WEP), signal reaches public space: You've put your stuff out on the street with clear signs that people should not take it. Anyone who takes it may or may not be breaking the law (depending on local codes), but is certainly acting inappropriately. However, people can still take pictures of the stuff (analogous to recording the signal and use the unencrypted parts like the SSID and MAC address of the router).

An OPEN router with SSID broadcasting is, by design and definition, a public resource when the signal it emits reaches a public space. It could easily be used unintentionally - my laptop automatically selects the strongest signal and it's very hard to keep it from doing so. It's impossible to differentiate between an open/SSID-on network that the owner wants you to use and one that the owner does not. If you don't want people using it, at least turn off the SSID broadcast. That's a pretty clear signal that you don't want people using it. That'll keep the polite people out, at least.

But if you want to do something like banking or anything that involves privacy, I urge you, no I beg you to drop the flawed analogies and understand that signals broadcast in the clear can be intercepted regardless of the law. Passing laws against someone intercepting them will only give you a false sense of security, and won't protect you from the people who really mean you harm.

Your big name plate (1)

egork (449605) | more than 4 years ago | (#32537526)

How about writing down who lives where, and what time they leave their home in the morning?
How about doing that for John Lennon?
Or may be Darl McBride? :-)

Wireless security (0)

Anonymous Coward | more than 4 years ago | (#32536428)

its funny how no one gives a shit about computer security until they might be affected by it.

Privacy Advocacy Theater (5, Insightful)

rumith (983060) | more than 4 years ago | (#32536470)

There is little to add [benlog.com] .
...
I want to focus on a related problem that I’ll call privacy advocacy theater. This is a problem that my friends and colleagues are guilty of, and I’m sure I’m guilty of it at times, too. Privacy Advocacy Theater is the act of extreme criticism for an accidental data breach rather than a systemic privacy design flaw. Example: if you’re up in arms over the Google Street View privacy “fiasco” of the last few days, you’re guilty of Privacy Advocacy Theater. (If you’re generally worried about Google Street View, that’s a different problem, there are real concerns there, but I’m only talking about the collection of wifi network payload data Google performed by mistake.)
I’m looking at you, EU Privacy folks, who are investigating Google over accidental data collection. Where is your investigation of Opera, which provides Opera Mini, billed as “smarter web browsing”, smarter in the sense that it relays all data, including secure connections to your bank, through Opera’s servers? We should be much more concerned about designs that inherently create privacy risk. Oh sure, it’s easy political points to harp on accidental breaches for weeks, but it doesn’t help privacy much.
I also have to be harsh with people I respect deeply, like Kim Cameron who says that Google broke two of his very nicely crafted Laws of Identity. Come on, Kim, this was accidental data collection by code that the Google Street View folks didn’t even realize was running. (I’m giving them the benefit of the doubt. If they are lying, that’s a different problem, but no one’s claiming they’re lying, as far as I know.) The Laws of Identity apply predominantly to the systems that individuals choose to use to manage their data. If anyone is breaking the Laws of Identity, it’s the wifi access points that don’t actively nudge users towards encrypting their wifi network.
Another group I deeply admire and respect is EPIC. Here, they are also guilty of Privacy Advocacy Theater: they’re asking for an investigation into Google’s accidental wifi data collection. Now, I’m not a lawyer, and I certainly wouldn’t dare argue the law with Marc Rotenberg. But using common sense here, shouldn’t intent have something to do with this? Google did not intend to collect this data, didn’t even know they had it, and didn’t make any use of it. Shouldn’t we, instead of investigating them, help them define a process, maybe with third-party auditing from folks at EPIC, that helps them catalog what data they’re collecting, what data they’re using, etc? At the very least, can we stop the press releases that make no distinction between intentional and unintentional data collection?
I’m getting worked up about this Privacy Advocacy Theater because, in the end, I believe it hurts privacy. Google is spending large amounts of time and money on this issue which is, as I’ve described previously, an inevitability in computer systems: accidental breaches happen all the time. We should be mostly commending them for revealing this flaw, and working with them to continue regular disclosure so that, with public oversight, these mistakes are discovered and addressed. Google has zero interest in making these mistakes. Slapping them on the wrist and having them feel some pain may be appropriate, but too much pain and too much focus on this non-issue is akin to a full-on criminal trial for driving 10 miles per hour over the speed limit: everyone’s doing it. Just fine them and move on. Then spend your time going after the folks who, by design, are endangering millions of users’ privacy.
There are plenty of real, systemic privacy issues: Facebook’s data sharing and privacy controls, Opera Mini’s design (tens of millions of users relaying all of their data to Opera, by design), Google’s intentional data retention practices, web-based ad networks, We have enough real issues to deal with, who needs the advocacy theater?

