Slashdot Mirror
Judge OKs Wiretap Lawsuit Over Google Wi-Fi Sniffing
An anonymous reader writes "Last year Google found itself in hot water after admitting to accidentally collecting payload data from unsecured Wi-Fi networks. Their admission led to a number of investigations and complaints around the globe, and a U.S. District Court Judge has now denied Google's motion to dismiss a class-action lawsuit which alleges the search giant violated federal wiretapping laws. 'Judge James Ware drew a distinction in yesterday's ruling between merely accessing an open WiFi network and actually sniffing the individual packets on that network. In the first case, one is only jumping onto a network to send and receives one own communications; in the second case, one is looking into someone else's communications, and doing so in a way that requires nontrivial technical ability or software.'"
Google will likely plead innocence, but it's hard to believe this megalith would do such a thing unwittingly.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
Tracking GPS is good, sniffing wifi is bad.
sysadmins and parents of newborns get the same amount of sleep.
Not even the government follows them. The hypocrisy here is ridiculous. I'd much rather have Google sniffing my SSID than the FBI making a phone call to $TELCO to get warrant-less access to phone records and wiretaps, in addition to the rest of their available tracking tech and methods. The fed should police up their own people and regulations before going after Google.
even if unencrypted, data traveling over Wi-Fi networks is not considered "readily accessible to the general public," he found.
So for the legal buffs out there-- if google can demonstrate compellingly that that reasoning is wrong (in a way that a judge accepts), would google then have any leverage to again file for dismissal, since the reason their motion was overturned would have been removed?
I ask because one might be able to demonstrate that many laptops these days DO intercept unencrypted traffic in order to reveal "non-broadcasting" SSIDs-- in order to reveal their existence, packets must be "intercepted", and their target SSID / MAC shown. Further, as Im sure google will argue, software like Kismet, GrimWEPa, WiFite, Aircrack, et al very trivially and automatically begin gathering traffic; it takes no special expertise these days (after 10 years of progressively better WEP crackers) to do what it seems Google did.
I thought only teh evil Micro$$$oft did this kind of thing? Where's all the fanbois crying about this nonsense now?
I don't know how to sniff or probe any sort of wireless network signal, but I bet with 5 minutes of searching I could have a program that would do it for me.
in the second case, one is looking into someone else's communications, and doing so in a way that requires nontrivial technical ability or software.
Please, packet sniffing is trivial. Anyone with a cursory knowledge of networking can use Wireshark to investigate traffic. It becomes even more trivial given the availability of Wireshark in a GUI interface for almost all platforms.
If you run an open WAP, you have authorized people to listen to the data going by.
If you do not want that, the protocol provides an official blessed way to say you want your data private.
You get to pick which one you want. Don't pick one and then bitch about your own choice. Punishing google for this WILL set a dangerous precident that will be used against all of us by big corporations in the future. We MUST maintain a world where we are free to listen to unencrypted signals going through our own property.
It's critical. The bigger issue here has nothing to do with google: it's about preserving our OWN freedom.
Before the "people with unprotected networks are stupid and deserve what they get" meme develops, I wanted to get a few thoughts out there. First, there are many good and valid reasons for leaving a wifi network unpassworded. For example a coffee shop may have an open network which users join, then the users info gets sniffed. Second, the google sniffing is more intrusive than a reasonable person would expect. Lets say a guy was using a telescope to spy on you through your window to watch the email you're typing. You could say the user is stupid to not pull the shades on his window, but I would say the guy is being extraordinarily creepy even if what he's doing is legal.
-- Flame me and I will happily flame you back. Bring it!
I wonder how this would go over in states with wire taping laws that require consent from both parties? If I were going to fight this that would be how I would do it since it seems this ruling is based on lack of technical knowledge, not following the law. As a previous poster mentioned what is different between this and shouting your banking info in a public area and having Google record it?
Note: I don't agree with 2 party consent laws for recording conversations, but that is a different issue.
