Class Action Lawsuit Launched Against Google, Because Some Woman Didn't Secure Her Own WiFi
from the blame-game dept
Late last week, of course, Google 'fessed up to the fact that it was accidentally collecting some data being transmitted over open WiFi connections with its Google Street View mapping cars. As we noted at the time, it was bad that Google was doing this and worse that they didn't realize it. However, it wasn't nearly as bad as some have made it out to be. First of all, anyone on those networks could have done the exact same thing. As a user on a network, it's your responsibility to secure your connection. Second, at best, Google was getting a tiny fraction of any data, in that it only got a quick snippet as it drove by. Third, it seemed clear that Google had not done anything with that collected data. So, yes, it was not a good thing that this was done, but the actual harm was somewhat minimal -- and, again, anyone else could have easily done the same thing (or much worse).That said, given the irrational fear over Google collecting any sort of information in some governments, this particular bit of news has quickly snowballed into investigations across Europe and calls for the FTC to get involved in the US. While one hopes that any investigation will quickly realize that this is not as big a deal as it's being made out to be, my guess is that, at least in Europe, regulators will come down hard on Google.
However, going to an even more ridiculous level, the class action lawyers are jumping into the game. Eric Goldman points us to a hastily filed class action lawsuit filed against Google over this issue. Basically, it looks like the lawyers found two people who kept open WiFi networks, and they're now suing Google, claiming that its Street View operations "harmed" them. For the life of me, I can't see how that argument makes any sense at all. Here's the filing:
My favorite part, frankly, is that one of the two people involved in bringing the lawsuit, Vicki Van Valin, effectively admits that she failed to secure confidential information as per her own employment requirements. Yes, this is in her own lawsuit filing:
Van Valin works in the high technology field, and works from her home over her internet-connect computer a substantial amount of time. In connection with her work and home life, Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless connection ("wireless data"). A significant amount of the wireless data is also subject to her employer's non-disclosure and security regulations.Ok. So your company has non-disclosure and security regulations... and you access that data unencrypted over an unencrypted WiFi connection... and then want to blame someone else for it? How's that work now? Basically, this woman appears to be admitting that she has violated her own company's rules in a lawsuit she's filed on her behalf. Wow.
While there's nothing illegal about setting up an open WiFi network -- and, in fact, it's often a very sensible thing to do -- if you're using an open WiFi network, it is your responsibility to recognize that it is open and any unencrypted data you send over that network can be seen by anyone else on the same access point.
This is clearly nothing more than a money grab by some people, and hopefully the courts toss it out quickly, though I imagine there will be more lawsuits like this one.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: class action, privacy, security, street view, wifi
Companies: google
Reader Comments
Subscribe: RSS
View by: Time | Thread
*whisper whisper*
[ link to this | view in chronology ]
1) Create an open wifi
2) Wait for someone to drive by and notice
3) Slap a lawsuit on them and claim they stole your precious bits
[ link to this | view in chronology ]
tick tock
Yet.
[ link to this | view in chronology ]
Re: tick tock
[ link to this | view in chronology ]
Re: tick tock
[ link to this | view in chronology ]
Re: Re: tick tock
[ link to this | view in chronology ]
Hopefully her company fires her for self admittedly violating NDA and security regs.
[ link to this | view in chronology ]
I Gots Class
Can I get in on this lawsuit?
[ link to this | view in chronology ]
Re: I Gots Class
[ link to this | view in chronology ]
Re: I Gots Class
[ link to this | view in chronology ]
Re: I Gots Class
[ link to this | view in chronology ]
Personal Responsibility, it's personal now! Not.
I think Google actually did a service for free for these people. Google isn't going to do anything with the information but there are plenty of people that will. So Google just highlighted how unsecured most personal WiFi networks are.
[ link to this | view in chronology ]
Re: Personal Responsibility, it's personal now! Not.
TFTFY
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Any contradiction exists only in your strawman argument.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Of course, TAM, the master of contradicting himself, probably sees contradictions everywhere.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Speaking of not attempting to discuss the points and misdirection, you do realize that you didn't actual explain why you thought people were trying to shout you down or provide any supporting examples thereof. You just threw out an overgeneral accusation, assuming that everyone would just magically know why you felt the way you do. But perhaps for someone whose view of the world is so warped that they think anyone who disagrees with them must be a shill, it would make sense that you don't apply the same standards to yourself as you do to others.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Amusing, as always.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
VPN is secure...
Besides, can she prove they have her WiFi data? Can she prove their street view van went past her place while the data collection was taking place?
[ link to this | view in chronology ]
Re: VPN is secure...
what is this "proof" you speak of?
is this a new way of saying "yes, we need more baseless lawsuits"?
