States Launch Joint Probe of Google Wi-Fi Snooping

CWmike writes "As many as 30 states could join an investigation into Google's collection of personal information from unprotected wireless networks, Connecticut attorney general Richard Blumenthal announced today. Google's response was similar to what it said earlier this month: 'It was a mistake for us to include code in our software that collected payload data, but we believe we didn't break any US laws. We're working with the relevant authorities to answer their questions and concerns.' Google already faces investigations by privacy authorities in several European countries, including the Czech Republic, France, Germany, Spain and Italy. In the US, Google faces multiple civil lawsuits, and the company has been asked for more information from several congressmen as a preliminary step to a legislative hearing. Google has asked that the lawsuits be consolidated and moved to a California federal court's jurisdiction."

If any of these are upskirt vids

[WillAffleckUW]

If any of these are upskirt videos, that's illegal in most Western states and is a felony.

As Perez Hilton now knows.

Doesn't matter WHY you committed the felony, it just matters that you DID it.

Re:If any of these are upskirt vids

[MokuMokuRyoushi]

Thank you - exactly. I see so many /.ers saying "Oh, it was a mistake!". Well, you go to jail for accidentally killing someone too. I'm not equating wi-fi data collection to manslaughter, but the principal holds.

Re:If any of these are upskirt vids

[BoberFett]

Except do you really think anybody wants Google employees in jail for committing crimes?

I'm gonna go out on a limb and guess that the real reason is the number 1, preceded by a dollar sign and followed by a lot of zeros.

Re:If any of these are upskirt vids

[MokuMokuRyoushi]

Of course not. They probably wouldn't go to jail in any case, just take a fine. Again, principal. Whether or not they pay a fine/bribe their way out, the fact remains, a crime is a crime, accidental regardless.

Re:If any of these are upskirt vids

[rtfa-troll]

Well, you go to jail for accidentally killing someone too.

No; actually you don't. You can go to jail for "negligently" killing someone, but not normally for "accidentally" killing someone. There may be special exceptions where the accident was something that could have been avoided by a specific action you failed to take, but these are basically special case of negligence.

N.B. I am of course ignoring miscarriages of justice, but if we included those then you could go to jail for not killing someone.

Re:If any of these are upskirt vids

Can you name a situation where an accidental killing couldn't be construed as negligence?

Re:If any of these are upskirt vids

[BoberFett]

Fines are governments way of saying "You committed a crime, but for a sufficient bribe *wink nudge* we'll let you off the hook."

Re:If any of these are upskirt vids

[masshuu]

I remember a story of someone who when driving with a driving instructor hit and killed someone. No one was sent to jail.
Apparently the person ran into the road, and the new driver hit the wrong pedal.
The driving instructor could not hit his break in time.
Why should either of them go to jail?

Re:If any of these are upskirt vids

[hairyfeet]

Well I can name one, happened around here when I was a kid and I witnessed it. A woman was driving by the school, going well below the speed limits and obeying the signs, when a third grader late for school shot out between a couple of cars and she hit him. She wasn't going but about 20 but she clipped him just right, and when he hit his head popped like a watermelon.

Of course she wasn't charged with anything, it was an accident, nothing more. I heard a few years later she ended up in a mental institution for awhile, simply because she couldn't get the incident out of her head and the nightmares were making her suicidal. But we meatsacks are fragile little things, and it isn't really hard to cause someone to die totally by accident. This is why we have police and judges to separate the accidents from the negligent homicides.

As for TFA, as much as I am pro privacy this crap is getting more than a little nutty. They simply picked up unencrypted WIFI being broadcast that is all. Hell anyone living in an apt has a dozen unencrypted WIFI routers blasting into their homes, are you gonna bust them if they pick up data from the wrong router? If they were hacking routers that would be one thing, but this is NO different than picking up a radio broadcast, because that is pretty much what it is. This is starting to smell to me like a "my neck, my back, I'll sue!" kind of situation, where everyone is lining up because Google has deep pockets.

still dont see

[Tmack]

Why this is being given such legal scrutiny. Its akin to driving down the street with a tape recorder and parabolic mic, recording whatever conversations people might be having as part of a population density study, and accidentally recording someone in their front yard yelling their cc# into the phone. It should fall under general privacy law: if you dont spend the time/energy to setup encryption of some form, dont expect privacy (same as if you dont try to block peeping toms, or if you go sunbathing nude in your front yard next to the street, dont be surprised to find yourself posted to /b). Even windows warns you now if you try to connect to an unencrypted AP. If anyone should be sued for this, sue the manufacturers that distributed the APs with a default configuration of no encryption and see how well that flies.

Tm

Re:still dont see

[ScrewMaster]

Why this is being given such legal scrutiny.

I think Google is seen as being a bit too successful and there are a lot of companies that would like to see Page & Brin taken down a notch. I wouldn't be the least bit surprised to find Microsoft's hand behind some of this.

And just what drain-bamaged individual modded the parent post troll? He's just pointing out the truth: it's your responsibility to secure the radio transmitter that you hooked up to your computer. It's not my my responsibility to avoid picking up your signals. The truth is, when it comes to security the law cannot protect you. Just like cops can't protect you from having your house broken into and your wife and daughter raped. All the law can do is try to pick up the pieces afterwards and maybe offer some redress.

Google screwed up here, but only by gauging the collective intelligence of the world's politicians to be much higher than it really is.

Re:still dont see

[larry+bagina]

That happens to be illegal in some states.

Re:still dont see

[leon.gandalf]

Exactly. And whoever modded this down is an idiot.

Re:still dont see

[_Sprocket_]

Why this is being given such legal scrutiny.

"I say! There's a bandwagon out there and we're not on it!"

"Are people paying attention to it?"

"Whole throngs of people."

"I'll get my hat..."

Re:still dont see

[Anne_Nonymous]

It's like if you leave your house unlocked, but the liquor cabinet in your basement rec-room is closed, but not locked, but it has a sign on it that says "Don't drink daddy's hooch", but if somebody came down there who wasn't daddy's child, and drank a Coke, but not any hooch, then would it be ok, if the mailman left a package inside the storm door on the porch instead of out in the rain? That's pretty much the best WiFi security analogy I've heard.

Re:still dont see

[ascari]

Google == Big Juicy Target. Do you see now?

Re:still dont see

[Montezumaa]

You could not be more wrong. Seeing as you do not understand how all state laws work, in regards to accessing computers and networks, I suggest that you keep such blanket comments out of this discussion.

Re:still dont see

[Angst+Badger]

I'd have modded the parent +1 Insightful, but the truth is that it wasn't actually insightful; it was obvious. If you are broadcasting an unencrypted signal beyond your property line, you are doing just that: broadcasting your data to everyone in range. Complaining when someone actually receives that broadcast is a bit like putting a billboard in your front yard and complaining when people look at it. There should be absolutely no expectation of privacy in this situation, especially when there is no way to tell the difference between an access point left unsecured because of ignorance and one left unsecured for the express purpose of sharing the connection.

All we have here are a bunch of state attorneys general preying on the ignorance of the general public to prosecute Google for reading public messages in order to boost their reelection prospects. Some of them might have started with honest intentions out of their own ignorance, but they've all had enough time at this point to learn the bare basics of WiFi. It would have been nice if Google had taken greater care in its actions, but even if they had intentionally captured every last byte they could suck out of the air, there would have been no wrongdoing.

Re:still dont see

[Graff]

Why this is being given such legal scrutiny.

It's very simple: election time.

Richard Blumenthal is in the race for Christopher Dodd's Senate seat and so he's using any issue to put himself in the news. Google is a big name and by going after them Blumenthal can get his name splashed across tons of news outlets for some free publicity.

Re:still dont see

[schwit1]

How can it be illegal in 'some states'? isn't this the jurisdiction of the FCC?

Re:still dont see

[AHuxley]

"someone actually" is a .com with with real lawyers who told them it was not a good thing to do.
"broadcasting your data to everyone in range" you can use open wifi, the problem is with collecting and storing.
"complaining when people look at it" is again what real lawyers told them it was not good to do.
If you did not want to connect to Google, you have an expectation of privacy.
"It would have been nice", they seem to have understood they should not have from day one in parts of the world.
The difference is between establishing a connection to ask for the MAC ect and storing data.
The laws could have been changed, exemptions requested or code tested.
The laws where not retroactive, new, not clear ect. Dont keep other peoples data.

