Google is under investigation in at least four countries following a “mistake”, which led to wireless communications being recorded.
What was Google doing?
Google’s Street View cars cruise around taking panoramic photos of city streets. Those photos end up in Google Maps, like this view of Parliament House. But the cars also record the location and unique ID numbers of every wireless (Wi-Fi) access point along the way.
Unique ID numbers?
Every wireless network is identified by a Service Set Identifier (SSID), either the manufacturer’s default such as “Netgear” or “Linksys” or “BigPond12345”, or something personal such as “Smith Family”. If two networks have the same SSID — and that happens a lot, because people don’t always change the default — you can still tell them apart because every wireless device has a unique ID number.
In fact, every network connection on the entire internet has a unique ID called a Media Access Control (MAC) address. Your laptop probably has three MAC addresses, for example, one for the wired Ethernet, one for wireless and one for Bluetooth.
Why was Google recording wireless network IDs?
Using a smartphone’s Global Position System (GPS) capability chews into battery life fast by talking to distant satellites. But most Wi-Fi access points never move. So if your phone has Wi-Fi and Google Maps, it can listen for the SSIDs and MAC addresses of nearby Wi-Fi points, report them to Google, and Google tells you where you are.
Is anyone else doing this?
Yes. Other firms are mapping Wi-Fi for the same reasons, and also just to compile maps of free internet hotspots.
Criminals also seek out unsecured access points — those that haven’t been locked down with a password and encryption — so they can commit crimes using your internet connection instead of theirs. According to Detective Superintendent Brian Hay of the Queensland Police, about half of all Wi-Fi networks are unsecured, something he reckons is a major vulnerability in the community.
So what did Google do wrong?
The street view cars didn’t just record SSIDs and MAC addresses. If a Wi-Fi network wasn’t secured, they were also recording some of the data travelling across the network.
Is that legal?
That’d be a definite “no”.
In Australia, under the Cybercrime Act 2001 it’s illegal to access computer data without authorisation even if, in effect, the door is wide open — just like walking into your house is still trespassing and illegal entry even if the door is unlocked. It could also constitute an illegal communications intercept under the various state and federal Acts.
As for mapping network SSIDs and MAC addresses, that’s perhaps legal from a privacy standpoint. In and of themselves, they’re not “personally identifiable information”. But merely recording the Wi-Fi data could also be an illegal telecommunications intercept since Wi-Fi is a “narrowcast” transmission, in a legal sense, rather than broadcast. That one’s fuzzy.
In Germany, where they take privacy very seriously indeed, all this is a crime with penalties including up to two years in jail.
So how did this happen?
Google’s explanation: it was a mistake. Back in 2006, an engineer wrote experimental software that sampled all publicly transmitted Wi-Fi data. A year later, when Google need software for the street view cars, they just used this software to capture the SSIDs and MAC addresses — perhaps unaware that it captured more.
So what’s happening now?
Google has apologised, deleted the data in front of an independent witness, and grounded the street view cars until the software is re-written.
Meanwhile, German and Italian authorities are investigating. The Australian Privacy Commissioner is investigating. The US Federal Trade Commission is investigating. In Oregon, Vicki Van Valin and Neil Mertz have launched a class action suit.
Isn’t this just further proof that Google is really run by the CIA / the Elders of Zion / the Nazi Space Lizards of the Illuminati?
Yes.
Thanks to David Vaile, head of the Cyberspace Law and Policy Centre at the University of New South Wales, for his assistance. Any mistakes in interpretation are mine.
And I bet there are people in the class action that don’t even own a wifi router.
In Australia, under the Cybercrime Act 2001 it’s illegal to access computer data without authorisation…
hmmm. I am no law professor, but I think the Cybercrime Act 2001 was an amendment bill, amending primarily the Commonwealth Crimes Act 1914 and the Criminal Code 1995. So the Cybercrime Act does not in and of itself provide those provisions. Computer offences are held in part 10.7 of the Criminal Code, which were updated as a result of the Cybercrime Act (being an amendment bill and all).
Apart from the legal side of this it would be better if people didn’t have WiFi for health reasons
Scientific evidence can be found here:
http://www.wiredchild.org
http://www.wifiinschools.org.uk
http://www.mastsanity.org
Radiation intensity inside a house with Wifi is the same as being in the main beam from a phone mast.
@Same: I get the feeling that the ‘science’ expressed on those sites fails to understand the inverse square law, and soft-pedals the differences between ionising and non-ionising radiation. A tin-foil hat will probably help you.
GPS devices listen to satellites, they don’t transmit at all so the battery use is negligible. It’s also possible to make them switch off most of the time to make it even better.
There is however a lot of equipment that doesn’t have GPS that this sort of data is useful for.