Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

States Launch Joint Probe of Google Wi-Fi Snooping

Soulskill posted more than 3 years ago | from the not-going-away dept.

Privacy 134

CWmike writes "As many as 30 states could join an investigation into Google's collection of personal information from unprotected wireless networks, Connecticut attorney general Richard Blumenthal announced today. Google's response was similar to what it said earlier this month: 'It was a mistake for us to include code in our software that collected payload data, but we believe we didn't break any US laws. We're working with the relevant authorities to answer their questions and concerns.' Google already faces investigations by privacy authorities in several European countries, including the Czech Republic, France, Germany, Spain and Italy. In the US, Google faces multiple civil lawsuits, and the company has been asked for more information from several congressmen as a preliminary step to a legislative hearing. Google has asked that the lawsuits be consolidated and moved to a California federal court's jurisdiction."

cancel ×

134 comments

Sorry! There are no comments related to the filter you selected.

frosty piss (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#32646970)

it's not just for washing the taste out of your mouth after eating my asshole!

If any of these are upskirt vids (0, Offtopic)

WillAffleckUW (858324) | more than 3 years ago | (#32646976)

If any of these are upskirt videos, that's illegal in most Western states and is a felony.

As Perez Hilton now knows.

Doesn't matter WHY you committed the felony, it just matters that you DID it.

Re:If any of these are upskirt vids (1)

MokuMokuRyoushi (1701196) | more than 3 years ago | (#32647036)

Thank you - exactly. I see so many /.ers saying "Oh, it was a mistake!". Well, you go to jail for accidentally killing someone too. I'm not equating wi-fi data collection to manslaughter, but the principal holds.

Re:If any of these are upskirt vids (1)

BoberFett (127537) | more than 3 years ago | (#32647106)

Except do you really think anybody wants Google employees in jail for committing crimes?

I'm gonna go out on a limb and guess that the real reason is the number 1, preceded by a dollar sign and followed by a lot of zeros.

Re:If any of these are upskirt vids (1)

MokuMokuRyoushi (1701196) | more than 3 years ago | (#32647316)

Of course not. They probably wouldn't go to jail in any case, just take a fine. Again, principal. Whether or not they pay a fine/bribe their way out, the fact remains, a crime is a crime, accidental regardless.

Re:If any of these are upskirt vids (1)

BoberFett (127537) | more than 4 years ago | (#32648348)

Fines are governments way of saying "You committed a crime, but for a sufficient bribe *wink nudge* we'll let you off the hook."

Re:If any of these are upskirt vids (2, Insightful)

rtfa-troll (1340807) | more than 3 years ago | (#32647696)

Well, you go to jail for accidentally killing someone too.

No; actually you don't. You can go to jail for "negligently" killing someone, but not normally for "accidentally" killing someone. There may be special exceptions where the accident was something that could have been avoided by a specific action you failed to take, but these are basically special case of negligence.

N.B. I am of course ignoring miscarriages of justice, but if we included those then you could go to jail for not killing someone.

Re:If any of these are upskirt vids (0)

Anonymous Coward | more than 4 years ago | (#32648316)

Can you name a situation where an accidental killing couldn't be construed as negligence?

Re:If any of these are upskirt vids (1)

masshuu (1260516) | more than 4 years ago | (#32648470)

I remember a story of someone who when driving with a driving instructor hit and killed someone. No one was sent to jail.
Apparently the person ran into the road, and the new driver hit the wrong pedal.
The driving instructor could not hit his break in time.
Why should either of them go to jail?

Re:If any of these are upskirt vids (1)

hairyfeet (841228) | more than 4 years ago | (#32649676)

Well I can name one, happened around here when I was a kid and I witnessed it. A woman was driving by the school, going well below the speed limits and obeying the signs, when a third grader late for school shot out between a couple of cars and she hit him. She wasn't going but about 20 but she clipped him just right, and when he hit his head popped like a watermelon.

Of course she wasn't charged with anything, it was an accident, nothing more. I heard a few years later she ended up in a mental institution for awhile, simply because she couldn't get the incident out of her head and the nightmares were making her suicidal. But we meatsacks are fragile little things, and it isn't really hard to cause someone to die totally by accident. This is why we have police and judges to separate the accidents from the negligent homicides.

As for TFA, as much as I am pro privacy this crap is getting more than a little nutty. They simply picked up unencrypted WIFI being broadcast that is all. Hell anyone living in an apt has a dozen unencrypted WIFI routers blasting into their homes, are you gonna bust them if they pick up data from the wrong router? If they were hacking routers that would be one thing, but this is NO different than picking up a radio broadcast, because that is pretty much what it is. This is starting to smell to me like a "my neck, my back, I'll sue!" kind of situation, where everyone is lining up because Google has deep pockets.

still dont see (4, Insightful)

Tmack (593755) | more than 3 years ago | (#32647042)

Why this is being given such legal scrutiny. Its akin to driving down the street with a tape recorder and parabolic mic, recording whatever conversations people might be having as part of a population density study, and accidentally recording someone in their front yard yelling their cc# into the phone. It should fall under general privacy law: if you dont spend the time/energy to setup encryption of some form, dont expect privacy (same as if you dont try to block peeping toms, or if you go sunbathing nude in your front yard next to the street, dont be surprised to find yourself posted to /b). Even windows warns you now if you try to connect to an unencrypted AP. If anyone should be sued for this, sue the manufacturers that distributed the APs with a default configuration of no encryption and see how well that flies.

Tm

Re:still dont see (2, Informative)

ScrewMaster (602015) | more than 3 years ago | (#32647124)

Why this is being given such legal scrutiny.

I think Google is seen as being a bit too successful and there are a lot of companies that would like to see Page & Brin taken down a notch. I wouldn't be the least bit surprised to find Microsoft's hand behind some of this.

And just what drain-bamaged individual modded the parent post troll? He's just pointing out the truth: it's your responsibility to secure the radio transmitter that you hooked up to your computer. It's not my my responsibility to avoid picking up your signals. The truth is, when it comes to security the law cannot protect you. Just like cops can't protect you from having your house broken into and your wife and daughter raped. All the law can do is try to pick up the pieces afterwards and maybe offer some redress.