Re:still dont see

[AHuxley]

http://www.irongeek.com/i.php?page=computerlaws/state-hacking-laws seems to show a list of some state based ideas on computer infrastructure use and access.
back from 2005 on wifi
http://news.cnet.com/FAQ-Wi-Fi-mooching-and-the-law/2100-7351_3-5778822.html "Are state laws about unauthorized access different?
Yes, but often not in an important way. Genetski says that "as a general rule, most states model their computer crime laws after (the federal law).""
So in the US they might be ok for accidentally collected the data and didn't share it.
Within in the US illegal to access computer data without authorisation could be an aspect too, secured or not?

Re:still dont see

[bloodhawk]

In many countries it is outright illegal to connect to or listen to traffic on a private network, EVEN if the network is completely and utterly unprotected and admined by a moron. When a large company breaks a law on such a large scale, even if accidental you have got to expect it to receive a lot of scrutiny. Also believe it or not your idea of a tape recorder and parabolic mic is also illegal in many countries unless you have either the peoples permission to record them or court issued warrants.

Re:still dont see

[DJRumpy]

The same principal applies to taking photo's of someone without their consent. If you point a video camera into someone's home, you aren't physically entering it, but you would be held liable under the law in any case. There is precedent set for the private sector, which is where this would fall: "Private Sector Electronic surveillance is most common in two areas of the private sector: employment and domestic relations. In addition to legislation in many of the fifty states, Title III governs these areas as well. It prohibits any person from intentionally using or disclosing information knowingly intercepted by electronic surveillance, without the consent of the interested parties. The intent element may be satisfied if the person knew or had reason to know that the information intercepted or disclosed was acquired by electronic surveillance; it is not satisfied if the person inadvertently intercepted or disclosed such information." [Source] http://legal-dictionary.thefreedictionary.com/Electronic+Surveillance In this case, Google was actively scanning for this information. They didn't inadvertently 'see' it. Their entire purpose was specifically to collect it.

Re:still dont see

[westlake]

It should fall under general privacy law: if you dont spend the time/energy to setup encryption of some form, dont expect privacy

To begin, I am not sure there is such a thing as "general privacy law."

But the interception, disclosure and exploitation of private radio communication was the subject of federal legislation as early as The Radio Act of 1927, when mechanical cipher machines were still in their infancy.

The fact that eavesdropping on private networks and services in those days was trivially easy did not make such behavior legal or ethical.

Re:still dont see

In many US states it is not legal to record a conversation, using a microphone, and if you are involved, without consent. I think it is not legal in any state to unknowingly record a conversation between others.

But this is irrelevant. The purpose of these laws are to protect understood confidentiality.

How is open wifi different from a regular conversation? Because it is broadcast radio waves. The entire REASONING behind unprotected wifi is to communicate, OPENLY. The data is meant to be captured by any party. It's the basic equivalent of shouting into a megaphone in a crowded area.

You say, without specifying further, that some countries criminalize this action. But since when does the existence of a law make it just? I don't give a fuck about the laws in other countries. I care about the laws in mine. And in this instance, they happen to be correct.

Re:still dont see

This is a bullshit analogy. Google didn't direct the recording of any specific data. It was broadcast TO THEM, by design -- not intentionally sought out.

Unless it's also illegal to receive a public television signal, any accusation of wrongdoing is purely fabricated.

Re:still dont see

[DJRumpy]

You wouldn't consider driving down the street with the intent to record these leaking broadcasts, intent? People don't broadcast their WiFi with the intent to let Google record it. They broadcast it within their home. Any leakage can't be controlled by the end user unless they put up a cage. I don't see that happening.

You do realize you described a 'public' television signal right? Private transmissions from a home are not the same as a public transmission.

Re:still dont see

[murdocj]

For god's sake, the whole "I was walking down the street and happened to intercept unecrypted wifi" argument is utterly ridiculous. No one "happens to intercept" wifi. You have to actively snoop. If you want a better analogy, try "I walked down the street and opened up people's mailboxes and read their letters. But they had it coming to them, they didn't have lockable mailboxes".

Google screwed up. Period. If they had simply done what they claim they wanted to do, and only recorded header information, this just wouldn't be an issue. If anyone else drove a fleet of vans around intercepting wifi, people on Slashdot would be going nuts, but because it's the cool company, all is forgiven.

Re:still dont see

Yes, except for the fact that broadcast open access points are by definition not private. 'Eavesdropping' is how these devices communicate. Similar to ignoring other people that are talking inside of a public hall.

Re:still dont see

[PopeRatzo]

Why this is being given such legal scrutiny. Its akin to driving down the street with a tape recorder and parabolic mic

Actually driving down the street with a tape recorder and a parabolic mic recording conversations should be illegal. If I'm standing on my porch having what I think is a private conversation with someone and someone in a car is recording that conversation with a parabolic mic, it sounds like an invasion of privacy to me. Just because something is done "in public" shouldn't mean that it's meant for public consumption. And if it that private conversation is being used for financial gain, then it's even more egregious.

Driving by my house and taking a picture is one thing. Driving by my house and recording private conversations is another.

It's strange that some of the same people who would shit themselves with anger if the government was doing this think it's just peachy if a transnational corporation does it.

Re:still dont see

[Jurily]

How can it be illegal at all?

Google is using public resources to gather data. It's what they do.

If you broadcast an SSID to an unencrypted network, it's a public resource, plain and simple. Just because you were too stupid or lazy to do something about it doesn't mean Google's at fault here.

What next, whine because they spider your web page?

Re:still dont see

Open wifi has one reason and one reason only. To publicly broadcast the signal so that any device in range can communicate, sans restriction. There is no classification to be made between the naive actions of a homeowner and the willful allocation of a block-wide access point, or an open business wifi hotspot. The distinction between these cases CANNOT BE MADE.

Your entire premise is flawed because you describe unsecured wifi communications to be "leaking." This is HOW THE TECHNOLOGY WORKS. The packets are CAPTURED, and READ, and FILTERED, by ALL the unconnected wireless devices in the area. Fuck, for an ad-hoc connected network, the data isn't even filtered out.

Re:still dont see

[DJRumpy]

The law as quoted above isn't ambiguous. It is in fact very clear:

• "In addition to legislation in many of the fifty states, Title III governs these areas as well. It prohibits any person from intentionally using or disclosing information knowingly intercepted by electronic surveillance, without the consent of the interested parties. The intent element may be satisfied if the person knew or had reason to know that the information intercepted or disclosed was acquired by electronic surveillance; it is not satisfied if the person inadvertently intercepted or disclosed such information."

What part of that do you find unclear? You don't think the 30 some-odd states looking to file legal action haven't considered this?

Re:still dont see

[michaelhood]

Why this is being given such legal scrutiny. Its akin to driving down the street with a tape recorder and parabolic mic, recording whatever conversations people might be having as part of a population density study, and accidentally recording someone in their front yard yelling their cc# into the phone. It should fall under general privacy law: if you dont spend the time/energy to setup encryption of some form, dont expect privacy (same as if you dont try to block peeping toms, or if you go sunbathing nude in your front yard next to the street, dont be surprised to find yourself posted to /b). Even windows warns you now if you try to connect to an unencrypted AP. If anyone should be sued for this, sue the manufacturers that distributed the APs with a default configuration of no encryption and see how well that flies.

Tm

What if I sniff all the guests' network traffic in a hotel? (via ARP spoofing or otherwise)

There's certainly no warnings presented in any OS when you plug in ethernet and grab an IP, and the average computer user certainly doesn't know that it's possible to do this.. so, how do you feel about that?

Re:still dont see

I think the truth is more than just "it's the cool company". I tend to think that some defending this as somehow justified or reasonable are actually stockholders and if so I would expect they would say *anything* favorable to defend the value of their shares in "the cool company".

Re:still dont see

[macshit]

Why this is being given such legal scrutiny.

I think Google is seen as being a bit too successful and there are a lot of companies that would like to see Page & Brin taken down a notch. I wouldn't be the least bit surprised to find Microsoft's hand behind some of this.

Also this is seen as a chance for easy political grand-standing by politicians who haven't the faintest clue what actually happened, but can see how to spin it into a "probe" to make it look like they're doing something... and once one politician starts blathering cluelessly about it, the rest are eager to jump on the bandwagon.

