[LINK] Google wifi collection: WiSpy

Jan Whitaker jwhit at janwhitaker.com
Mon Jun 14 12:39:24 AEST 2010



Google CEO blames 'WiSpy' fiasco on rogue hacker-employee

http://www.itworld.com/print/110114

June 5, 2010 ­


In an interview with the Financial Times this 
week, Google CEO Eric Schmidt blamed the whole 
"WiSpy" fiasco on a single, rogue employee operating outside company rules.

Google is being investigated in multiple 
countries for using its Street View cars to 
harvest personal data from every home and 
business Wi-Fi network the cars drove past.

Schmidt 
<http://www.ft.com/cms/s/2/bdec0ee8-6f4f-11df-9f43-00144feabdc0.html>said 
that an internal software engineer violated 
company policy by inserting code into the Street 
View software that was undetected by anyone else 
at the company. He said Google is investigating the employee.

Unless I'm misreading Schmidt, he's implying that 
a Google software developer created software that 
secretly piggybacked on legitimate Google 
equipment to wardrive the world, hijacking 
hundreds or thousands of Google Street View cars 
in dozens of countries over at least three years.

Does that sound far-fetched to you?

First of all, the Street View cars would need 
equipment for seeking out Wi-Fi networks and 
harvesting and decoding available data. Google 
must have had some official purpose for this 
equipment. Did the company intent to capture MAC 
addresses only, and associate those addresses 
with GPS coordinates for later location-oriented 
services? If not, why did the Street View cars 
have all that special equipment turned on?

Second, the captured data need to be stored, 
transmitted to Google, backed up and generally 
managed like any other data. And all this went 
undiscovered? How did the rogue employee hide the 
data so well that it went undetected for several years?

And finally, there's some speculation that the 
unnamed software engineer performed this hack of 
the century as a "20 percent time" project. 
Google encourages employees to spend 20 percent 
of their time on some personal project that could 
become a Google product. Gmail and Orkut are two 
examples of "20 percent time" projects that made 
the big time. Does Google need to revisit the 
oversight process for its engineers' personal 
projects? Are there other projects in motion that 
are harvesting the personal data of unwitting 
victims right now? If Google didn't know about 
the WiSpy hack, how would it know about any other similar rogue projects?

Schmidt is probably being straight with the press 
when he says one employee caused the whole WiSpy 
controversy. But the company has a much larger 
responsibility to prevent employees or anyone 
else from using its equipment to violate the 
privacy of people who aren't necessarily even 
Google customers. Google also has the 
responsibility to tell us the whole story as soon 
as they know it. Blaming one rogue employee just doesn't make sense.



Melbourne, Victoria, Australia
jwhit at janwhitaker.com
blog: http://janwhitaker.com/jansblog/
business: http://www.janwhitaker.com

Our truest response to the irrationality of the 
world is to paint or sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer

_ __________________ _



More information about the Link mailing list