Google screwed up here, but only by gauging the collective intelligence of the world's politicians to be much higher than it really is.

Or BP? (1)

Weezul (52464) | more than 3 years ago | (#32647688)

Or maybe BP hoping the oil spill gets out of the news sooner?

Re:still dont see (1)

macshit (157376) | more than 4 years ago | (#32649180)

Why this is being given such legal scrutiny.

I think Google is seen as being a bit too successful and there are a lot of companies that would like to see Page & Brin taken down a notch. I wouldn't be the least bit surprised to find Microsoft's hand behind some of this.

Also this is seen as a chance for easy political grand-standing by politicians who haven't the faintest clue what actually happened, but can see how to spin it into a "probe" to make it look like they're doing something... and once one politician starts blathering cluelessly about it, the rest are eager to jump on the bandwagon.

Re:still dont see (1)

larry bagina (561269) | more than 3 years ago | (#32647166)

That happens to be illegal in some states.

Re:still dont see (3, Insightful)

schwit1 (797399) | more than 3 years ago | (#32647462)

How can it be illegal in 'some states'? isn't this the jurisdiction of the FCC?

Re:still dont see (2, Informative)

Jurily (900488) | more than 4 years ago | (#32648576)

How can it be illegal at all?

Google is using public resources to gather data. It's what they do.

If you broadcast an SSID to an unencrypted network, it's a public resource, plain and simple. Just because you were too stupid or lazy to do something about it doesn't mean Google's at fault here.

What next, whine because they spider your web page?

Re:still dont see (1)

AHuxley (892839) | more than 4 years ago | (#32647912)

http://www.irongeek.com/i.php?page=computerlaws/state-hacking-laws [irongeek.com] seems to show a list of some state based ideas on computer infrastructure use and access.
back from 2005 on wifi
http://news.cnet.com/FAQ-Wi-Fi-mooching-and-the-law/2100-7351_3-5778822.html [cnet.com] "Are state laws about unauthorized access different?
Yes, but often not in an important way. Genetski says that "as a general rule, most states model their computer crime laws after (the federal law).""
So in the US they might be ok for accidentally collected the data and didn't share it.
Within in the US illegal to access computer data without authorisation could be an aspect too, secured or not?

Re:still dont see (1)

leon.gandalf (752828) | more than 3 years ago | (#32647168)

Exactly. And whoever modded this down is an idiot.

Re:still dont see (2, Insightful)

_Sprocket_ (42527) | more than 3 years ago | (#32647254)

Why this is being given such legal scrutiny.

"I say! There's a bandwagon out there and we're not on it!"

"Are people paying attention to it?"

"Whole throngs of people."

"I'll get my hat..."

Jump on the Bandwagon! (1)

Local ID10T (790134) | more than 4 years ago | (#32648122)

Hurry! Hurry!
Step right up!
Get your tickets here!
Come one, Come all!
Plenty of room, no pushing please.

Re:still dont see (1)

Anne_Nonymous (313852) | more than 3 years ago | (#32647278)

It's like if you leave your house unlocked, but the liquor cabinet in your basement rec-room is closed, but not locked, but it has a sign on it that says "Don't drink daddy's hooch", but if somebody came down there who wasn't daddy's child, and drank a Coke, but not any hooch, then would it be ok, if the mailman left a package inside the storm door on the porch instead of out in the rain? That's pretty much the best WiFi security analogy I've heard.

Re:still dont see (0)

Anonymous Coward | more than 4 years ago | (#32649372)

Here's an even better analogy. You have a garden hose, and whenever anyone walks by your house on the sidewalk, you spray them. Someone opens their mouth and drinks the free water that you're squirting at them, and you scream, "Water thief!!"

Re:still dont see (2, Funny)

ascari (1400977) | more than 3 years ago | (#32647342)

Google == Big Juicy Target. Do you see now?

Re:still dont see (0, Flamebait)

Montezumaa (1674080) | more than 3 years ago | (#32647372)

You could not be more wrong. Seeing as you do not understand how all state laws work, in regards to accessing computers and networks, I suggest that you keep such blanket comments out of this discussion.

Re:still dont see (2, Interesting)

Angst Badger (8636) | more than 3 years ago | (#32647404)

I'd have modded the parent +1 Insightful, but the truth is that it wasn't actually insightful; it was obvious. If you are broadcasting an unencrypted signal beyond your property line, you are doing just that: broadcasting your data to everyone in range. Complaining when someone actually receives that broadcast is a bit like putting a billboard in your front yard and complaining when people look at it. There should be absolutely no expectation of privacy in this situation, especially when there is no way to tell the difference between an access point left unsecured because of ignorance and one left unsecured for the express purpose of sharing the connection.

All we have here are a bunch of state attorneys general preying on the ignorance of the general public to prosecute Google for reading public messages in order to boost their reelection prospects. Some of them might have started with honest intentions out of their own ignorance, but they've all had enough time at this point to learn the bare basics of WiFi. It would have been nice if Google had taken greater care in its actions, but even if they had intentionally captured every last byte they could suck out of the air, there would have been no wrongdoing.

Re:still dont see (1)

AHuxley (892839) | more than 4 years ago | (#32647784)

"someone actually" is a .com with with real lawyers who told them it was not a good thing to do.
"broadcasting your data to everyone in range" you can use open wifi, the problem is with collecting and storing.
"complaining when people look at it" is again what real lawyers told them it was not good to do.
If you did not want to connect to Google, you have an expectation of privacy.
"It would have been nice", they seem to have understood they should not have from day one in parts of the world.
The difference is between establishing a connection to ask for the MAC ect and storing data.
The laws could have been changed, exemptions requested or code tested.
The laws where not retroactive, new, not clear ect. Dont keep other peoples data.

Re:still dont see (1)

phyrexianshaw.ca (1265320) | more than 4 years ago | (#32649874)

but that's the problem. it's not their data.
by broadcasting the data via unencrypted WIFI, it's akin to putting up a note on a public billboard asking about pork recipies and putting a note on it saying "hey jewish friends of [me] don't read this please"

people need to learn that data is not theirs to keep/own/protect. bits are bits, free them already!

if you want to use the internet, don't complain when people trying to collect the data for the sake of improving the internet collect/store/make use of it.

