Slashdot Mirror
Australian Police To Investigate Google Over Wi-Fi Scanning
daria42 writes "Those who thought the brouhaha over Google's scanning of Wi-Fi networks by its Street View cars was over (whether you believe it was deliberate or not) are destined to be disappointed. News comes from Australia over the weekend that the Australian government has referred the matter to the Australian Federal Police for investigation. The country's Attorney General, Robert McClelland, was quoted saying, 'Obviously I won't pre-empt the outcome of that investigation but they relate in substantial part to possible breaches of the Telecommunications Interception Act, which prevents people accessing electronic information other than for authorized purposes.'"
Is this the world's favorite new way to waste time, suing google for recording publicly available information from wifi spots as they drive?
idiots. ALL idiots.
I work for the Department of Redundancy Department.
Australian police arrest a subject for illegal surveillance for overhearing another parties conversation while walking down the street.
Long live the BSD license
...that as an American, I'm looking to Europe and Australia to actually stand up to Google and stop them from collecting every bit of data they can about me, like actually sending a van outside my house to grab information about my home network.
Google did nothing wrong by accidentally keeping un-secured information. This information was being broadcast over open wi-fi connections past the boundary of private property onto public property. Ignorance of security measures you can take is not an excuse. If I do not replace the brakes to my car regularly because I failed to read the maintenance schedule in the manual, it is not anyone elses fault but my own. Same thing with securing your wi-fi network. By default not securing your wi-fi network means that it is public.
That brings me to an interesting point, / . is just "the ramblings of socially-inept, technology-literate news-mongers".
*WHOOSH* That's the sound of the importance of users' MAC addresses being publicized flying over my head. Why should anybody be concerned if the RIAA, or Google, or anybody else knows your MAC address?
I fail to see how your NIC's MAC address can be used to extract sensitive or private information. I don't know of any way that it can be cross-referenced or traced. Whenever you are requesting information from a server, doesn't every hop along the way replace the "source MAC address" in the IP packet headers with its own MAC address? The only way, then, for your MAC address to become relevant to outside investigations would be if your default gateway were examined.
Every investigation I have heard of involves IP addresses, not MAC addresses. Hypothetical situation: let's say EvilBob logs into his neighbor's unprotected wireless access point and torrents a few albums. Unfortunately, the RIAA was hosting those songs as bait to catch evil-doers like EvilBob who steal music. The RIAA decides to take action against EvilBob. However, they don't know EvilBob's name. All they know is his neighbor's IP address. They pull a few strings and probably convince EvilBob's neighbor's ISP to release account information such as the name and address under which the Internet service is registered. So the RIAA sends a letter to that address and EvilBob's neighbors scratch their head for awhile, then hopefully end up enabling some security on their access point.
Let's say EvilBob is a part of something more nefarious, like trying to incite riots against government officials. In tihs case, it's not the RIAA who goes to the ISP but the government. The ISP gives relevant information to the feds and they bust down the doors of EvilBob's neighbor's house and confiscate all their computer equipment. Soon they discover that there is nothing illegal on these machines and concur a neighbor was using the unprotected wireless network to perpetrate his crimes. At this point, the AP can be examined and the MAC address of a certain NIC (if it has not been spoofed) can be identified as belonging to the machine that sent/received said illegal material. If they want to find EvilBob, I believe they are giong to have to search the whole city block in search of that MAC address and hope that a) the MAC address they got from the AP was not spoofed and b) EvilBob wasn't parked outside and is 1000 miles away in another country right now, installing botnets in public libraries in Florida.
Why is anybody worried about this issue? I feel like I'm taking crazy pills here!
Everyone wants a piece of Google's cash pie.
Rupert Murdoch thinks that Google should pay him for sending business his way, and the governments of the wold want to find some vague wrongdoing to levy a big fine over.
If you have been in a cave for the past few years, what Google is doing is collecting data to improve their Google Maps functionality. They took pictures to add "street view" so that you can see what the place you are trying to find actually looks like. They logged SSIDs so that your wifi device can be used as an alternative to a GPS device for automatically pinpointing your location on a map.
None of what they have done would be illegal for you or I to do on our own. But since they are a big, rich, company and can afford to take more pictures in more places than we as individuals can do on our own it becomes "a matter of privacy".
"You want to know how to help your kids? Leave them the fuck alone." -George Carlin
The NYTimes has an article about this stating that Google has surrendered the information collected to the governments of Germany, Spain, and France.
Shit, with all the evil stuff other corporations regularly get away with, why the hell are we talking about Google harvesting publicly broadcast information in a well known format, not for the purpose of causing harm, and not putting anyone at risk of harm? Furthermore, it sounds like they were planning to put it to use providing a service that I, and many others, would find useful.