Time to offend someone
In the United States, the WiFi spectrum is owned by the public. When you broadcast data using WiFi, you are doing it using part of that public spectrum. How is this any different than recording CB radio transmissions? Or AM/FM radio stations? Or Ham radio operators?
It should not be Google's responsibility if someone broadcasts their sensitive information unencrypted in public locations.
If I put a big sign up in the window of my house with all my credit information, can I sue anyone who takes a picture of it? If I put all my passwords on paper and throw it into the street, can I sue someone that finds it and photo-copies it?
Check this story out
http://www.pcmag.com/article2/0,2817,2349468,00.asp
>>>"one is looking into someone else's communications, and doing so in a way that requires nontrivial technical ability or software.'"
All it takes is a $50 wifi receiver.
God judges are freaking stupid.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Actually it does sound like it's about google. The court is siding with the plaintiffs claim that sniffing packets is non-trivial. I would be interested to know how their opinion would change if google showed how easy it is to sniff plaintext packet payloads. It appears that the court's decision is hinging on the triviality of such.
Radio broadcasts have, to my knowledge, *never* been considered private information. Anybody who wants to keep it private must encrypt it, with some extremely specific exceptions (you can't sell a scanner that can access unencrypted cellphone frequencies, for example).
So here's what I can't figure out. Let's say I use a small FRS (unlicensed) handheld radio to communicate with my friends on a hiking trail. There is absolutely no expectation of privacy, either on my part or by the government. And there shouldn't be. This isn't an analogy - it's *exactly the same thing*, but WiFi has a computer hooked up at each end. Given a few hours, I could actually access the Internet over a FRS radio (AX.25 and a few TNCs), and as established anybody could sniff my traffic.
Again, THIS IS NOT AN ANALOGY! WiFi is a short-range radio BROADCAST, just like any other radio broadcast. Unless you go to specific lengths to prevent others accessing it, there is an implicit expectation of public access, in the fact that you went to lengths to make it publicly available. Even WEP, though ineffective, should be sufficient to make the point that your signal was not intended to be public. But if you have an open network, and your router is broadcasting the SSID, you are inviting anybody who can hear you to connect. And without encryption, you're broadcasting all your data in the clear to anyone who can hear, and IMHO your failure to even nominally protect it is a tacit understanding that anybody can receive it.
Billboards aren't private. AM radio broadcasts aren't private. Unencrypted WiFi isn't private. You haven't even indicated that you didn't want others to hear, DESPITE there being easy and available ways of doing so.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
No - it is about reasonable expectations for privacy. To some extent we cannot expect absolute privacy with our neighbours, but we should expect that wholesale corporate intrusions to privacy are scorned upon. Could I, for example, point a higjhly sensitive microphone at someone's house, from a public street, and record their conversation? You could say that unencreypted data is public, but you could also argue that doing so violates the interlocutors expectations of privacy.
Come on... Sniffing unencrypted wireless packets is incredibly easy. What if I'm diagnosing a problem at work? I'm suddenly violating wireless tapping laws?
Google should just say they were tracking people in the interest of national security, and then everything will become just fine.
Collecting data from packets is trivial. All you have to do is get a symbol lock and record all the bytes without looking for headers at all.
If you're recording bytes, you have to go way, way, way out of your way to not record the payloads. It would be like making a sound recording of a crowd without recording anything recognizable in the voices nearest you. It would be like recording a video without recording the faces of people walking towards you. It would be like buying the newspaper but not getting any of the printed words with it. It would be like driving your car but not seeing every other mile of road out of your windshield. It would be like breathing without getting any nitrogen. It would be like becoming a judge without having any common sense (oh wait, that one, according to this case, can happen rather easily).
This assessment of the situation by this court is, at this point, a fucktard's ball.
http://www.eff.org/cases/att
Join the Slashcott! Feb 10 thru Feb 17!
looking into someone else's communications, and doing so in a way that requires nontrivial technical ability or software
Can't you even read the fucking summary?
Could I, for example, point a higjhly sensitive microphone at someone's house, from a public street, and record their conversation?