Re:still dont see

Here's an even better analogy. You have a garden hose, and whenever anyone walks by your house on the sidewalk, you spray them. Someone opens their mouth and drinks the free water that you're squirting at them, and you scream, "Water thief!!"

Re:still dont see

[Angst+Badger]

For god's sake, the whole "I was walking down the street and happened to intercept unecrypted wifi" argument is utterly ridiculous.

It's more like, "I was walking down the street and happened to overhear the residents yelling loudly from their porches." If you happen to be walking down the street with a wifi-capable device, you might capture some data, too.

Look, if you're beaming unencrypted data through my body, it has ceased to be your private concern. It may be impolite for me to look at that data, just as it would be impolite for me to listen to your loud argument with your spouse on your front porch, but there's a wide gulf between impolite and illicit.

If anyone else drove a fleet of vans around intercepting wifi, people on Slashdot would be going nuts, but because it's the cool company, all is forgiven.

Google creeps the hell out of me. Between their collection of information from email and web searches and their entry into the medical records business, they do plenty of things that represent a genuine threat to privacy. Capturing fragments of unencrypted broadcasts, on the other hand, doesn't particularly worry me. I encrypt my network for a reason, and that reason has a lot more to do with the government and my immediate neighbors than it does Google.

Re:still dont see

[phyrexianshaw.ca]

but that's the problem. it's not their data.
by broadcasting the data via unencrypted WIFI, it's akin to putting up a note on a public billboard asking about pork recipies and putting a note on it saying "hey jewish friends of [me] don't read this please"

people need to learn that data is not theirs to keep/own/protect. bits are bits, free them already!

if you want to use the internet, don't complain when people trying to collect the data for the sake of improving the internet collect/store/make use of it.

Re:still dont see

[phyrexianshaw.ca]

"I walked down the street and opened up people's mailboxes and read their letters. But they had it coming to them, they didn't have lockable mailboxes".

Excuse me? that analogy fails on SO many levels.

what you describe is analogous to BREAKING the encryption on their mailboxes, and making photo copies of the letters.

the postal system analogy here would be more like receiving all your postal mail via PDF's short-linked on twitter and "asking people not to read it".

NOWHERE did google intentionally GO INTO any mailboxes, they just collected data being broadcast freely to anybody who wants it. hell, if it's still being broadcast, the people that contributed to the whole thing have NOTHING TO COMPLAIN ABOUT FOR ONE SECOND!

Re:still dont see

[phyrexianshaw.ca]

and as per your wonderful quote you've completely overlooked that google has only collected and stored data. they have not used or disclosed anything.

law is ALWAYS gray. there is NO black and white.

and that doesn't even begin to cover "or had reason to know that the information intercepted or disclosed was acquired by electronic surveillance" somebody failing to understand how technology works is not the fault of an advertising business.

Re:still dont see

[phyrexianshaw.ca]

What?

if I were sitting in a coffee shop having a "private conversation" I understand that the people around me may hear the details.
if sitting on my porch, I expect my neighbors and maybe a few service people nearby might gleam a few.

I'm sorry to break this to you, but your land is NOT your land. you pay your taxes to rent it from the government. there's law's about how much you can keep from the world. there's even a law preventing you from building a concrete wall around your house to keep "all your conversations private" (well, not a law intended to prevent that, more of a decency law really.) :P

you're living on public land. just because you think something might be private, doesn't make it so.

Re:still dont see

[phyrexianshaw.ca]

you'd be more then welcome to. anything that's encrypted you'll glance over as too difficult to bother with, and I'll appreciate it that you'll leave the encrypted conversation with my significant other alone. the pizza online order details (with the exception of the payment that's encrypted with SSL) and the web history for the night are all yours!

what else? I expect you were looking for "I get away to hotels to be left alone! how else to i spend time with my mistress?"

Re:still dont see

Your example falls under federal wiretapping laws(driving down the street with a tape recorder and parabolic mic) not to mention state laws. They are not only recording data from unencrypted wifi but encrypted as well. You see your NIC address is always broadcasted unencrypted. They built a database to aggregate pictures, addresses, and your NIC address so that every time you do a search they know where the search came from. The unencrypted data was just gravy. You buy something over the internet they know who bought it and where you live. A company that had nothing to do with the sale knows all of this. Their intent was to sell it to various entities for profit. They did not do it for an experiment, it was not an accident. They thought they wouldn't get caught. You just don't get it. All of the data being collected is not just about buying things over the internet or searching. It's about tracking YOU. You are one of the stupid "if you have nothing to hide" crowd. No you aren't insightful. Just another one of the "useful idiots" Lenin talked about. FU commie.

Re:still dont see

[MoHaG]

Cracking WEP can be seen as like this... You indicate that you want someone not to read it, even if you use something that is trivial to bypass.

Hell, they even call it "public" or "open" WiFi.

Google seem to not even have read it, only collected it... Similarly to any potentially "private" things to see on the street that was also collected by the same vehicle...

If you are discussing private information in a public place you can't complain if it gets recorded / overheard...

Re:still dont see

[TheRaven64]

It's more like, "I was walking down the street and happened to overhear the residents yelling loudly from their porches." If you happen to be walking down the street with a wifi-capable device, you might capture some data, too.

Exactly. The original poster's analogy was correct. It's fine to walk down the street and accidentally overhear a conversation. It's not okay to walk down the street with a tape recorder and a parabolic microphone and record everything that anyone says. The problem isn't the 'interception' of WiFi signals, it's the storing of massive amounts of aggregate data.

Re:still dont see

[TheRaven64]

I don't see the problem. As you say, recording a conversation is illegal, but simply listening to it is not. Similarly, no one would have a problem with you walking around with a WiFi-enabled device and looking at the traffic, but when you record everything that is transmitted then it is different.

Walking along a street and listening to conversations is not the same thing as walking along the street and recording other people's conversations.

Re:still dont see

Google is collecting data without asking permission. The availability of data doesn't entitle you to sniff it, especially when something like "iwlist {interface} scan" yields better info.

One may run an open AP out of: incompetence, convenience: does it mean somebody is entitled to sniff traffic? nope.
One may run an open AP because he's some kind of commie and wants to share connections, that means he would surely not like a corporation to profit off his act.

Lawful or not, IANAL, this operation is not moral. My morals of course. Which are all that matter to me.
Heck, even tracking APs is not moral unless the AP owner can opt in to the inclusion in the map.

Re:still dont see

[PopeRatzo]

I'm sorry to break this to you, but your land is NOT your land. you pay your taxes to rent it from the government. there's law's about how much you can keep from the world. there's even a law preventing you from building a concrete wall around your house to keep "all your conversations private" (well, not a law intended to prevent that, more of a decency law really.) :P

you're living on public land. just because you think something might be private, doesn't make it so.

I'm sorry, I thought we were talking about planet Earth.

I'm not sure where you believe you just lease your land from the government, but it sounds like you're either living in 1965 East Germany or maybe just a little confused.

And privacy? It's what we say it is as a society. And I say that when I'm talking on the phone, or having a quiet conversation, it's private. And yes I'm allowed to build a high fence around my property if I want to.

you're living on public land. just because you think something might be private, doesn't make it so.

Are you trolling or just crazy?

Re:still dont see

[AltairDusk]

Title III governs these areas as well. It prohibits any person from intentionally using or disclosing information knowingly intercepted by electronic surveillance, without the consent of the interested parties.

Since you've kindly emphasized the relevant information already perhaps you should read it. Google didn't use it or disclose it, they said "oh, we've collected more information than we intended to and we are going to delete it." Then the government stepped in and forced disclosure.

Even if a law is made explicitly saying you cannot utilize in any manner wireless networks without express permission of the owner it will still be effectively useless for protecting the public. Anyone looking to maliciously use your network traffic is not going to care about said law and will surreptitiously capture your data anyway, meanwhile the public thinks they are safe due to said law so the end result is even more dangerous.

Re:still dont see

[DJRumpy]

Obviously they did intend to use it if they are analyzing the data. The very fact that they found they had collected too much information shows that.

