WifiSnooping
Latest
Google denied dismissal of wiretapping claims in Street View data snooping suit
Google's already vowed to pony up $7 million and destroy passwords, emails and other data collected from unsecured WiFi networks through its Street View cars, but the damage won't stop there. The US Court of Appeals for the Ninth Circuit has denied the company's attempt to dismiss wiretapping claims in a class action suit over the debacle. Page and Co. argued their actions could pass under a wiretap exemption since data transmitted over WiFi is an electronic communication that's easily accessible to the public. However, the panel of judges didn't buy the search giant's argument. "Wi-Fi transmissions are not 'readily accessible' to the 'general public' because most of the general public lacks the expertise to intercept and decode payload data transmitted over a Wi-Fi network," Judge Jay Bybee explained. Secondly, the court ruled that the data transmitted over WiFi can't be classified as mostly audio, so it falls "outside of the definition of a 'radio communication.'" "We are disappointed in the Ninth Circuit's decision and are considering our next steps," a Google spokesperson told Bloomberg. Now that Mountain View isn't getting off this hook, expect it to dish out more compensation soon.
Google fined $190,000 in Germany for illegal WiFi snooping with Street View cars
Google's been taking heat for a number of years since its Street View cars were found to be pulling WiFi data, and the Hamburg Commissioner for Data Protection and Freedom of Information has today hit the search giant with a 145,000 euro fine (almost $190,000) for its indiscretions. You may not remember this specific case in Germany -- it was nearly three years ago that investigations began, after all -- but it has now come to a close with this fine and the ruling that El Goog illegally recorded personal data including emails, passwords and pictures, which have all reportedly been deleted. We know the company has enough cash to pay in full, so the ruling will likely make more of a dent to its image than its bank account.
Google ends Street View litigation in the US, agrees to destroy collected data and pay $7 million fine
Google's long found itself in hot water where its Street View mapping practices are concerned, running afoul of authorities both in the US and abroad since 2010. But as of today, the search giant's putting an end to its domestic legal woes, agreeing to dole out $7 million to the 37 states and District of Columbia involved in the litigation. In addition, the company's pledged to destroy all of the user information (passwords, emails, etc.) it's thus far collected from unsecured networks -- unlawful snooping it claims was carried out by a "rogue engineer." Google admits to fumbling its dedication to user privacy in this one area and, as part of the settlement, has committed to not only educating its employees on best privacy practices, but to also launch a consumer outreach program addressing these same issues. So, for now, consider this case closed... in the US. Its troubles across the pond are another matter.
Google Street View's WiFi snooping triggers renewed scrutiny in the UK
You remember that little Street View privacy problem that Google had back in 2010? Authorities in the UK sure do and Mountain View's gonna have some serious splainin' to do if the Information Commissioner's Office has anything to say about it. Big G initially denied that its cars were used to willfully snatch up personal info from open WiFi networks, but a recent investigation by the FCC, coupled with earlier accusations, has prompted renewed scrutiny. The report from the US even suggests that "investigators in France, Canada and The Netherlands found that Google intercepted complete email messages, instant message conversations, video, audio, medical and legal information," which could lead to a big headache for the company. We really don't want to imagine the possible consequences of a nationwide Street View ban.
Justice Department clears Google of WiFi wiretapping violations
Two years ago, Google drove its way into a fair amount of hot water when it accidentally (as was claimed) scooped up private data over WiFi while collecting Street View and location data. Now, the Justice Department has cleared the prolific mapsters of the wiretapping violations. The DOJ made its decision not to push for prosecution based on reports from employees and investigating key documents reports Wired. The Wiretap Act (which is the relevant one here) was argued to only pertain to "traditional radio services," by US District Judge James Ware, but neither the DOJ or FCC said they could find any evidence that Google accessed the date it snared. In an extra move of openness, the search giant has also released the entire FCC report on the Street View investigation (redacted to protect identities) which can be found in the more coverage link. So, next time you see the famous camera-topped wagons roll around, you can leave your tin hat in the closet.
Wireless snooping WASP drone knows you want extra jalapeños, no sliced tomato
This fearsome contraption is the handiwork of a couple of amateur DEFCON-types who reckoned that any self-respecting spy plane ought to be able to impersonate cellphone towers. And that's exactly what the Wireless Aerial Surveillance Platform does -- it tricks AT&T and T-Mobile handsets into connecting to it, then re-routes the incoming calls via VOIP so they don't drop, while simultaneously recording all conversations to 32GB of onboard storage. It can also handle a bit of WiFi snooping on the side, thanks to a Linux-based hacking toolkit and a 340 million word dictionary for guessing passwords. What's more, the WASP apparently achieves all of this without breaking a single FCC regulation. So, er, that's fine then. Oh yeah, and we don't want any of that stuffed crust nonsense, you hear?
