[LINK] Google's WiFi bungle

Wed May 19 20:01:38 AEST 2010

Kim wrote:
> > The law in Australia, as I mentioned, clearly treats WiFi as NARROW-
> > casting, intended for certain specific (intended) users, NOT for
> > everyone. It is thus NOT a 'broadcast' like say a commercial radio
> > station is a 'broadcast', even though they both use electromagnetic
> > waves.
> 
> This is a terrible overloading of the term narrowcasting which is
> already used in the normal sense and even in the sense of a small low
> powered local broadcast radio station.
> http://acma.gov.au/WEB/STANDARD/pc=PC_310091#15
> 
> I think on my brief reading of the spectrum documents in the 2.4GHz
> band that Wifi is legally narrowcasting only in the sense that it has
> low powered transmitters.  The LAN function itself is a two way
> communication and is not broadcasting or narrowcasting in any
> traditional sense.

Yes, I should have made clear I was offering this as an analogy, to distinguish broadcasting transmissions intended for all comers from other radio transmissions, like various sorts of narrowcasts, not intended for everyone. (I should also of course have recalled that whenever you say 'clearly', it will be unclear. Urk!)

Low interference potential devices 
http://www.acma.gov.au/WEB/STANDARD/pc=PC_1278

Radiocommunications Class Licence (Low Interference Potential Devices) 2000 (the LIPD class licence)
http://www.acma.gov.au/WEB/STANDARD/pc=PC_297 

WiFi falls under 'Radio LANs' which are one application in the 'Spread spectrum devices' heading, along with barcode readers, point-of-sale networks and wireless private automatic branch exchanges (PABXs) -- none of which are 'broadcasting' transmitters, or even as you say narrowcasting transmitters. Many of these applications have security and privacy expectations like WiFi does, and broadcasting doesn't. 

Other LIPD headings include video senders, infrared devices, and ultra-wideband short-range vehicle radar.

> > WiFi is legal here only if operated under a specific Low
> > Interference 'class licence' offered on the basis that, while it
> > uses radio spectrum also used elsewhere by others, there is very
> > limited prospect of interference -- largely because the range of the
> > device is strictly limited by a very low wattage power, and few
> > others will be able to receive it. This Narrowcast regulatory model
> > is another basis for why it is reasonable for technically
> > unsophisticated users (most of us) to treat WiFi as different from
> > say operating your own radio station, even ham radio. By specific
> > regulatory requirement it is restricted to be very local and short
> > range, and is often difficult to receive even in the same building
> > because of these power limits (though less so with newer N protocols).
> 
> It is still operating transmitters.  Low power but usually enough to
> get through a couple of walls and therefore to get onto the street.

Yes, transmitters and some leakage outside, although the average user probably would prefer or hope this minor escape did not occur (but can't afford to install a Faraday cage wire mesh box needed to implement this). The escape is an unintended side effect, both from the perspective of the operator and of the regulator.

> > You of course can boost range and reception using various fun
> > techniques, but these run the risk of falling outside the class
> > licence precisely because they may affect/be receivable by many
> > others -- such as by combinations of antenna gain and transmitter
> > wattage that exceed the low Australian effective limits.
> 
> I think we are talking about normal wifi setups on the transmitter side.

Yes, this was because some contributors had noted WiFi could have longer range.

> > The Streetview collection only worked because their receivers
> > physically came within the very limited, more or less domestic range
> > of devices, like a global-scale house to house 'war drive'. The
> > equivalent of bouncing an infrared beam off house windows to
> > eavesdrop conversations inside.
> >
> > Possible: yes, legal: maybe not, authorised: no.
> 
> Possible: yes, legal: apparently not in Germany but then streetview is
> not too popular in Greece or Germany, authorised: problem:
> 
> The problem it seems is not that google collected SSIDs and MAC
> addresses from open wifi beacons, it's that it collected and stored
> packet data from various wifis open and secured including web sites
> visited.

I think they are separate problems. The 'payload data' collection is of a different nature than the WiFi infrastructure data. 

However, even the latter WiFi ID is potentially a problem, because the use is unauthorised, unintended, not for any purpose the operator intended, and may have security and privacy issues when combined with the warehouse full of correlated data also collected or accessible to the collector. This may signal a need for a revision of the model for WiFi security, to make clear that the default is not for public use.

> It's not clear to me that anyone is objecting to the SSIDs or MAC
> addresses.

In the context of this collection, it is possible that SSIDs and MAC addresses would in some circumstances be enough to identify you (given the street address, latitude and longitude involved in the collection, and access to public records).

> > The proper response here may be user education, and perhaps even
> > specific legal protection against unauthorised harvesting of
> > narrowcast network data
> 
> try that as "low power transmitter data"

OK, though perhaps we should go even more specific and call them Spread Spectrum devices (including Radio LANs) under the Low Interference Potential Device radiocommunications class licence. This would catch WiFi and also similar snooping on wireless PABXs, POS networks and others (though there may be no business case for harvesting these others yet), but not affect a lot of other wireless stuff with different expectations of use.

DV