Re:still dont see

[e4g4]

One may run an open AP out of: incompetence, convenience:does it mean somebody is entitled to sniff traffic? nope

Google was sniffing wifi packets so they could later analyze the wifi networks against their mapping data. They, inadvertently or not, also captured payload data at the same time. `iwlist {interface} scan" would not be well suited to their purposes, as there would need to be a daemon attached to it firing the scan command periodically. Google's solution undoubtedly involved putting their wireless NIC(s) into a passive mode that would collect the information from the packets as soon as the packet was encountered, which would produce much better data for their purposes. So, they forgot to turn off the payload logging, big deal. I do not believe there is much (if any) actual utility to even a privacy averse company such as Google for a fraction of fragmented, unencrypted wifi data. All the really sensitive information (credit card numbers, e.g) was undoubtedly encrypted (via SSL) as it was flying through the air (not that Google would have much use for that data anyway). Worst case, Google captured a few minutes worth of traffic from a given AP, on average probably only a few seconds. Is morality even an issue here? Who would have the fortitude to actually distill interesting signal out of the undoubtedly mountain of wifi noise they collected? Even if you were very targeted in looking for a specific AP in a specific location, the odds that you can find any interesting information in the log from that location are still very small.

Is it immoral for me, in my own apartment, to run a wifi scanner that is also capturing payload information (from the half dozen open networks broadcasting in range)? Wifi security, while not completely part of public knowledge, is certainly well on it's way there. The dead tree news companies have certainly scared consumers with the risks of running an open network, and nearly every device on the market now, if not enabled with security by default, requires you to explicitly opt out of it in the setup process. I'm of the firm opinion that if you're brazenly bathing my network antenna with your unencrypted, non-ionizing radiation - I am fully entitled to let my wireless NIC listen in.

Re:still dont see

[danmart1]

I'd have to say that having a "private" conversation in public makes it a public conversation. If you aren't trying to keep what you believe to be a private conversation private, while in public, then there is no reason for an individual to suspect that the conversation is private. As my parents used to say "I'm not psychic, don't make me guess." That being said, does having an unsecured wireless network make it public? Imagine a world where wireless communication is the norm. Everyone knows how to secure their networks, similar to how most people know how to keep verbal conversations private. If secured wireless is the norm and, unsecured wireless is almost unheard of, would it then be the persons fault and not Google's for not properly protecting themselves? Obviously this isn't the way it is, yet. And for note, this that lack the proper knowledge should have some protection, but Google's perspective may be similar to many Slashdotter's. "Who still has an unsecured wireless network theses days?"

Re:still dont see

[Tharsman]

He's just pointing out the truth: it's your responsibility to secure the radio transmitter that you hooked up to your computer. It's not my my responsibility to avoid picking up your signals.

It's also my responsibility to lock my house's door every day, but that does not give anyone the right to open in and walk by my house, much less peak through my stuff or listen in my conversations, because I forgot to lock the door.

It's not the same, true, but leaving my wifi open is not an invitation to hack into transmissions, at best, its an open invitation for other users to also access the internet through it. I'm no lawyer, and even if I was I could not claim to know the laws in every single state, but its very likely if there are investigations going on that the states that have started them do have laws against hacking communications.

Re:still dont see

[larry+bagina]

How can it be illegal in 'some states'?

I was referring specifically to the reference of driving down the street with a big fat microphone, recording people's conversations.

isn't this the jurisdiction of the FCC?

The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.

Re:still dont see

[ScrewMaster]

He's just pointing out the truth: it's your responsibility to secure the radio transmitter that you hooked up to your computer. It's not my my responsibility to avoid picking up your signals.

It's also my responsibility to lock my house's door every day, but that does not give anyone the right to open in and walk by my house, much less peak through my stuff or listen in my conversations, because I forgot to lock the door.

It's not the same, true, but leaving my wifi open is not an invitation to hack into transmissions, at best, its an open invitation for other users to also access the internet through it. I'm no lawyer, and even if I was I could not claim to know the laws in every single state, but its very likely if there are investigations going on that the states that have started them do have laws against hacking communications.

You're confused. Google in no way "hacked" anything (and the term "hacking", in this context, is a media-induced misnomer anyway. You're talking about "cracking".) Sure, if you locked your door and somebody went and picked the lock, that would be akin to hacking. If you put a sign on the outside of that door that says, "hey everybody, look at me, my name is Bob!", well, that's not akin to hacking. It's mere observation, which is pretty much what Google was doing. Google's scanners made absolutely no attempt to guess passwords, deliberately access confidential material or anything else, that seems pretty clear. They simply recorded what some users were foolish enough to broadcast in the clear. Broadcast, mind you. Complaining about this is like your local FM station getting irritated that you actually listened to it. If you put it out there, you have no leg to stand on if someone picks it up. Imagine the IT guy explaining to his boss how the company suffered a data breach because the IT guy couldn't be bothered to turn on WPA. "But boss, there's no way we had anything stolen ... it's illegal!" Sure, dude. Better polish up the resume'.

In any event, good security should stand up to basic scrutiny: if you can't guarantee that, you shouldn't be running a wireless router. Period. Google's not to blame here: clueless users and disinterested hardware vendors are.

My Gdd, why do you people expect to connect a radio transmitter to your computer and have your data protected by a law? Christ, laws don't protect you in this case: there's too much anonymity involved, too many people that simply don't care about such laws, because they will never, ever, be held accountable to them. The only protection you have is what you implement yourself. Personally, I have to thank Google for raising the profile of this very important issue: it's too bad that some people (you for one, apparently) don't get the point.

Interestingly, I've been modded "troll" repeatedly for stating the obvious. It looks as if a significant number of people believe that they should be able to just plug in that Linksys box, hook it up to their network using the (dangerously insecure) default settings, and not worry about security because, you know, the law will protect their confidential data.

Sorry folks, that's just not the way it works, not in the world that the rest of us live in. I'm going to assume that you are an individual that knows how to properly secure a wireless network, or at least has some idea how the technology actually works. If you are not, this is not a subject that you should weigh in upon until you learn more about it.

Re:still dont see

[joleonard1]

Do you actually think that driving down the street with a parabolic mic and recording people’s conversations is a legitimate thing to do? And does the claim that you’re doing it as part of a “population density study” somehow justify it? As opposed to doing it, say, for the purpose of collecting personal information? Most people don’t know how vulnerable they are when they use computers, the internet, Wi-Fi and so on. I’m old fashioned, I know, but I don’t think that means that exploiting their vulnerability is justified. You may be more sophisticated when it comes to using computers than most but there are still a great many people who are more sophisticated than you when it comes to law, finance, real estate and lots of other stuff. I bet you don’t enjoy it when they pull a fast one on you. I am not going to form a conclusion about this yet but, I think that the technicians working on Google’s behalf were probably aware of what they were receiving with their antennas, what was being recorded on their hard drives and what they were downloading to Google’s servers when they were done. If Google’s defense is something like “we made a mistake” and you buy that, well, what can I say but 'more power to you'.

Problem solved

[bennomatic]

I use WPA on my wifi, so they can't sniff. I do it because there are a lot of people out there who feel that a non-protected wifi link is theirs for the using. If you're worried about Google sniffing, then you should be more worried about people using your wifi to download torrents, bringing your connection under the watchful eyes of the RIAA and MPAA.

Re:Problem solved

[Itninja]

I use WPA on my wifi, so they can't sniff.

Oh, you're adorable.

Re:Problem solved

[vivian]

I use WPA on my wifi, so they can't sniff. I do it because there are a lot of people out there who feel that a non-protected wifi link is theirs for the using.

The problem is there are some people/organizations who run nodes that ARE free to use - so if you don't want people to use your network uninvited, the simplest thing to do is close the door as you have done. Even the very weakest encryption would be enough to indicate that you do not intend your network to be used publicly. Simply having SSID broadcast turned off with no encryption at all would also indicate you do not intend it to be public, however, if you have your router happily broadcasting it's SSID, with no encryption and transmitting strongly enough to be received by a car driving down the street, well that's basically saying "come use me!"

Although it is worth investigating exactly what information Google collected and why, that is not what the suit is going to be about - it's going to be a great big money grab by a bunch of lawyers on behalf of a bunch of people who couldn't be bothered to make their wireless networks private, and who lost absolutely nothing at all and were not damaged in any way by Google's actions. (Did Google start using captured credit card details or start spamming some private email address that was captured, or selling any of the private data that was captured other than perhaps the name and location of the node? I think not.)

Oh and for anyone who whines "oh not everyone is a geek who can understand how to configure a router"
RTFM! that's what it is for. It really isn't that hard!

