France has become the latest country to investigate potential wrongdoing on the part of Google Street View, the hyper-local image service. The cars used to carry cameras to gather images for Street View did indeed capture passwords from private individuals’ WiFi transmissions over unencrypted networks, found the French National Commission on Computing and Liberty.
Google’s last official word on the subject was a retraction, in the Google Official Blog, of its previous assertion that it did not capture transmitted data (“payloads”) but rather gathered only “publicly broadcast” information, such as the SSIDs or unique labels of WiFi routers and their MAC addresses.
Google has retained security consulting firm Stroz Friedberg to make a report on the matter, and among the firm’s findings is the fact that Google did collect data.
For its part, the French agency is continuing its investigation to determine whether Google was responsible for “unfair and unlawful collection of data” and “invasion of privacy and individual liberties.”
Wiretapping, Plain and Simple
Whatever terms are used to describe it, the practice of intercepting information sent over a WiFi network — whether encrypted or not — is “basically a form of wiretapping,” according to Mark Rotenberg, executive director of the Electronic Privacy Information Center (EPIC).
“Almost every country with a privacy law prevents wiretapping,” Rotenberg told TechNewsWorld.
The attorneys general of a number of states in the U.S. concur. Investigations have been opened in Connecticut, Illinois, Massachusetts, Michigan, and Missouri.
In May, EPIC sent a letter to the Federal Communications Commission urging action on the matter. Joel Gurin, chief of the FCC’s Consumer and Governmental Affairs Bureau, responded in June, saying that Google’s actions, “whether intentional or not,” represented a clear infringement on consumer privacy.
In addition, U.S. lawmakers are moving to hold Congressional hearings on the matter. Representatives Henry Waxman, D-Calif., Joe Barton, R-Texas, and Edward Markey, D-Mass., wrote to Google CEO Eric Schmidt asking for more definitive information on the matter, but they were not satisfied with the results.
They will continue to “actively and aggressively” pursue the matter, Markey has said.
Intention or Invention?
The matter of intentionality remains forefront in the debate swirling around Street View because Google first asserted that the WiFi payload data was intercepted accidentally by code left behind from a previous version of the data collection software.
However, German officials seized a hard drive from one of the cars collecting data in that country, according to Rotenberg, and found that Google “really concealed the extend of WiFi data collection.”
What is perhaps most surprising, noted Rotenberg, is that the original privacy debate about Street View centered on the digital images themselves. Somehow, having cars drive through neighborhoods taking photographs of each of our homes seemed so much more personal and invasive than those taken by satellite.
“No one even thought they were collecting this type of information,” Rotenberg said of the WiFi transmissions.
The rationale that the data was collected inadvertently rings disingenuous to him.
“I don’t know how you do something by accident over three years and in 30 countries,” he remarked.
Whatever the French authorities decide to do, the responses by different countries to the situation vary widely.
In Ireland, for example, the Data Protection Authority requested simply that Google delete the captured data entirely. Google did so in the presence of a third party and submitted the results to the agency.
The company said in a blog post that it is working with analogous government organizations in other countries to determine what to do with the questionable data.
Google collected data as they roamed streets in order to provide a more robust user experience for their ‘Maps’ product. And? Every wireless router I’ve ever purchased contained documentation regarding security of the newly-installed wireless network. Further, blaming Google for simply harvesting data as their ‘Maps’ contributors drove down the street is the same as blaming someone for being a Peeping Tom because they drove by and looked into a window and saw a couple having sex. As long as the Google drivers didn’t enter private property, it is the person using the wireless network’s responsibility to secure it.
Americans LOVE to play the ‘blame game’ – it seems like no one is willing to take responsibility for their own careless actions. What heinous crime did Google commit with all of this data they gathered? Did they sell credit card numbers? Did they post family pictures (or private videos) on web sites in order to embarrass, humiliate, or profit from someone’s carelessness and failure to follow instructions?
Attempting to link this to wiretapping is ludicrous. If I’m in my home and there is an open broadband signal, my position is that it’s mine to use – how do I know that it wasn’t put there as a service by someone in my community? Trying to crack a password is another matter, but simply jumping on an open connection should not be a crime.
Just my opinion – that and $4 will get you a coffee at Starbuck’s.