[LINK] Google's WiFi bungle

Stephen Wilson swilson at lockstep.com.au
Tue May 18 12:51:58 AEST 2010


Let's assume that the wifi data contains personal information, insofar 
as the identities of people concerned can be worked out by Google, given 
their enormous resources (and their commercial habit of creating vast 
stores of personally identified information).  And let's be clear that 
Google has admitted to sampling much more than just SSIDs and MAC 
addresses.

If the data sniffed from wifi networks is identifiable, then whether or 
not network owners have been lax with security is entirely beside the 
point.  If I reveal, even unintentionally, personal information about 
myself, it does not follow that I have consented to secondary use of 
that information by anyone who gets their hands on it.  Information 
Privacy law exists in part to overcome such presumptions that 
'information wants to be free'.

Further, wifi information is not really "broadcast".  It is narrowcast, 
without any expectation that someone far away will be able to see it, 
courtesy of a Google mashup.

Don't you think it's a bit harsh to expect ordinary users to fully 
understand wifi security in order to be safe against drive by snooping?  
It's a Wild West, everyone-for-themsleves attitude to expect people who 
are "really serious" about security to opt out of wireless.  Even the 
banks have shied away from holding customers liable for losses if their 
anti-virus software is out of date. 

Even if you think that it was only a 'technical breach' of privacy law 
for Google to have not mentioned the fact they were gathering wifi data 
(and samples of actual network payloads), I would ask you to think about 
the company culture that underlies an engineer's propensity to retrieve 
this data as part of what seems to have been a pet project.  What were 
they thinking?  "Hey this is cool! If this data is in the ether then 
let's hoover it up, and check it out!".  If Google was truly sensitive 
to privacy, you would expect its employees to show some caution, some 
reluctance to collect terrabytes of information simply because they 
can.  And you would expect some better configuration management in the 
Street View software that stopped the engineer's code from running in 
production. 

Cheers,

Steve Wilson
Lockstep Consulting
www.lockstep.com.au


Kim Holburn wrote:
> Far be it from me to be an apologist for google but the thing they  
> appear to have done wrong here is not mention the fact they'd  
> collected wifi data.  We're talking here about data that people are  
> "broadcasting".  Broadcasting to public streets.
>
> If you are really serious about your security you don't use wireless.   
> (You probably don't use the internet.)  You don't broadcast your  
> internet activity to the public street.  Are you that serious?  Didn't  
> think so.
>
> I don't see how it's against the law in most countries to receive  
> wireless as you drive.  Connecting via other people's wireless is a  
> different matter and google hasn't mentioned that they did this.
>
> I don't see this as google's bungle.  It's our bungle.
>
> There're websites out there with collections of wifi SSID names that  
> people have gathered while commuting to work.  Some of them are quite  
> funny.
>
> http://wtfwifi.tumblr.com/
> http://listoftheday.blogspot.com/2010/02/amusing-wi-fi-network-names-of-day.html
> http://www.passiveaggressivenotes.com/2009/12/30/wifi-for-passive-aggressives
> http://abcnews.go.com/Technology/wtf-wi-fi-quirky-wi-fi-names-drop/story?id=9749296
>




More information about the Link mailing list