Re:Problem solved

ltninja? Oh, what a precious name! Are you "TEH HAXOR"? Do you have "MAD SKIZZLES?" Can you tell me why Window$ won't open this file I got from T.P.B(.com wink wink you probably know what I'm talking about.)

Re:Problem solved

[morgan_greywolf]

Oh, you're adorable.

Think about it. Do you leave your front door unlocked? Seriously, just because WPA can be broken doesn't mean that it will, at least not by people who are honest. The difference between running an unencrypted WiFi AP and one protected by WPA is akin to the lock on your front door. Sure, the criminals can bust your door down if they want in bad enough, but the lock is sufficient to keep out all but those who are intent on committing a crime.

If someone breaks your door down, they can be charged with criminal breaking and entering. If someone hacks your WPA-encrypted WiFi, they can likewise they can be charged with unauthorized access of your network resources. Yes, in both cases if the lock didn't exist, the criminal could still be charged, but it's far less ambiguous with the lock in place.

Re:Problem solved

[Ungrounded+Lightning]

I use WPA on my wifi, so they can't sniff. I do it because there are a lot of people out there who feel that a non-protected wifi link is theirs for the using.

Members of the computer culture have long considered the permissions settings of things like file protection to be, not just a mechanical wall, but also an expression of the intent of the user. (This has been true essentially since permissions mechanisms with sufficient granularity to EXPRESS intent were deployed.)

In general they have honored the intent (or in some cases deliberately circumvented it - knowing they were doing so). Treating world-readable as "it's OK to look" group-readable as "it's OK to look if you're in this group", and so on (even if you COULD trivially "break the wall down"), means you don't have to spend time looking up the owner and asking every time you want to look at a file, use a service, and so on. Instead you only have to do it if the permission mechanism is locking you out (and thus you need to ask if it was an error and/or if it's OK to use it anyhow).

WiFi has such a mechanism built right in: Encryption for links you don't want to be used by the world. It's currently trivial to break, so it's the cybernetic equivalent of the hook on a screen door on a building in a public place: Yes, anybody could punch through the screen and unhook it in seconds. But the door being "locked" says the owner's intent (despite the welcome mat) is that nobody comes in without asking.

Running an open WiFi access point is a normal thing to do. And WiFi has no OTHER generally-recognized way to express whether the owner intends the particular access point to be open to the public or private.

Unfortunately, the manufacturers have chosen to distribute WiFi access points with the encryption turned off - to reduce service calls when people plug them in, try to connect, and hit the "locked screen door". And a lot of users buy them and have NO IDEA that there is a "door" that could be "latched" (and SHOULD be latched if they don't intend the public to wander through their living rooms).

As a result, many people are running open WiFi access points without intending to do so. And it's tempting for the legal system to "solve" this by treating any use of an open access point as an attempt to break into a private space, rather than expecting people to "latch their screen doors" if they didn't intend them to be used.

Re:Problem solved

[Itninja]

WPA 'security' is tantamount to locking ones front door with a hook-and-eye and a sticky note that says 'please don't come in'. I think it's ever-so-slightly better than nothing. Just like Wifi with WPA. But it's silly to make a statement like 'I use WPA so they can't sniff my network'.

Re:Problem solved

[morgan_greywolf]

Meh. You're thinking of WEP. WPA w/TKIP or WPA w/TKIP+AES is a bit better than a hook-and-eye and a sticky note; more like a cheap Chinese-made deadbolt from Walmart, while WPA2 Personal is more like a high-quality deadbolt made with hardened steel. WPA2 Enterprise + Radius is more like a bank vault with an electronic locking system.

Re:Problem solved

[MikeBabcock]

Your front door lock is easily defeated by anyone wanting in your house. Just ask a cop.

Locks are to keep honest people out. At that level, recent WPA versions are much more secure than house locks.

Re:Problem solved

[Itninja]

Whatever gets you through the night pal. WPA2 Enterprise + Radius is just fancy name for the sticky note. It's a digital form of security theater. If a hacked wants in, they can do so in about 15 minutes and leave no trace. I doubt even the greatest criminal mind the world can do that with the bank in your analogy.

Re:Problem solved

[Itninja]

You know 'it' can mean more than Information Technology right? Like maybe 'Italian'...

Re:Problem solved

[kirbini]

Think about it. Do you leave your front door unlocked?

Well, as a matter of fact I do. I haven't locked my car or set the alarm in over 10 years either (I own a 2009 Audi A3 and a 2006 Honda Accord if that matters). And yes, I also leave my WiFi open. Why? Because I can.

Of course I live in a town of 2200. The next nearest town is 15 miles of country driving. The nearest StarBuck is 25 miles away. I know the first and last names and job of every person in every house within a 2 block radius of mine and I trust every one of them. There has not been a single home burglary or car theft in the 3 years I've lived here and I bet that stat goes back further. Did I mention that my 20 mile commute to the datacenter I run takes 15 minutes?

Most importantly: I do not live in fear. I feel sorry for all poor suckers that do.

Google is fucked

[larry+bagina]

Legal or not, accident or not, there's only two facts that matter:

• States are desperate for money
• Google has money

The state Attorney Generals (Attorney's General for the pedants) can taste the green. They haven't been this rabid since the Big Tobacco lawsuits. I expect Google will make a big donation to "help educate people about identity theft" (read: prop pension plans and make sure state employees and their union masters are happy).

Re:Google is fucked

[BoberFett]

+1 Common Sense

Re:Google is fucked

[bennomatic]

Attorney's General for the pedants

Actually, it's Attorneys General; plural, not possessive.

Re:Google is fucked

Actually, it's Attorney's Generals, because in compound nouns, the second word is always the plural and a possession of the first (hence the apostrophe).

Re:Google is fucked

Ah, the eternal Slashdot question: moron or troll?

Why of why...

[Itninja]

...did Google ever voluntarily disclose they did this?

The proper actions are as follows: if your company makes a big mistake, you bury it. If someone finds out and makes an accusation, you deny it. If a whistle-blower goes to the paper, you discredit them. And if someone has proof you minimize it, cash out your retirement, and live like a king while the corporation implodes. This is a time-tested methodology.

Re:Why of why...

[Sarten-X]

"Do no evil" is a great motto, except we're living in a world where evil is expected and normal. Anything abnormal is suspicious.

Re:Why of why...

[sangreal66]

It really wasn't voluntary. Go back and read Google's disclosure again. They were under investigation by Germany on the matter. They originally told the investigators that they don't collect any payload data. Not satisfied, Germany demanded Google audit the data they had stored at which point Google fessed up to saving all the payload data. Really the only voluntary part was announcing it to public in a positive light instead of waiting for the news to break independently.

Re:Why of why...

Not satisfied, Germany demanded Google audit the data they had stored at which point Google fessed up to saving all the payload data.

Oh, wait. You mean, Google audited the data, discovered the mistake, and then announced it? How else were they supposed to announce it? By warping back in time preceding the demand?

Do you understand what audit means?

Re:Why of why...

[Itninja]

Like I said..it was voluntary. A self-audit is not an audit. They could have easily said 'yep we audited it and there's not data there!'.

Re:Why of why...

[AHuxley]

To get out in front of a story in their own way.
The idea that they had a few local German and Irish data issues but they where in the past and done.
The story would have then lost all traction.
When that failed they rolled out the mistake line and stonewalled.
When it became global, more of the mistake lines and some more stonewalling.

Re:Why of why...

They could have...not denied doing it in the first place.

But they did.

Leave it alone

[itsphilip]

Call me naive, but I trust Google. I've been using Gmail since late 2004. I just migrated away from the iPhone after three years; I now have a Nexus One as my primary phone. My calendar, my contacts, etc. are in the Google cloud. And guess what? They've never done ANYTHING to erode my trust in them. In the age of telecom companies trying to cap mobile data plans, and place arbitrary restrictions on IP-delivered media content, Google is busy trying to roll out fiber and generally make the Internet better. I believe that not only do they live by their "don't be evil" mantra, but that they realize the days of the free Internet may be numbered. They're doing their best to save the Internet as we know it. Granted, they have something to gain. But other companies' failure to evolve leaves the door wide open for a company which we should trust far more than AT&T, Time Warner, etc. to preserve the landscape that slashdotters are so eager to protect. The tag is correct, it's a witch hunt. Google admitted their mistake, we move on.

