• Great articles on other sites
  • RSS Great articles on other sites

  • Featured, Opinion - Written by on Monday, May 17, 2010 14:16 - 25 Comments

    Google shouldn’t stop collecting Wi-Fi data

    opinion Google’s decision to stop its Street View cars collecting harmless data on the location of Wi-Fi hotspots (including in Australia) is an over-reaction to the baseless concerns of a few privacy experts and should be reversed.

    For those of you not up to date on this little storm in a teacup, here’s what has happened so far.

    In a post on 23 April, the search giant discussed on its Lat Long blog (which is used by the developers of its geographic Earth and Maps services to post updates) the fact that its Street View cars were simultaneously collecting data on Wi-Fi hotspots as they drove around populated countries automatically taking photos.

    It’s not the first time Google has discussed the Wi-Fi data collection — as the blog entry notes, it had publicly revealed the practice as early as August 2008 — two years ago. But certainly there were quite a few people that weren’t paying attention back then and were surprised by Google’s admission.

    Part of the reason for Google’s blog post was the fact that German authorities had asked for more information about its data collection habits.

    The blog post also attracted the interest of the Australian Privacy Foundation and Electronic Frontiers Australia, which sent a concerned letter (PDF) to the search giant demanding more information. And with good cause.

    It turned out that Google had in fact been collecting data it shouldn’t have — its cars have not just been cataloguing the locations of Wi-Fi networks as they drive around global neighbourhoods — but also collecting snippets of unencrypted data as they had been doing so.

    In an apologetic blog post, Google’s senior vice president of Engineering and Research, Alan Eustance, said the search giant would delete the data and stop collecting Wi-Fi data, period (including, we have verified, in Australia). “The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here,” he wrote.

    Now, I applaud Google’s decision to delete any unencrypted data it may have collected with its Street View cars. Not because collecting that data was in some way evil — if you leave your wireless network unsecured, you deserve everything you get — but simply because it’s a bad look for a corporation to be snooping packets like this.

    But, in my opinion, simply stopping collecting Wi-Fi network data as a whole is an over-reaction on Google’s part.

    Privacy experts and “Data Protection Commissioners” from Europe need to realise that like the photos its Street View cars have been taking, the Wi-Fi network data that Google has been collecting is publicly available information.

    There is no difference between collecting Wi-Fi network address data such as SSID and MAC addresses and taking a photo of someone’s house. One constitutes collection of data about an addresses’ physical appearance — and one about its electronic infrastructure. Both sources of information are publicly available.

    Furthermore, there is a valid and useful purpose in Google collecting that data — and it is in a unique position to be able to do so.

    As Google’s own blog posts have noted, it is very useful for smartphones such as the iPhone, or a Google Android handset, to store a list of Wi-Fi hotspots and use this data to quickly deliver geographical information to the user about their surrounds.

    “By treating Wi-Fi access points or cell towers as ‘beacons’, smartphones are able to fix their general location quickly in a power-efficient way, even while they may be working on a more precise GPS-based location,” Google’s original blog on the subject states, noting that this is precisely how the first-generation iPhone worked, before Apple added satellite GPS functionality to the device.

    Using Wi-Fi networks in this way does not violate users’ privacy — Google’s own blog notes that this triangulation of geographical information can be done without any intrusion into the Wi-Fi networks themselves — just noting which ones are accessible.

    And users also have ways of protecting themselves against even inadvertent access to their Wi-Fi networks — through using WPA or even the lesser WEP encryption technology, setting MAC address limitations as to who can connect to the network and even hiding the SSID broadcast.

    Hell, if you’re that worried about the security of your data, you wouldn’t be running a Wi-Fi network in the first place. Those who spend their lives obsessed with security would be more likely to depend on wired connections, which are ten times harder to snoop, because you need access to the physical premises instead of … the air around someone’s house.

    In its corporate history, Google has stepped over the line into being “evil” several times, breaking its organisational motto in the process. And it will again — that’s the nature of corporations. They are too big and too complex to completely control.

    But this isn’t one of those cases. Collecting Wi-Fi network data is a prime example of the reason Google exists — to collect and organise the world’s information and make it useful to humans.

    So stop over-reacting to this privacy mini-storm, Google, and stand up for your rights to do what you can with information that is freely and publicly available and which can, after all, be controlled by its owners.