If Microsoft did the same thing, everyone who is saying "big deal" would be all over them like white on rice. In my eyes Google is no different than Microsoft, it's just they have a better PR department and it is working wonders for them right now, until people actually start questioning how and why they do things.
How is logging open Wi-Fi APs "not an authorized use"?
No doubt Senator Stephen Conroy who is behind the Australian internet censorship probably had some words to the AFP after google called him out for being a douchebag.
Do you even understand your portfolio? Do your staff understand it?
As a respected ICT professional let me provide you some feedback. Nothing you have done in your tenure as has materially improved our nation. In fact you are making Australia the laughing stock of of the ICT profession world wide.
I understand that in this instance that the opposition ministers are also acting naively for cheap political gain, yet as the portfolio holder, I would expect you to provide some leadership and common sense.
Its not *just* about doing the so called right thing and standing up to Google. Remember Oz is not far from the Great Firewall of China. Left for Dead 2 is censored different to the rest of the 1st World(outside of the German Sensitivities of violent games), Linden Labs have their own Second Life servers in OZ in readiness that their game is deemed "Offensive" by the govt and they can manage content, and was home to the WikiLeaks being blacklisted on the OZ Great Firewall because they displeased the Administration. The Oz internet filter is extremely harsh and filters not just the usuall, but also gambling, political blogs, and conventional porn. Google preaches freedom and an open internet. Google has criticised the Australian Govt for their polices. They now are paying the price for talking in public about one of the most conservative western govts...possibly even by US standards.
In post Patriot Act America, the library books scan you.
Someone taking a snapshot of me while I walk down the street is perfectly legal and fine.
Someone following me with a camera is creepy and possibly illegal.
Someone following me with a disguised camera, talking pictures while pretending to do something else?
It's all a matter of scale.
Accidentally(?) recording a few snippets of open WiFi isn't much of a problem.
Doing it globally is.
Ah, but what if they had been sniffing "encrypted" packets too? In the hope that one day their computing power would be sufficient to decrypt them. Or if they had been sniffing DECT packets, knowing that the encryption is weak?
What security measures are "good enough" that they convey an expectation of privacy?
As much as I cringe every time Stephen Conroy opens his mouth, and especially at his recent rants about Google and Facebook, I think Google is at fault here and should be made to account for their actions. Google operates physically in jurisdictions other than the US and as a business they must comply to the local laws (think BP spilling oil into the Gulf of Mexico..)
The _Australian_ Telecommunications (Interception) Act doesn't make a distinction between encrypted and unencrypted traffic, and just last year provisions were added specifically to enhance protection of private networks. Given that Google specifically set out to detect wifi access points it was their responsibility to ensure that they acted within _Australian_ law within Australia. If there is the suspicion that they have failed to do so (insufficient controls and accidental action is not a valid defence - see BP) it is proper that they should be treated like any other company under the law and investigated.
Australian cops have obviously solved all the real crimes... No body gets raped or robbed there anymore. and now they need to police the "virtual" criminals.
He gets grilled (a bit) about whether the Australian Federal Police investigating the WiFi thing is just payback for Google being vocal about the proposed internet filter.
Classic pot meet kettle quote on Google vehicles
As opposed to totally, definitely capturing your personal information via a filter???
(std geek : let alone him not knowing about SSL or whatever)
From about 23 minutes into the mp3 available here http://blogs.abc.net.au/victoria/2010/06/train-passengers-pelted-with-rocks-afp-google-investigation-nothing-to-do-with-filter-fight-conroy.html?site=melbourne&program=melbourne_mornings
Well, it does make a change from all the stories about America. As per your example:
'American Man Takes Shit In Morning!'
'American Schools Buy New Computers!'
'Slashdot Editor Says "Fuck News, Let's Just Promote My Country"!'
Personally, if the news is interesting to nerds anywhere on the planet, it should be on Slashdot. It does have an international viewer base, after all.
No regards to laws? That's a rather over the top statement. It seems they have some regard for laws, considering they're cooperating with authorities. They've admitted they made a mistake, and have apologised for it. What else do you want them to do, publicly flagellate themselves?
No respect for privacy? Sure, I guess that's why they have a privacy policy. It's because they have no respect for it. Yeah, that's it.
I can't believe the rhetoric that is being spouted in the above post. Is it a Microsoft shill trying to cast aspersions under the guise of Anonymous Coward? You'd think they could afford more subtle posters.
