Group Claims Google Had 'Criminal Intent' In WiFi Data Collection
from the oh-come-on dept
Pickle Monger points us to the news that the group Privacy International is now claiming that Google had "criminal intent" in its accidental data collection from unencrypted WiFi access points. This is, frankly, ridiculous. It takes away pretty much all credibility from Privacy International. There are plenty of reasons why what Google did was bad, but "criminal intent"? That's silly and there's no evidence to support that at all. So far, the evidence shows that Google has pretty poor processes for managing projects like this, but to jump from that to criminal intent, without any facts is just fear mongering.Google is going to end up getting in trouble around the globe for this. There's little doubt of that. Google haters are using this opportunity to attack the company. But the more you actually look at what the company did, the less troubling it is. If someone really did have "criminal intent" to snarf data on open WiFi networks (and there certainly are some folks who do have such criminal intent) they would have done a hell of a lot more than they actually did. Driving around, collecting little snippets of information is about the worst way to get anything useful off of a WiFi network like that. Again, Google never should have done this, but attacking Google for this, without recognizing that there are actual criminals who do much worse on open WiFi networks all the time is pretty bizarre. It's just an excuse to attack Google.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: intent, wifi
Companies: google, privacy international
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
TAM, in case you didn't notice, people should be innocent until proven guilty, not the other way around. Unfalsifiable statements are generally false.
[ link to this | view in chronology ]
Re: Re:
second, and just as important, is mikes involvement with google on various levels, from contacts with key engineers to google sponsoring techdirt events (and providing physical space for them). you pretty much always have to have some doubt of the positions put forward about google considering mikes connections.
[ link to this | view in chronology ]
Re: Re: Re:
In fact, I'd like to see that as a signature on all of your posts going forward.
Oh, also, you might want to read up on that "due process" thing. Innocent until proven guilty applies UNTIL YOU ARE PROVEN GUILTY. Duh.
[ link to this | view in chronology ]
Re: Re: Re: Re:
as for disclosure, i am not running this blog, nor am i defending (or attacking) google. mike draws the conclusiong "It's just an excuse to attack Google.", but considering his multiple links to google, dont you think perhaps, just maybe, he is slightly biased on this one? google people are his friends, they support his causes, they pay his bills, and they sponsor his events. maybe, just maybe, his point of view is swayed even slightly by this?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
only to follow it up with "we are not attempting to set absolute guilt"???
you are either batshit crazy or more than one person (perhaps you are the evil version of the doublemint twins)
and your fireman analogy? sure, where there is smoke there is fire or a perhaps even a fireman... but just because the fire department shows up to a bbq, that doesnt mean its arson.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Are they dumb criminals?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Oh, but I'm not attacking Google. I just want anyone who gathers public info to be brought to justice. And any ignorant American who can't see that shouldn't be allowed to comment, especially if they know someone who works for Google."
See TAM, that's what you sound like. You make as much sense as a poop flavored popsicle.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
i DO however have doubts as to your mental stability.
[ link to this | view in chronology ]
Re:
I had criminal intent when I drank that glass of water.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Cui Bono - Who benefits.
It is NOT POSSILE to accendently wardrive, log open WiFi Ports, log GPS locations and log that data to a computer.
It is NOT accendental. It IS a deleberate and premediated act. And WHY did they want that data.
I see you like to make excuses for youre beloved Google, and you state it was totally innocent.
So how was it innocent, and how was it accendental. It is NONE of those things.
It was a deliberate and premediated act, its automated WARDRIVING, and it greatly benifits anyone who wants to break into systems they are not supposed too.
It's also illegal to go to places you are not intended to go, its called trespassing.
Now matter how you try to spin it Mike, what google have done is clearly illegal, unethical, wrong.
And the PURPOSE FOR THAT INFORMATION, IS ONLY GOOD FOR ONE THING, THAT IS ILLEGALLY ACCESSING THOSE PORTS.
So if you dont think it was for "criminal intent" then please tell use WHY that went to the effort to collect the data, and to keep it. Something you just cannot do accendently.
BTW: doing something by accendently is still no excuse for breaking the law. And it will be impossible for Google to prove that their premediated act was accendental, and that it was for NO PURPOSE.
