Slashdot Mirror

← Back to Stories (view on slashdot.org)

States Launch Joint Probe of Google Wi-Fi Snooping

Posted by Soulskill on from the not-going-away dept.

CWmike writes "As many as 30 states could join an investigation into Google's collection of personal information from unprotected wireless networks, Connecticut attorney general Richard Blumenthal announced today. Google's response was similar to what it said earlier this month: 'It was a mistake for us to include code in our software that collected payload data, but we believe we didn't break any US laws. We're working with the relevant authorities to answer their questions and concerns.' Google already faces investigations by privacy authorities in several European countries, including the Czech Republic, France, Germany, Spain and Italy. In the US, Google faces multiple civil lawsuits, and the company has been asked for more information from several congressmen as a preliminary step to a legislative hearing. Google has asked that the lawsuits be consolidated and moved to a California federal court's jurisdiction."

24 of 134 comments (clear)

  1. still dont see by Tmack · · Score: 4, Insightful
    Why this is being given such legal scrutiny. Its akin to driving down the street with a tape recorder and parabolic mic, recording whatever conversations people might be having as part of a population density study, and accidentally recording someone in their front yard yelling their cc# into the phone. It should fall under general privacy law: if you dont spend the time/energy to setup encryption of some form, dont expect privacy (same as if you dont try to block peeping toms, or if you go sunbathing nude in your front yard next to the street, dont be surprised to find yourself posted to /b). Even windows warns you now if you try to connect to an unencrypted AP. If anyone should be sued for this, sue the manufacturers that distributed the APs with a default configuration of no encryption and see how well that flies.

    Tm

    --
    Support TBI Research: http://www.raisinhope.org
    1. Re:still dont see by ScrewMaster · · Score: 2, Informative

      Why this is being given such legal scrutiny.

      I think Google is seen as being a bit too successful and there are a lot of companies that would like to see Page & Brin taken down a notch. I wouldn't be the least bit surprised to find Microsoft's hand behind some of this.

      And just what drain-bamaged individual modded the parent post troll? He's just pointing out the truth: it's your responsibility to secure the radio transmitter that you hooked up to your computer. It's not my my responsibility to avoid picking up your signals. The truth is, when it comes to security the law cannot protect you. Just like cops can't protect you from having your house broken into and your wife and daughter raped. All the law can do is try to pick up the pieces afterwards and maybe offer some redress.

      Google screwed up here, but only by gauging the collective intelligence of the world's politicians to be much higher than it really is.

      --
      The higher the technology, the sharper that two-edged sword.
    2. Re:still dont see by _Sprocket_ · · Score: 2, Insightful

      Why this is being given such legal scrutiny.

      "I say! There's a bandwagon out there and we're not on it!"

      "Are people paying attention to it?"

      "Whole throngs of people."

      "I'll get my hat..."

    3. Re:still dont see by ascari · · Score: 2, Funny

      Google == Big Juicy Target. Do you see now?

    4. Re:still dont see by Angst+Badger · · Score: 2, Interesting

      I'd have modded the parent +1 Insightful, but the truth is that it wasn't actually insightful; it was obvious. If you are broadcasting an unencrypted signal beyond your property line, you are doing just that: broadcasting your data to everyone in range. Complaining when someone actually receives that broadcast is a bit like putting a billboard in your front yard and complaining when people look at it. There should be absolutely no expectation of privacy in this situation, especially when there is no way to tell the difference between an access point left unsecured because of ignorance and one left unsecured for the express purpose of sharing the connection.

      All we have here are a bunch of state attorneys general preying on the ignorance of the general public to prosecute Google for reading public messages in order to boost their reelection prospects. Some of them might have started with honest intentions out of their own ignorance, but they've all had enough time at this point to learn the bare basics of WiFi. It would have been nice if Google had taken greater care in its actions, but even if they had intentionally captured every last byte they could suck out of the air, there would have been no wrongdoing.

      --
      Proud member of the Weirdo-American community.
    5. Re:still dont see by Graff · · Score: 2, Interesting

      Why this is being given such legal scrutiny.

      It's very simple: election time.

      Richard Blumenthal is in the race for Christopher Dodd's Senate seat and so he's using any issue to put himself in the news. Google is a big name and by going after them Blumenthal can get his name splashed across tons of news outlets for some free publicity.

      --
      Sapere aude!
    6. Re:still dont see by schwit1 · · Score: 3, Insightful

      How can it be illegal in 'some states'? isn't this the jurisdiction of the FCC?