Microsoft offers up 'managed driving' source code, gets back to location-based business
WiFi-sniffing -- all the major tech giant's are doing it. But it's for your own better-targeted, location-based good... they swear. It's a familiar story that saw Google get served in France and the UK for its fleet of data-collecting Street View cars, and had Apple accidentally storing users' geographic info unencrypted on their phones. Given the history, it's not surprising to see Microsoft take the offensive by offering up source code from its own 'managed driving' program: the cars that collect WiFi, GPS and cell tower data. With the code out in the open, MS can easily side-step allegations of personal data-mining and continue its focus on improving local search services. The move is further evidence that the Ballmer-led company intends to take user privacy very seriously, having already stopped the tracking of individual Windows Phone handsets last May. Location aware devices are an inevitable part of our search-assisted lives, we just wish they all came with a giant opt-out button. [Image credit via WinRumors]
FTC accepts Google's privacy apology, lets Street View off the hook
When Google admitted its Street View cars had collected sensitive data after all, it sparked a new formal inquiry in the UK, but the very same apology was just what the Federal Trade Commission needed to drop an investigation in the USA. The FTC's Bureau of Consumer Protection wrote Google a formal letter today noting "concerns about the internal policies and procedures that gave rise to this data collection," but satisfaction that the company's agreed to change all that and appoint a director of privacy. "Because of these commitments, we are ending our inquiry into this matter at this time," the document reads. Does that mean we can stop using this picture of Ross' old apartment in our posts? Only time will tell.
Google's wardriving days are over, says Canadian privacy commissioner
When Google's Street View cars glide through your neighborhood next, you can leave the WPA2 encryption off -- Canada says that the company has "discontinued" the practice of snooping on unsecured WiFi networks with its mapping vehicles, and "has no plans to resume it." That's one of several findings in a report by Canada's privacy commissioner today, which also claims that the controversial data collection feature was the work of a single Google engineer, and that Google intends to use smartphones to pinpoint WiFi networks from now on. Naturally, the latter caused the commissioner concern that Android phones might capture the same data as the cars. Perhaps you'd best keep those shields up after all.
Apple responds to congressional inquiry, details location data collection in 13-page letter
When Apple's latest privacy policy revealed the company could track any iPhone's location in real time, it threw some for a loop... including a pair of gentlemen from the US House of Representatives, who asked what Cupertino was up to. In a thirteen page letter dated July 12, Apple's legal counsel explains the whole matter away, while giving us a fascinating look into how the company collects -- and justifies collecting -- all that GPS data. Legally the defense is simple, as Apple claims users grant express permission via pop-up messages for every single location-based service and app, and if you don't care to be tracked, you can simply shut down location services globally or (in iOS 4) on a per-app basis in the phone's settings panel. Where it gets more interesting is when Apple explains what it actually collects, and who they share it with -- namely, Google and Skyhook, who provided location services to earlier versions of the operating system. In iOS 3.2 and beyond, only Apple has the keys to the database, and what's inside are locations of cell towers, WiFi access points, and anonymous GPS coordinates. None of these are personally identifying, as the company doesn't collect SSIDs or any data, and in the case of device coordinates they're reportedly collected and sent in encrypted batches only once every 12 hours, using a random ID generated by the phone every 24 hours that apparently can't be linked back to the device. In the case of iAd, Apple says coordinates don't even make it to a database, as they're immediately converted (by remote server) to a advertising-friendly five-digit zip code. Concerning location data collection for services other than iAd, there's still the little question of why, but we'll just leave you with Apple legal's quote on that subject after the break, and let you hit up the full document yourself at Scribd if you want the deep dive.
Google to disclose WiFi snooping data to regulators amid allegations it was collected intentionally
And the mess gets messier. A class action lawsuit filed against Google in Oregon has now been enriched with the allegation that Google willfully collected personal data with its Street View cars, rather than doing so accidentally, as it claims. It's a bold accusation, whose primary basis is a patent application, filed by Google in November 2008, for a "computer-implemented method of estimating the location of a wireless device." A subsidiary claim references the "obtaining [of] one or more packets of data transmitted" from one wireless device to another to help estimate accuracy of location results. That's the supposedly damning verbiage that shows Google intentionally created WiFi-snooping software, and it's also what's being relied on to show that Mountain View couldn't have been ignorant of the data collection going on. Yes, it's quite a stretch, but that's what lawyers are for: mental gymnastics. Over in Europe, Google is doing its best to placate local regulators, some of whom are contemplating criminal charges against the multinational company, by agreeing to hand over all data that was collected by its vehicles. France, Germany and Spain will be first to peruse the info, though presumably there'll be an open door to other nosy governments as well. Doesn't that strike you as weird -- having your private data protected by letting a bunch more people look at it?
