I haven’t said a lot about Google picking up wifi signals as it gathered imagery for its helpful Street View service, but the group “Consumer Watchdog” is doing cartwheels and handstands to try and generate interest in it. In my opinion, they’ve gone a little too far, and now—as have so many before—they will learn to fear my blog post.
This release from CW’s “corporateering” section is misleading in several ways. Take this, for example:
Google now admits that its Street View cars snooped on private WiFi networks as they prowled streets in thirty countries photographing people’s homes over the last three years. The company acknowledges it recorded communications it picked up from unencrypted WiFi networks.
To say “Google now admits” suggests that Google covered it up. Wrong. Google came forward with the information as soon as it discovered its mistake.
Is it “private WiFi networks” from which Google picked up data? The concepts and terminology are unclear to many, but the “private” characterization is misleading.
Many of these networks were privately owned, no doubt, but the question is whether they were configured to conceal the data being transmitted on them. They were not. Information was sent out in the clear (i.e. unencrypted) on these networks. And it was sent out by radio.
We should go into that: At most frequencies, including the frequency used by wifi, radio signals can travel long distances. Radio signals pass through or around walls and vehicles and people and shrubs and trees. If you broadcast data by radio at the typical signal-strength for a wifi set-up, there’s a good chance that it’s going to travel outside your house and beyond your property line, say, into the street.
Given the physical behavior of radio waves, what people do to prevent others accessing the information on a wifi network is they encrypt the network. That is, they scramble the data so that it’s just gibberish to anyone who picks it up. (Or at least it takes an enormous amount of computing power to unscramble the signal.) Lots and lots of wifi networks are encrypted these days, which is a good security practice, though it denies your neighbors the favor of using your Internet connection if they need to.
Given the way radio works, and the common security/privacy response—encryption—it’s hard to characterize data sent in the clear as private. The people operating them may have wanted their communications to be private. They may have thought their communications were private. But they were sending out their communications in the clear, by radio—like a little radio station broadcasting to anyone in range.
The physics here are more powerful than your innocent desires, Consumer Watchdog. That’s not private.
I have a hard time blaming Google for picking up these signals, which were sent out—again—by radio, in the clear. And, as Google explained at the outset, they generally “collected only fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second.”
If picking up bits of data sent unencrypted out to the street is “snooping” on “private wifi networks,” then glancing at someone’s open fly is “leering” at their “exposed genitalia.”
Let’s use that to segue into some talk about creepy behavior.
The release continues:
Over the last week, to gauge the potential threat posed by Google’s WiSpy activities, the nonpartisan, nonprofit public interest group “sniffed” some Congress members’ networks to see if they were vulnerable to the Internet giant, but scrupulously avoided gathering any communications. The investigation focused on a handful of members of the Energy and Commerce Committee, which has jurisdiction over Internet issues. Of the five residences the consumer group checked, one, [Democratic California representative Jane] Harman’s, had a clearly identifiable and vulnerable network. The other four residences had vulnerable networks in the vicinity that may belong to the members of Congress.
Consumer Watchdog people looked up the home addresses of Members of Congress. They went to the homes of these people. And they “sniffed” to see if there were wifi networks in operation there. If you care about privacy, this behavior is worse than what Google did.
When Google grabbed all this data—which they didn’t want and are trying to get rid of—they tied it to SSID information, MAC addresses, and probably physical locations. (Knowing how the data was configured would tell us what inferences might be drawn from it.) But not a single fact about a single identifiable wifi user has been revealed. No personal information—much less private information—got any meaningful exposure.
In its gross effort to rain attention on Google’s misdeed, Consumer Watchdog has now collected information on identifiable individuals—these members of Congress—and put that information in a press release. That’s more stalkerish and more exposing of personal information than driving past in an automobile picking up with indifference whatever radio signals are accessible from the street.
Now, Consumer Watchdog has not committed a privacy outrage. Politicians volunteer to be objects of this kind of intrusion when they decide that they’re qualified to be the boss of us. But this misleading release—and the personal information collection that went into producing it—are just a little too over the top to go without comment.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.