Re:Privacy Advocacy Theater (3, Insightful)

nschubach (922175) | more than 4 years ago | (#32536630)

I thought you said "a little!"

We have enough real issues (1)

egork (449605) | more than 4 years ago | (#32537232)

Prosecuting Google is the way to prevent it from becoming a "real issue"

Should be (3, Interesting)

spleen_blender (949762) | more than 4 years ago | (#32536574)

Falsely accusing or indicating someone has committed a criminal act should be grounds for libel or slander.

Re:Should be (1)

jd (1658) | more than 4 years ago | (#32536812)

In the US, at least, falsely accusing people is a major source of income for lawyers, newspapers, TV stations, politicians,... If you shut this line of income down and lock them up, you'd double the prison population in days.

Re:Should be (0)

Anonymous Coward | more than 4 years ago | (#32537384)

And nothing of value would be lost.

Re:Should be (2, Insightful)

suomynonAyletamitlU (1618513) | more than 4 years ago | (#32537382)

See, now, this is what I don't get: Google published this, probably after their own lawyers got a look at it, and knowing full well that people were chumming the waters for legal cases. They didn't try to hide anything, and they aren't trying to deceive anyone.

And yet, the vibe I get from their opposition isn't, "we're going to slap you on the wrist for this little unintentional crime you're completely honest about." It's more like, "This prove you're a criminal of the worst kind and deserves to have the book thrown at you."

It's isn't just that it's illogical. They sound like they're panicked about something. If you were to ask me, I'd say that they were getting terrified thinking that there really were honest people out there--not just naive people who only tell the truth "because they don't know better" or because they're suckers--which would shatter certain politicians' world views wholesale. Now they're trying to slander and debase a company that proves that their worldview is a lie, by trying to turn a little truth into a mountain of lies.

Frankly everywhere you see this kind of overreaction to an honest mistake, you should be looking very closely for corruption. Mistakes happen all the time, so the only thing they could really be objecting to is the "honest" part.

Much Ado About Nothing (4, Insightful)

slimjim8094 (941042) | more than 4 years ago | (#32536580)

I made a comment a few weeks ago about people not understanding the concept of radio. People go to great expense and effort to throw their signal and information as widely as possible, and then complain when that happens. It's like people who don't want to be photographed in public.

I encrypt my wireless network, because I only want people I approve to access it. As a technically savvy individual, I use strong encryption. But ethically and (I think) legally, even if I were to use the embarrassingly-weak WEP, my intent to encrypt would be unmistakable.

WPA2/other strong encryption is like locking your house with a deadbolt and putting up an alarm. It takes a lot of work to get in.
WEP is like locking your screen door - it means 'don't come in' and while it's trivial to do so, you can't claim you thought it was OK
Unencrypted means 'come in, we have cookies!'. For things like coffee-shop hotspots, this is exactly the intent. For lazy homeowners, this is probably not what they want.

I have no sympathy for our lazy homeowners who don't want to take the time to understand exactly what that magic box does, and now are mad at Google. Admittedly, it's governments who are pursuing this, but it's tantamount to punishing someone who took a free sample from a grocery store.

tl;dr - unencrypted networks are implicit invitations to do whatever you want.