Agreed, but Australia is grossly overrepresented on Slashdot. How many countries are there? Why is it that we see stories only from America, Australia , and occasionally the UK? It was bad enough when we saw ONLY American stories, but the Aussie editors haven't helped much with the crap they post from their own country.
What's wrong - jealous that something's happening here in Oz? If there's something happening in another country that's news worthy - then post it on /.
Or shut the hell up.
dnuof eruc rof aixelsid
Kismet (the tool google was using), generally records the same information your laptop picks up when you walk through the street looking for someplace to log on.(Actually it records a little bit more; for instance, it detects people with laptops who are looking for those networks too ;-) )
This is information that is intentionally publically broadcast by wireless access points, as part of how they work. If you have a wireless access point, you have to understand that it is not some magic box. You have to realize it will be publically detected by others, and you should take responsibility to minimise interference to others too.
What google was doing is done by people every day. They were just doing it on a google scale.
I hope that the outcome of this is that people become more publically educated about the "magic boxes" in their homes; not that google gets prosecuted for cataloging their ignorance.
It's too bad google has to destroy or hand over their data, else they could have been making interesting maps like these:
http://depts.washington.edu/wifimap/maps.html
This in the country where the police don't need an interception warrant to bug your phone, download your email or check you voicemail. Maybe they just don't like Google stepping on their turf.
My ism, it's full of beliefs.
IANAL but the Telecommunication Interception and Access act http://www.austlii.edu.au/au/legis/cth/consol_act/taaa1979410/ protects communications that travel over the Australian Telecommunications network from interception. Google may well have breached this act considering that it's several hundred pages long, first enacted in 1979 and patched and patched and patched since then to try and keep it applicable to modern technology. Up until recently you could make the claim that anyone operating a firewall, proxy server or IDS was violating the law. I think Google's best hope is to convince the court or the investigators that collecting metadata does not mean intercepting communications.
The level of understanding of Internet issues displayed by the Australian Communications Minister is stunning.
Ted Stevens: the Internet is a series of tubes.
Stephen Conroy: unsecured wireless access points are transparent tubes that it is a deep invasion of privacy to look through.
Dear Minister: Driving past a house and picking up traffic on an unsecured wireless network is like walking past the house of a stupid person who is using his hands-free phone by standing on the roof of his house and shouting a conversation down to where his phone is lying. You are bound to hear something that ought to have been private had the person not been communicating in a stupid way.
But this privacy beatup has caused the Minister to bring forth this gem, taken from Conroy slams "creepy" Google:
"I think that the approach taken by Mr Schmidt is a bit creepy, frankly," Senator Conroy said.
"When it comes to their attitude to their own censorship, their response is simply, 'trust us'. That is what they actually state on their website: 'Trust us'."
Indeed. Well, I think the approach taken by Stephen Conroy to Internet censorship is a bit creepy, frankly.
When it comes to his attitude to the Australian Government's own censorship scheme and its secret list of forbidden sites, his response is simply, 'trust us'.
It is increasingly clear that we can trust Minister Conroy to act on his gut feelings.
Yeah, I'm getting a pretty good idea of what I can trust Minister Conroy to do.
-Snorbert, somewhere in the antipodes
People, please note that the investigation by the police will be focusing on the Telecommunications Interception Act which governs the interception (inadvertant or otherwise) of anything that is traversing over the Australian Telecommunications Network.
The ATN is any medium and communications device that is directly connected to any Australian infrastructure. This includes all your home routers, all telephones and any other communications medium.
Compare this with the Privacy Act, (which may also apply) it is radically different. The privacy act doesn't really apply here.
Have you ever wondered why all call centres tell you they may record your call for training purposes? That's to get around the TIA act. Otherwise they would be breaching a very significant law.
It is also illegal in Australia to run a spam/malware filter without notifing and having the user agree to a machine intercepting your email. If you don't agree to this, your company or sysadmin is breaking the TIA act and is liable to be sent to jail. (@AussieSysadmins Pro tip: Make sure you have your arse covered.)
Please note that this isn't a money grabbing exercise by the government, it will only cost them money to investigate, prosecute and detain anyone. They will not be sueing Google for money. That's not how the law in Australia works.
Also note that it is not the same as overhearing someone in the street. The privacy act governs that and only applies if the person being overheard has a reasonable expectation of privacy while they were being overheard.
You can connect to any open wifi access point you want, it's when you capture or sniff any of the packets that you start breaching the TIA act and are liable for jail time.
I hope this clears things up for some people.
If you are interested, please have a flick through the TIA act here:
http://www.ag.gov.au/www/agd/agd.nsf/Page/Telecommunicationsinterceptionandsurveillance_Overviewoflegislation
Just have a weekly piece "Australian authorities do stupid sh*t"