    Image credit: mrkathika, Creative Commons

    submit to reddit

    25 Comments

    You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    1. None
      Posted 17/05/2010 at 2:28 pm | Permalink |

      This is a gross invasion of privacy and Google must cease collecting such data.

      It simply doesn’t know when to stop and only did so in this instance because the Germans became involved and sought to access a hard drive from one of the Google cars. This is when Google found that it had “accidentally” been collecting such data.

      Here’s another thing that we’ll need to revisit in a decade. One by one Google’s action seem innocuous, but in a decade when all of this is linked together you’ll see how much you have lost.

      • Posted 17/05/2010 at 2:57 pm | Permalink |

        What exactly is a gross invasion of privacy, None? The fact that Google accidentally collected some packets from a few people’s networks, or the cataloguing of Wi-Fi hotspots? The one was an accident and the data will now be deleted .. the second is simply collating publicly available data. I don’t see what the problem is.

        • Anon
          Posted 18/05/2010 at 11:59 am | Permalink |

          Renai,
          So you wouldn’t have any issue at all with Google also publishing and highlighting a list of properties that their cameras detected with the front door left opened?
          The resident could have locked it, but for one reason or another didn’t. Maybe they don’t care, maybe they meant to leave it open for someone, maybe it was a bad lock, or maybe someone else had broken into the house previously and left the door open so they could come back at a later time.
          Lots of reasons for the door being open, and i hope you are seeing the analogy that the reasons could all apply equally to someone’s WIFI being open.
          Do you still contend, quote, “you deserve everything you get”?

          • Posted 18/05/2010 at 3:54 pm | Permalink |

            “So you wouldn’t have any issue at all with Google also publishing and highlighting a list of properties that their cameras detected with the front door left opened?”

            I don’t think the analogy stands … Google is not publishing a list of open Wi-Fi access points, or even Wi-Fi access points that you can access if you have the right password (ie, WPA or WEP, with no MAC address filtering).

            It is simply using a list of data about Wi-Fi access points in general to provide triangulation information. It is more or less akin to publishing a list of street signs.

    2. Michael H
      Posted 17/05/2010 at 2:51 pm | Permalink |

      Spot on Renai, nice to read a balanced and sensible viewpoint on this.

      • Posted 17/05/2010 at 2:58 pm | Permalink |

        Cheers! It just seemed to me that Google took this one a little *too* seriously in its attempts to be nice ;)

    3. signalsnatcher
      Posted 18/05/2010 at 11:02 am | Permalink |

      So much information on individuals is now available that we need to redefine what ‘privacy’ means. Increasingly it means control rather than secrecy.

      What Google is doing is is collecting data without allowing the owner to exercise control. If I learn someone’s unlisted phone number from a third party I have breached their privacy since they don’t want me to know it. If I walk down the street trying car door handles until I find one that’s open I am collecting publicly available information but even if I don’t steal anything from the car I might have a bit of trouble explaining myself to the owner or the cops. If my neigbour has a two metre fence it’s there to stop me looking over it, even if it only needs a ladder to do it.

      Just because something is easy to do does not mean that we should do it.

      If we don’t allow powerless and technically ignorant people to control their own information then we are abandoning a key concept in the whole idea of the rule of law in a democracy which is to restrain the powerful.

      • Posted 18/05/2010 at 1:19 pm | Permalink |

        I’d agree with you here, signalsnatcher, when you say privacy is more about control than secrecy these days. However, I would disagree that anyone could possibly be powerless over their own Wi-Fi network … surely this is something that is within the hands of the individual?

        I don’t see a problem with Google collecting what is publicly available information and using it for some fit purpose. If you don’t like it, don’t broadcast your SSID or simply use a cat5 cable instead.

    4. Posted 18/05/2010 at 12:18 pm | Permalink |

      how is that an invasion of privacy? if you are stupid enough to run a wireless network that is open to scrutiny because you didn’t lock it down, silly you. I have seen many networks wide open, business and private, because a password was too hard to remember. If you are broadcasting a wireless connection, and I am set to discover, I gain access.

      not hacking, just really dumb wireless network management.

      the google cars aren’t intentionally breaking into a wireless network, they are just connecting to the next open one. it would appear to be just another hotspot, not a business, not a home.

      • Posted 18/05/2010 at 1:21 pm | Permalink |

        +1 to this post.

