[LINK] Federal police asked to probe Google

Kim Holburn kim at holburn.net
Sun Jun 6 22:15:04 AEST 2010


On 2010/Jun/06, at 9:39 PM, Richard Chirgwin wrote:

> It is interesting isn't it? Arguably they're all breaking the Privacy
> Act (for reasons already outlined in great detail by Stephen Wilson).
>
> Google's case is special in that by catching payload it's in jeopardy
> regarding the Telecommunications Interception Act - which is different
> from investigating a privacy breach (the reporting is sloppy on this
> point, it kind of conflates the TIA with privacy breaches).

Google's case is different because it has admitted it has collected  
data.  The other companies have not mentioned anything publicly and  
who knows what they have "collected".  How can you say Nokia didn't  
collect any payloads?  Or any of the other companies.

Are the federal police going to investigate any of them?

> IANAL but the "Google case" has encouraged me to dig out old textbooks
> and refresh my "Wireless Ethernet 101". So to speak.
>
> Collecting an SSID isn't an interception per se. The SSID is  
> transmitted
> in a particular kind of wireless Ethernet frame called a "beacon", in
> which the destination address is set so that any receiver will process
> the frame.

What is technically known as "broadcast" in ethernet terminology.  A  
word we have discussed before.

> A "payload" frame, however, has the destination address set. An
> interface with the wrong address, upon receiving that frame, is  
> supposed
> to drop it (a behaviour that's been in Ethernet forever - the old coax
> networks behaved like this). Sniffer software ignores what is an
> explicit part of the standard - "drop frames not addressed to you". So
> it's at least tenable to argue that anyone who captures frames not
> addressed to them *is* breaching the TIA, irrespective of whether or  
> not
> the payload is encrypted. Transmitting in the clear may be silly,  
> but it
> doesn't constitute an invitation to snoop.
>
> Had Google merely stuck with the standard - allow its WiFi  
> interfaces to
> report SSID and MAC address, and drop all other frames - it would be
> invulnerable on an interception charge (although maybe not in relation
> to the Privacy Act).

Like I said before: what have all the other companies done?

>
> RC
>
> Kim Holburn wrote:
>> On 2010/Jun/06, at 5:11 PM, <community at thoughtmaybe.com> wrote:
>>
>>> Federal police asked to probe Google
>>> http://www.abc.net.au/news/stories/2010/06/06/2919491.htm
>>>
>>> The Federal Government has asked the Australian Federal Police to
>>> investigate internet giant Google over alleged privacy breaches.
>>>
>>> Last month, Communications Minister Stephen Conroy labelled Google
>>> "creepy" and accused the company of committing the "single greatest
>>> breach in the history of privacy" when it collected information from
>>> wireless (wi-fi) networks.
>>>
>>> Google says it mistakenly collected the data and has apologised.
>>>
>>
>> ....
>>
>>
>>> Information about wi-fi networks is used by many companies,
>>> including mobile telephone giant Nokia, to improve the performance
>>> of GPS on mobile devices and provide a more accurate location,
>>> particularly in cities where satellite signals can be blocked by
>>> tall buildings.
>>>
>>
>> So ... many companies have wifi location data?  Curiouser and  
>> curiouser.
>>
>> Why haven't we heard more about this?  How did they collect this
>> data?  Where?  Did they collect any packets?  Who are these *many*
>> companies?
>>
>> Kim
>>
>>
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request












More information about the Link mailing list