Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Google's Wi-Fi Payload Collection Was Inadvertent

Posted by kdawson on from the obvious-to-wardrivers dept.

Reader Lauren Weinstein found a blog post that gives a good, fairly technical explanation of why Google's collection of Wi-Fi payload data was incidental, and why it's easy to collect Wi-Fi payload data accidentally in the course of mapping Wi-Fi access points. "Although some people are suspicious of their explanation, Google is almost certainly telling the truth when it claims it was an accident. The technology for Wi-Fi scanning means it's easy to inadvertently capture too much information, and be unaware of it. ... It's really easy to protect your data: simply turn on WPA. This completely stops Google (or anybody else) from spying on your private data. ... Laws against this won't stop the bad guys (hackers). They will only unfairly punish good guys (like Google) whenever they make a mistake. ... [A]nybody who has experience in Wi-Fi mapping would believe Google. Data packets help Google find more access-points and triangulate them, yet the payload of the packets do nothing useful for Google because they are only fragments."

4 of 267 comments (clear)

  1. Well duh by Pharmboy · · Score: 5, Insightful

    Of course it was accidental, after all, their corporate slogan is "Do no evil". Obviously they wouldn't do anything that would be evil.

    --
    Tequila: It's not just for breakfast anymore!
  2. Re:Inadvertent Or Not ... by slimjim8094 · · Score: 5, Insightful

    They may have broken the letter of the law, but almost positively not the spirit. In any case, the law is seriously flawed if it prevents Google's activity. And here's why:

    People were going to great lengths to literally broadcast the information into the car. How the hell can Google be held responsible for hearing it? If you put 50kW of The Office into my house from a hundred miles away, how is it illegal for me to watch it? And I know it's not illegal for me to record it.

    You don't *need* any analogies for this situation - IT'S A BROADCAST. They're all radio waves. Everybody understands FM, AM, TV broadcasts and would think it absolutely ridiculous for a broadcaster to get all up in arms about somebody receiving it. That's what WiFi is, but with somewhat less power, so it comes up less often.

    Can everybody PLEASE stop using analogies? They only serve to cloud the issue, and everybody already understands radio. It's a matter of making it clear to everybody that WiFi is radio.

    --
    I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
  3. Re:I honestly don't understand the fuss by FuckingNickName · · Score: 5, Insightful

    There's a very sensitive infrared camera and microphone outside your house right now, and we're disturbed by your interactions with your plushie. In the spirit of blind justice, I'm going to upload to /b/ and let the People decide.

    If you broadcast your movements via radio (and air movements), why on earth would you expect anyone to consider it private?

    A thick Faraday cage. If you need it, use it.

  4. Re:So? by spinkham · · Score: 5, Informative

    Yes, they should have only saved the SSID, location, and signal strength. Instead, they used off the shelf software which saved more data. There is no reason to believe this was intentional.

    That's fine and legal to do in the USA, as you have no expectation of privacy using unencrypted broadcast:
    http://www.law.cornell.edu/uscode/uscode18/usc_sec_18_00002511----000-.html

    TITLE 18 > PART I > CHAPTER 119 > 2511
    (g) It shall not be unlawful under this chapter or chapter 121 of this title for any person—
            (i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;

            (v) for other users of the same frequency to intercept any radio communication made through a system that utilizes frequencies monitored by individuals engaged in the provision or the use of such system, if such communication is not scrambled or encrypted.

    In the US, if you transmit in the clear on unlicensed spectrum, they can legally pick it up due to two different, non-overlapping legal clauses. ( Note, I am not a lawyer, this is not legal advice, this is but one of possibly relevant laws, etc.)

    The problem is they didn't need to do so, and it creeps people in the US out. So even here where it is legal, they probably shouldn't have from a PR point of view.

    In some other countries it is not legal to collect that data, and doing so intentionally might lower your penalties, but still does not make it legal.

    --
    Blessed are the pessimists, for they have made backups.