Re:still dont see (3, Insightful)

murdocj (543661) | more than 4 years ago | (#32648546)

For god's sake, the whole "I was walking down the street and happened to intercept unecrypted wifi" argument is utterly ridiculous. No one "happens to intercept" wifi. You have to actively snoop. If you want a better analogy, try "I walked down the street and opened up people's mailboxes and read their letters. But they had it coming to them, they didn't have lockable mailboxes".

Google screwed up. Period. If they had simply done what they claim they wanted to do, and only recorded header information, this just wouldn't be an issue. If anyone else drove a fleet of vans around intercepting wifi, people on Slashdot would be going nuts, but because it's the cool company, all is forgiven.

Re:still dont see (0)

Anonymous Coward | more than 4 years ago | (#32649154)

I think the truth is more than just "it's the cool company". I tend to think that some defending this as somehow justified or reasonable are actually stockholders and if so I would expect they would say *anything* favorable to defend the value of their shares in "the cool company".

Re:still dont see (1)

Angst Badger (8636) | more than 4 years ago | (#32649390)

For god's sake, the whole "I was walking down the street and happened to intercept unecrypted wifi" argument is utterly ridiculous.

It's more like, "I was walking down the street and happened to overhear the residents yelling loudly from their porches." If you happen to be walking down the street with a wifi-capable device, you might capture some data, too.

Look, if you're beaming unencrypted data through my body, it has ceased to be your private concern. It may be impolite for me to look at that data, just as it would be impolite for me to listen to your loud argument with your spouse on your front porch, but there's a wide gulf between impolite and illicit.

If anyone else drove a fleet of vans around intercepting wifi, people on Slashdot would be going nuts, but because it's the cool company, all is forgiven.

Google creeps the hell out of me. Between their collection of information from email and web searches and their entry into the medical records business, they do plenty of things that represent a genuine threat to privacy. Capturing fragments of unencrypted broadcasts, on the other hand, doesn't particularly worry me. I encrypt my network for a reason, and that reason has a lot more to do with the government and my immediate neighbors than it does Google.

Re:still dont see (1)

phyrexianshaw.ca (1265320) | more than 4 years ago | (#32649908)

"I walked down the street and opened up people's mailboxes and read their letters. But they had it coming to them, they didn't have lockable mailboxes".

Excuse me? that analogy fails on SO many levels.

what you describe is analogous to BREAKING the encryption on their mailboxes, and making photo copies of the letters.

the postal system analogy here would be more like receiving all your postal mail via PDF's short-linked on twitter and "asking people not to read it".

NOWHERE did google intentionally GO INTO any mailboxes, they just collected data being broadcast freely to anybody who wants it. hell, if it's still being broadcast, the people that contributed to the whole thing have NOTHING TO COMPLAIN ABOUT FOR ONE SECOND!

Re:still dont see (2, Interesting)

Graff (532189) | more than 3 years ago | (#32647434)

Why this is being given such legal scrutiny.

It's very simple: election time.

Richard Blumenthal is in the race for Christopher Dodd's Senate seat and so he's using any issue to put himself in the news. Google is a big name and by going after them Blumenthal can get his name splashed across tons of news outlets for some free publicity.

Re:still dont see (1)

bloodhawk (813939) | more than 4 years ago | (#32648184)

In many countries it is outright illegal to connect to or listen to traffic on a private network, EVEN if the network is completely and utterly unprotected and admined by a moron. When a large company breaks a law on such a large scale, even if accidental you have got to expect it to receive a lot of scrutiny. Also believe it or not your idea of a tape recorder and parabolic mic is also illegal in many countries unless you have either the peoples permission to record them or court issued warrants.

Re:still dont see (0)

Anonymous Coward | more than 4 years ago | (#32648396)

In many US states it is not legal to record a conversation, using a microphone, and if you are involved, without consent. I think it is not legal in any state to unknowingly record a conversation between others.

But this is irrelevant. The purpose of these laws are to protect understood confidentiality.

How is open wifi different from a regular conversation? Because it is broadcast radio waves. The entire REASONING behind unprotected wifi is to communicate, OPENLY. The data is meant to be captured by any party. It's the basic equivalent of shouting into a megaphone in a crowded area.

You say, without specifying further, that some countries criminalize this action. But since when does the existence of a law make it just? I don't give a fuck about the laws in other countries. I care about the laws in mine. And in this instance, they happen to be correct.

Re:still dont see (1)

DJRumpy (1345787) | more than 4 years ago | (#32648188)

The same principal applies to taking photo's of someone without their consent. If you point a video camera into someone's home, you aren't physically entering it, but you would be held liable under the law in any case. There is precedent set for the private sector, which is where this would fall: "Private Sector Electronic surveillance is most common in two areas of the private sector: employment and domestic relations. In addition to legislation in many of the fifty states, Title III governs these areas as well. It prohibits any person from intentionally using or disclosing information knowingly intercepted by electronic surveillance, without the consent of the interested parties. The intent element may be satisfied if the person knew or had reason to know that the information intercepted or disclosed was acquired by electronic surveillance; it is not satisfied if the person inadvertently intercepted or disclosed such information." [Source] http://legal-dictionary.thefreedictionary.com/Electronic+Surveillance [thefreedictionary.com] In this case, Google was actively scanning for this information. They didn't inadvertently 'see' it. Their entire purpose was specifically to collect it.

Re:still dont see (0)

Anonymous Coward | more than 4 years ago | (#32648448)

This is a bullshit analogy. Google didn't direct the recording of any specific data. It was broadcast TO THEM, by design -- not intentionally sought out.

Unless it's also illegal to receive a public television signal, any accusation of wrongdoing is purely fabricated.

Re:still dont see (1)

DJRumpy (1345787) | more than 4 years ago | (#32648500)

You wouldn't consider driving down the street with the intent to record these leaking broadcasts, intent? People don't broadcast their WiFi with the intent to let Google record it. They broadcast it within their home. Any leakage can't be controlled by the end user unless they put up a cage. I don't see that happening.