    7. Re:still dont see by murdocj · · Score: 3, Insightful

      For god's sake, the whole "I was walking down the street and happened to intercept unecrypted wifi" argument is utterly ridiculous. No one "happens to intercept" wifi. You have to actively snoop. If you want a better analogy, try "I walked down the street and opened up people's mailboxes and read their letters. But they had it coming to them, they didn't have lockable mailboxes".

      Google screwed up. Period. If they had simply done what they claim they wanted to do, and only recorded header information, this just wouldn't be an issue. If anyone else drove a fleet of vans around intercepting wifi, people on Slashdot would be going nuts, but because it's the cool company, all is forgiven.

    8. Re:still dont see by PopeRatzo · · Score: 4, Insightful

      Why this is being given such legal scrutiny. Its akin to driving down the street with a tape recorder and parabolic mic

      Actually driving down the street with a tape recorder and a parabolic mic recording conversations should be illegal. If I'm standing on my porch having what I think is a private conversation with someone and someone in a car is recording that conversation with a parabolic mic, it sounds like an invasion of privacy to me. Just because something is done "in public" shouldn't mean that it's meant for public consumption. And if it that private conversation is being used for financial gain, then it's even more egregious.

      Driving by my house and taking a picture is one thing. Driving by my house and recording private conversations is another.

      It's strange that some of the same people who would shit themselves with anger if the government was doing this think it's just peachy if a transnational corporation does it.

      --
      You are welcome on my lawn.
    9. Re:still dont see by Jurily · · Score: 2, Informative

      How can it be illegal at all?

      Google is using public resources to gather data. It's what they do.

      If you broadcast an SSID to an unencrypted network, it's a public resource, plain and simple. Just because you were too stupid or lazy to do something about it doesn't mean Google's at fault here.

      What next, whine because they spider your web page?

    10. Re:still dont see by TheRaven64 · · Score: 2, Insightful

      It's more like, "I was walking down the street and happened to overhear the residents yelling loudly from their porches." If you happen to be walking down the street with a wifi-capable device, you might capture some data, too.

      Exactly. The original poster's analogy was correct. It's fine to walk down the street and accidentally overhear a conversation. It's not okay to walk down the street with a tape recorder and a parabolic microphone and record everything that anyone says. The problem isn't the 'interception' of WiFi signals, it's the storing of massive amounts of aggregate data.

      --
      I am TheRaven on Soylent News
  2. Problem solved by bennomatic · · Score: 3, Insightful

    I use WPA on my wifi, so they can't sniff. I do it because there are a lot of people out there who feel that a non-protected wifi link is theirs for the using. If you're worried about Google sniffing, then you should be more worried about people using your wifi to download torrents, bringing your connection under the watchful eyes of the RIAA and MPAA.

    --
    The CB App. What's your 20?
    1. Re:Problem solved by Itninja · · Score: 3, Funny

      I use WPA on my wifi, so they can't sniff.

      Oh, you're adorable.

      --
      I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
    2. Re:Problem solved by vivian · · Score: 3, Insightful

      I use WPA on my wifi, so they can't sniff. I do it because there are a lot of people out there who feel that a non-protected wifi link is theirs for the using.

      The problem is there are some people/organizations who run nodes that ARE free to use - so if you don't want people to use your network uninvited, the simplest thing to do is close the door as you have done. Even the very weakest encryption would be enough to indicate that you do not intend your network to be used publicly. Simply having SSID broadcast turned off with no encryption at all would also indicate you do not intend it to be public, however, if you have your router happily broadcasting it's SSID, with no encryption and transmitting strongly enough to be received by a car driving down the street, well that's basically saying "come use me!"

      Although it is worth investigating exactly what information Google collected and why, that is not what the suit is going to be about - it's going to be a great big money grab by a bunch of lawyers on behalf of a bunch of people who couldn't be bothered to make their wireless networks private, and who lost absolutely nothing at all and were not damaged in any way by Google's actions. (Did Google start using captured credit card details or start spamming some private email address that was captured, or selling any of the private data that was captured other than perhaps the name and location of the node? I think not.)

      Oh and for anyone who whines "oh not everyone is a geek who can understand how to configure a router"
      RTFM! that's what it is for. It really isn't that hard!

    3. Re:Problem solved by morgan_greywolf · · Score: 2, Informative

      Oh, you're adorable.

