[LINK] Google's WiFi bungle
Stephen Wilson
swilson at lockstep.com.au
Tue May 18 12:51:58 AEST 2010
Let's assume that the wifi data contains personal information, insofar
as the identities of people concerned can be worked out by Google, given
their enormous resources (and their commercial habit of creating vast
stores of personally identified information). And let's be clear that
Google has admitted to sampling much more than just SSIDs and MAC
addresses.
If the data sniffed from wifi networks is identifiable, then whether or
not network owners have been lax with security is entirely beside the
point. If I reveal, even unintentionally, personal information about
myself, it does not follow that I have consented to secondary use of
that information by anyone who gets their hands on it. Information
Privacy law exists in part to overcome such presumptions that
'information wants to be free'.
Further, wifi information is not really "broadcast". It is narrowcast,
without any expectation that someone far away will be able to see it,
courtesy of a Google mashup.
Don't you think it's a bit harsh to expect ordinary users to fully
understand wifi security in order to be safe against drive by snooping?
It's a Wild West, everyone-for-themsleves attitude to expect people who
are "really serious" about security to opt out of wireless. Even the
banks have shied away from holding customers liable for losses if their
anti-virus software is out of date.
Even if you think that it was only a 'technical breach' of privacy law
for Google to have not mentioned the fact they were gathering wifi data
(and samples of actual network payloads), I would ask you to think about
the company culture that underlies an engineer's propensity to retrieve
this data as part of what seems to have been a pet project. What were
they thinking? "Hey this is cool! If this data is in the ether then
let's hoover it up, and check it out!". If Google was truly sensitive
to privacy, you would expect its employees to show some caution, some
reluctance to collect terrabytes of information simply because they
can. And you would expect some better configuration management in the
Street View software that stopped the engineer's code from running in
production.
Cheers,
Steve Wilson
Lockstep Consulting
www.lockstep.com.au
Kim Holburn wrote:
> Far be it from me to be an apologist for google but the thing they
> appear to have done wrong here is not mention the fact they'd
> collected wifi data. We're talking here about data that people are
> "broadcasting". Broadcasting to public streets.
>
> If you are really serious about your security you don't use wireless.
> (You probably don't use the internet.) You don't broadcast your
> internet activity to the public street. Are you that serious? Didn't
> think so.
>
> I don't see how it's against the law in most countries to receive
> wireless as you drive. Connecting via other people's wireless is a
> different matter and google hasn't mentioned that they did this.
>
> I don't see this as google's bungle. It's our bungle.
>
> There're websites out there with collections of wifi SSID names that
> people have gathered while commuting to work. Some of them are quite
> funny.
>
> http://wtfwifi.tumblr.com/
> http://listoftheday.blogspot.com/2010/02/amusing-wi-fi-network-names-of-day.html
> http://www.passiveaggressivenotes.com/2009/12/30/wifi-for-passive-aggressives
> http://abcnews.go.com/Technology/wtf-wi-fi-quirky-wi-fi-names-drop/story?id=9749296
>
More information about the Link
mailing list