The WiFi situation is more like "If you are shouting at each other so loud that I can hear you from the street, would I have to cover my ears so I can't hear you?"
How am I supposed to know which signal I am allowed to pick up and which not? What if I want everybody to be able to pick up the signal? To find out whether or not a broadcast is private or not you have no choice but to listen to it. Which would be already illegal.
Also note that it's probably hard to develop WiFi chips/antennas, find interferences, etc. without using a spectrum analyzer which also listens to these signals. I absolutely agree with the GP here, we must maintain the freedom of listening to unencrypted radio signals.
I would love to be the expert witness who types in "apt-get install kismet", answer a few questions, and then receive a paycheck.
Land line telephone lines can be "sniffed" with the use of a pickup coil that you can get for $7.99 at Radio Shack. Wow, they used to be a lot cheaper. Anyway, this will enable the user to receive "broadcast" telephone conversations with just about anything that can be used as an amplifier. It does not require any sort of technical ability and the tools are commonly available.
So it would be legal in your opinion to listen to or record such conversations as long as it was done without actually connecting to the wires but just relying on the information that was being "transmitted"?
that is what they have done wrong.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Exactly. While Google did write custom software, the independent report states they do not believe the Kismet source was altered in anyway. The reason the software is custom is so they can marry the SSID and mac address to some GPS data.
It's not that they listened to the public broadcasts unwittingly, it's that they thought that if a router's owner elected to make their network available to the rest of the world, then it would be available to Google too. They unwittingly thought they were subject to the same reality as everyone else, regardless of their megalithic size which makes people fear and loath them.
People are apparently perfectly fine with showing their network traffic to their neighbors, and to any non-Google wardriver. There's something special about Google in this case, and it's not crazy for Google to have been "unwitting" about that.
Prior to the hunt, you don't always know when you're going to be the witch. Having the contestants be unwitting about what their roles are going to be, is part of what makes the game so fun.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I just read the analysis of the program used by Google to capture the data. (http://static.googleusercontent.com/external_content/untrusted_dlcp/www.google.com/en//googleblogs/pdfs/friedberg_sourcecode_analysis_060910.pdf)
It occurred to me that what Google did was similar to someone recording something communicated over walkie-talkies accidentally, but NOT actually listening to the recording. The key thing here is that while Google's gslite program captured the data, it didn't actually DO anything with it. Yes, it stored it, but it stored lots of other data too.
To me, unless someone can show that Google actually tried to use the data, this just seems like an accidental occurrence. Put on your big boy/big girl pants and get over it.
The question you allude to is whether the expectation of privacy by the people running open wifi is "reasonable". For most people who understands the technology, it is NOT reasonable to expect that someone will not read unencrypted traffic broadcast in public. Whether that means that the court would find that the general public's expectation of privacy is not reasonable is unclear.
However, that is not what this suit is about. This is about money, and trying to do anything possible to damage Google's reputation.
Right, unlike giving a key to the neighbors for safe keeping or leaving your door open, a person that happens upon an open AP has no way of knowing that the user intends for it to be private. However, if I leave the door to my house unlocked, it's still trespassing to open the door without my permission and go inside.
If you run an open WAP, you have authorized people to listen to the data going by.
If you speak loudly inside your home, you have authorized people to come stuck their ear on the walls and listen to the data going by.
If you leave your curtains / blinds open, you have authorized people to stick their faces in the windows and observe the data going by.
Google was out of line with this one, and yes scale matters as well.
Allowing them to get away with this would set a dangerous precedent.
> If you run an open WAP, you have authorized people to listen to the data going by.
Going by this argument, if some one accidentally does not lock their car, they deserve their car to be stolen?
and want to pluck it by using bogus claims.