You do realize you described a 'public' television signal right? Private transmissions from a home are not the same as a public transmission.

Re:still dont see (0)

Anonymous Coward | more than 4 years ago | (#32648762)

Open wifi has one reason and one reason only. To publicly broadcast the signal so that any device in range can communicate, sans restriction. There is no classification to be made between the naive actions of a homeowner and the willful allocation of a block-wide access point, or an open business wifi hotspot. The distinction between these cases CANNOT BE MADE.

Your entire premise is flawed because you describe unsecured wifi communications to be "leaking." This is HOW THE TECHNOLOGY WORKS. The packets are CAPTURED, and READ, and FILTERED, by ALL the unconnected wireless devices in the area. Fuck, for an ad-hoc connected network, the data isn't even filtered out.

Re:still dont see (1)

DJRumpy (1345787) | more than 4 years ago | (#32648814)

The law as quoted above isn't ambiguous. It is in fact very clear:

  • "In addition to legislation in many of the fifty states, Title III governs these areas as well. It prohibits any person from intentionally using or disclosing information knowingly intercepted by electronic surveillance, without the consent of the interested parties. The intent element may be satisfied if the person knew or had reason to know that the information intercepted or disclosed was acquired by electronic surveillance; it is not satisfied if the person inadvertently intercepted or disclosed such information."

What part of that do you find unclear? You don't think the 30 some-odd states looking to file legal action haven't considered this?

Re:still dont see (1)

phyrexianshaw.ca (1265320) | more than 4 years ago | (#32649928)

and as per your wonderful quote you've completely overlooked that google has only collected and stored data. they have not used or disclosed anything.

law is ALWAYS gray. there is NO black and white.

and that doesn't even begin to cover "or had reason to know that the information intercepted or disclosed was acquired by electronic surveillance" somebody failing to understand how technology works is not the fault of an advertising business.

Re:still dont see (1)

westlake (615356) | more than 4 years ago | (#32648302)

It should fall under general privacy law: if you dont spend the time/energy to setup encryption of some form, dont expect privacy

To begin, I am not sure there is such a thing as "general privacy law."

But the interception, disclosure and exploitation of private radio communication was the subject of federal legislation as early as The Radio Act of 1927, when mechanical cipher machines were still in their infancy.

The fact that eavesdropping on private networks and services in those days was trivially easy did not make such behavior legal or ethical.

Re:still dont see (0)

Anonymous Coward | more than 4 years ago | (#32648548)

Yes, except for the fact that broadcast open access points are by definition not private. 'Eavesdropping' is how these devices communicate. Similar to ignoring other people that are talking inside of a public hall.

Re:still dont see (4, Insightful)

PopeRatzo (965947) | more than 4 years ago | (#32648574)

Why this is being given such legal scrutiny. Its akin to driving down the street with a tape recorder and parabolic mic

Actually driving down the street with a tape recorder and a parabolic mic recording conversations should be illegal. If I'm standing on my porch having what I think is a private conversation with someone and someone in a car is recording that conversation with a parabolic mic, it sounds like an invasion of privacy to me. Just because something is done "in public" shouldn't mean that it's meant for public consumption. And if it that private conversation is being used for financial gain, then it's even more egregious.

Driving by my house and taking a picture is one thing. Driving by my house and recording private conversations is another.

It's strange that some of the same people who would shit themselves with anger if the government was doing this think it's just peachy if a transnational corporation does it.

Re:still dont see (1)

phyrexianshaw.ca (1265320) | more than 4 years ago | (#32649942)

What?

if I were sitting in a coffee shop having a "private conversation" I understand that the people around me may hear the details.
if sitting on my porch, I expect my neighbors and maybe a few service people nearby might gleam a few.

I'm sorry to break this to you, but your land is NOT your land. you pay your taxes to rent it from the government. there's law's about how much you can keep from the world. there's even a law preventing you from building a concrete wall around your house to keep "all your conversations private" (well, not a law intended to prevent that, more of a decency law really.) :P

you're living on public land. just because you think something might be private, doesn't make it so.

Re:still dont see (1)

michaelhood (667393) | more than 4 years ago | (#32648920)

Why this is being given such legal scrutiny. Its akin to driving down the street with a tape recorder and parabolic mic, recording whatever conversations people might be having as part of a population density study, and accidentally recording someone in their front yard yelling their cc# into the phone. It should fall under general privacy law: if you dont spend the time/energy to setup encryption of some form, dont expect privacy (same as if you dont try to block peeping toms, or if you go sunbathing nude in your front yard next to the street, dont be surprised to find yourself posted to /b). Even windows warns you now if you try to connect to an unencrypted AP. If anyone should be sued for this, sue the manufacturers that distributed the APs with a default configuration of no encryption and see how well that flies.

Tm

What if I sniff all the guests' network traffic in a hotel? (via ARP spoofing or otherwise)

There's certainly no warnings presented in any OS when you plug in ethernet and grab an IP, and the average computer user certainly doesn't know that it's possible to do this.. so, how do you feel about that?

Re:still dont see (1)

phyrexianshaw.ca (1265320) | more than 4 years ago | (#32649962)

you'd be more then welcome to. anything that's encrypted you'll glance over as too difficult to bother with, and I'll appreciate it that you'll leave the encrypted conversation with my significant other alone. the pizza online order details (with the exception of the payment that's encrypted with SSL) and the web history for the night are all yours!

what else? I expect you were looking for "I get away to hotels to be left alone! how else to i spend time with my mistress?"

It is wireless sniffing. (0)

Anonymous Coward | more than 4 years ago | (#32649472)

So what you're saying is that people cannot expect to have a private conversation in their own home. Are you sure that's the world you want to live in? Can I set up a laser scope and monitor your window vibrations from across the way to listen in to what you're saying? Afterall, that window is visible by anyone, so why should you expect privacy from the way it moves according to the noise inside?

What you're failing to grasp is that just because there is no password on the WiFi network doesn't mean that access is being granted to everyone and anyone. If I leave my house unlocked, are you authorised to enter without my permission? No. Now I may have problems with an insurance claim if you remove something from my premises and I didn't take due care to protect it, but that doesn't mean you weren't respassing.

