“It’s never the offence; it’s the cover-up. And if there’s one thing that the last few years have taught us, it’s that the suggestion of a ‘rogue’ worker having acted alone to do something which led to an intrusion is never correct. There has to be a failure of management oversight as well. That’s why Google is in such hot water now over the revelations contained in the Federal Communications Commission report into what went wrong with its Street View Wi-Fi data collection program.” What a total and utter surprise: company does bad stuff, tries to cover it up. Sometimes I think I’m the only person in the world who grasps that companies – they are not to be trusted. This really isn’t rocket science, people.
Google still could’ve tried to cover it up entirely. It sounds to me like they’re willing to take the fall but were trying to protect the employee responsible. That’s a far cry from a true cover-up, which would’ve been really easy to commit in this case! I think you (and the Guardian) are being way too harsh.
My understanding is that the data it collected was only readable when it came from open WiFi access points. People need to lock down their networks or they will have more than Google recording their info.
Also, I think the mapping of wifi points is being used to help mobile devices geolocate themselves more quickly, so there are legitimate services to be had with this data. Now if google was decrypting protected info, I have a big problem with what they are doing.
^ This.
Connecting to an access point that isn’t yours or advertised as being free to use is technically illegal. It’s considered to be unauthorized access of a computer network. (https://en.wikipedia.org/wiki/Legality_of_piggybacking) It doesn’t matter what the intent was, it’s the action that’s the problem.
People should setup basic encryption on their wireless networks, and Google could have mapped the location of wifi networks with out a problem. People have been mapping networks for years, but the problem is connecting to the network and collecting data.
You’re right about the geolocation part. It is what they use the data for.
They didn’t connect, they just received and stored data that was broadcast to them [for a few seconds].
If you’re inside your house and you shout loud enough that your neighbours can hear you, then that’s not their fault, is it? They don’t have to set up a conversation (connection) to hear what you’re saying.
Either put on your tinfoil hat and completely shield your house, turn off wifi connections or simply encrypt your traffic.
That aside, Google’s reaction strikes me as a bit odd though, considering they reported the incident to the authorities in the first place.
Edited 2012-05-03 15:59 UTC
If my neighbors can here me yelling in my house in their house, they can call the cops for disturbing the peace, and the cops can come out and tell me to quit yelling.
If my neighbors have no problem with the noise, they don’t have to do anything.
Most neighbors operate one of those two principles, and that goes for wireless networks as well.
In this scenario, Google bought a bunch of surveillance equipment, when into a neighborhood, and was recording conversations people were having regardless of volume.
http://www.eweek.com/c/a/Security/Google-Staff-Knew-Street-View-Car…
“the full report on the Federal Communications Commission’s investigation, released by Google over the weekend, found that the engineer told at least two other colleagues in 2007 that personal data—including emails, text messages, passwords and users’ Internet usage histories—was being collected along with other WiFi information as part of the search giant’s Street View efforts.”
““Google made clear for the first time that Engineer Doe’s software was deliberately written to capture payload data,†the FCC said in its 25-page report, issued April 13, though heavily redacted.”
http://www.redorbit.com/news/technology/1866267/google_street_view_…
“According to a Google spokesperson, about 600 gigabytes of personal information had been gathered.”
You don’t need to do that for wardriving regardless of the security on the AP.
Edited 2012-05-04 20:23 UTC
I hope you understand how stupid you sound to me. I would need more than this comment to even come close to informing you to any level you would need though.
His is a true statement. Connecting to a network without explicit permission is illegal in the US. Wardriving, which is what Google did, is not. There is a difference between the two. What Google did, as far as I can tell, is not illegal. IANAL though, so your mileage may vary.
I find that a stupid law. Really shows that law makes have no clue about technology.
There’s nothing to protect.
Hide SSID? Its still broadcasted when your node joins.
Never/Rarely joins? Any traffic results in packets with readable MAC address. Its not encryptable.
MAC is unique and identifiable. Enough to map the network.
Moreover your phone when the wifi is on also leaks it’s MAC. That’s enough to track you anywhere.
So no. You can’t protect against this. No need to play the smart person as if it was avoidable. It is not.
Don’t use wifi. But a similar thing can be said for most of the things you need day to day. Don’t use GSM, your IMEI leaks.
Etc. Ofc, don’t use Internet.
Edited 2012-05-03 03:53 UTC
I was not talking about MAC addresses. I was talking about the passwords and emails that Google apparently acquired because people could not be bothered to secure their network. So yes… there was something to protect and a reasonable way to do it.
