Germany Finds Kismet, Custom Code In Google Car 237
theodp writes "While waiting for a hard disk of Wi-Fi data that Google says its Street View cars gathered by mistake, the Hamburg Information Commissioner's office performed tests on a Google Street View car in a controlled environment with simulated wireless networks and issued the following statement: 'For the Wi-Fi coverage in the Street View cars, both the free software Kismet, and a Google-specific program were used. The Google-specific program components are available only in machine-readable binary code, which makes it impossible to analyze the internal processing.' Interestingly, a 2008 academic paper — Drive-by Localization of Roadside WiFi Networks (PDF) — describes a similar setup, and its authors discuss how they 'modified Kismet, a popular wireless packet sniffer, to optionally capture all packets received on the raw virtual interface.' Computerworld reports that lawyers in a class-action suit have amended their complaint to link a Google patent app to Street View data sniffing."
So how can the computer do it then? (Score:5, Insightful)
The Google-specific program components are available only in machine-readable binary code, which makes it impossible to analyze the internal processing.
No. It makes it very difficult and tedious and impractical to analyze. It is not, however, impossible.
Re:Inaccurate (Score:3, Insightful)
This is a posting by theodp. He found a simple RESTful web API to be too complicated. You actually thought he would be able to understand binary?
Re:If I did what google did... (Score:4, Insightful)
Because you're not a multinational corporation with $20+ billion in revenue and a whole division of lawyers?
Wow brainy argument! (Score:2, Insightful)
Try intercepting someone's cell phone signals - with your dumb argument, you should be able to listen to them too and not get sued. Ditto with so many governmental wireless traffic. Hell, you cant even photograph someone on the street, esp. cops - see yesterdays posts, without their permission, and you are ok with one entity picking up every signal in every neighbourhood ???
Common man - use some brains before you just type some crap !
Not really illegal, but wreaks of dishonesty (Score:5, Insightful)
Re:Inaccurate (Score:4, Insightful)
He found a simple RESTful web API to be too complicated. You actually thought he would be able to understand binary?
And it was a Google RESTful API, as this is a Google binary... so obviously Google would have created it to be so complicated, only Google staffers could understand it!
And the mention of the paper on wireless sniffing? What the fuck does that have to do with Google? Did they sponsor it? No. Did their employees write it? No. Did their employees participate in it? No. But he mentions it just because it re-inforces the conclusion he wants you to draw.
Glenn Beck would be so proud!
So.. when do we call out this idiot as an MS shill?
Re:Wow brainy argument! (Score:3, Insightful)
it's one thing to intercept, it's another to decode.
Neither are impossible, and both are hard to prove unless someone admits it or is caught in the act.
As was noted, this is broadcasted unencrypted information they obtained. Anyone else could have. Going after google is just going after the easy target.
Re:Not really illegal, but wreaks of dishonesty (Score:3, Insightful)
I dunno...maybe if it was aircrack or even wireshark, I would be worried, but I don't see the big deal about Kismet. After all, they were looking for SSIDs/MACs.
I still don't see the big deal about this. If someone photographed you standing in front of your living room window, would you scream "invasion of privacy!!!!!!111eleven" or would you just close the blinds?
Even better analogy...if someone aimed a camcorder out of their window and drove past while aiming it around and saw you for a couple of seconds through your window, would you scream "invasion of privacy"?
Re:Something I've had a hard time understading... (Score:3, Insightful)
SSIDs, though, make a lot more sense. Wi-fi APs, while by no means completely static, provide an incredibly dense network of individually identifiable radio transmitter nodes. If your receiver knows its location(via GPS fix from a good GPS unit), and knows what APs are nearby(ideally with directional antennas), you can turn that into a database that devices with no GPS can use for rough location detection by means of any 802.11a/b/g/n card(or, as is frequently the case with cellphones, devices with ghastly GPS antennas and/or chipsets can use nearby APs to assist their GPS). Skyhook Wireless already has such a database(among other customers, Apple contracted with them to give their non-GPS iDevices some degree of location ability), I don't know if other outfits do as well. Since Google was already going to the expense of having GPS and camera equipped cars drive all over everywhere, it seems quite logical to throw a few wi-fi antennas on the cars and get an AP geolocation database for minimal additional cost.
Re:WTF (Score:3, Insightful)
I know! What next? People whining because their government is installing cameras all over their towns? I mean if you don't want to be filmed everywhere you're going by a Big Brother government JUST STOP GOING IN PUBLIC!!
Re:So how can the computer do it then? (Score:1, Insightful)
Hence the joke 01 (zero one), which is the big endian encoding of 2
No.
Binary 10 is the BIG ENDIAN (bitwise) encoding of decimal 2.
