wifi snooping
Latest
Google Street View's WiFi snooping triggers renewed scrutiny in the UK
You remember that little Street View privacy problem that Google had back in 2010? Authorities in the UK sure do and Mountain View's gonna have some serious splainin' to do if the Information Commissioner's Office has anything to say about it. Big G initially denied that its cars were used to willfully snatch up personal info from open WiFi networks, but a recent investigation by the FCC, coupled with earlier accusations, has prompted renewed scrutiny. The report from the US even suggests that "investigators in France, Canada and The Netherlands found that Google intercepted complete email messages, instant message conversations, video, audio, medical and legal information," which could lead to a big headache for the company. We really don't want to imagine the possible consequences of a nationwide Street View ban.
Justice Department clears Google of WiFi wiretapping violations
Two years ago, Google drove its way into a fair amount of hot water when it accidentally (as was claimed) scooped up private data over WiFi while collecting Street View and location data. Now, the Justice Department has cleared the prolific mapsters of the wiretapping violations. The DOJ made its decision not to push for prosecution based on reports from employees and investigating key documents reports Wired. The Wiretap Act (which is the relevant one here) was argued to only pertain to "traditional radio services," by US District Judge James Ware, but neither the DOJ or FCC said they could find any evidence that Google accessed the date it snared. In an extra move of openness, the search giant has also released the entire FCC report on the Street View investigation (redacted to protect identities) which can be found in the more coverage link. So, next time you see the famous camera-topped wagons roll around, you can leave your tin hat in the closet.
Wireless snooping WASP drone knows you want extra jalapeños, no sliced tomato
This fearsome contraption is the handiwork of a couple of amateur DEFCON-types who reckoned that any self-respecting spy plane ought to be able to impersonate cellphone towers. And that's exactly what the Wireless Aerial Surveillance Platform does -- it tricks AT&T and T-Mobile handsets into connecting to it, then re-routes the incoming calls via VOIP so they don't drop, while simultaneously recording all conversations to 32GB of onboard storage. It can also handle a bit of WiFi snooping on the side, thanks to a Linux-based hacking toolkit and a 340 million word dictionary for guessing passwords. What's more, the WASP apparently achieves all of this without breaking a single FCC regulation. So, er, that's fine then. Oh yeah, and we don't want any of that stuffed crust nonsense, you hear?
Microsoft offers up 'managed driving' source code, gets back to location-based business
WiFi-sniffing -- all the major tech giant's are doing it. But it's for your own better-targeted, location-based good... they swear. It's a familiar story that saw Google get served in France and the UK for its fleet of data-collecting Street View cars, and had Apple accidentally storing users' geographic info unencrypted on their phones. Given the history, it's not surprising to see Microsoft take the offensive by offering up source code from its own 'managed driving' program: the cars that collect WiFi, GPS and cell tower data. With the code out in the open, MS can easily side-step allegations of personal data-mining and continue its focus on improving local search services. The move is further evidence that the Ballmer-led company intends to take user privacy very seriously, having already stopped the tracking of individual Windows Phone handsets last May. Location aware devices are an inevitable part of our search-assisted lives, we just wish they all came with a giant opt-out button. [Image credit via WinRumors]
FTC accepts Google's privacy apology, lets Street View off the hook
When Google admitted its Street View cars had collected sensitive data after all, it sparked a new formal inquiry in the UK, but the very same apology was just what the Federal Trade Commission needed to drop an investigation in the USA. The FTC's Bureau of Consumer Protection wrote Google a formal letter today noting "concerns about the internal policies and procedures that gave rise to this data collection," but satisfaction that the company's agreed to change all that and appoint a director of privacy. "Because of these commitments, we are ending our inquiry into this matter at this time," the document reads. Does that mean we can stop using this picture of Ross' old apartment in our posts? Only time will tell.
Google's wardriving days are over, says Canadian privacy commissioner
When Google's Street View cars glide through your neighborhood next, you can leave the WPA2 encryption off -- Canada says that the company has "discontinued" the practice of snooping on unsecured WiFi networks with its mapping vehicles, and "has no plans to resume it." That's one of several findings in a report by Canada's privacy commissioner today, which also claims that the controversial data collection feature was the work of a single Google engineer, and that Google intends to use smartphones to pinpoint WiFi networks from now on. Naturally, the latter caused the commissioner concern that Android phones might capture the same data as the cars. Perhaps you'd best keep those shields up after all.
Apple responds to congressional inquiry, details location data collection in 13-page letter
When Apple's latest privacy policy revealed the company could track any iPhone's location in real time, it threw some for a loop... including a pair of gentlemen from the US House of Representatives, who asked what Cupertino was up to. In a thirteen page letter dated July 12, Apple's legal counsel explains the whole matter away, while giving us a fascinating look into how the company collects -- and justifies collecting -- all that GPS data. Legally the defense is simple, as Apple claims users grant express permission via pop-up messages for every single location-based service and app, and if you don't care to be tracked, you can simply shut down location services globally or (in iOS 4) on a per-app basis in the phone's settings panel. Where it gets more interesting is when Apple explains what it actually collects, and who they share it with -- namely, Google and Skyhook, who provided location services to earlier versions of the operating system. In iOS 3.2 and beyond, only Apple has the keys to the database, and what's inside are locations of cell towers, WiFi access points, and anonymous GPS coordinates. None of these are personally identifying, as the company doesn't collect SSIDs or any data, and in the case of device coordinates they're reportedly collected and sent in encrypted batches only once every 12 hours, using a random ID generated by the phone every 24 hours that apparently can't be linked back to the device. In the case of iAd, Apple says coordinates don't even make it to a database, as they're immediately converted (by remote server) to a advertising-friendly five-digit zip code. Concerning location data collection for services other than iAd, there's still the little question of why, but we'll just leave you with Apple legal's quote on that subject after the break, and let you hit up the full document yourself at Scribd if you want the deep dive.
Google to disclose WiFi snooping data to regulators amid allegations it was collected intentionally
And the mess gets messier. A class action lawsuit filed against Google in Oregon has now been enriched with the allegation that Google willfully collected personal data with its Street View cars, rather than doing so accidentally, as it claims. It's a bold accusation, whose primary basis is a patent application, filed by Google in November 2008, for a "computer-implemented method of estimating the location of a wireless device." A subsidiary claim references the "obtaining [of] one or more packets of data transmitted" from one wireless device to another to help estimate accuracy of location results. That's the supposedly damning verbiage that shows Google intentionally created WiFi-snooping software, and it's also what's being relied on to show that Mountain View couldn't have been ignorant of the data collection going on. Yes, it's quite a stretch, but that's what lawyers are for: mental gymnastics. Over in Europe, Google is doing its best to placate local regulators, some of whom are contemplating criminal charges against the multinational company, by agreeing to hand over all data that was collected by its vehicles. France, Germany and Spain will be first to peruse the info, though presumably there'll be an open door to other nosy governments as well. Doesn't that strike you as weird -- having your private data protected by letting a bunch more people look at it?
