[LINK] Federal police asked to probe Google
Richard Chirgwin
rchirgwin at ozemail.com.au
Mon Jun 7 06:41:23 AEST 2010
Kim Holburn wrote:
> On 2010/Jun/06, at 9:39 PM, Richard Chirgwin wrote:
>
>
>> It is interesting isn't it? Arguably they're all breaking the Privacy
>> Act (for reasons already outlined in great detail by Stephen Wilson).
>>
>> Google's case is special in that by catching payload it's in jeopardy
>> regarding the Telecommunications Interception Act - which is different
>> from investigating a privacy breach (the reporting is sloppy on this
>> point, it kind of conflates the TIA with privacy breaches).
>>
>
> Google's case is different because it has admitted it has collected
> data. The other companies have not mentioned anything publicly and
> who knows what they have "collected". How can you say Nokia didn't
> collect any payloads? Or any of the other companies.
>
> Are the federal police going to investigate any of them?
>
OK, nice catch. I don't know if someone *else* has collected payloads.
Correct.
>
>> IANAL but the "Google case" has encouraged me to dig out old textbooks
>> and refresh my "Wireless Ethernet 101". So to speak.
>>
>> Collecting an SSID isn't an interception per se. The SSID is
>> transmitted
>> in a particular kind of wireless Ethernet frame called a "beacon", in
>> which the destination address is set so that any receiver will process
>> the frame.
>>
>
> What is technically known as "broadcast" in ethernet terminology. A
> word we have discussed before.
>
Yes, but there has been a bit of an urban myth put about that *all*
frames - both beacon frames and data frames - can be legitimately
treated as "broadcast".
Note that I am not saying "Google is guilty". I'm saying that the
jeopardy - and the case for investigation - arises because of going
beyond capturing information about the beacon frames it received.
Whether this constitutes an actual breach of the TIA could only be
finally decided by a court.
Cheers,
RC
>
>> A "payload" frame, however, has the destination address set. An
>> interface with the wrong address, upon receiving that frame, is
>> supposed
>> to drop it (a behaviour that's been in Ethernet forever - the old coax
>> networks behaved like this). Sniffer software ignores what is an
>> explicit part of the standard - "drop frames not addressed to you". So
>> it's at least tenable to argue that anyone who captures frames not
>> addressed to them *is* breaching the TIA, irrespective of whether or
>> not
>> the payload is encrypted. Transmitting in the clear may be silly,
>> but it
>> doesn't constitute an invitation to snoop.
>>
>> Had Google merely stuck with the standard - allow its WiFi
>> interfaces to
>> report SSID and MAC address, and drop all other frames - it would be
>> invulnerable on an interception charge (although maybe not in relation
>> to the Privacy Act).
>>
>
> Like I said before: what have all the other companies done?
>
>
>> RC
>>
>> Kim Holburn wrote:
>>
>>> On 2010/Jun/06, at 5:11 PM, <community at thoughtmaybe.com> wrote:
>>>
>>>
>>>> Federal police asked to probe Google
>>>> http://www.abc.net.au/news/stories/2010/06/06/2919491.htm
>>>>
>>>> The Federal Government has asked the Australian Federal Police to
>>>> investigate internet giant Google over alleged privacy breaches.
>>>>
>>>> Last month, Communications Minister Stephen Conroy labelled Google
>>>> "creepy" and accused the company of committing the "single greatest
>>>> breach in the history of privacy" when it collected information from
>>>> wireless (wi-fi) networks.
>>>>
>>>> Google says it mistakenly collected the data and has apologised.
>>>>
>>>>
>>> ....
>>>
>>>
>>>
>>>> Information about wi-fi networks is used by many companies,
>>>> including mobile telephone giant Nokia, to improve the performance
>>>> of GPS on mobile devices and provide a more accurate location,
>>>> particularly in cities where satellite signals can be blocked by
>>>> tall buildings.
>>>>
>>>>
>>> So ... many companies have wifi location data? Curiouser and
>>> curiouser.
>>>
>>> Why haven't we heard more about this? How did they collect this
>>> data? Where? Did they collect any packets? Who are these *many*
>>> companies?
>>>
>>> Kim
>>>
>>>
>>>
>> _______________________________________________
>> Link mailing list
>> Link at mailman.anu.edu.au
>> http://mailman.anu.edu.au/mailman/listinfo/link
>>
>
>
More information about the Link
mailing list