        Society needs to listen to sysadmins and network administrators more … (speaking as a former sysadmin here). They are bastions of common sense :)

        Don’t worry Peter — know you’re not a sysadmin — but you have the good common sense of one ;)

    5. DataDance
      Posted 18/05/2010 at 1:35 pm | Permalink |

      Idiot. The reason they stopped is obvious. Unauthorised access to electronic data, whether it’s secured or not, is illegal.

      And for heaven’s sake …the ‘those-idiots-deserve-it’ argument? Are you f’in kidding me? Who is this clown?

      • Posted 18/05/2010 at 3:55 pm | Permalink |

        And what data, prey tell, are you accessing in an unauthorised way, if all you are doing is collecting a list of Wi-Fi access points? These Wi-Fi points broadcast their own existence … I don’t see how it can be unauthorised to make note of that existence.

        • DataDance
          Posted 18/05/2010 at 5:15 pm | Permalink |

          It wasn’t just a list of the points….

          http://www.zdnet.co.uk/news/security/2010/05/17/google-wi-fi-data-harvesting-was-a-mistake-40088955/

          In April, the German DPA revealed that Google’s Street View cars were harvesting data about people’s Wi-Fi networks as they drove around. Google said in a blog post at the time that there was nothing wrong with doing this, saying that the company “does not collect or store payload data”. On Friday, Eustace backtracked on this statement in his own post.

          “It’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) Wi-Fi networks, even though we never used that data in any Google products,” Eustace wrote.

          “However, we will typically have collected only *fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car Wi-Fi equipment automatically changes channels roughly five times a second. In addition, we did not collect information travelling over secure, password-protected Wi-Fi networks.”

          *In other words IP traffic moving across them.

          • Posted 18/05/2010 at 7:45 pm | Permalink |

            Yes, they did collect this sort of data — but accidentally. And not only would this sort of data likely be useless, because as Google noted, they changed channels frequently, Google didn’t do anything with it and now is deleting it in the safest way.

            But this doesn’t invalidate two points:

            1. If you leave your Wi-Fi network unsecured, you should expect others to snoop on your traffic. You wouldn’t leave the front door of your house open, would you?

            2. There is still nothing wrong with Google collecting publicly available data about Wi-Fi networks — the SSID broadcast and so on. There is no private information there.

    6. DataDance
      Posted 19/05/2010 at 3:00 pm | Permalink |

      “1. If you leave your Wi-Fi network unsecured, you should expect others to snoop on your traffic. You wouldn’t leave the front door of your house open, would you?”

      This is just absurd. If I did leave my door opern would that make it right for anyone to walk in and have a look around? Is that the situation with windows too? Would you like me to come have a look about your house if your left a door or window open? It’s called trespassing and that’s the way digital laws work.

      That’s the moral tenor of your argument.

      Is Galt Media doing any work for Google at the moment? I’d like to know.

      • Posted 19/05/2010 at 10:51 pm | Permalink |

        Firstly, no, I’m not doing any work for Google :) If I was, you’d know about it.

        Secondly … the analogy doesn’t quite fit. Many devices (such as iPhones) automatically check out available local networks, and ask users if they want to connect to them. But you can’t automatically climb through someone’s open window — that’s an active action, not a passive one.

        Scanning for wireless networks on a street is not trespassing, and it’s as simple as that. If you don’t understand that, then I would accuse you of being a luddite >:)

        • DataDance
          Posted 20/05/2010 at 1:09 am | Permalink |

          Renai

          1. If Lemay & Galt media were doing white paper or press release work for Google how the hell would I know about it? God knows you bury the disclosure of the link of Delimiter and the other professional services you offer deep enough in the Lemay & Galt site.

          2. You are clearly the Luddite if you can’t tell the difference between scanning for SSIDs for wireless networks and actually connecting to AND collecting data travelling across unsecured ones which is what Google has admitted to.

          • Posted 20/05/2010 at 8:37 am | Permalink |

            1. Because I would disclose it, as I disclose everything. If you find something that I am doing that I have not disclosed, please let me know about it so I can do so. I challenge you to find other companies which have the same level of openness as my own — I think you will find that most are much more closed. Certainly I would be interested to know which company you yourself work for :) But I don’t know that, because unlike me, you are anonymously attacking me. But that’s fine ;)

            2. I know the difference — and I believe Google when it said it was an accident that it was collecting data and will delete that data. The whole point of my article is that it is not illegal to travel through a neighbourhood, scanning for Wi-Fi networks and creating lists of them. And that Google should not stop doing that, because it provides useful information.

