37 States Join Investigation of Google Street View 269
bonch writes "Attorneys General from 37 states have joined the probe into Google's Street View data collection. The investigation seeks more information behind Google's software testing and data archiving practices after it was discovered that their Street View vans scanned private WLANs and recorded users' MAC addresses. Attorney general Richard Blumenthal said, 'Google's responses continue to generate more questions than they answer. Now the question is how it may have used — and secured — all this private information.'"
what a waste of time and money (Score:5, Interesting)
Someone needs to make an Android app that does the exact same thing these vans did, and publish all the captured data online, free and open. Maybe then the govt. could take their eyes off Google for long enough to realize the real problem here isn't Google -- it's the silly politicians who think recording SSIDs is malicious (the same politicians who'd start training a multi-million-man army for the coming "cyber war" apocalypse if they could), and the stupid networking (hardware or ISP) companies who don't default to secure settings, and don't educate their customers how to maintain their security.
Re:Overblown? (Score:1, Interesting)
> It's not at all clear to me that capturing a random 3 seconds of traffic from someone's
> open WiFi provides Google with any particularly useful or terribly private information.
So do you upload your traffic logs to Google on a nightly or a weekly basis? And what's the public URL where you also post them? I'd like to have a look.
After all, there's nothing you have to lose.
Re:Politicians from 37 states (Score:1, Interesting)
At a minimum, that is most certainly the case. I suspect it's also an attempt to line some pockets with some googlebucks...
Re:what a waste of time and money (Score:2, Interesting)
Re:Private Info? (Score:3, Interesting)
Seriously, who thinks this info is private? We're talking about payload data from unsecured wifi. For that matter we're talking about payload fragments.
On a recent discussion about the data that the iPhone collects and sends to Apple, many people commented that Apple is worse than Google. Apple collects and sends the following data:
1. MAC address
That's it. Apple doesn't collect the SSID which could likely be used to identify you. And Apple most definitely doesn't even look at any payload. Why would Google have any need to look at payload data? They have no legitimate reason whatsoever. I cannot see any technical reason why looking at any payload data would help them with Streetview. And they discarded all encrypted traffic and kept unencrypted traffic, making it very, very clear that this was intentionally nosing into stuff that they have no right to nose into.
Re:Overblown? (Score:3, Interesting)
Why was it collected? My first two guess would be:
A) The system is intended to collect AP MAC addresses and SSIDs. Doing this requires capturing broadcast packets. As it turns out, you only need some of the packets, but because the capture is passive you have to take what you get and parse it to find what you want. So if you stored the data as it came in it's actually *extra* work to remove the parts of the capture you didn't use, and no one wrote that part because it wasn't important.
B) They wanted to collect all available data in case the in-situ processing fails -- then they can just re-run the data set instead of re-driving the route. Variations on this include "we may encounter new packet types we weren't expecting and want to do post-processing on them" or "we may invent new ways to provide location services based on data that we capture but didn't know at the time was useful".
It's also possible that they're doing something evil that we can't think of, or that they're just keeping the data around in case they think of something evil to do with it later. I agree, it is possible. But I don't think I'm giving Google a pass here -- given the very limited amount of data they collected from each network I have trouble imagining what that evil thing might be, or why we should consider it more important than the data mining that goes on in other contexts, like when you actually use Google services.
Re:Private Info? (Score:3, Interesting)
From what I've read, it doesn't matter as it was not intended to be public. This relates to the same situation police officers faced attempting to record thermal data by reading the thermals off the side of a person house. They argued that since they were not entering into a private residence, but rather reading the data from the external walls, that there was no invasion of privacy. The supreme court threw the argument out, indicating that there was an expectation of privacy involved, and that it was not legal to collect such data without a warrant.
https://ssd.eff.org/your-computer/govt/privacy [eff.org]
Re:Private Info? (Score:3, Interesting)
Therein lies the problem. The average consumer does not think of wireless networking as "broadcast" information.
