Details Of Google Wi-Spy Investigation Show Disorganization And Bad Controls, Rather Than Malicious Spying
from the why-you-don't-use-open-wifi dept
It's been nearly two years since Google revealed that it had been collecting (but not using) some data from unencrypted WiFi networks as it drove around with Google's StreetView vehicles. While the data collection was associated with its efforts to use WiFi networks to help determine location info, it was stupid and looked bad. However, as we've explained repeatedly, the real issue there was simply people not protecting themselves by using encryption on WiFi. The simple fact here is that anyone on those networks could collect the same info easily. In recent weeks, the news came out that not only did the FCC clear Google of breaking the law with the activity, but so did the DOJ. Add that to the FTC investigation that found nothing wrong with the activity, and that's now three federal agencies that have said collecting such data didn't break any laws. The FCC did fine Google $25,000 for not being particularly cooperative -- which does reflect poorly on Google. But the simple fact of the matter is that what Google did in collecting this data isn't illegal. If you don't just kneejerk into "Google's evil" mode and want to understand why, Mike Elgan recently did a nice explainer.That said, over the weekend, Google released the full FCC report redacting just names -- and even the name of the key engineer has since been revealed. The FCC had released a report that redacted a lot more info. The report reveals a lot more of the background here, and it's giving new ammo to critics, who are insisting that it shows a much more evil situation than had come out before. Specifically, it shows that Marius Milner -- working on Google's famed "20% time" -- came up with the code, and shared the details with some others, including one who debugged the code, and a supervisor. Milner, among other things, helped create NetStumbler, a tool that plenty of folks have used to monitor WiFi networks.
Some are trying to claim that this shows the effort was planned and not an "accident." Though, in actuality, the details still suggest nothing nefarious at all. It was still just this engineer coding it up, rather than some big plan. And yes, he shared the fact with a few others, but none of them seem to have paid much attention or done anything. In fact, while it was suggested to some that such data might be useful, that idea was dropped when people told the engineer that it wouldn't. There still doesn't appear to be a single shred of evidence that Google ever touched this data or did anything with it. Furthermore, the whole reason that three federal agencies all closed their investigation without charging Google with anything is because -- as many people pointed out from the beginning -- nothing illegal was done. Broadcasting your internet connection over an open WiFi network means that anyone can collect that data. That's not illegal. It may be silly for individuals to do that, but the responsibility is on them.
Also, pretty much every mainstream press report on this whole thing totally ignores that Google could not get access to any encrypted data -- meaning that most email, financial transactions, etc were always protected anyway. Instead, lots of reports talk about "emails and passwords," but that's only true if people used insecure sites in the first place -- and, again, they would be just as vulnerable to anyone who wanted to capture that content.
In the end, it's no surprise that Google haters will try to make more of this than is really there -- they have to grasp at whatever straws they can find. However, about the only thing this really seems to show is that Google had ridiculously poor process and controls concerning putting code into live projects. That allowed this code to get in there, without anyone really thinking through the consequences. Google has more or less admitted that these weak controls were a problem in the past and things are better these days. Of course, you can also understand why Google would have loose controls in the first place, seeking to encourage people to be creative (the reason for the 20% time concept in the first place). The problem, of course, is that if you have someone with nefarious intent -- or just tremendous naivete -- bad stuff can occur. In this case, it seems being naive was the key issue, rather than anything nefarious, and with three federal agencies all coming to the same conclusion that no laws were broken, it's pretty bizarre to see people still freaking out about this. It's fine not to trust Google. But that distrust shouldn't lead to simply making up crimes that don't exist.
Filed Under: doj, encryption, fcc, ftc, streetview, wifi
Companies: google