Details Of Google Wi-Spy Investigation Show Disorganization And Bad Controls, Rather Than Malicious Spying
from the why-you-don't-use-open-wifi dept
It's been nearly two years since Google revealed that it had been collecting (but not using) some data from unencrypted WiFi networks as it drove around with Google's StreetView vehicles. While the data collection was associated with its efforts to use WiFi networks to help determine location info, it was stupid and looked bad. However, as we've explained repeatedly, the real issue there was simply people not protecting themselves by using encryption on WiFi. The simple fact here is that anyone on those networks could collect the same info easily. In recent weeks, the news came out that not only did the FCC clear Google of breaking the law with the activity, but so did the DOJ. Add that to the FTC investigation that found nothing wrong with the activity, and that's now three federal agencies that have said collecting such data didn't break any laws. The FCC did fine Google $25,000 for not being particularly cooperative -- which does reflect poorly on Google. But the simple fact of the matter is that what Google did in collecting this data isn't illegal. If you don't just kneejerk into "Google's evil" mode and want to understand why, Mike Elgan recently did a nice explainer.That said, over the weekend, Google released the full FCC report redacting just names -- and even the name of the key engineer has since been revealed. The FCC had released a report that redacted a lot more info. The report reveals a lot more of the background here, and it's giving new ammo to critics, who are insisting that it shows a much more evil situation than had come out before. Specifically, it shows that Marius Milner -- working on Google's famed "20% time" -- came up with the code, and shared the details with some others, including one who debugged the code, and a supervisor. Milner, among other things, helped create NetStumbler, a tool that plenty of folks have used to monitor WiFi networks.
Some are trying to claim that this shows the effort was planned and not an "accident." Though, in actuality, the details still suggest nothing nefarious at all. It was still just this engineer coding it up, rather than some big plan. And yes, he shared the fact with a few others, but none of them seem to have paid much attention or done anything. In fact, while it was suggested to some that such data might be useful, that idea was dropped when people told the engineer that it wouldn't. There still doesn't appear to be a single shred of evidence that Google ever touched this data or did anything with it. Furthermore, the whole reason that three federal agencies all closed their investigation without charging Google with anything is because -- as many people pointed out from the beginning -- nothing illegal was done. Broadcasting your internet connection over an open WiFi network means that anyone can collect that data. That's not illegal. It may be silly for individuals to do that, but the responsibility is on them.
Also, pretty much every mainstream press report on this whole thing totally ignores that Google could not get access to any encrypted data -- meaning that most email, financial transactions, etc were always protected anyway. Instead, lots of reports talk about "emails and passwords," but that's only true if people used insecure sites in the first place -- and, again, they would be just as vulnerable to anyone who wanted to capture that content.
In the end, it's no surprise that Google haters will try to make more of this than is really there -- they have to grasp at whatever straws they can find. However, about the only thing this really seems to show is that Google had ridiculously poor process and controls concerning putting code into live projects. That allowed this code to get in there, without anyone really thinking through the consequences. Google has more or less admitted that these weak controls were a problem in the past and things are better these days. Of course, you can also understand why Google would have loose controls in the first place, seeking to encourage people to be creative (the reason for the 20% time concept in the first place). The problem, of course, is that if you have someone with nefarious intent -- or just tremendous naivete -- bad stuff can occur. In this case, it seems being naive was the key issue, rather than anything nefarious, and with three federal agencies all coming to the same conclusion that no laws were broken, it's pretty bizarre to see people still freaking out about this. It's fine not to trust Google. But that distrust shouldn't lead to simply making up crimes that don't exist.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, encryption, fcc, ftc, streetview, wifi
Companies: google
Reader Comments
Subscribe: RSS
View by: Time | Thread
Loose controls
If this is a crime, than probably nearly all of the major companies around the world are guilty at one level or another.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[Trolly enogh?]
[ link to this | view in chronology ]
That's right, I said 'enogh'
[ link to this | view in chronology ]
Re: That's right, I said 'enogh'
[ link to this | view in chronology ]
Re: Re: That's right, I said 'enogh'
[ link to this | view in chronology ]
Re: That's right, I said 'enogh'
So, you're not Australian?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Everybody else was doing it, I just wanted to be popular...
Big Mike!!
But, but piracy!
/amidoingitright?
[ link to this | view in chronology ]
Found via Google search in Chrobe browser on my Android phone.
Call me on my new Google Voice number 123-456-7890!
email me at totally_fake@gmail.com
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
WiFi and infrared
However, it was noted in the SCOTUS opinion (forget what it was called - it was pretty recent, last decade or two) that IR searches require tools that are not generally available to the public. This is in stark contrast to WiFi, which is quite prolific and easy for just about anyone to do (pretty much every laptop in the past 10 years and every smart phone can do this).
Of course, it also ignores a case where the FBI hacked into some guy's computer through his open WiFi.
[ link to this | view in chronology ]
Re: WiFi and infrared
That's a beast of a whole different color. WiFi sniffing involves passively listening to the radio signals. Hacking involves interacting with the WiFi and is actually illegal if access controls were bypassed.
[ link to this | view in chronology ]
While I doubt Google did anything wrong in this case, I don't understand what the legality of their actions has to do with that. How long has the federal government been trustworthy?
[ link to this | view in chronology ]
Re:
Those angencies are wearing the very precident that these corporate spies are relying upon, and conversely if these spies are found guilty, what precident does that set for the governments spying on its own citizens?
They are all in cahoots. Technology is driving, governments are riding shotgun, and all of us are systematically being shoved into the trunk by the corporations sitting in the back seat.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Malicious Spying?
[ link to this | view in chronology ]
Hypocrites
[ link to this | view in chronology ]