Re:Much Ado About Nothing (1)

D Ninja (825055) | more than 4 years ago | (#32536712)

Unencrypted means 'come in, we have cookies!'. For things like coffee-shop hotspots, this is exactly the intent. For lazy homeowners, this is probably not what they want.

Not quite. Being in your own home still has some implication of privacy (the four walls do that). Having unencrypted wifi is more like standing outside your front door on your porch and expecting people not to look at what you're doing there.

Re:Much Ado About Nothing (1)

jd (1658) | more than 4 years ago | (#32536770)

In this day and age of wardriving, wifi sniffers and even your bog-standard network mappers, it's not simply standing out on the porch. It's sticking a bloody great 30' neon sign over said porch saying "look this way".

Re:Much Ado About Nothing (2, Interesting)

tokul (682258) | more than 4 years ago | (#32537224)

It's like people who don't want to be photographed in public.

I don't care if people photograph street with me in it. I can turn away. I do care when they photograph me in the street. It depends on purpose of photographing.

Re:Much Ado About Nothing (1)

mangaskahn (932048) | more than 4 years ago | (#32537336)

I agree with much of what you say, but I think this is more akin to punishing someone being sprayed by an over aggressive perfume salesperson than taking a free sample. Taking a sample is a conscious action in which the sample is available and you actively take it and use it for your benefit. Google was driving through the area looking for open access points when some people said "Here, have all of this data we left in the clear and sprayed into the street for you. You wanted it, didn't you?"

Well, it's not a popular view ... (2, Interesting)

Wrath0fb0b (302444) | more than 4 years ago | (#32536584)

Mod me into oblivion, but I don't get how you can have a privacy interest in data that you are transmitting unencrypted. This is not just like leaving a door unlocked or a window un-blinded (which is inaction), there is a positive action of transmitting that information in such a way that anyone can read it. Calling this unauthorized access is really bizarre -- it's like saying I eavesdrop on my neighbors when they get drunk and start yelling very loudly at each other. Is it too much to ask that if you want to keep something private you ought to refrain from actively broadcasting it to the world? To be clear, I'm not talking about inferring a lack of a right from inaction (not locking your door is not an excuse for thieves) -- only conscious actions.

Google might yet make a public service of this and send out a postcard to these addresses explaining that they have chosen to make their internet usage public and they might do well to revisit their wireless setup. Of course, normatively they should probably discard any private data they collected just as matter of decency but that's not the same as saying they should be required to by some novel notion of privacy that extends to private information even when the rightful owner has willingly made it public.

[ Also, an aside, it's 2010! Who still uses an email client that's not https (web) or SSL (pop/imap/exchange)? GMail certainly is https (all of it, not just the login). ]

Re:Well, it's not a popular view ... (1)

Arkem Beta (1336177) | more than 4 years ago | (#32537128)

A reply to your aside: It's not the encryption between me and my mail server that I'm worried about (that's easy to control), it's the lack of encryption between my mail server and wherever the mail I send is going. How many mail servers are configured to talk SSL encrypted SMTP? I know about STARTTLS but do mail servers generally try and use it?

Re:Well, it's not a popular view ... (0)

Anonymous Coward | more than 4 years ago | (#32537552)

Generally the links between mail servers are wired links, so to eavesdrop on those you have to control the link. Maybe in a student dorm the switch might be controlled by someone who doesn't like you, but in a typical business or home setting the only people eavesdropping on wired links are the secret police or their equivalent, and there's not much you can do about that (use PGP).

Re:Well, it's not a popular view ... (1)

thijsh (910751) | more than 4 years ago | (#32537504)

I totally agree with you. It should however be pointed out that some data that *can* be recorded because it is publicly transmitted is still not legally allowed (in at least some places). This includes common devices like older non-DECT analog wireless handset (counts as illegal wiretap) but also human voice (no recording without consent). The point is that until a specific law for a specific situation with this specific technology exists there should be no legal issues, so in this case with Google it does not apply. Google tried to tackle this problem like SETI, just record a band of spectrum and only pre-filter unwanted signals (encrypted), and then afterwards parse all this data and look for patterns (coverage, use, etc.). This should be allowed but the could have improved upon this by filtering immediately after interception, keep only the metadata and discard the content... and as soon as someone pointed this out they said 'sure, if it makes you feel better'.