*this comment brought to you by sarcmark((c)(r)(tm)(patent pending)(all rights reserved))
[ link to this | view in chronology ]
Open WiFi Supporter
[ link to this | view in chronology ]
Re: Open WiFi Supporter
[ link to this | view in chronology ]
Re: Re: Open WiFi Supporter
[ link to this | view in chronology ]
Re: Re: Re: Open WiFi Supporter
OR...
You just don't give a crap about the TOS.
[ link to this | view in chronology ]
Re: Open WiFi Supporter
Not that I disapprove, but what happens to you if one of your neighbors accidentally downloads something illegal, like child porn? Even if your neighbors aren't the kind of people who would search for such material (and you never know who would), the anonymity of an open connection might make them bolder about searching for regular porn, and if they're using a file sharing program like eDonkey, it's incredibly easy to end up with something entirely different than what the filename suggests.
Traditionally, the FBI hasn't been too understanding about honest mistakes when it comes to CP. In fact, from what I've read, they'll usually jump through as many hoops as required to get a conviction, even if it's obvious to everyone else that the person is innocent.
[ link to this | view in chronology ]
idiots
I want to know how she knows that data was captured of hers? Was she at home when the Google car drove by, was she sending email or other data at the time it went by? Where's the proof they actually got anything from her or the other guy? And the fact, they just jumped on this after Google admits it had a scanner that could do this. Apparently they were aware of the fact they used open wi-fi without encryption, to just figure out that maybe Google got their data. If they knew it was open, why didn't they lock it up?
And in the papers, it says she continues to use an open wi-fi. If I were her employer, I would be investigating her, because of the non-disclosure she agreed to and then blatently used an open wi-fi knowing that it could be stolen.
I think she should be thanking Google for pointing out that this can happen. Maybe she should be more worried about the guy that might live across the street actually stealing the data and actually doing something bad with it, or the guy that could drive by, spot the open connection and then get in and collect the data.
Our current society is so idiotically stupid in saying "yeah I left my doors open and left things up on my pc" and then sueing the guy that came by that said "hey I noticed the door was open and glanced inside and might have seen something personal or something you could get in trouble for leaving out and viewable to anyone that came by, I just wanted to let you know it could happen."
Damn people take some responsibility and secure your own things. You leave it open, then you are the one to blame for it getting stolen!!! Don't knowingly leave it that way then wait for the first guy to come by and see it and then sue the hell out of him for saying "hey dumbass your fly is open!!!"
The sheeple out there just piss me off, just looking for something to get get a quick buck from like this.
[ link to this | view in chronology ]
Hey!
[ link to this | view in chronology ]
Hold on little mikee m and followers?
I'm a bit confused how can it be both ways?
[ link to this | view in chronology ]
Re: Hold on little mikee m and followers?
That's about it, yes. Infringement may have been committed, but not by the idiot with an unsecured network. The idiot is complicit only in being a twit.
[ link to this | view in chronology ]
Re: Hold on little mikee m and followers?
[ link to this | view in chronology ]
Re: Hold on little mikee m and followers?
1) First, say Mike in some sort of condescending tone. Such as "little mikee" or "mike mike mike, tsk tsk tsk."
2) Try to find a contradiction where there is none.
[ link to this | view in chronology ]
but I also have my subnet set such that only 3 devices can obtain IP addresses (Those devices are always up, but have an extra long lease just in case) and my SSID is not broadcast.
Passwords are cute and all but I would say I am now less vulnerable, even if you happen to tool the name of my network you aint hacking another IP out of it.
[ link to this | view in chronology ]
Re:
Your plan, although creative, is not actually a very good one. Enable the security on your access point if you want it secure.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: you aint hacking another IP out of it.
254 guesses per segment, not that many.
chances are your ip range is 192.168.1.xxx Most are not technical enough to know how to change that.
"The DHCP server will not offer anything."
"you aint hacking another IP out of it."
Dont have to. Chances are your DNS is set to 192.168.1.1 as is the gateway. I set a static ip of 192.168.1.254 use net stumbler to acquire your SSID, use pingsweep to discover your machines, barring no local firewall is on, and sharing has been allowed. Then start trying to crack the local admin password to machines listed. Not very hard at all. To me, its not worth the time either. (Unless I know you have 100 gigs of mp3's) LOL
If i knew you had something good, I might spend the time to sweep through 192.168.0-9.xxx I would use a CMD script to change IP and ping a range to a text file, then walk away for a while.
Only way to "secure" your wireless is to set up encryption(with a strong password), dont broadcast SSID, and use MAC filtering. MAC filtering is most important because it will deny access to the router, and stop the method mentioned above. Not that there are not other ways I wont describe here.
[ link to this | view in chronology ]
I disagree on 2 key points
Tell that to my 67 year old Mother-in-law. I had Verizon & Comcast over the past 4 years, and neither one assisted with making the wireless connection secure. They came, plugged their stuff in, and left. No assistance whatsoever. Not once did the tech mention the risk of someone jumping on my wireless. Now I know better, because its my job. Most of the technically challenged out there would not even realize it was a threat. EX: my Mom, their neighbors, anyone over 50.