            • DataDance
              Posted 20/05/2010 at 11:28 am | Permalink |

              The whole point of your article, right from the opening, was that Google’s actions were totally harmless. I might be inclined to agree if not for the fact that they went further than scanning and noting the location of wi-fi SSIDs and collected data from unsecured networks of private citizens. Even they acknowledged this was wrong but you opined that this was okay, and even went on to make this rather dubious statement:

              “Now, I applaud Google’s decision to delete any unencrypted data it may have collected with its Street View cars. Not because collecting that data was in some way evil — if you leave your wireless network unsecured, you deserve everything you get — but simply because it’s a bad look for a corporation to be snooping packets like this.”

              Bad look? Bad POLICY. Illegal POLICY. Check the laws on data protection. Collecting the data was in my view an evil invasion of privacy – as evil as me walking up to an open window in your house, climbing in and rifling through your private documents.

              To then have the fourth estate’ers tell people they deserve this is an extremely worrying development and direction for the information climate.

          • Posted 20/05/2010 at 11:10 am | Permalink |

            The proof of my disclosure ethics is in the pudding :)

            http://www.rlemay.com.au/2010/05/20/disclosure-salesforce-com-work/

            • DataDance
              Posted 20/05/2010 at 11:35 am | Permalink |

              Yes, it’s interesting that you’ve made the decision to publish this disclosure in the last 12 hours or so.

              How would you advise your audience to judge any future stories you may write about Salesforce.com? Or even cloud computing? Will each story have a disclosure? Simply not write about them?

              I’m asking that out of quite sincere curiosity – not just winding you up.

              • Posted 20/05/2010 at 12:19 pm | Permalink |

                Well, it’s quite clear. I would advise my audience to judge anything I write about Salesforce.com in future the same way they judge absolutely any piece of content I post anywhere — on its merits. If you think I’m a Salesforce.com stooge, say so, and I’ll outline my reasons for writing or not writing something. I don’t see the need to put a disclosure on every story, because I won’t have a long-term engagement with Salesforce.com.

                Of course I will write about Salesforce.com, as well as its rivals and its customers, on Delimiter many times in the future.

                The only basis you have for trusting any journalist any time is not because they say you should trust them — it is that they have earned your trust over time.

                • DataDance
                  Posted 20/05/2010 at 12:53 pm | Permalink |

                  Trust can be broken as easily as reputations. One bad deed etc…

                  Your disclosure is laudable, of course.

                  Stooge is a bit of derogatory term but, if you will use it, then one could argue that you are their stooge in the sense that you derive a fiduciary benefit from your relationship with them – albeit temporarily as you say.

                  Respectfully, I would submit that you are leaving your readers in a challenging position to expect them to put aside any concern that your relationships with these companies won’t affect your editorial judgements in future.

                  That’s up to them I guess and my opinion is just that – only mine.

                  It’s up to you how you run your affairs and manage your reputation. Who knows? Maybe it can work.

                  But don’t get the impression I’m immediately accusing you of selling out your editorial. I’m just curious as to your view on that.

        • Me
          Posted 20/05/2010 at 11:49 am | Permalink |

          Just because you can, it doesn’t necessarily hold that you should.

          I CAN pickup a wallet I find on the street and take the money, but SHOULD I do it? The owner has just left it sitting there unsecured, so why not?
          I CAN access someone’s unencrypted WIFI, but SHOULD I do it? The owner has just left it sitting there unsecured, so why not? Or was it cracked by a criminal and left open?

          I’ll leave the answers up to you…but be careful of the luddite accusations Renai, with all the “because I can I will, and you’re an idiot if you don’t secure it and you deserve everything you get” talk, someone may accuse you of sounding a little Gen Y shortly ;)

          Also, you may want to skim through the Cybercrime Act (2001) and check out the penalty for unauthorised impairment of electronic communication (which I could accuse you of if you are using my bandwidth and thereby slowing my downloads).