What needs to happen here is like what happened in the early 1990s, when hackers abused "guest" accounts, etc. Something needs to go to court and the court needs to rule on whether or not not having a password is an open invitation for anyone to use the wireless network. I can quite easily see it saying no because just because you can does not equate to being authorised to do so.

People need to understand that there is a difference between "being able to do something" and "being authorised to do something."

If you're a systems administrator on a Unix platform, do you just read anyone's email because you can? No. Do you snoop people's traffic on your router(s) to see what they're doing? No.

Just because you can do something does not mean you should.

If I ran a wireless network without a password and I had evidence that Google had connected to it, right about now I'd be talking to a lawyer about suing them in civil action and getting advice on pressing criminal charges.

It doesn't matter that everything is "broadcast", connecting to a wireless network is akin to logging in via telnet/ssh.

Now if all that Google did was run "net Stumbler", it might be different, but that program doesn't record email addresses, passwords, etc, so it would appear they used something else.

Shame on Google.

Re:It is wireless sniffing. (1)

phyrexianshaw.ca (1265320) | more than 4 years ago | (#32650006)

What!?

why does everybody keep coming up with such bullshit analogy's? what you're saying would be the same as putting a wired router on a premise with a pile of network cables plugged into it and leaving a lengthy cable at the edge of your property "so you could use it when you wanted". then suing somebody for picking it up and plugging it into their laptop to seeing what kind of router's present, the WAN IP and some random network details. THAT might be illegal.

a wireless router asks in the channel via broadcasts what frequencies it's allowed to communicate with. from there an unencrypted router begins broadcasting all the details for how to connect to it freely and what it's got available. the computer "connected" to the router just broadcasts it's packets into the channel and tags them "hey, this is intended for [router] if this isn't you, please drop me!"

it's an RFC compliance issue not to drop them. it's NOT illegal.

had the packet contained encrypted contents and was divulged at a later date FOR THE INTENTION OF REVERSING THE ENCRYPTION, that would also be illegal. but storing what was send directly to you: not illegal.

Seriously, just stop (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#32647048)

A bunch of politicians and idiots slapping their dicks together trying to bring down the big friendly giant. The combined intelligence of these fucktards probably doesn't even equal a single Google engineer's brain power. All of this the result of a bug that most companies wouldn't ever find, let alone give a shit about. Send a letter to your local representative/dictator and tell them to shut the fuck up.

Problem solved (3, Insightful)

bennomatic (691188) | more than 3 years ago | (#32647064)

I use WPA on my wifi, so they can't sniff. I do it because there are a lot of people out there who feel that a non-protected wifi link is theirs for the using. If you're worried about Google sniffing, then you should be more worried about people using your wifi to download torrents, bringing your connection under the watchful eyes of the RIAA and MPAA.

Re:Problem solved (3, Funny)

Itninja (937614) | more than 3 years ago | (#32647146)

I use WPA on my wifi, so they can't sniff.

Oh, you're adorable.

Re:Problem solved (0)

Anonymous Coward | more than 3 years ago | (#32647724)

ltninja? Oh, what a precious name! Are you "TEH HAXOR"? Do you have "MAD SKIZZLES?" Can you tell me why Window$ won't open this file I got from T.P.B(.com wink wink you probably know what I'm talking about.)

Re:Problem solved (2, Informative)

morgan_greywolf (835522) | more than 4 years ago | (#32647806)

Oh, you're adorable.

Think about it. Do you leave your front door unlocked? Seriously, just because WPA can be broken doesn't mean that it will, at least not by people who are honest. The difference between running an unencrypted WiFi AP and one protected by WPA is akin to the lock on your front door. Sure, the criminals can bust your door down if they want in bad enough, but the lock is sufficient to keep out all but those who are intent on committing a crime.

If someone breaks your door down, they can be charged with criminal breaking and entering. If someone hacks your WPA-encrypted WiFi, they can likewise they can be charged with unauthorized access of your network resources. Yes, in both cases if the lock didn't exist, the criminal could still be charged, but it's far less ambiguous with the lock in place.

Re:Problem solved (1)

Itninja (937614) | more than 4 years ago | (#32649548)

WPA 'security' is tantamount to locking ones front door with a hook-and-eye and a sticky note that says 'please don't come in'. I think it's ever-so-slightly better than nothing. Just like Wifi with WPA. But it's silly to make a statement like 'I use WPA so they can't sniff my network'.

Re:Problem solved (3, Insightful)

vivian (156520) | more than 3 years ago | (#32647226)

I use WPA on my wifi, so they can't sniff. I do it because there are a lot of people out there who feel that a non-protected wifi link is theirs for the using.

The problem is there are some people/organizations who run nodes that ARE free to use - so if you don't want people to use your network uninvited, the simplest thing to do is close the door as you have done. Even the very weakest encryption would be enough to indicate that you do not intend your network to be used publicly. Simply having SSID broadcast turned off with no encryption at all would also indicate you do not intend it to be public, however, if you have your router happily broadcasting it's SSID, with no encryption and transmitting strongly enough to be received by a car driving down the street, well that's basically saying "come use me!"

Although it is worth investigating exactly what information Google collected and why, that is not what the suit is going to be about - it's going to be a great big money grab by a bunch of lawyers on behalf of a bunch of people who couldn't be bothered to make their wireless networks private, and who lost absolutely nothing at all and were not damaged in any way by Google's actions. (Did Google start using captured credit card details or start spamming some private email address that was captured, or selling any of the private data that was captured other than perhaps the name and location of the node? I think not.)

Oh and for anyone who whines "oh not everyone is a geek who can understand how to configure a router"
RTFM! that's what it is for. It really isn't that hard!

Re:Problem solved (1)

Ungrounded Lightning (62228) | more than 4 years ago | (#32648254)

I use WPA on my wifi, so they can't sniff. I do it because there are a lot of people out there who feel that a non-protected wifi link is theirs for the using.

Members of the computer culture have long considered the permissions settings of things like file protection to be, not just a mechanical wall, but also an expression of the intent of the user. (This has been true essentially since permissions mechanisms with sufficient granularity to EXPRESS intent were deployed.)