Re:Leave it alone

Don't forget the Data Liberation Front. Google Earth. Sketchup. Android as a viable and open alternative to the iPhone platform. Gmail's crazy high storage limits. Google Voice and expedited Voice accounts for military, then students. Lobbying the government and speaking at federal hearings to emphasize the importance of a free Internet.

Most companies might have one big pro-consumer initiative every few years, maybe. Google seems to have a new one every quarter or two. It's completely unbelievable. If this happened in a movie, it would be too far-fetched to hold anyone's interest.

Think about where the Internet would be right now if Google had never existed. Some of these things, a company might come up with at some point, but most of them would never have ever happened. Does anyone realize just how far-fetched Android is?

Re:Leave it alone

Yep, you're naive. Anyone who can't see that Google is effectively part of the NSA is blind. They're taking over DNS, they've scouted all wifi signals in the US, they're tied into commercial networks of most vendors. And the best part: fools like you "believe" in them.

Re:Leave it alone

Call me naive, but I trust Google.

This is beside the point, though. The people whose plaintext was intercepted by Google, trusted everyone. They trusted their neighbors, they trusted their government, they trusted foreign governments, they trusted transients, and they trusted any enemies that they happen to have in their lives. Google's trustworthiness isn't really an issue here. The people were freely sharing the information with anyone who wanted it.

When people heard about this story, they had a startled reaction. That's good. What's bad is that they started talking about what forces to bring upon Google, rather than what forces to bring upon their Access Points.

Re:Leave it alone

Just remember, all it takes is one ex-girlfriend to delete all your email, calendars and phone contacts forever.

Here's still waiting for the Google Backup DVD.

Re:Leave it alone

They've never done ANYTHING to erode my trust in them.

...yet.

There's no guarentee they won't decide they have a goldmine of data and start selling some off.
Or have "data breach".
Or implement a new, privacy-invasive opt-out feature.

They've already got their hands dirty with the Double-click acquisition.

This curious concern I have...

[Masque]

Does it not seem odd that the Government's reaction to the potential invasion of privacy by a corporation is to... insist upon seeing all of the data?

Re:This curious concern I have...

[nbossett]

Why would it be funny/unusual for the government to ask to see evidence if there's an allegation or confession of possible misconduct?

Re:This curious concern I have...

[KahabutDieDrake]

Largely because in the past 50 years, they have seldom done so even for the most obvious and egregious acts by corporations. Also maybe because it isn't their job or preview to investigate unless it's a national issue of grave import. I hardly think this qualifies, compared to NSA/ATT merger. Or a dozen others we could all name.

Only Because...

Political Officials are paranoid that their own activities have been documented/logged.
That is why this has been rushed to investigation. I believe collecting such data should be forbid. Why they do not investigate the internal dealings between our government, associated entities like Halibutons purchase of a gulf clean up company just months before the spill happened. And BP's own internal, odd, change in policy/practices that caused the actual drill to heat up before the oil spill took place is a mystery to me. Yes the living platform workers made these claims about BP. Either way you look at it. Lack of wanting to investigate BP or the rush to probe Google data collections all points to one thing. Secretive activities being kept in the dark by our paranoid government. So much for a transparent government. You can bet that I have zero doubt in my mind going off of patterns that can be seen over and over again by these corporations and our government.

I for one want to see Google burn for this.

Sorry to disappoint all the Google fanboys, but I really hope Google burns for this. I am sorry that none of my hardware is TEMPEST/ USA NSTISSAM Level I shielded, but that doesnt mean that my data should collected by Google. I shouldnt HAVE to use WEP or WPA. With enough amplification and focus my "public" data can be collected, data that is coming off my keyboard, my cables, my kids Wii and DSi, but hey why stop there, since our bodies are emitting all sorts of energy and since building materials are only partially effective at blocking that energy, the extent of privacy invasion becomes a simple matter of signal amplification and filtration. The line has to be drawn somewhere at a "reasonable expectation of privacy" and I hope it costs Google a metric shitload of money to find that out. Timing sure is perfect for this - most states and local governments are financially strapped, and its just a matter of time before Civil Class action will pile on top of that.

Re:I for one want to see Google burn for this.

[hawguy]

I thought the line was if you are intentionally broadcasting plaintext traffic that can be picked up by any legal receiver, then you have no expectation of privacy. None of the other examples you gave would reasonably be expected to be picked up by someone outside your hours, but if you read the owners manual for your Wifi access point, you know that unencrypted means anyone can pick it up.

You have nothing to fear from Google catching a few packets of traffic when they are driving by, but from a real hacker who is searching your streams for passwords, credit card numbers, social security numbers, etc.

Re:I for one want to see Google burn for this.

[AHuxley]

You where not broadcasting plaintext traffic to Google.
Maybe it was the web, yahoo, email ect.
A smart person may have no expectation of privacy, but the laws still cover you in some parts of the world.
They did not test their collection system after knowing local laws and kept the data.

Re:I for one want to see Google burn for this.

[Sabriel]

You where not broadcasting plaintext traffic to Google

everyone within range of your radio signal. It does not stop at your property boundary just because you wish it so, nor does it carry any indication that it should not be read (with the possible exception of an appropriately worded SSID). The response is not, "do I listen to this broadcast", but rather, "is it ethical for me to relay, profit from, or continue listening to, this broadcast"?

NSA

[Syntroxis]

Wanna bet that nothing happens 'cause Google was mapping WIFI for the NSA?

Re:NSA

You wish. The only reason we're hearing about this is because governments want the data so they can go fishing.

Consolidation of Lawsuits

[Alanonfire]

I'm not sure where all the lawsuits are coming from, but requesting civil lawsuits being moved to a specific location seems like bullying to me. The same tactic Microsoft was slammed on this page for a while back in India or China or where-ever they were fighting with people. I realize it was MS going after people and its people going after Google, but the crime should be tried where it took place.

It seems like they hope those people would drop the case if it meant an extra expense for them.

Re:Consolidation of Lawsuits

[ducomputergeek]

I'm not sure how they can all be moved to california. If they sniffed the wifi in > and the plaintiff is in >, it would seem as though the plaintiff could argue that the jurisdiction for the tort claim would be >, especially if google was in violation of a > statue.

> = pick a state, any state.

Why consolidate

[FuckYourKarma]

They have that nifty 757 parked next door at Nasa. They can afford the commute(s).

Fusion Centers

[solweil]

The states just want the technology for the spying activities of the various fusion centers.

Witchhunt?

[Montezumaa]

Give me a break. This is just like Google going around, opening people's mail that is sitting in mailboxes. That is a crime and so is skimming data from networks that they are attached to. The law does not require a person to secure their data to turn unauthorized access into a crime; it is always a crime.

I also want to know why Google believes it has the right to map WiFi networks. Who are they to think they(Google) has the right to locate and map out the locations of WiFi routers around the world? Google is wrong in this and I want to see them pay(legally and civilly).

Re:Witchhunt?

[somenickname]

No, this is like Google driving around on public roads with a tape recorder stuck to the roof to create a Google Street Sounds component to their maps. They didn't open, tamper with or otherwise go out of their way to invade anyones privacy. Now, IANAL so, it's entirely possible that driving with a tape recorder affixed to your car is illegal.

Re:Witchhunt?

Okay. You open up your laptop and try to connect to your friend's wireless. Oh, there's a wireless next door.

You just broke the law in your own words. You should pay the neighbor 50% of your salary for the rest of your life plus attourney fees. Enjoy.

Re:Witchhunt?

[Local+ID10T]

I also want to know why Google believes it has the right to map WiFi networks. Who are they to think they(Google) has the right to locate and map out the locations of WiFi routers around the world? Google is wrong in this and I want to see them pay(legally and civilly).

Funniest post ever. ...what? You were serious? Oh... You mean that you actually don't understand why maps are made? Or why map making is generally accepted as a benefit to society? Or how they can be useful? Or is it that you don't see the value of maps that correlate physical locations with the radio signals received (hint, its like street signs for wireless devices.)

Re:Witchhunt?

[Montezumaa]

Perhaps Google should map out the firearm owners in the United States, or perhaps they should map out where thieves can find the best places to loot. The fact is that Google has no right to map out where all the WiFi routers in the world are, nor do they have the right to obtain any information from my wireless router. Secured or not, Google has no right to collect this data.

