[LINK] Federal police asked to probe Google

Richard Chirgwin rchirgwin at ozemail.com.au
Mon Jun 7 06:41:23 AEST 2010


Kim Holburn wrote:
> On 2010/Jun/06, at 9:39 PM, Richard Chirgwin wrote:
>
>   
>> It is interesting isn't it? Arguably they're all breaking the Privacy
>> Act (for reasons already outlined in great detail by Stephen Wilson).
>>
>> Google's case is special in that by catching payload it's in jeopardy
>> regarding the Telecommunications Interception Act - which is different
>> from investigating a privacy breach (the reporting is sloppy on this
>> point, it kind of conflates the TIA with privacy breaches).
>>     
>
> Google's case is different because it has admitted it has collected  
> data.  The other companies have not mentioned anything publicly and  
> who knows what they have "collected".  How can you say Nokia didn't  
> collect any payloads?  Or any of the other companies.
>
> Are the federal police going to investigate any of them?
>   
OK, nice catch. I don't know if someone *else* has collected payloads. 
Correct.
>   
>> IANAL but the "Google case" has encouraged me to dig out old textbooks
>> and refresh my "Wireless Ethernet 101". So to speak.
>>
>> Collecting an SSID isn't an interception per se. The SSID is  
>> transmitted
>> in a particular kind of wireless Ethernet frame called a "beacon", in
>> which the destination address is set so that any receiver will process
>> the frame.
>>     
>
> What is technically known as "broadcast" in ethernet terminology.  A  
> word we have discussed before.
>   
Yes, but there has been a bit of an urban myth put about that *all* 
frames - both beacon frames and data frames - can be legitimately 
treated as "broadcast".

Note that I am not saying "Google is guilty". I'm saying that the 
jeopardy - and the case for investigation - arises because of going 
beyond capturing information about the beacon frames it received. 
Whether this constitutes an actual breach of the TIA could only be 
finally decided by a court.

Cheers,
RC

>   
>> A "payload" frame, however, has the destination address set. An
>> interface with the wrong address, upon receiving that frame, is  
>> supposed
>> to drop it (a behaviour that's been in Ethernet forever - the old coax
>> networks behaved like this). Sniffer software ignores what is an
>> explicit part of the standard - "drop frames not addressed to you". So
>> it's at least tenable to argue that anyone who captures frames not
>> addressed to them *is* breaching the TIA, irrespective of whether or  
>> not
>> the payload is encrypted. Transmitting in the clear may be silly,  
>> but it
>> doesn't constitute an invitation to snoop.
>>
>> Had Google merely stuck with the standard - allow its WiFi  
>> interfaces to
>> report SSID and MAC address, and drop all other frames - it would be
>> invulnerable on an interception charge (although maybe not in relation
>> to the Privacy Act).
>>     
>
> Like I said before: what have all the other companies done?
>
>   
>> RC
>>
>> Kim Holburn wrote:
>>     
>>> On 2010/Jun/06, at 5:11 PM, <community at thoughtmaybe.com> wrote:
>>>
>>>       
>>>> Federal police asked to probe Google
>>>> http://www.abc.net.au/news/stories/2010/06/06/2919491.htm
>>>>
>>>> The Federal Government has asked the Australian Federal Police to
>>>> investigate internet giant Google over alleged privacy breaches.
>>>>
>>>> Last month, Communications Minister Stephen Conroy labelled Google
>>>> "creepy" and accused the company of committing the "single greatest
>>>> breach in the history of privacy" when it collected information from
>>>> wireless (wi-fi) networks.
>>>>
>>>> Google says it mistakenly collected the data and has apologised.
>>>>
>>>>         
>>> ....
>>>
>>>
>>>       
>>>> Information about wi-fi networks is used by many companies,
>>>> including mobile telephone giant Nokia, to improve the performance
>>>> of GPS on mobile devices and provide a more accurate location,
>>>> particularly in cities where satellite signals can be blocked by
>>>> tall buildings.
>>>>
>>>>         
>>> So ... many companies have wifi location data?  Curiouser and  
>>> curiouser.
>>>
>>> Why haven't we heard more about this?  How did they collect this
>>> data?  Where?  Did they collect any packets?  Who are these *many*
>>> companies?
>>>
>>> Kim
>>>
>>>
>>>       
>> _______________________________________________
>> Link mailing list
>> Link at mailman.anu.edu.au
>> http://mailman.anu.edu.au/mailman/listinfo/link
>>     
>
>   




More information about the Link mailing list