There is always a reason someone does something, the only way that information can be used is by illegally acting, which is a criminal act.
Therefore ofcourse it is criminal, its unethical, its illegal, immoral, stupid.
The is only intended to benifit those who wish to be criminals and use that information for criminal reasons.
Again, if a policeman pulled a car over, and in the boot was a crobar, a map, and a list of all the houses in the area with unlocked doors.
He would be charged for CRIMINAL INTENT, just as someone with a high number of credit card numbers.
To have such information, information that has ONLY ONE PURPOSE, that purpose is criminal, by association you are engaging in criminal activities.
This has to be one of the most stupid acts goolag has dont in their history. and its amusing that you Mike are going to so much effort to justify their clearly criminally intentional act.
And you still try to say it was accendental, which is most amusing, as im sure you know as well as I do that it would not be POSSIBLE to do that accendently.
Its an act that takes, time effort planning, and probably being told by a superior to do it.
How is that accendental.
BTW: Googlag was recently busted in Australia also "accendently collecting" open WiFi ports.
Fancy that so many "accendents" in so many countries. what are the odds !!!!... :P)
[ link to this | view in chronology ]
Re: Cui Bono - Who benefits.
You really have a strange definition of trespassing.
As far as it being intentional, I agree, how the heck could have it been an accident?
As far as it being criminal, I disagree there, Google did nothing wrong.
[ link to this | view in chronology ]
Re: Re: Cui Bono - Who benefits.
[ link to this | view in chronology ]
Re: Cui Bono - Who benefits.
[ link to this | view in chronology ]
Re: Cui Bono - Who benefits.
now, here in realityland, i can tell you that sitting in my apartment right here i can connect to at least 15 unsecured wireless networks at any given time, and if i were to say, walk around my apartment complex, could easily triple that number.
now, lets say i have my laptop set on the default, ya know, that evil "Connect to any wireless network in range" setting, you know, the setting that the terrorists made them put in laptops so we could wardrive everywhere!!! er, sorry, i mean, that most people have set, which would mean that as you leave one wifi hotspot and enter another, it would automatically connect, does that mean i am doing it with criminal intent?
yes, Google should have had their system set to connect only to either specific wifi hotspots, or via mobile connection such as cell internet or even Satellite(assuming there is a mobile internet option for satellite, i haven't bothered to check)
however, they didn't, and they connected to a bunch of people's wifi, and they collected the information specific to connecting to that particular wifi, which, while a bit annoying, isnt actually criminal in any way, since if you were to go to those wifi spots you could connect yourself since they were unsecured.
now, if they had posted that information for all to see(i haven't seen anything about them doing that) or made the list of information available to the highest bidder(nope, nothin about that either) then yes, they would have done something criminal.
but instead, from what i have understood about this whole situation, they went and publicly said "hey, we screwed up!" and have complied with the law ever since, so umm, where is the criminal part?
and by the way, in your scenario here:
Again, if a policeman pulled a car over, and in the boot was a crobar, a map, and a list of all the houses in the area with unlocked doors.
[ link to this | view in chronology ]
Re: Re: Cui Bono - Who benefits.
[ link to this | view in chronology ]
Re: Re: Re: Cui Bono - Who benefits.
*violently spits coffee out*
WTF? Having my wireless network open is CRIMINAL!?
Wanting to share my internet connection is a CRIME!?
Wanting to SHARE is a CRIME!?
What demented world do you come from? Please go back.
[ link to this | view in chronology ]
Re: Cui Bono - Who benefits.
And as for the reason for collecting open wi-fi, it is, strangely, a navigation aid. The phones can triangulate wi-fi just as easily as they can triangulate cell towers, but with a much better accuracy (due to the shorter range of the signals). All you need is a large enough database of open connection details and their GPS coordinates and you have a nice simple position finder.
That is the reason for the collection, not some tin-foil-hat conspiracy to collect the personal data of every noob that sets up their network with no security.
For goodness sake, please try to understand the articles you draw upon next time.
[ link to this | view in chronology ]
Re: Cui Bono - Who benefits.
[ link to this | view in chronology ]
Re: Cui Bono - Who benefits.