2 = 1*(2^1) + 0*(2^0) = most significant + least significant
Re:Not really illegal, but wreaks of dishonesty (Score:3, Insightful)
If you're caught, just admit it. Looking bad in the eyes of some dumb luddites is not worse than looking like a sleazy liar to absolutely everybody.
Re:Something I've had a hard time understading... (Score:2, Insightful)
How is not securing your wireless indicative of not being able to "operate" machinery properly?
If I leave my front door open and you steal from me, that doesn't mean you're not a thief does it?
Re:Inaccurate (Score:1, Insightful)
I believe that the paper was mentioned in reference to Google's patent application.
And again... why, except to intimate that Google is capturing and storing traffic?
Google's patent app doesn't make any mention of the paper or its authors, and doesn't mention decoding/storage of payload data. So why mention it, other than to try to smear Google?
Re:WTF (Score:3, Insightful)
I mean if you don't want to be filmed everywhere you're going by a Big Brother government JUST STOP GOING IN PUBLIC!!
True. I really don't have a problem with it. I also understand that when I'm in public, I'm IN PUBLIC VIEW. Its really not hard unless you're an idiot. If you don't want people to know you're doing something, do it in the privacy of your own home. Don't get pissed off when someone sees you do something in a public place.
He said filmed, not seen. There's a difference... in fact, there's an absolutely *massive* difference that's really not hard to see "unless you're an idiot".
In fact, there's a difference between being seen by ordinary people in a public place- as has happened for thousands of years, and which set our expectations of what "in public" means- and what has happened within less than the past generation which means that you may be viewed and recorded remotely.
I find all these "anything you do in public is fair game" type arguments miss the point that modern technology fundamentally changes what "in public" means. Rather than being seen by (possibly) a few people in your immediate surroundings with limited memories, and without the expectation of your every move being tracked- unless this was being actively done by (e.g.) a policeman- you can now be passively and automatically viewed and tracked from a distance and anything you do recorded for an indefinite period of time.
Maybe this is the way it already is in some places- but we should be asking if this is the way it *should* be.
And "in public" hasn't ever been the free-for-all that you and others imply. In a free society- people can, and have in the past been able to, go where they liked, take photographs (for example) and so on... it was "in public"... right? Yet I'm willing to bet that it still wouldn't have been socially- and possibly not legally- acceptable to follow one particular person round constantly taking photographs and watching what they were doing (even without interfering) without good reason?
It's in public... if they don't like it, they should be in the privacy of their home- right? Oddly enough, no.
In short, the "in public you should have no expectation of privacy" is not as clear cut as some think. And the fact is that technology changes the game *without* the rules being changed. We haven't been in this situation before, we should be asking the questions and considering new social and legal issues brought up by this... not spouting pat answers based on a misrepresentation of previous social conventions that were never exactly like that anyway.
Re:Tsk tsk (Score:3, Insightful)
Collecting data isn't (necessarily) evil. Abusing it is.
For example, google's well known for finding web pages that were intended to be private, but never properly locked down -- phpmyadmin installations, router admin pages with no passwords, etc. [hackersforcharity.org]
Finding those things isn't evil. Were google to, say, forcibly install software on every unsecured router their crawlers found, *that* would be evil.
Are they being evil? Maybe. But data collection itself isn't necessarily evil.
Re:Not really illegal, but wreaks of dishonesty (Score:3, Insightful)
DBA #1 : "What fields do they want?"
DBA #2 : "You'll never know until the projects over, give them everything and let them work it out."
Re:Wow brainy argument! (Score:3, Insightful)
If you can't see that it is the same concept, then the conversation needs to continue. Property lines are an arbitrary invention of society restricting freedom of snooping - the same framework of norms and expectations we apply to geography can be applied to any terrain/medium, including airwaves.
don't be such an idiot (Score:3, Insightful)
The wonderful thing about the law is your data is protected on any network, at any level of encryption and using any base station you like.
You are totally naive if you think your data is protected because some data protection czar makes a name for himself going after an American company. Going after Google isn't going to protect your data one bit. The only reason Google is playing along with this charade is because they really are a legitimate business and the data really is of no value to them. The people you really have to worry about are people who use that data to defraud and blackmail you, and compared to the other crimes they are committing, whether they capture your packets or not is totally irrelevant.
Furthermore, you are effectively required by law in Germany to encrypt your WLAN anyway; if you don't, you're almost certainly breaking both data privacy and copyright law.
In fact, given that the data protection agency is now getting this data, I see no legal reason why they shouldn't search through it for violations of German privacy law, copyright law, and German content restrictions. They could charge thousands of people with crimes based on the data. Maybe that would drive the point home to the morons who think that what's been happening in Germany protects anything.