Devices “leak” your MAC address because it is not considered super secret private info. It was intended to be a way for devices to be uniquely recognized. If you are worried about that, than you need to keep your devices under a large tinfoil hat.
Note that as far as I know, Google has not done anything illegal. It recorded wifi info being broadcast in plain text to anyone willing to listen. The federal government does this without having to get a warrant. Why is everyone so upset because Google did it briefly? Oh thats right….they’re Google!
Why do “geeks” continue to not understand that “not illegal” is not “not unethical”? Google’s motto is also “Do no evil”, not “Do no illegal”. Therefore, “they’re Google” is a perfectly good reason to hold Google to a higher standard.
Letting Google slide legitimizes lesser companies.
How come mapping SSIDs which are considered public information is deemed unethical. How is this different from going around and writing down doorplates info on a city plan.
If google cars have actually tried to hack into unprotected networks and scan them, that’s a completely different matter. But given that their cars move with normal traffic the short time window makes such attempts unrealistic.
Law is the encoding of ethics.
Not true. For example, according to the law it’s OK to be an asshole and shout at funerals (like that Westboro Baptist church/lawyer cult). But just because that’s legal, it doesn’t make it ethical all of a sudden. The law simply has to define a boundary in a grey zone and must err towards innocent until proven guilty. One of the consequences is that unethical assholes walk free, but that’s the price you pay for freedom.
I did not say law encodes ALL ethics.
But with this statement, you undo your previous argument for “not illegal = not unethical” as the predicate is no longer true. Or I just missed your point entirely
No, the idea of law is to encode ethics, but it is not all-encompassing it cannot be as far as I know. On the other hand law also extends into other areas, such as regulation of trade… and I am not sure how that would extend under the ethical umbrella.
Don’t get me wrong, I am no expert… but what IS the purpose of having law? It is to regulate behavior, to be able to punish things done by one entity that are “wrong” or detrimental to another entity.
I completely agree with you there, but I don’t really see how that’s an argument that invalidates kwan_e’s post. In fact, by saying the law doesn’t encode ALL ethics, you confirm his point that Google may do something legal but not necessarily ethical. (Not that I agree with him that Google was being unethical here – I commented on that in another post.)
Edited 2012-05-03 18:59 UTC
Yes, good point. I concede.
Law compresses ethics using a lossy algorithm, the most lossy of which is patented by the MPEG-LA. Google tried to popularize the competing LawM, but has failed to achieve the same amount of lossy compression and is still inefficient at getting out of court settlements.
Meanwhile, the TSA, FBI, NSA and CIA have developed algorithms to encrypt the law in an effort to protect by making sure no one knows what it is.
Edited 2012-05-03 23:41 UTC
Laws in theory are a given groups codification of their ethics. In a perfect world they would align better… but we all know governments make a mess of them.
The real question is what was Googles intent when they recorded the info and how is that information to be used. You don’t condemn someone for punching someone without first trying to understanding why they did it. The might have nobel or nefarious reasons behind a given action.
It sounds like they were not actually connecting to access points… but rather recording the electromagnetic spectrum being broadcasted as they went by. Just as it would be unfortunate to be standing naked in an open window when the Google van drove by, you should also turn on your WEP encryption in your access point.
As a bit of an side note…. the Google van has serendipitously photographed hookers working streets. Clearly that was not part of their goal. Later they were asked by many local governments to remove them as it painted a negative image of the area. Just another unexpected ethical dilemma for them to deal with.
I wasn’t actually making the argument that what Google did was unethical, as that has yet to be discussed. I was responding to the common sentiment (which I find on Slashdot a lot as well) that “it’s not illegal” is somehow a complete end to a discussion of whether something wrong was done.
And also “because it’s Google” is, given my reasons, a perfectly valid summary of reasons why Google should be held to a higher standard of ethics.
I don’t trust any of the big players. Microsoft, Apple, Sony … you name it. I don’t use Google [instead, I use startpage], Facebook [I’m kinda asocial], Twitter and others.
It is such a pity that people don’t know what lies underneath pretty UIs, nice words and free services.
I can only tell them about the facts, I cannot decide on their behalf.
People should have realised from the prohibition era that in order to make vast amounts of money, you have to be on the wrong side of morality. Be it blatantly illegal activity, like selling hookie moonshine off the back of a cart, or legal but immoral activity like tax evasion or patent trolling, that fact remains that you have to act dodgy to get rich.
Edited 2012-05-04 10:31 UTC