Re:Witchhunt?

[Montezumaa]

Simply connecting to a friend's wireless router is not a crime. If I attempt to connect without the permission of the router's owner, then it is wrong of me. What is a crime, without any room for argument with your bad analogies, is that accessing data without permission is a crime. Since you are obviously not a lawyer, nor would ever be intellectually capable of being one, I see no reason to try and discuss this with you further.

Just accept that the legislature of each state has set laws, based on the interest of the citizenry and various interest group, and that Google must conform to all the laws within a given state where they are operating these cars. I do not know what other state laws cover, but Georgia law makes what Google did illegal(more so the data collection, than the accessing of wireless routers, but they are both crimes).

Mail in a mailbox is unsecured, but if you open a letter that is not addressed to you, you are committing a crime. While I secure my wireless router(security which can be beat by a kid with a few internet searches), the law does not require me to secure my wireless connection to provide me protection from unlawful data access(at least not in my State).

Or BP?

[Weezul]

Or maybe BP hoping the oil spill gets out of the news sooner?

Google is ruined it for everyone.

[n00btastic]

I would bet the life of my cat that this is going to lead to the criminalisation of wardriving. Thanks Google for being douche bags. An accident you say? Yeah right.

One major distinction

[mathimus1863]

I imagine that Google's actions are legally distinguishable from wiretapping laws, since they did not access hardware, they only passively recorded information that was visible from public locations. If they had communicated with and established an IP addresses with network routers, it would be a completely different story.

While it would appear to be ethically fuzzy to collect such data, it may be legally sufficient to demonstrate that such information was being transmitted over public areas, and since no "unauthorized access" was gained into any private networks, there was no legal breach. I'm not saying they should've collected the data. But if a woman prances around in her living room naked with the blinds open, my decision to view it from the street should not be subject to peeping-tom laws.

Jump on the Bandwagon!

[Local+ID10T]

Hurry! Hurry!
Step right up!
Get your tickets here!
Come one, Come all!
Plenty of room, no pushing please.

The decline of society

[dave562]

When society turns upon itself and starts to cannabilize the productive parts of itself, doom can't be too far away. It makes me sad that in the land of plenty, our state governments are so starved for resources that they have to go after Google to generate revenue.

This which hunt has nothing to do with really protecting privacy and everything to do with trying to fine Google. If the states were concerned about privacy they'd be up in arms over the PATRIOT Act.

In Canada ...

[cacba]

we treat the investigation as an opportunity to create jobs. I predict that our report adds nothing but a bill.

Do they really think this is good PR?

It is wireless sniffing.

So what you're saying is that people cannot expect to have a private conversation in their own home. Are you sure that's the world you want to live in? Can I set up a laser scope and monitor your window vibrations from across the way to listen in to what you're saying? Afterall, that window is visible by anyone, so why should you expect privacy from the way it moves according to the noise inside?

What you're failing to grasp is that just because there is no password on the WiFi network doesn't mean that access is being granted to everyone and anyone. If I leave my house unlocked, are you authorised to enter without my permission? No. Now I may have problems with an insurance claim if you remove something from my premises and I didn't take due care to protect it, but that doesn't mean you weren't respassing.

What needs to happen here is like what happened in the early 1990s, when hackers abused "guest" accounts, etc. Something needs to go to court and the court needs to rule on whether or not not having a password is an open invitation for anyone to use the wireless network. I can quite easily see it saying no because just because you can does not equate to being authorised to do so.

People need to understand that there is a difference between "being able to do something" and "being authorised to do something."

If you're a systems administrator on a Unix platform, do you just read anyone's email because you can? No. Do you snoop people's traffic on your router(s) to see what they're doing? No.

Just because you can do something does not mean you should.

If I ran a wireless network without a password and I had evidence that Google had connected to it, right about now I'd be talking to a lawyer about suing them in civil action and getting advice on pressing criminal charges.

It doesn't matter that everything is "broadcast", connecting to a wireless network is akin to logging in via telnet/ssh.

Now if all that Google did was run "net Stumbler", it might be different, but that program doesn't record email addresses, passwords, etc, so it would appear they used something else.

Shame on Google.

Re:It is wireless sniffing.

[phyrexianshaw.ca]

What!?

why does everybody keep coming up with such bullshit analogy's? what you're saying would be the same as putting a wired router on a premise with a pile of network cables plugged into it and leaving a lengthy cable at the edge of your property "so you could use it when you wanted". then suing somebody for picking it up and plugging it into their laptop to seeing what kind of router's present, the WAN IP and some random network details. THAT might be illegal.

a wireless router asks in the channel via broadcasts what frequencies it's allowed to communicate with. from there an unencrypted router begins broadcasting all the details for how to connect to it freely and what it's got available. the computer "connected" to the router just broadcasts it's packets into the channel and tags them "hey, this is intended for [router] if this isn't you, please drop me!"

it's an RFC compliance issue not to drop them. it's NOT illegal.

had the packet contained encrypted contents and was divulged at a later date FOR THE INTENTION OF REVERSING THE ENCRYPTION, that would also be illegal. but storing what was send directly to you: not illegal.

Naive employee?

You are naive.

Very.

Do you also happen to work for Google? It sure sounds like it.

The excuse is disappearing

"Not everyone is a geek who can understand how to configure a router" is dwindling as a valid excuse as time goes on. WPS (Wifi Protected Setup) has been available for a while now and it's so disgustingly easy to set up a secure WPA 2 connection.

Wi-Fi Protected Setup with Push Button Configuration:

1. User activates AP
2. User activates client device
3. A network name (SSID) is generated automatically for the AP and broadcast for discovery by clients
4. User pushes buttons on both the AP and client device.
Done!

The steps above are taken from http://www.wi-fi.org/files/wp_18_20070108_Wi-Fi_Protected_Setup_WP_FINAL.pdf

That just annoys me to no end. When I first started setting up Wifi connections i had to come up with my own SSIDs and authentication keys... in the blowing snow, uphill and all that!

Re:The excuse is disappearing

[MikeBabcock]

For people in the Microsoft world, there's been Windows Connect Now for a while too. Compatible devices are configured by transferring settings from the computer to the router via USB stick.

That said, personally I much prefer knowing whats going on but nobody should complain that its difficult with a decent device anymore.

However, my main wireless complaint these days is that the vast majority of devices want to run in a speed boost mode utilizing channel 6 and neighbouring channels for better performance at their highest power rating, instead of taking an under-used channel and avoiding congestion.

Re:The excuse is disappearing

[Hatta]

That was never a valid excuse. If you don't know how to configure a router, learn or don't use one.

for another way

[Wedding+dresses+now]

Why is it subject to judicial control. It's like driving on the street with a tape recorder and a parabolic microphone, recording of conversations that people in a study of population density and the mistake someone can have in your garden, his CC # crying on the phone. It should be governed by the Privacy Act of thumb: If you do not want to spend time and energy to install the encryption somehow do not expect privacy (than trying not if, the voyeurs, or if you are naked in the sun in the front yard close to the road block not be surprised, once sent a / b). Even the window now warns you when you try to connect to unencrypted AP. If anyone should be prosecuted for this, the producers continue to access points with default encryption settings, distribute, and see how it flies. wedding dresses

Google is clearly wrong, and they will pay for it

[jmcbain]

Google was clearly wrong in illegally collecting this wifi data. Didn't your mom ever teach you basic ethics? Just because you can do something doesn't mean you should do it. Suppose you left your house unlocked, and I went in and stole everything inside; sorry, buddy, you shouldn't have left your house unlocked, thereby inviting me in take everything. You see, in America and other parts of the world, we live in a civilised society, and civilised people do not go around taking advantage of other people's mistakes like Google. If you can't plainly see this, then you need to GTFO and go back to whatever Taliban-infested country you come from, because the civilised adults are talking here, m' kay?

A lot of you neckbeards will complain that people shouldn't leave their wifi unencrypted. I've got news for you, neckbeard, a lot of people don't know what that means, that's why they hire you neckbeards for $10/hour to do it for them. In summary, Google did something wrong, and they will be punished for getting caught with their hands in the cookie jar. It's funny that they only came out and admitted this after Germany caught them. Sorry to disappoint you Google fanboys, all three of you.