Google is a spy agency, first and foremost, tracks you all over the web. Google makes money from information; this is in *some* degree profit-driven activity. Google is not a "natural person", doesn't have *rights* but only permission; therefore all the contorted legalities of "trespass" and "criminal" aren't accurately applied, at best. No one (here) knows their purpose, but because their charter purpose verges on invasion of privacy, they've an obligation for *extreme* due diligence *up-front* to avoid any dicey areas. Then there's the future: is there *any* level of intrusion the "don't worry" crowd would object to? -- And how will you know whether they aren't sitting in wait for enough packets to unencrypt your "secured" network. Remember, they have powerful computers available.
Nope, this questionable activity better be suppressed NOW, and since it's a giant corporation, I've NO concern if it's a bit unfair.
[ link to this | view in chronology ]
Re: Cui Bono - Who benefits.
Nobody trespassed, moron. The hot spots in question were unencrypted and available on public roads. By your logic, you're "trespassing" on this website.
"Again, if a policeman pulled a car over, and in the boot was a crobar, a map, and a list of all the houses in the area with unlocked doors."
I think that the crowbar would be the questionable object here. Also, to get a list of unlocked physical doors would require trespassing on private property - which Google did *not* do. Again, the information was available on public streets - no private property was accessed.
"He would be charged for CRIMINAL INTENT, just as someone with a high number of credit card numbers."
So, would *anyone* with a high number of credit cards get charged? No. Amazon, Paypal, etc. all have a lot of private credit card numbers and they are committing no crime. Google probably have a lot in their Checkout system, and are committing no crime. You fail at analogies.
"Its an act that takes, time effort planning, and probably being told by a superior to do it."
Bull.
[ link to this | view in chronology ]
Re: Re: Cui Bono - Who benefits.
They fail at debate and simply troll with their tired out and poor excuses for misplaced anger.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
break and enter laws
So accessing a WiFi, is 'break and enter', and therefore it is assumed by the law that you had criminal intent.
In break and enter, the act of 'break and enter' is the criminal act, and it is up to the person who commited the crime to prove that it was not for criminal purposes.
Ie, you ARE GUILTY, until you can prove yourself innocent.
""321.... break means ... to break any part, internal or external, or ... to open any thing that is used or intended to be used to close or to cover an internal or external opening."
A WiFi port is an "external opening"
""Every one who, without lawful excuse, the proof of which lies on him, has in his possession any instrument suitable for the purpose of breaking into any place, motor vehicle, vault or safe under circumstances that give rise to a reasonable inference that the instrument has been used or is or was intended to be used for any such purpose, is guilty of an indictable offence....""
So what "lawful excuse" does google have for wardriving ?
Im sure google had "instruments that has been used or is or was intended to be used for any such purpose".
HOW IS THAT NOT CRIMINAL?
"At common law an actual breaking occurred whenever any part of the building or of its closed fastenings was displaced as, for example, by drawing a bolt, turning a key or lifting a latch. The opening of a closed but unlocked bedroom window was a breaking while the further opening of a window already partly opened was not. The reason suggested for this precious distinction was that when a householder left a window or a door partly open he offered a visible invitation to enter. Constructive breaking, in the absence of actual breaking, extended at common law to cases in which the intruder entered the premises by some aperture which, by necessity, was left permanently open, such as a chimney."
So just because someone has a window open (or wifi connection) that is not an invitation to break and enter.
"•if the offence is committed in relation to a dwelling-house, of an indictable offence and liable to imprisonment for life, and
•if the offence is committed in relation to a place other than a dwelling-house, of an indictable offence and liable to imprisonment for a term not exceeding ten years or of an offence punishable on summary conviction."
So you wardrive a house, and break and enter, it is possible that you will get LIFE IMPRISONMENT.
(thanks for that google).
A Reminder:
""Every one who, without lawful excuse, the proof of which lies on him, has in his possession any instrument suitable for the purpose of breaking into any place, motor vehicle, vault or safe under circumstances that give rise to a reasonable inference that the instrument has been used or is or was intended to be used for any such purpose, is GUILTY OF AN INDICTABLE OFFENCE....""
Note the key term there, ..... GUILTY..... if you enter.
How clear and concise do you actually NEED the law to be ??
http://www.duhaime.org/LegalDictionary/B/BreakandEnter.aspx
[ link to this | view in chronology ]
Re: break and enter laws
and so is telling a lie and drinking water and eating food. All of it are break and enter because I said so.
