[LINK] Google's WiFi bungle

[Kim Holburn]

On 2010/May/18, at 12:51 PM, Stephen Wilson wrote:
> Let's assume that the wifi data contains personal information, insofar
> as the identities of people concerned can be worked out by Google,  
> given
> their enormous resources (and their commercial habit of creating vast
> stores of personally identified information).  And let's be clear that
> Google has admitted to sampling much more than just SSIDs and MAC
> addresses.
>
> If the data sniffed from wifi networks is identifiable, then whether  
> or
> not network owners have been lax with security is entirely beside the
> point.  If I reveal, even unintentionally, personal information about
> myself, it does not follow that I have consented to secondary use of
> that information by anyone who gets their hands on it.  Information
> Privacy law exists in part to overcome such presumptions that
> 'information wants to be free'.

If you transmit wirelessly your private information wirelessly to your  
neighbourhood then how are you not responsible?

Let me put this another way.  [paranoid rant] Governments have up till  
recently been able to tap your phone, bug your house etc.  Now with  
the internet it was getting harder until someone thought up the idea  
of getting people themselves to put their own data transmitters in  
their own homes themselves.  Good idea, no?  The problem is that it's  
so easy to listen to your home that commercial companies are starting  
to do it. [/paranoid rant]

> Further, wifi information is not really "broadcast".  It is  
> narrowcast,
> without any expectation that someone far away will be able to see it,
> courtesy of a Google mashup.

I think that is hair splitting.  With the right kind of receiver you  
can receive a wifi signal some distance from the transmitter.

http://wordnetweb.princeton.edu/perl/webwn?s=broadcast
Broadcast: message that is transmitted by radio or television
http://en.wiktionary.org/wiki/broadcast
Broadcast: A transmission of a radio or television programme aired to  
be received by anyone with a receiver;

> Don't you think it's a bit harsh to expect ordinary users to fully
> understand wifi security in order to be safe against drive by  
> snooping?
> It's a Wild West, everyone-for-themsleves attitude to expect people  
> who
> are "really serious" about security to opt out of wireless.

Don't agree.  Who should be helping people protect themselves?

> Even the
> banks have shied away from holding customers liable for losses if  
> their
> anti-virus software is out of date.

What, especially the banks who insisted that your browser wasn't  
secure if it wasn't Internet Explorer?

Also I think you might find that is very different in different  
countries.

> Even if you think that it was only a 'technical breach' of privacy law
> for Google to have not mentioned the fact they were gathering wifi  
> data
> (and samples of actual network payloads), I would ask you to think  
> about
> the company culture that underlies an engineer's propensity to  
> retrieve
> this data as part of what seems to have been a pet project.

Now there I agree with you.  Bad google.

> What were
> they thinking?  "Hey this is cool! If this data is in the ether then
> let's hoover it up, and check it out!".  If Google was truly sensitive
> to privacy, you would expect its employees to show some caution, some
> reluctance to collect terrabytes of information simply because they
> can.  And you would expect some better configuration management in the
> Street View software that stopped the engineer's code from running in
> production.

This all hinges on "If Google was truly sensitive to privacy".  Sorry,  
I kind of drifted off after thinking about that part.

A while ago Internet security guru Bruce Schneier suggested that  
having an open wifi was a good idea.
http://www.schneier.com/essay-202.html
I think he thought that wifi is basically so insecure anyway that open  
is just much simpler.  In a country where people have unmetered  
internet connections this makes much more sense to allow others to use  
your connection than in one of those countries like Australia where  
they count every byte.  Looking at the internet like this with the  
possibility of roaming around using any wifi connection one could get  
the possible mindset of the instigators of this.  It is an interesting  
dream.

>
> Cheers,
>
> Steve Wilson
> Lockstep Consulting
> www.lockstep.com.au
>
>
> Kim Holburn wrote:
>> Far be it from me to be an apologist for google but the thing they
>> appear to have done wrong here is not mention the fact they'd
>> collected wifi data.  We're talking here about data that people are
>> "broadcasting".  Broadcasting to public streets.
>>
>> If you are really serious about your security you don't use wireless.
>> (You probably don't use the internet.)  You don't broadcast your
>> internet activity to the public street.  Are you that serious?   
>> Didn't
>> think so.
>>
>> I don't see how it's against the law in most countries to receive
>> wireless as you drive.  Connecting via other people's wireless is a
>> different matter and google hasn't mentioned that they did this.
>>
>> I don't see this as google's bungle.  It's our bungle.
>>
>> There're websites out there with collections of wifi SSID names that
>> people have gathered while commuting to work.  Some of them are quite
>> funny.
>>
>> http://wtfwifi.tumblr.com/
>> http://listoftheday.blogspot.com/2010/02/amusing-wi-fi-network-names-of-day.html
>> http://www.passiveaggressivenotes.com/2009/12/30/wifi-for-passive-aggressives
>> http://abcnews.go.com/Technology/wtf-wi-fi-quirky-wi-fi-names-drop/story?id=9749296
>>
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request