FCC Apparently Not Satisfied With FTC's Google WiFi Investigation, Opens Its Own Investigation

from the over-what-exactly? dept

So the FTC concluded its investigation of Google's Street View WiFi data collection screwup with no actual penalties. Since then, there's been a lot of pressure from Congressional reps who have a long history of complaining about Google to get the government to reopen the investigation. So, it should make them happy to know that the FCC appears to be picking up where the FTC left off and is opening its own investigation. Of course, I'm not quite sure what Google did here that's under the FCC's mandate. Did it violate the FCC's Part 15 rules in some way? I can't see much that Google did that would fall under the FCC's purview, so I can't imagine this investigation ending with any serious consequences for Google but it seems like this is one political football that just won't go away.

Filed Under: data, investigation, street view, wifi
Companies: fcc, google

Focusing On Google Getting Emails & Passwords Via Data Collection Misses The Point: Anyone Could Have Done It

from the total-overreaction dept

Back in May, we were among those who pointed out that it was incredibly bad that Google had accidentally collected data from open WiFi networks with some excess code in its Street View WiFi mapping efforts. A look at what they were doing highlighted how it was almost certainly accidental and no one has shown any evidence that Google did anything nefarious with the data at all. In fact, by all indications, Google didn't even realize it had collected the data until right before it admitted it.

Today, Google put up a blog post detailing some of the steps it's taken to better protect privacy, and at the bottom (on a Friday post, no less) the company tries to sneak past the "admission" that in finally going through the data (highlighting, again, that it was really unaware it had this data before) that while it was mostly fragments, in a few instances it did have full emails and passwords. This should not be a surprise. If you understand the technology of what was happening, it would collect mostly useless fragments of info, but if it was passing by at the time that someone was transmitting something like that in an unencrypted format, then of course it would collect that bit of info.

Of course, the press immediately pounced on that one key point, and all the articles this afternoon are trumpeting the fact that Google collected emails and passwords and making that the lead of the story.

But here's the important point that none of them seem to be pointing out: Anyone could have gotten the same information. I could open up my network connections where I am right now, and see half a dozen or more open WiFi networks. I could connect to any of them, just sitting here, and snarf down any open data for however long I wanted, and I'm sure sooner or later, I'd pick up some emails and passwords from some users who didn't bother to encrypt and who were using websites that weren't encrypted. That's the thing: this data is out in the open for anyone to take. Google didn't "hack" anything, or do anything particularly different than what tons of people could easily do this very second.

The problem isn't that Google got an occasional bit of openly transmitted info, it's that people are still transmitting such data in the open anyway. In an age where so many people think that just having encryption on your computer is a sign of evil, the real problem is that people aren't being taught to encrypt all of their communications. If that was standard, then Google never would have been able to do what it did... and neither could anyone else.

So for everyone slamming Google for this bit of data collection, why are you not complaining about the fact that someone who actually had nefarious intent can sit at the corner store right now and do the same thing without anyone ever realizing it?

Filed Under: encryption, privacy, street view, wifi
Companies: google

Did Korean Officials Really Need To Raid Google Offices Over Street View WiFi Sniffing?

from the seems-a-bit-extreme dept

It's been a few months since Google admitted that its Street View vehicles were collecting some data from open WiFi networks. Those familiar with the basic technology involved have explained why this was almost certainly an accident, and there's no evidence whatsoever that anything was even done with the data. However, there have been a whole bunch of lawsuits filed, and it's difficult to find a government that hasn't said they'd investigate the issue.

To date, it seems that Google has bent over backwards to work with every government investigating this issue, no matter how varied their requests were on the matter. So far, the UK's investigation has found that the WiFi sniffing didn't appear to collect any sensitive data, though others are still investigating. More recently, Google agreed to allow Germans to opt-out of Street View.

Given Google's clear willingness to help out, it seems a bit odd that South Korean officials -- many months after the news of this came out -- suddenly decided to raid Google's Korean offices over this matter:

A police statement said they suspected Google has been collecting and storing data on "unspecified internet users from wi-fi networks"

Brilliant police work there, guys. It only took you three months to "suspect" what Google admitted in May.

Filed Under: korea, raids, street view, wifi
Companies: google

Why Google's Street View WiFi Data Collection Was Almost Certainly An Accident

from the technical-details dept

We've been among those who have believed that Google's collection of WiFi data via its Street View cars was likely an accident -- but some have argued that it is impossible to do such a thing by accident. In fact, in the various lawsuits and legal maneuverings around this mess, many people keep claiming that there's simply no way Google was accidentally collecting this data -- although we've yet to hear a single person explain what Google would possibly want with the data, or seen a single shred of evidence that anything was ever done with the data. However, for those who insist it is impossible to for this to have happened by accident, Slashdot points us to a detailed technical analysis of why it almost certainly was an accident, despite all the claims to the contrary.

It explains, in great detail, how and why the collection of data packets would occur, mainly to help triangulate where the WiFi network was located -- something that Google has always admitted to doing. The problem was that some of the junk data (a very tiny amount, again, as explained in the article) got caught and retained, when it should have been dumped:

Although some people are suspicious of their explanation, Google is almost certainly telling the truth when it claims it was an accident. The technology for WiFi scanning means it's easy to inadvertently capture too much information, and be unaware of it.

It then goes on to show how all of this works, using a specific example from within a Panera Bread restaurant that has open WiFi, which the author uses to demonstrate just how easy it is to capture stray data, why it would make sense and also just how useless most of that data really would be. It's pretty convincing, but I doubt it will satisfy the conspiracy theorists who are just absolutely positive Google had something nefarious planned.

The key issue, as has been pointed out repeatedly, is that most people arguing nefarious intent don't seem to understand what Google was actually doing. It was trying to map the location of WiFi base-stations, a perfectly legal activity that a small group of companies have been doing for years. But in order to best figure out the location of the networks, it's helpful to have as much data as possible that traversing over the access point. The system doesn't care or need to know what that data is, it just wants as much data as possible for the purpose of triangulating. The problem was that Google's system "kept" the data that it got, even though there's been no evidence presented that the the data was ever used for anything (a key point that those screaming "criminal intent" repeatedly gloss over). On top of that, no one even explains why Google would want such data. The little snippets would be so random it's difficult to come up with any reason why keeping such data would be useful.

Triangulation is a lot harder than you'd think. This is because many things will block or reflect the signal. Therefore, as the car drives buy, it wants to get every single packet transmitted by the access-point in order to figure out its location. Curiously, with all that data, Google can probably also figure out the structure of the building, by finding things like support columns that obstruct the signal.

What's important about this packet is that Google only cares about the MAC addresses found in the header, and the signal strength, but doesn't care about the payload. If you look further down in the payload [in the example data from an open WiFi network in Panera], you'll notice that it's inadvertently captured a URL.

Take a look again. Even though the access-point MAC address is highlighted, there's extra data in the packet. These extra data will include URLs, fragments of data returned from websites (like images), the occasional password, cookies, fragments of e-mails, and so on. However, the quantity of this information will be low compared to the total number of packets sniffed by Google.

That's the core of this problem. Google sniffed packets, only caring about MAC addresses and SSIDs, but when somebody did an audit, they found that the captured packets occasionally contained more data, such as URLs and e-mail fragments.

I agree with the conclusion to the post. Just because this was pretty clearly an accident, it still doesn't make it a good thing. Google clearly should have realized this much earlier and never allowed such data to be captured. But those running around screaming about how this was all pre-meditated by Google are going to have to offer up a lot more evidence.

Filed Under: data collection, triangulation, wifi