In general they have honored the intent (or in some cases deliberately circumvented it - knowing they were doing so). Treating world-readable as "it's OK to look" group-readable as "it's OK to look if you're in this group", and so on (even if you COULD trivially "break the wall down"), means you don't have to spend time looking up the owner and asking every time you want to look at a file, use a service, and so on. Instead you only have to do it if the permission mechanism is locking you out (and thus you need to ask if it was an error and/or if it's OK to use it anyhow).

WiFi has such a mechanism built right in: Encryption for links you don't want to be used by the world. It's currently trivial to break, so it's the cybernetic equivalent of the hook on a screen door on a building in a public place: Yes, anybody could punch through the screen and unhook it in seconds. But the door being "locked" says the owner's intent (despite the welcome mat) is that nobody comes in without asking.

Running an open WiFi access point is a normal thing to do. And WiFi has no OTHER generally-recognized way to express whether the owner intends the particular access point to be open to the public or private.

Unfortunately, the manufacturers have chosen to distribute WiFi access points with the encryption turned off - to reduce service calls when people plug them in, try to connect, and hit the "locked screen door". And a lot of users buy them and have NO IDEA that there is a "door" that could be "latched" (and SHOULD be latched if they don't intend the public to wander through their living rooms).

As a result, many people are running open WiFi access points without intending to do so. And it's tempting for the legal system to "solve" this by treating any use of an open access point as an attempt to break into a private space, rather than expecting people to "latch their screen doors" if they didn't intend them to be used.

Google is fucked (4, Insightful)

larry bagina (561269) | more than 3 years ago | (#32647078)

Legal or not, accident or not, there's only two facts that matter:
  • States are desperate for money
  • Google has money

The state Attorney Generals (Attorney's General for the pedants) can taste the green. They haven't been this rabid since the Big Tobacco lawsuits. I expect Google will make a big donation to "help educate people about identity theft" (read: prop pension plans and make sure state employees and their union masters are happy).

Re:Google is fucked (1)

BoberFett (127537) | more than 3 years ago | (#32647116)

+1 Common Sense

Re:Google is fucked (4, Informative)

bennomatic (691188) | more than 3 years ago | (#32647140)

Attorney's General for the pedants

Actually, it's Attorneys General; plural, not possessive.

Re:Google is fucked (0)

Anonymous Coward | more than 3 years ago | (#32647706)

Actually, it's Attorney's Generals, because in compound nouns, the second word is always the plural and a possession of the first (hence the apostrophe).

Re:Google is fucked (0)

Anonymous Coward | more than 4 years ago | (#32647772)

Ah, the eternal Slashdot question: moron or troll?

Why of why... (1)

Itninja (937614) | more than 3 years ago | (#32647108)

...did Google ever voluntarily disclose they did this?

The proper actions are as follows: if your company makes a big mistake, you bury it. If someone finds out and makes an accusation, you deny it. If a whistle-blower goes to the paper, you discredit them. And if someone has proof you minimize it, cash out your retirement, and live like a king while the corporation implodes. This is a time-tested methodology.

Re:Why of why... (1)

Sarten-X (1102295) | more than 3 years ago | (#32647170)

"Do no evil" is a great motto, except we're living in a world where evil is expected and normal. Anything abnormal is suspicious.

Re:Why of why... (4, Informative)

sangreal66 (740295) | more than 3 years ago | (#32647296)

It really wasn't voluntary. Go back and read Google's disclosure again. They were under investigation by Germany on the matter. They originally told the investigators that they don't collect any payload data. Not satisfied, Germany demanded Google audit the data they had stored at which point Google fessed up to saving all the payload data. Really the only voluntary part was announcing it to public in a positive light instead of waiting for the news to break independently.

Re:Why of why... (2, Insightful)

Anonymous Coward | more than 3 years ago | (#32647428)

Not satisfied, Germany demanded Google audit the data they had stored at which point Google fessed up to saving all the payload data.

Oh, wait. You mean, Google audited the data, discovered the mistake, and then announced it? How else were they supposed to announce it? By warping back in time preceding the demand?

Do you understand what audit means?

Re:Why of why... (0)

Anonymous Coward | more than 4 years ago | (#32647742)

They could have...not denied doing it in the first place.

But they did.

Re:Why of why... (1)

Itninja (937614) | more than 3 years ago | (#32647500)

Like I said..it was voluntary. A self-audit is not an audit. They could have easily said 'yep we audited it and there's not data there!'.

Re:Why of why... (1)

AHuxley (892839) | more than 3 years ago | (#32647546)

To get out in front of a story in their own way.
The idea that they had a few local German and Irish data issues but they where in the past and done.
The story would have then lost all traction.
When that failed they rolled out the mistake line and stonewalled.
When it became global, more of the mistake lines and some more stonewalling.

Leave it alone (5, Interesting)

itsphilip (934602) | more than 3 years ago | (#32647182)

Call me naive, but I trust Google. I've been using Gmail since late 2004. I just migrated away from the iPhone after three years; I now have a Nexus One as my primary phone. My calendar, my contacts, etc. are in the Google cloud. And guess what? They've never done ANYTHING to erode my trust in them. In the age of telecom companies trying to cap mobile data plans, and place arbitrary restrictions on IP-delivered media content, Google is busy trying to roll out fiber and generally make the Internet better. I believe that not only do they live by their "don't be evil" mantra, but that they realize the days of the free Internet may be numbered. They're doing their best to save the Internet as we know it. Granted, they have something to gain. But other companies' failure to evolve leaves the door wide open for a company which we should trust far more than AT&T, Time Warner, etc. to preserve the landscape that slashdotters are so eager to protect. The tag is correct, it's a witch hunt. Google admitted their mistake, we move on.

Re:Leave it alone (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32648386)

Don't forget the Data Liberation Front. Google Earth. Sketchup. Android as a viable and open alternative to the iPhone platform. Gmail's crazy high storage limits. Google Voice and expedited Voice accounts for military, then students. Lobbying the government and speaking at federal hearings to emphasize the importance of a free Internet.

Most companies might have one big pro-consumer initiative every few years, maybe. Google seems to have a new one every quarter or two. It's completely unbelievable. If this happened in a movie, it would be too far-fetched to hold anyone's interest.