It would have been different if they did filter right after interception and stored some of the user data in parsed form (like email, passwords, etc.), then they would already be collecting personal data from random people and have 'legal intent' to use that data, which could be illegal. The tinfoil hats will of course claim that Google knew they would be liable if caught red-handed and thus recorded *all* data to just parse the personal stuff from it later. Sure, it might be true, but it is also 'could-have' theory now and surely not enough to prove intent legally. It comforts me to know that Kismet and all other (wireless) frame dumping software (*PCAP) generally dump all data by default and don't perform too much parsing except for basic filtering (like removing the encrypted stuff). The fact that Google did not specifically enable this functionality also suggests that there did not have to be malicious intent.

Re:Well, it's not a popular view ... (1)

DMiax (915735) | more than 4 years ago | (#32537550)

Everything is correct, but in this case also reconrding is not passive. They set up the equipment to record the packets, my computer does not record packets of unencrypted networks unless I tell it to do so.

You are actively broadcasting... (0)

Anonymous Coward | more than 4 years ago | (#32537668)

Your fingerprints everywhere
Your heat signature
Your chemical composition
Conversations in your home (they can be picked up at great distances with a sensitive detector)
Your computer screens also make the visible data available due to lack of sufficient electrical shielding.

And now because they are public you can say that a company can systematically go about collecting this and monetizing this information about you.... all because 'you are actively broadcasting'.

Absurd.

I can't believe people here on slashdot cannot see the ridiculousness of the argument: "If its unencrypted/on the internet then it's a big free for all and anyone can do whatever they want with that information"

Jealousy (2, Insightful)

El_Muerte_TDS (592157) | more than 4 years ago | (#32536674)

The reason why these government bodies are going after Google is because Google did by accident what these bodies never imagined they could do.

And now that people have been made aware of this by Google's slip up the government cannot pull the same trick (any time soon).

Greed (1)

egork (449605) | more than 4 years ago | (#32537288)

Should this to persist and people to get frightened by the harvesters, they would stop buying wifi devices. The whole market will be destroyed. This scandal is even good for Google in the long run, because this particular feature (wifi navigation) will not be banned completely. They just will have to obey certain rules (privacy laws).

Browser history? (1)

arose (644256) | more than 4 years ago | (#32536794)

How the hell do you sniff browser history over WiFi? I call bullshit on that.

Re:Browser history? (1)

m1pr2cm (1831554) | more than 4 years ago | (#32536978)

I think referral links could be extracted from the packets to build a history.

Re:Browser history? (1)

arose (644256) | more than 4 years ago | (#32537548)

Sniffing current browsing is not the same as getting browser history, particularly from a car that is just passing by. The summary is just plain old wrong as far as I can tell.

Re:Browser history? (1)

BlendieOfIndie (1185569) | more than 4 years ago | (#32537582)

First of all, I'm actually shocked that your post hasn't gotten more attention.

To add to the confusion, the summary states that Google is claiming they haven't analyzed the payload of packets! There is absolutely no way to detect e-mail addresses not to mention browser history from a handful of packets that were collected during a few seconds of drive by packet sniffing. I second your bullshit.

Re:Browser history? (1)

natehoy (1608657) | more than 4 years ago | (#32537674)

That is bullshit. You'd get exactly what happened while you were recording.

Theoretically, this COULD include the person's browser history if they happen to be copying it from one computer to another while you were recording, I suppose. But the same could be said of their Quicken files, their music files, or their email if they happened to be copying it over the wireless while you were recording. You can't magically reach in and get their browser history unless they have it on an open network share and you copied it from there.