If Microsoft or the government did this

[jmcbain]

you'd be bitching and whining about it until your lungs bled. The only reason you're defending Google's reprehensible actions is because you're deeply in love with Google. Indeed, imagine for a moment if the government were going around sniffing wifi data in the name of "protecting the children" or if Microsoft did it for "collecting data to improve the Windows experience." You'd cry all day and night saying that they have no right to do so. But no, you love Google so much that you can't even see straight. What Google did was wrong, plain and simple.

Re:If Microsoft or the government did this

[AltairDusk]

First off, Google didn't go around with the purpose of collecting and analyzing your communications as you imply with your government and Microsoft examples. Google's goal was taking pictures for their streetview service and locating wifi networks to use for geolocation, a fairly common practice.

Were Microsoft doing the same thing for Bing maps I wouldn't fault them either. It has been said here time and time again you cannot expect privacy and security when you are openly broadcasting your network data out into the street and beyond. If the government actually wanted to serve the people and be useful in this situation they would start an educational campaign using this as an example (I'm sure Google would pitch in too) and educate the general public about the need to secure their wireless networks.

Re:If Microsoft or the government did this

[sexconker]

First off, Google didn't go around with the purpose of collecting and analyzing your communications

Actually, they did. They chose, configured, deployed, and ran the software that let them do this. They had to store and archive all of those raw packets. They did it for over 3 years. Are you naive enough to think it was all an accident?

Google's goal was taking pictures for their streetview service and locating wifi networks to use for geolocation, a fairly common practice.

All Google needed to map open WiFi access points was a 5-column table: ID, LOCATION, SSID, ENCRYPTION_SCHEME, DATE_SEEN

Re:If Microsoft or the government did this

[ScrewMaster]

you'd be bitching and whining about it until your lungs bled. The only reason you're defending Google's reprehensible actions is because you're deeply in love with Google. Indeed, imagine for a moment if the government were going around sniffing wifi data in the name of "protecting the children" or if Microsoft did it for "collecting data to improve the Windows experience." You'd cry all day and night saying that they have no right to do so. But no, you love Google so much that you can't even see straight. What Google did was wrong, plain and simple.

Read what I said, dimbulb. Frankly, I wouldn't care if the Feds tried it, or Microsoft or anyone else ... I happen to believe that if you broadcast information in the clear you have zero, and I mean zero, right to complain if someone intercepts that transmission. Period. You're truly dimwitted if you believe that it matters what the law says when it comes to radio transmissions. Look buddy ... you put it out there and if somebody picks it up and uses it against you it's because you fucked up.

I look at this as being a classic example of people trying to shift blame and feeling that the law should afford them more protection than it possibly can. If the idiots who ended up in Google's logs had turned on encryption none of this would have mattered. But they didn't: there are untold numbers of wide-open access points there because the owners of said WAPs couldn't be bothered protect themselves. Their bad, not Google's. If it wasn't Google, it would have been somebody else, somebody that might be a hell of a lot more unscrupulous than a Google.

So yeah, Google screwed the pooch on this one, and it's unlikely they'll make that mistake ever again. And that's fine so far as it goes. And yes, Google's experience here may convince other entities not to try something similar (may, I say.) Either way, would you really feel secure running an open access point jacked right into your home network, regardless of what the law says? Really?

I disagree with you that Google did anything "wrong". Illegal, possibly, depending upon the locale, but that's not the same thing as wrong. Personally, I think that the law shouldn't even be involved here. Don't want your neighbors, the government or a large corporation to snoop on you? Then don't connect a powerful radio transmitter to your computer and there won't be a problem. Oh, you want the power and convenience of wireless technology, but don't want to have to learn how to use it properly? Well, then you can damn well take the consequences of your ignorance. Government has a legitimate interest in allocating spectrum use by various transmission sources: they shouldn't be telling anyone what they can and cannot receive. Certainly not in the era of pervasive encryption.

Keep in mind that Google made no attempt to crack or break into any system. No dictionary attacks, no attempt to decode encryption keys. All they did was record (accidentally, so they say) what was being broadcast by equipment using insecure manufacturer default settings. Yes, I agree that cracking should be illegal. Picking up unencrypted broadcasts should not.

What you're really saying is that the government (any government) should try to protect people who are too stupid to use a computer.

I'm naive and love huge corporations, too

[jmcbain]

Call me naive, but I trust Microsoft. I've been using Hotmail since late 2004. I just migrated away from the iPhone after three years; I now have a Windows Mobile smartphone as my primary phone. My calendar, my contacts, etc. are in the Microsoft cloud. And guess what? They've never done ANYTHING to erode my trust in them. In the age of telecom companies trying to cap mobile data plans, and place arbitrary restrictions on IP-delivered media content, Microsoft is busy trying to roll out fiber and generally make the Internet better. I believe that not only do they live by their "I'm a PC" mantra, but that they realize the days of the free Internet may be numbered. They're doing their best to save the Internet as we know it. Granted, they have something to gain. But other companies' failure to evolve leaves the door wide open for a company which we should trust far more than AT&T, Time Warner, etc. to preserve the landscape that slashdotters are so eager to protect. The tag is correct, it's a witch hunt. Microsoft admitted their mistake (the whole monopoly thing), we move on.

Shouldn't they...

[reverendbeer]

...be launching a joint probe into ACTA? That's a little more invasive and worthy of investigation, imho.

Re:Google is clearly wrong, and they will pay for

Neckbeard? Not sure what facial hair has to do with anything, and if its an attempt at trolling, well, you got me to bite. Your premise of "I didnt know, they should have known better, they should be punished" leads down a dark path to a complete nanny state (much the way the US is headed) where every little thing is nit-pickingly regulated to make sure no ones feelings are hurt. Sorry, but if you dont know any better, you should investigate/learn/think about it before diving in head first, or pay someone to do it right for you. "I didnt know any better than to wire $5000 to the nigerian I never met until I got the random email claiming I would get 10% of the $50000000 from his dead father, a prince, in return for helping him pay the transfer fees to get it out of the country...." Claiming stupidity is lame and leads to lazy people suing everyone for anything that makes them feel bad. As the OP suggested, maybe they should go after the WiFi access point manufacturers that allow and even default to open access? Windows even alerts "Hey, you know the access point you are connecting to is not encrypted, your data can be sniffed, impersonated, etc..." stupidity is the worst excuse and is clearly not viable, "Ignorantia juris non excusat". Im not a google fan boi, what they did was dumb, there was no need for the data to be saved, but at the same time they didnt use it, and admitted they did have it rather than try to cover it up.

Your analogy is also broken. An open wifi ap broadcasts that is open and available, a closed door (AP not broadcasting is SSID, or one thats at least WEP encrypted) does not. It would be more like you leaving your house unlocked, door open, while standing in your yard with a bullhorn inviting people to come in and photograph stuff. Google didnt "Steal" anything from anyone, they got copies of packets of unencrypted broadcast data. As to what someone Should do vs can do, many many companies Should (according to socially accepted terms in the US) do better things, like concentrate more on being a good company than a profit centric corporate giant only working to appease shareholders. However this is not illegal. Morality and ethics has little to do with code of law. In fact, Morality is exactly how the Taliban works too, simply their idea of what is moral is different from that in the US.

Blumenthal

[chowdahhead]

I think this is a partly a result of the midterm elections; officials need to give the appearance that they are working hard for their constituents. Voters tend to suffer from long term memory loss. The other side to this is Blumenthal, who's not universally popular in CT for being a bit too rhetorical and somewhat hypocritical. He has been particularly aggressive towards easy targets, namely the tobacco industry, with which he brokered the $200B settlement, and was then later found to have accepted campaign contributions from that same industry.

Re:Google is clearly wrong, and they will pay for

[danmart1]

Clearly wrong? Definitely. They even admitted it. The legality is the topic in question. Is it illegal to go into someone's house if they leave it unlocked? Yes, a little, but that's not really accurate. It's more like they opened up your car door that you left unlocked. Which is a little harder to make stick. Ethics and illegal don't belong in the same argument. There are many things that are perfectly legal that are very unethical, and vice versa. Also, ethics are as much an individual trait as they are a social one. Just because you think something is unethical doesn't mean everyone else does. A general observation, not a comment on this situation. Finally, I would call your racist comments and slurs far more unethical than anything Google's has done. Your ignorance and hypocrisy have no place here. I hope that you will heed your own advice.