Think about where the Internet would be right now if Google had never existed. Some of these things, a company might come up with at some point, but most of them would never have ever happened. Does anyone realize just how far-fetched Android is?

Re:Leave it alone (0)

Anonymous Coward | more than 4 years ago | (#32649264)

Yep, you're naive. Anyone who can't see that Google is effectively part of the NSA is blind. They're taking over DNS, they've scouted all wifi signals in the US, they're tied into commercial networks of most vendors. And the best part: fools like you "believe" in them.

Re:Leave it alone (0)

Anonymous Coward | more than 4 years ago | (#32649418)

Call me naive, but I trust Google.

This is beside the point, though. The people whose plaintext was intercepted by Google, trusted everyone. They trusted their neighbors, they trusted their government, they trusted foreign governments, they trusted transients, and they trusted any enemies that they happen to have in their lives. Google's trustworthiness isn't really an issue here. The people were freely sharing the information with anyone who wanted it.

When people heard about this story, they had a startled reaction. That's good. What's bad is that they started talking about what forces to bring upon Google, rather than what forces to bring upon their Access Points.

Naive employee? (0)

Anonymous Coward | more than 4 years ago | (#32649576)

You are naive.

Very.

Do you also happen to work for Google? It sure sounds like it.

This curious concern I have... (4, Funny)

Masque (20587) | more than 3 years ago | (#32647202)

Does it not seem odd that the Government's reaction to the potential invasion of privacy by a corporation is to... insist upon seeing all of the data?

Re:This curious concern I have... (1)

nbossett (1835098) | more than 4 years ago | (#32648060)

Why would it be funny/unusual for the government to ask to see evidence if there's an allegation or confession of possible misconduct?

Re:This curious concern I have... (1)

KahabutDieDrake (1515139) | more than 4 years ago | (#32648384)

Largely because in the past 50 years, they have seldom done so even for the most obvious and egregious acts by corporations. Also maybe because it isn't their job or preview to investigate unless it's a national issue of grave import. I hardly think this qualifies, compared to NSA/ATT merger. Or a dozen others we could all name.

Only Because... (0)

Anonymous Coward | more than 3 years ago | (#32647228)

Political Officials are paranoid that their own activities have been documented/logged.
That is why this has been rushed to investigation. I believe collecting such data should be forbid. Why they do not investigate the internal dealings between our government, associated entities like Halibutons purchase of a gulf clean up company just months before the spill happened. And BP's own internal, odd, change in policy/practices that caused the actual drill to heat up before the oil spill took place is a mystery to me. Yes the living platform workers made these claims about BP. Either way you look at it. Lack of wanting to investigate BP or the rush to probe Google data collections all points to one thing. Secretive activities being kept in the dark by our paranoid government. So much for a transparent government. You can bet that I have zero doubt in my mind going off of patterns that can be seen over and over again by these corporations and our government.

I for one want to see Google burn for this. (0)

Anonymous Coward | more than 3 years ago | (#32647264)

Sorry to disappoint all the Google fanboys, but I really hope Google burns for this. I am sorry that none of my hardware is TEMPEST/ USA NSTISSAM Level I shielded, but that doesnt mean that my data should collected by Google. I shouldnt HAVE to use WEP or WPA. With enough amplification and focus my "public" data can be collected, data that is coming off my keyboard, my cables, my kids Wii and DSi, but hey why stop there, since our bodies are emitting all sorts of energy and since building materials are only partially effective at blocking that energy, the extent of privacy invasion becomes a simple matter of signal amplification and filtration. The line has to be drawn somewhere at a "reasonable expectation of privacy" and I hope it costs Google a metric shitload of money to find that out. Timing sure is perfect for this - most states and local governments are financially strapped, and its just a matter of time before Civil Class action will pile on top of that.

Re:I for one want to see Google burn for this. (2, Insightful)

hawguy (1600213) | more than 3 years ago | (#32647410)

I thought the line was if you are intentionally broadcasting plaintext traffic that can be picked up by any legal receiver, then you have no expectation of privacy. None of the other examples you gave would reasonably be expected to be picked up by someone outside your hours, but if you read the owners manual for your Wifi access point, you know that unencrypted means anyone can pick it up.

You have nothing to fear from Google catching a few packets of traffic when they are driving by, but from a real hacker who is searching your streams for passwords, credit card numbers, social security numbers, etc.

Re:I for one want to see Google burn for this. (1)

AHuxley (892839) | more than 3 years ago | (#32647590)

You where not broadcasting plaintext traffic to Google.
Maybe it was the web, yahoo, email ect.
A smart person may have no expectation of privacy, but the laws still cover you in some parts of the world.
They did not test their collection system after knowing local laws and kept the data.

Re:I for one want to see Google burn for this. (1)

Sabriel (134364) | more than 4 years ago | (#32648510)

You where not broadcasting plaintext traffic to Google

everyone within range of your radio signal. It does not stop at your property boundary just because you wish it so, nor does it carry any indication that it should not be read (with the possible exception of an appropriately worded SSID). The response is not, "do I listen to this broadcast", but rather, "is it ethical for me to relay, profit from, or continue listening to, this broadcast"?

NSA (1)

Syntroxis (564739) | more than 3 years ago | (#32647292)

Wanna bet that nothing happens 'cause Google was mapping WIFI for the NSA?

Re:NSA (0)

Anonymous Coward | more than 4 years ago | (#32648812)

You wish. The only reason we're hearing about this is because governments want the data so they can go fishing.

Consolidation of Lawsuits (1)

Alanonfire (1415379) | more than 3 years ago | (#32647374)

I'm not sure where all the lawsuits are coming from, but requesting civil lawsuits being moved to a specific location seems like bullying to me. The same tactic Microsoft was slammed on this page for a while back in India or China or where-ever they were fighting with people. I realize it was MS going after people and its people going after Google, but the crime should be tried where it took place.

It seems like they hope those people would drop the case if it meant an extra expense for them.