But Google only passively recorded. They'd only get what the person is sending and receiving while they were recording. Given that Google is driving by, that ain't gonna be much.

Slashdot doesn't really get it (1)

papasui (567265) | more than 4 years ago | (#32536878)

Let's compare the locked door/unlocked door analogy to collecting WiFi data. My parents know if there doors are locked or not unlocked. They have absolutely no fucking clue if what they transmit across there WiFi is secure or not. They assume it is, but as long as the website opens up they are blissful and ignorant to it. I'd be willing to bet that a huge majority of majority of people are in this boat. What makes what Google is doing so bad is they are driving around exploiting this. Is it illegal? I don't know. Is it morally questionable? Certainly. For a company that proclaims 'Do No Evil', sure seems a bit on the evil side guy.

Looks like they just saved header info (1)

bl8n8r (649187) | more than 4 years ago | (#32536986)

FTFA: "Subsequently, when the remainder of the frame is written to disk, its body is not recorded"

So, basically, google drove around in the street-mobile and saved mac, ip, and ssid info - big deal. Let's waste US legal system time on something more pressing.

simpsons did it simpsons did it (0)

Anonymous Coward | more than 4 years ago | (#32537000)

So I undeerstatd that the entire packet was captured, but wireless SSID's and GPS cordinates are already on the internet for public consumption so people should get over it. Check it out there are SSID's from 2001 - current on http://wigle.net/gps/gps/Map/onlinemap2/ web site... maybe even yours

Thanks for taking care of this Google (0)

Anonymous Coward | more than 4 years ago | (#32537260)

It is not illegal to listen to someones cell or wireless phone conversation. It is however illegal to record said conversation. In the same respect, Google cannot be held responsible for "listening" to the broadcast, but cannot record and use the content of the broadcast.

As for using someone's open Wi-Fi without permission is tantamount to using their car without permission. If they buy a car without the prior knowledge that they should take the keys with them, would you simply get in and drive it to where you wanted to go? You don't have that right, the same as you don't have the right to "drive" their Wi-Fi to where you want it to go. Leaving a house open and keys in a car does not give you the right to use it however you see fit, nor does leaving a wireless router open and unsecured give you the right to use it as you see fit. All of these cases are stupid to do in this day and age but it does not relieve you of your responsibility of doing the right thing.

Google realized what they were doing, and stopped. They seem to be getting rid of the data they INADVERTENTLY collected. Give them props for doing the right thing when they realized something was going on. They are doing a much better job of it than BP is that is for sure!!!

A useless distinction (1)

mathimus1863 (1120437) | more than 4 years ago | (#32537330)

I should mention that many laws regarding wiretapping or eavesdropping require "unauthorized access" to the data stream, frequently requiring an intrusion of private property. I imagine that Google's actions are legally distinguishable from such laws, since they did not access such hardware, they only passively recorded information that was visible from public locations. If they had actually communicated directly with such people's routers, and, say, established an IP address with their network router, it would be a different story.

While it would appear to be ethically fuzzy to collect such data, it may be legally sufficient to demonstrate that such information was being transmitted over public areas, and since no "unauthorized access" was gained into any private networks, there was no legal breach.

I'm not saying they should've collected the data. But if a woman prances around in her living room naked with the blinds open, my decision to view it from the street should not be subject to peeping-tom laws.

Props to Google (1)

odin84gk (1162545) | more than 4 years ago | (#32537454)

Gotta give some props to Google and their "Don't be Evil".

They could have tried to sweep this under the rug, pay people off, and play politics as usual. Instead, they have fully released all of the information, encouraging multiple countries to investigate them.

They could have used multiple underhanded moves to prevent this kind of investigation, but they didn't.

Good Job, Google.

Funny (0)

Anonymous Coward | more than 4 years ago | (#32537622)

Google also sent a letter to House Energy and Commerce Committee leaders acknowledging their mistake and claiming they have not "conducted an analysis of the payload data in a way that allows us to know exactly what was collected."

^ Ya. Right. Lol.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?