The wireless routers that Joe and Sally Sixpack use have a maximum range of about 300 feet. The Google vans taking the photographs and scanning and logging the ESSIDs are usually traveling at 30 mph, or 44 feet per second. It would take a van only seven seconds to drive completely through any given wireless router. There is no known tool which can hack into a WEP or WPA2 protected wireless in 7 seconds. Seven seconds is barely enough time for a scanner to read and record the ESSID. That leaves only the OPEN wireless routers. The complainers want us to believe that the technology exists for Google, in SEVEN seconds, to detect the ESSID of an open Wireless router, initiate a connection with it, and then save a significant number of Internet Packets sufficient to determine what the WIFI owner was doing, sending or transmitting? Or, worse, hack into the website and download anything from the wifi owner's PC?
Total nonsense.
Most of the time the connection between a wifi and its ISP is not sending any significant traffic, only beacons and heartbeats. While I've I've been composing this email for the last 10 minutes I have not read from or posted to this or any other website. When I click "Preview", and later "Submit", Google would have to be EXTREMELY opportunistic to be right outside my house as the hundred or so packets that will make up this page transmitted back to the WIFI, in order to read this post, and the frame and webpage HTML code it is in. VERY UNLIKELY.
Finally, using an open WIFI is like walking around in public without any pants or shorts on and then accusing any who look or even glance your way of being voyeurs or perverts. Those who use open wireless routers should be arrested for indecent exposure ... to continue the parallel.
The folks suing Google are just opportunists hoping to use the legal system, and ignorant or anti-capitalist lawyers and judges, to fleece Google. Next, they'll sue Google for photographing their house or place of business.
Running with Linux for over 20 years!
The problem with a reasonable expectation is that the term "reasonable" varies with the person.
You are right, pointing a highly directional microphone at my house would be a violation of my reasonable expectation of privacy. Our local courts have held up that charge against paparazzi with 500mm lenses 100m away from celebrities homes. On the flip side if I am shouting and you're using a standard microphone to record the conversation it can not be held as a reasonable expectation of privacy, and to draw a comparison to the photography example, if you're sunbathing nude on your front lawn next to a chainlink fence then you can't complain if I walk past and snap a photo with my camera phone, no reasonable expectation of privacy exists (this has also stood up in courts where "reasonable expectations" apply)
Ultimately it comes down to what you thing is reasonable. Unencrypted data is public, but do you have an expectation of privacy? I mean as far as I know google was using a standard wifi antenna not some highly direction high gain beast with massive amplifiers to pick up your data. What was the power output of your home wifi network? I think you may have been shouting your unencrypted data into the street.
The courts in my country have upheld that a conversation on a CB radio can not be considered private, so why is this any different? In most legal systems, stupidity is not a defense, and you can't rightly claim that you had a right to privacy because you thought what you were doing was private.
Punishing google for this WILL set a dangerous precident that will be used against all of us by big corporations in the future.
So be it!
You're arguing for the LEGAL SUPPORT of a case that hasn't happened, instead of looking at the one that has already HAPPENED, and which already made *whole countries* cringe.
The case you're forgetting is more dangerous yet, because google ALREADY got our data, and is *setting precedent too* when they win: encouraging other companies to bend us over and pick at data that very few people are aware is leaking is worse than having to watch for what we can or cannot collect.
We have already seen that more restricted rules are better than the current freedoms that corporations have allowing them to screenscrape our posts, re-publish pictures, own any IP posted on their "public" sites by way of laughably entitled TOS (which incidentally nobody is really aware of either.)
To reiterate the point, you don't let today's wrongdoers go free in order to "prevent" tomorrow's from acting. In any case, unencrypted signals going through our property don't give us much to intercept or "own" because legally we can't rebroadcast anything, and foolish things you want to prevent are already happening in front of your noses... case in point: feds who destroy your videos of their illegal doings, feds who say you can't sell "their" illegally-placed wiretapping devices into "your" car without "your" permission.
So if you keep allowing everyone to do as they please with "free" information, then this farce will never stop.
after admitting to accidentally collecting payload data from unsecured Wi-Fi networks
So had they not admitted to it they might not be in the mess they are in now? Seems like there's a lesson to be learned here.
And if they are found out they can just apologise. "I'm really really sorry. That I got caught".