Would you give a gun to a 13 year old with no guidance?
"So your company has non-disclosure and security regulations... and you access that data unencrypted over an unencrypted WiFi connection... and then want to blame someone else for it?" YEP
Your company allows sensitive info over unsecured connections? That's their fault. The company needs to provide VPN access. It would only be encrypted from the router to the machine. From the work server across the internet would still be open. It would not be PCI compliant.
Was the lawsuit warranted? No way. Just another jab at Google's wallet.
[ link to this | view in chronology ]
Sure I suppose they have a chance of guessing one of the three IP addresses. But its a class A NAT so thats a crapload of guessing. The DHCP server will not offer anything.
[ link to this | view in chronology ]
Re:
That's called security through obscurity (warning Wikipedia). And you're still looking a lot like a big juicy target for a netjacker.
[ link to this | view in chronology ]
Monitoring is not criminal
[ link to this | view in chronology ]
I am going to get a fat ip conflict dialog on one of my machines. So even when WPA2 cracking becomes quick and easy, I will still have methods that deter unauthorized access based off the architecture. And with IPv6 the guess work increases exponentially.
I have done some pen-testing and have not have found a method that would reasonably be able to determine one of the 3 ip addresses sitting on my network (nor gain access without a valid one). I would certainly bow gracefully if I could be shown otherwise.
[ link to this | view in chronology ]
Re: I will concede that it is partial obscurity, but:
[ link to this | view in chronology ]
Re:
You do realize they publish a book called Hacking Wireless Networks for Dummies, yes?
If your network is not authenticated, its a real easy pick.
Sniff sniff... I smell a free ride!
[ link to this | view in chronology ]
...seriously?
[ link to this | view in chronology ]
Re: ...seriously?
[ link to this | view in chronology ]
hope they throw it out
Besides, practically speaking, if Google's admitting to this, do you really think that they're doing something nefarious with it? Even with my paranoid streak, I think not in this case.
[ link to this | view in chronology ]
Re: hope they throw it out
No, but who they are selling this info to? That is what my concern is. Dont kid yourself, they were collecting this data with the hopes of selling it.
Just because I am paranoid, doesnt mean they are not after me.
[ link to this | view in chronology ]
Re: Re: hope they throw it out
What else do you expect from Google?
[ link to this | view in chronology ]
What about Class A leads you to believe that?
Class A means you get to guess 16.5 million times, and means I am little beyond leaving defaults.
I have exactly 3 IPaddresses, no other IPaddress gains access. In order for x.x.x.254 to stumble anything, it has to be a valid IP address.
[ link to this | view in chronology ]
Re:
Your IP = 10.I.got.hacked
Your MAC = Mmmm Big Mac
[ link to this | view in chronology ]
Re:
Your Class A 16.5 million options are reduced to what your system announces directly over the network which is easily listened in on.
Use encryption, because really, you have no idea what you are talking about.
[ link to this | view in chronology ]
Re:
Class A NAT? You have a router that supports class A IP range. Its like saying your getting your wife a breast bra.
Get another machine, set a static ip in the range of your ip scope, connect to your network, ping another machine with file sharing turned on.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
That might be telling...
One possibility: her company provides the IT services for T.J. Maxx, Marshalls, et al. This would suggest that her job is safe...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Correction: can be seen by anyone within range of you, regardless of whether they are on your AP, or any AP at all. "Within range" is defined as a function of your transmit power and antenna gain and the snooper's receive sensitivity and antenna gain: to wit, if the snooper has a high-gain antenna and a sensitive chipset, he or she can intercept your traffic at distances that you would not generally consider to be "within range" of you.
Only way to "secure" your wireless is to set up encryption(with a strong password), dont broadcast SSID, and use MAC filtering. MAC filtering is most important because it will deny access to the router, and stop the method mentioned above.
Stop at the first comma and you're good to go. Hiding your SSID stops you from appearing in the visible AP list of most client utilities, but any hacker worth his or her salt will still be able to find you via active scanning (Probe frames). Even if you block your AP from responding to blank probe frames, the AP still has to respond to probes from your authorized machines, and the hacker can pick that up. It's happening all the time in the background and there's no way to stop it, so... hiding your SSID? Worthless from a security standpoint.
Likewise for MAC filtering. Spoofing a MAC address is trivial.
The bottom line is this: use WPA2 with a strong passphrase or enterprise authentication and call it a day. Anybody who can crack WPA2 is going to blow through your dinky little MAC filtering and hidden SSID, but the reality is that nobody is going to crack WPA2, so why bother with the other stuff?
[ link to this | view in chronology ]
[ link to this | view in chronology ]