Re:Consolidation of Lawsuits (1)

ducomputergeek (595742) | more than 4 years ago | (#32648562)

I'm not sure how they can all be moved to california. If they sniffed the wifi in > and the plaintiff is in >, it would seem as though the plaintiff could argue that the jurisdiction for the tort claim would be >, especially if google was in violation of a > statue.

> = pick a state, any state.

Why consolidate (1)

FuckYourKarma (1838606) | more than 3 years ago | (#32647448)

They have that nifty 757 parked next door at Nasa. They can afford the commute(s).

Fusion Centers (1)

solweil (1168955) | more than 3 years ago | (#32647470)

The states just want the technology for the spying activities of the various fusion centers.

Witchhunt? (0, Troll)

Montezumaa (1674080) | more than 3 years ago | (#32647494)

Give me a break. This is just like Google going around, opening people's mail that is sitting in mailboxes. That is a crime and so is skimming data from networks that they are attached to. The law does not require a person to secure their data to turn unauthorized access into a crime; it is always a crime.

I also want to know why Google believes it has the right to map WiFi networks. Who are they to think they(Google) has the right to locate and map out the locations of WiFi routers around the world? Google is wrong in this and I want to see them pay(legally and civilly).

Re:Witchhunt? (1)

somenickname (1270442) | more than 4 years ago | (#32647748)

No, this is like Google driving around on public roads with a tape recorder stuck to the roof to create a Google Street Sounds component to their maps. They didn't open, tamper with or otherwise go out of their way to invade anyones privacy. Now, IANAL so, it's entirely possible that driving with a tape recorder affixed to your car is illegal.

Re:Witchhunt? (0)

Anonymous Coward | more than 4 years ago | (#32647770)

Okay. You open up your laptop and try to connect to your friend's wireless. Oh, there's a wireless next door.

You just broke the law in your own words. You should pay the neighbor 50% of your salary for the rest of your life plus attourney fees. Enjoy.

Re:Witchhunt? (1)

Montezumaa (1674080) | more than 4 years ago | (#32649994)

Simply connecting to a friend's wireless router is not a crime. If I attempt to connect without the permission of the router's owner, then it is wrong of me. What is a crime, without any room for argument with your bad analogies, is that accessing data without permission is a crime. Since you are obviously not a lawyer, nor would ever be intellectually capable of being one, I see no reason to try and discuss this with you further.

Just accept that the legislature of each state has set laws, based on the interest of the citizenry and various interest group, and that Google must conform to all the laws within a given state where they are operating these cars. I do not know what other state laws cover, but Georgia law makes what Google did illegal(more so the data collection, than the accessing of wireless routers, but they are both crimes).

Mail in a mailbox is unsecured, but if you open a letter that is not addressed to you, you are committing a crime. While I secure my wireless router(security which can be beat by a kid with a few internet searches), the law does not require me to secure my wireless connection to provide me protection from unlawful data access(at least not in my State).

Re:Witchhunt? (1)

Local ID10T (790134) | more than 4 years ago | (#32648234)

I also want to know why Google believes it has the right to map WiFi networks. Who are they to think they(Google) has the right to locate and map out the locations of WiFi routers around the world? Google is wrong in this and I want to see them pay(legally and civilly).

Funniest post ever. ...what? You were serious? Oh... You mean that you actually don't understand why maps are made? Or why map making is generally accepted as a benefit to society? Or how they can be useful? Or is it that you don't see the value of maps that correlate physical locations with the radio signals received (hint, its like street signs for wireless devices.)

Re:Witchhunt? (1)

Montezumaa (1674080) | more than 4 years ago | (#32649948)

Perhaps Google should map out the firearm owners in the United States, or perhaps they should map out where thieves can find the best places to loot. The fact is that Google has no right to map out where all the WiFi routers in the world are, nor do they have the right to obtain any information from my wireless router. Secured or not, Google has no right to collect this data.

Google is ruined it for everyone. (1)

n00btastic (1489741) | more than 4 years ago | (#32647808)

I would bet the life of my cat that this is going to lead to the criminalisation of wardriving. Thanks Google for being douche bags. An accident you say? Yeah right.

One major distinction (1)

mathimus1863 (1120437) | more than 4 years ago | (#32647898)

I imagine that Google's actions are legally distinguishable from wiretapping laws, since they did not access hardware, they only passively recorded information that was visible from public locations. If they had communicated with and established an IP addresses with network routers, it would be a completely different story.

While it would appear to be ethically fuzzy to collect such data, it may be legally sufficient to demonstrate that such information was being transmitted over public areas, and since no "unauthorized access" was gained into any private networks, there was no legal breach. I'm not saying they should've collected the data. But if a woman prances around in her living room naked with the blinds open, my decision to view it from the street should not be subject to peeping-tom laws.

The decline of society (1)

dave562 (969951) | more than 4 years ago | (#32648490)

When society turns upon itself and starts to cannabilize the productive parts of itself, doom can't be too far away. It makes me sad that in the land of plenty, our state governments are so starved for resources that they have to go after Google to generate revenue.

This which hunt has nothing to do with really protecting privacy and everything to do with trying to fine Google. If the states were concerned about privacy they'd be up in arms over the PATRIOT Act.

In Canada ... (1)

cacba (1831766) | more than 4 years ago | (#32648524)

we treat the investigation as an opportunity to create jobs. I predict that our report adds nothing but a bill.

Do they really think this is good PR?

Aco3k (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32649736)

The excuse is disappearing (0)

Anonymous Coward | more than 4 years ago | (#32650090)

"Not everyone is a geek who can understand how to configure a router" is dwindling as a valid excuse as time goes on. WPS (Wifi Protected Setup) has been available for a while now and it's so disgustingly easy to set up a secure WPA 2 connection.

Wi-Fi Protected Setup with Push Button Configuration:

1. User activates AP
2. User activates client device
3. A network name (SSID) is generated automatically for the AP and broadcast for discovery by clients
4. User pushes buttons on both the AP and client device.
Done!

The steps above are taken from http://www.wi-fi.org/files/wp_18_20070108_Wi-Fi_Protected_Setup_WP_FINAL.pdf [wi-fi.org]

That just annoys me to no end. When I first started setting up Wifi connections i had to come up with my own SSIDs and authentication keys... in the blowing snow, uphill and all that!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>