[ link to this | view in chronology ]
Re: Re: break and enter laws
[ link to this | view in chronology ]
Re: break and enter laws
When I hear the music from the car next to me I am breaking and entering?
[ link to this | view in chronology ]
Re: break and enter laws
"So accessing a WiFi, is 'break and enter', and therefore it is assumed by the law that you had criminal intent."
Accessing an open WiFi is not 'break and enter', since the device is continually transmitting its presence i.e. it is not locked and is actively seeking connections.
You may just as easily say that if you enter an open shop then you are 'breaking and entering' because you weren't specifically invited to go in, you just accepted the invitation that was implicit in the sign 'Open for business'.
On the other hand, if you hack in to a protected connection, even if it is only WEP encoded, you are guilty of the 'misuse of a computing device'.
Google didn't access protected connections, only open ones which would not be protected by the 'misuse of a computing device' statutes.
Your tenuous leaps of logic have failed a second time.
[ link to this | view in chronology ]
Re: break and enter laws
Wardriving is driving around till you find an open access point and using their internet connection.
having a computer that logs free information that travels through public airwaves out into the street as you pass by with no intention of stopping and "borrowing" their internet connection is not only not wardriving but is hardly illegal.
It's like having a tape recorder recording short wave radio transmissions, hardly illegal, but possibly unethical.
[ link to this | view in chronology ]
Re: Re: break and enter laws
[ link to this | view in chronology ]
Re: break and enter laws
From everything I've read so far, it "appears" that they recorded information related to unencrypted traffic. IF they had captured Encrypted traffic (at what ever level encryption) and preformed key cracking on that data, then yes, this would be the equivalent of breaking and entering.
However, if this actually was unencrypted traffic, then I would venture to say that this was not and "Illegal" act at all. Are you familiar with how network sessions are established by any chance? Syn, Ack, Syn/Ack sound familiar?
That's the process where one piece of equipment basically asks for permission to talk to another. Adding encryption would serve as an indication that you don't want to communicate with others, but I would argue that with no other steps taken to prevent the connection, you are allowing it to occur.
If I call you, and get your answering machine and leave a message would you claim that I trespassed on your equipment? No, you might come after me for harassment, or stalking or something else. But I don't think leaving a message when your answering machine says "leave a message" can be considered trespass. I could very well be wrong but I would be very surprised.
[ link to this | view in chronology ]
Please
[ link to this | view in chronology ]
Sense of perspective missing somewhere...
The typical wireless access point has a range of a few tens of metres (possibly less if behind thick walls), there are 12 wireless channels and the Google cars were driving past (not parked outside for an hour). Nobody can be seriously suggesting the cars were trying to record any meaningful data over and above the existence of an *open* access point.
I have seen no suggestion the Google cars were attempting to connect to any of the open access points discovered, they just recorded what was broadcast in the few seconds the AP was in range.
Any analogy with car/house breaking is twaddle.
Anybody running an unsecured access point has far more to worry about than a Google car coming past every few months/years and recording a couple of packets of freely broadcast unencrypted data.
Sense of perspective please people.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Every access point broadcasts its presence, usually 10 times per second, with a special packet called a "beacon". Even the "hidden" access points do it, they only erase the part of the beacon which tells the name of the network. This packet is not and cannot be encrypted, and is supposed to be public information.
Google (and Skyhook Wireless, and others) want some of the information from the beacons (the MAC address of the access point and the signal strength in particular) to store in their database. This information will be used later to triangulate the position of your phone or computer (by comparing the MAC addresses of the access points it sees with the ones in the database).
To store that information, Google had to log each beacon they received, together with a GPS fix. To receive every beacon, they probably put the network card in a mode where it receives every packet on the air. What probably went wrong is that they failed to filter out all packets which were not beacons from the data. The accident here would be that they misconfigured or forgot to enable the packet filter.
You can also do the same thing Google did; look for a free software named Kismet (which I have heard was what Google used).
[ link to this | view in chronology ]
There are plenty of legitimate reasons for separating encrypted and open network data. The mistake is the inclusion of this part of the code, not writing it - and it is an understandable one. The whole point was to legally collect frame header data from wireless networks, a piece of code separating network data could easily be overlooked.