      Think about it. Do you leave your front door unlocked? Seriously, just because WPA can be broken doesn't mean that it will, at least not by people who are honest. The difference between running an unencrypted WiFi AP and one protected by WPA is akin to the lock on your front door. Sure, the criminals can bust your door down if they want in bad enough, but the lock is sufficient to keep out all but those who are intent on committing a crime.

      If someone breaks your door down, they can be charged with criminal breaking and entering. If someone hacks your WPA-encrypted WiFi, they can likewise they can be charged with unauthorized access of your network resources. Yes, in both cases if the lock didn't exist, the criminal could still be charged, but it's far less ambiguous with the lock in place.

      --
      My blog
    4. Re:Problem solved by MikeBabcock · · Score: 2, Informative

      Your front door lock is easily defeated by anyone wanting in your house. Just ask a cop.

      Locks are to keep honest people out. At that level, recent WPA versions are much more secure than house locks.

      --
      - Michael T. Babcock (Yes, I blog)
  3. Google is fucked by larry+bagina · · Score: 4, Insightful
    Legal or not, accident or not, there's only two facts that matter:
    • States are desperate for money
    • Google has money

    The state Attorney Generals (Attorney's General for the pedants) can taste the green. They haven't been this rabid since the Big Tobacco lawsuits. I expect Google will make a big donation to "help educate people about identity theft" (read: prop pension plans and make sure state employees and their union masters are happy).

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

    1. Re:Google is fucked by bennomatic · · Score: 4, Informative

      Attorney's General for the pedants

      Actually, it's Attorneys General; plural, not possessive.

      --
      The CB App. What's your 20?
  4. Leave it alone by itsphilip · · Score: 5, Interesting

    Call me naive, but I trust Google. I've been using Gmail since late 2004. I just migrated away from the iPhone after three years; I now have a Nexus One as my primary phone. My calendar, my contacts, etc. are in the Google cloud. And guess what? They've never done ANYTHING to erode my trust in them. In the age of telecom companies trying to cap mobile data plans, and place arbitrary restrictions on IP-delivered media content, Google is busy trying to roll out fiber and generally make the Internet better. I believe that not only do they live by their "don't be evil" mantra, but that they realize the days of the free Internet may be numbered. They're doing their best to save the Internet as we know it. Granted, they have something to gain. But other companies' failure to evolve leaves the door wide open for a company which we should trust far more than AT&T, Time Warner, etc. to preserve the landscape that slashdotters are so eager to protect. The tag is correct, it's a witch hunt. Google admitted their mistake, we move on.

  5. This curious concern I have... by Masque · · Score: 4, Funny

    Does it not seem odd that the Government's reaction to the potential invasion of privacy by a corporation is to... insist upon seeing all of the data?

  6. Re:Why of why... by sangreal66 · · Score: 4, Informative

    It really wasn't voluntary. Go back and read Google's disclosure again. They were under investigation by Germany on the matter. They originally told the investigators that they don't collect any payload data. Not satisfied, Germany demanded Google audit the data they had stored at which point Google fessed up to saving all the payload data. Really the only voluntary part was announcing it to public in a positive light instead of waiting for the news to break independently.

  7. Re:I for one want to see Google burn for this. by hawguy · · Score: 2, Insightful

    I thought the line was if you are intentionally broadcasting plaintext traffic that can be picked up by any legal receiver, then you have no expectation of privacy. None of the other examples you gave would reasonably be expected to be picked up by someone outside your hours, but if you read the owners manual for your Wifi access point, you know that unencrypted means anyone can pick it up.

    You have nothing to fear from Google catching a few packets of traffic when they are driving by, but from a real hacker who is searching your streams for passwords, credit card numbers, social security numbers, etc.

  8. Re:Why of why... by Anonymous Coward · · Score: 2, Insightful

    Not satisfied, Germany demanded Google audit the data they had stored at which point Google fessed up to saving all the payload data.

    Oh, wait. You mean, Google audited the data, discovered the mistake, and then announced it? How else were they supposed to announce it? By warping back in time preceding the demand?

    Do you understand what audit means?

  9. Re:If any of these are upskirt vids by rtfa-troll · · Score: 2, Insightful

    Well, you go to jail for accidentally killing someone too.

    No; actually you don't. You can go to jail for "negligently" killing someone, but not normally for "accidentally" killing someone. There may be special exceptions where the accident was something that could have been avoided by a specific action you failed to take, but these are basically special case of negligence.

    N.B. I am of course ignoring miscarriages of justice, but if we included those then you could go to jail for not killing someone.

    --
    =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();