[LINK] Google's WiFi bungle

Kim Holburn kim at holburn.net
Wed May 19 18:14:26 AEST 2010


On 2010/May/19, at 5:25 PM, David Vaile wrote:

>> Date: Wed, 19 May 2010 07:22:41 +1000
>> From: Stilgherrian <stil at stilgherrian.com>
>> Subject: Re: [LINK] Google's WiFi bungle
>>
>> Personally I don't think mapping the SSIDs of Wi-Fi networks is a  
>> breach
>> of privacy, since it IS broadcast information and it isn't personally
>> identifiable in and of itself.
>
> Hi Stil,
>
> "Broadcast": While WiFi uses radio, and for some purposes you could  
> use the term 'broadcast' for everything that emits an  
> electromagnetic wave, there is a category problem here.

Yes.  Technically all radio transmitters broadcast.

> 'Broadcasting' in this narrow physical propagation sense is being  
> conflated with 'broadcasting' in the other broader sense, of being  
> deliberately offered to all, in a context intended to be widely  
> available. This other assumed meaning is then used to infer that  
> home WiFi network operators (and their users?) should be deemed to  
> have implicitly given permission for eg., Streetview to take  
> whatever it can get from this transmission.
>
> The law in Australia, as I mentioned, clearly treats WiFi as NARROW- 
> casting, intended for certain specific (intended) users, NOT for  
> everyone. It is thus NOT a 'broadcast' like say a commercial radio  
> station is a 'broadcast', even though they both use electromagnetic  
> waves.

This is a terrible overloading of the term narrowcasting which is  
already used in the normal sense and even in the sense of a small low  
powered local broadcast radio station.  http://acma.gov.au/WEB/STANDARD/pc=PC_310091#15

I think on my brief reading of the spectrum documents in the 2.4GHz  
band that Wifi is legally narrowcasting only in the sense that it has  
low powered transmitters.  The LAN function itself is a two way  
communication and is not broadcasting or narrowcasting in any  
traditional sense.

> WiFi is legal here only if operated under a specific Low  
> Interference 'class licence' offered on the basis that, while it  
> uses radio spectrum also used elsewhere by others, there is very  
> limited prospect of interference -- largely because the range of the  
> device is strictly limited by a very low wattage power, and few  
> others will be able to receive it. This Narrowcast regulatory model  
> is another basis for why it is reasonable for technically  
> unsophisticated users (most of us) to treat WiFi as different from  
> say operating your own radio station, even ham radio. By specific  
> regulatory requirement it is restricted to be very local and short  
> range, and is often difficult to receive even in the same building  
> because of these power limits (though less so with newer N protocols).

It is still operating transmitters.  Low power but usually enough to  
get through a couple of walls and therefore to get onto the street.

> You of course can boost range and reception using various fun  
> techniques, but these run the risk of falling outside the class  
> licence precisely because they may affect/be receivable by many  
> others -- such as by combinations of antenna gain and transmitter  
> wattage that exceed the low Australian effective limits.

I think we are talking about normal wifi setups on the transmitter side.

> The Streetview collection only worked because their receivers  
> physically came within the very limited, more or less domestic range  
> of devices, like a global-scale house to house 'war drive'. The  
> equivalent of bouncing an infrared beam off house windows to  
> eavesdrop conversations inside.
>
> Possible: yes, legal: maybe not, authorised: no.

Possible: yes, legal: apparently not in Germany but then streetview is  
not too popular in Greece or Germany, authorised: problem:

The problem it seems is not that google collected SSIDs and MAC  
addresses from open wifi beacons, it's that it collected and stored  
packet data from various wifis open and secured including web sites  
visited.

It's not clear to me that anyone is objecting to the SSIDs or MAC  
addresses.

> The proper response here may be user education, and perhaps even  
> specific legal protection against unauthorised harvesting of  
> narrowcast network data

try that as "low power transmitter data"

> (if it does not already exist within the federal Criminal Code, the  
> Cybercrime Act 2001 or the Telecommunications Interception Act), not  
> saying 'anything goes' because it is physically possible, and  
> clueless users are not aware they need to guard against it using  
> more than default security.

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request












More information about the Link mailing list