Don't get me wrong, it was a big mistake - but the report is evidence against intent, not in favour of it.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Second, if the packets were encrypted, Google didn't save them. To me, that shows that they respected the privacy of people who made a minimal effort to be private.
To be honest, I'm not that happy that they are doing this, but I really can't condemn them for doing so. They are after all, just trying to organize the world's information. And then sell ads.
[ link to this | view in chronology ]
I was reading the internets the other day, and heard about someone screaming their grocery list from their front yard when somebody drove past them with a device for detecting voices and recording their locations.
The voice-detection people didn't realise that the device was also recording the voices, because somebody else set the device up a long time ago for a completely different purpose. Of course, I don't know that for sure, but I'm so attached to reality to that there can be no alternatives that I haven't yet considered, so I must be right. Even if I were wrong, at least I would just be wrong, and not at all pathetic and/or moronic. I know exactly what Dunning-Kruger is, and I don't suffer from it in the slightest.
And so, I am now apoplectic with rage on behalf of this other person who has had their public announcement recorded - after all, it's not like it's something as trivial as the spokesman for a 1/6 of the planet's population actively covering up child abuse while blocking the prevention of 1000 deaths per day, or a company who scrimped on safety at the peak of their profits and in doing so fucked the livelihoods of millions of people at a total cost to them of 2 days profit.
God I'm amazing at this 'life' thing, I should be king of the world or something. I should never be put to death in order to provide organs for transplant lists, because I'm much more valuable when I'm able to tell people what I think, and, when I finally give in to all the ladies hammering at my door, I'm even able to pass my genes on so that there'll be even more people who know as much as I do in the next generation.
(Ed: I like 'the line' - I enjoy the whooshing sound it makes as I fly over it)
[ link to this | view in chronology ]
I was reading the internets the other day, and heard about someone screaming their grocery list from their front yard when somebody drove past them with a device for detecting voices and recording their locations.
The voice-detection people didn't realise that the device was also recording the voices, because somebody else set the device up a long time ago for a completely different purpose. Of course, I don't know that for sure, but I'm so attached to reality to that there can be no alternatives that I haven't yet considered, so I must be right. Even if I were wrong, at least I would just be wrong, and not at all pathetic and/or moronic. I know exactly what Dunning-Kruger is, and I don't suffer from it in the slightest.
And so, I am now apoplectic with rage on behalf of this other person who has had their public announcement recorded - after all, it's not like it's something as trivial as the spokesman for a 1/6 of the planet's population actively covering up child abuse while blocking the prevention of 1000 deaths per day, or a company who scrimped on safety at the peak of their profits and in doing so fucked the livelihoods of millions of people at a total cost to them of 2 days profit.
God I'm amazing at this 'life' thing, I should be king of the world or something. I should never be put to death in order to provide organs for transplant lists, because I'm much more valuable when I'm able to tell people what I think, and, when I finally give in to all the ladies hammering at my door, I'm even able to pass my genes on so that there'll be even more people who know as much as I do in the next generation.
(Ed: I like 'the line' - I enjoy the whooshing sound it makes as I fly over it)
[ link to this | view in chronology ]
"Spy agency"... don't be silly. They are an advertising company who entice users to view adverts by providing useful services.
Yes they do have some serious computing power but that's needed to deliver their services, not attempting to brute force a few encrypted packets of someones random browsing.
There are far more real, serious, credible threats to peoples privacy than Google storing a few packets of clear data.
What Google did was careless, daft and pointless and will almost certainly cost them cash and/or goodwill in the long run. Yes it's right we should all keep an eye on amoral corporate entities and call them out when they overstep the mark but the response should fit the severity of the act. However, to go over the top on such a minor matter does nobody any favours.
[ link to this | view in chronology ]
The information that was gathered was gotten while a car was driving by off a network that failed to offer even the most basic security precautions. There was no breaking and entering we are talking about radio waves; the walls of the house are an illusion. Actually since there was no security on the network they might as well treat this as overhearing someone’s conversation while hanging out at a park.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Benefit of what doubt? How can there be criminal intent where there is no criminal?
What laws were broken? Be specific.
Extra credit for listing each law by the respective country in which said law was broken.
[ link to this | view in chronology ]