I'm sick and tired of hearing this bullshit excuse. If someone doesn't think that running someone down with their car will kill them because they watched too many episodes of Itchy and Scratchy, is that a potential defense for vehicular homicide? What about the Streisand effect? Would it be legitimate to prevent taking pictures of other people's property from the air if they didn't know that photons were reflecting off of it at all times and making it visible? Stop making excuses for the technological ineptitude of the masses of asses. They don't bother to educate themselves because there's no reason to do so. Well, I for one think that there is a reason to try to be up on the basic technologies of your age, and further, I think that you should be held liable for your own [mis]use of same. If you don't want to have to learn about how your AP works, run a fucking wire. Advanced technology requires advanced understanding. The legal standing has never been based on understanding but on one basic premise: the data traveling to the person and not the person traveling to the data. There is absolutely zero difference here, and the broadcaster should be liable for their broadcast, just as you would be liable for interference caused by plugging in an FM transmitter and using it to listen to your mp3s anywhere in your house. It doesn't matter that a person doesn't understand that radio waves aren't blocked by walls.
Wrong question -- Re:Private Info? (Score:3, Interesting)
The question isn't "who thinks this info is private?"... ..the question is "who thinks data shouldn't be private?"...
As is usually the case, the law only begins stepping in AFTER the baby has been poured out with the bath water...
Yes, the data is currently available, because people didn't lock the access points. But - outside of the IT geek/nerd community - how many people do you think have Internet connections and aren't aware how to properly secure their network?
And - even if they can secure them - there is still the question about their awareness of what their data can be used for, when they enter it somewhere. How much of what you enter is actually a legitimate concern of the company in question? And how much is just collected for marketing or other purposes the end user might react negatively to?
The US may be at the technical forefront in areas - but you're behind when it comes to the awareness of data security and particularly data privacy issues. What you consider to be the pesky/narrow-minded rules of European governments as to data security - might one day just save you from companies riding rough shot over what you want and think, because they have the necessary data to do so. Of course, if, say, you're into S&M stuff, it may be great that you get advertising tailored to you on sites that deal with it. But, would you want that data to 'leak' out, and all of a sudden co-workers start raising eyebrows, why you get so many porn related ads while looking at google maps?
What about the 17 year old that proudly blogged how he screwed a neighbours kid out of some stuff or other... It's bad enough for the youth to live it down that time. But would you want potential future employers 20 years later make a call on how trustworthy, how grown-up you are by what you posted back then, and might be indexed by some other service in the future?
Linksys (Score:1, Interesting)
This is your WiFi...
Scanning...
Linksys(unsecured)
Linksys(unsecured)
Linksys(unsecured)
Linksys(WEP)
Belkin(WEP)
DD-WRT(WPA2)
2Wire(unsecured)
846fork14(unsecured)
8 APs found. ...and this is your WiFi being managed by the same people who have their windows update set to 3AM, never install them, and are still worried about viruses and people getting into their items while running Windows XP SP1 and vista gold. Also, all of these access points have log in pair (Admin/password), (blank,blank), (blank, admin), (admin, blank). The only grace of that is you can play WiFi conductor for the betterment of everyone in an apartment complex when twenty people around you think it is a good idea to pile on channel 6.
Re:Hmm. (Score:3, Interesting)
if you shout your username and password at your friend out on a public street while I'm walking past with a video camera is it my fault or yours?
should I then blank my recordings for the sake of your fuckup and that you only wanted your friend to hear?
Re:Wifi Hotspot map (Score:3, Interesting)
The problem was that they recorded a lot more information then they needed. Google may not have been malicious in their intent but they still need to be stopped because if we don't draw the line here, what prevents an actually malicious company from driving around vacuuming up all your data?
I wrote my AG, have you written to yours yet? (Score:3, Interesting)
Here's what I sent to Indiana's AG...
TO:
Office of the Indiana Attorney General
Indiana Government Center South
302 W. Washington St., 5th Floor
Indianapolis, IN 46204
Phone: 317.232.6201
Fax: 317.232.7979
E-mail: Constituent@atg.in.gov
FROM: Mike Warot
Hi
I'm Mike Warot, from Hammond. I'm a network administrator working in Chicago.
I've recently learned that 37 states are joining in an investigation of Google's collection of WiFi data, as typified in this story from the LA Times
http://latimesblogs.latimes.com/technology/2010/07/google-street-view.html [latimes.com]
The issue at hand seems to be quite simple. They were trying to make a list of open (unencrypted) WiFi access points as a supplement to GPS to help in navigation. Because the software used to collect this data (Kismet) defaults to collecting entire packets instead of just the names of the access points, there is now an uproar that "passwords were stolen" and other Bull Shit. It was a simple technical oversight, not an evil plot.
Please DO NOT WASTE MY TAX DOLLARS on this wild goose chase. I'm sure you have plenty of other more important work to do.
Thanks for your time and attention.