    7. Posted 30/10/2010 at 1:50 pm | Permalink |

      In relation to the law, an above mentioned post citing the Cybercrime Act (2001), is unfortunately a farce.
      The same law that applies to the masses DOES NOT apply in the same manner to corporations.

      Even if it was proven that google has breached a law, NOTHING will be done, as google’s actions are government supported, i.e to gather as much information as possible about the masses.

      If the interpretation is that google ‘stole’ your bandwith, packets etc from you, you could by the same token for example connect (not hack) into an open government / telco wireless installation, and look at the network, and surf the internet without the fear of reprisal.

      If caught, winning a case in your favour is very unlikely.

      It’s also about something called setting a precedence, something the governments and lawmakers are VERY aware of before making judgement, in favour of the peasants.




    Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:


  • Enterprise IT stories

    • Super funds close to dumping $250m IT revamp facepalm2

      If you have even a skin deep awareness of the structure of Australia’s superannuation industry, you’ll be aware that much of the underlying infrastructure used by many of the nation’s major funds is provided by a centralised group, Superpartners. One of the group’s main projects in recent years has been to dramatically update and modernise its IT platform — its version of a core banking platform overhaul. Unfortunately, the $250 million project has not precisely been going well.

    • Qld’s Grant joins analyst firm IBRS peter-grant

      This week it emerged that Peter Grant, the two-time former Queensland Whole of Government CIO (pictured), has joined well-regarded analyst firm Intelligent Business Research Services (IBRS). We’ve long had a high regard for IBRS, and so it’s fantastic to see such an experienced executive join its ranks.

    • Westpac dumps desk phones for Samsung Android mobiles samsung-galaxy-ace-3

      The era of troublesome desk phones tied to physical locations is gradually coming to an end in many workplaces, with mobile phones becoming increasingly popular as organisations’ main method of voice telecommunications. But some groups are more advanced than others when it comes to adoption of the trend. One of those is Westpac.

    • Ministers’ cloud approval lasted just a year reverse

      Remember how twelve months ago, the Federal Government released a new cloud computing security and privacy directive which required departments and agencies to explicitly acquire the approval of the Attorney-General and the relevant portfolio minister before government data containing private information could be stored in offshore facilities? Remember how the policy was strongly criticised by Microsoft, Government CIOs and Delimiter? Well, it looks like the policy is about to be reversed.

    • WA Govt can’t fund school IT upgrades oops key

      In news from The Department of Disturbing Facts, iTNews revealed late last week that Western Australia’s Department of Education has run out of money halfway through the deployment of new fundamental IT infrastructure to the state’s schools.

    • Turnbull outlines Govt ICT vision turnbull-5

      Communications Minister Malcolm Turnbull has published an extensive article arguing that the Federal Government needed to do a better job of connecting with Australians via digital channels and that public sector IT projects needn’t cost the huge amounts that some have in the past.

    • NZ Govt pushes hard into cloud zealand

      New Zealand’s national Government announced a whole of government contract this morning for what it terms ‘Office Productivity as a Service’ services. This includes email and calendaring services, as well as file-sharing, mobility, instant messaging and collaboration services. The contract complements two existing contracts — Desktop as a Service and Enterprise Content Management as a Service.

    • CommBank reveals Harte’s replacement whiteing

      The Commonwealth Bank of Australia has promoted an internal executive who joined the bank in September after a lengthy career at petroleum giant VP and IT services group Accenture to replace its outgoing chief information officer Michael Harte, who announced in early May that he would leave the bank.

    • Jeff Smith quits Suncorp for IBM jeffsmith4

      Second-tier Australian bank and financial services group Suncorp today announced that its long-serving top technology executive Jeff Smith would leave to take up a senior role with IBM in the United States, in an announcement which marks the end of an era for the nation’s banking IT sector.

    • Small business missing the mobile, social, cloud revolution iphone-stock

      Most companies that live and breathe the online revolution are not tech startups, but smart smaller firms that use online tools to run their core business better: to cut costs, reach customers and suppliers, innovate and get more control. Many others, however, are falling behind, according to a new Grattan Institute discussion paper.

  • Blog, Enterprise IT - Jul 5, 2014 13:53 - 0 Comments

    Super funds close to dumping $250m IT revamp

    More In Enterprise IT


    Blog, Telecommunications - Jul 5, 2014 12:12 - 0 Comments

    What should the ACCC’s role be in guiding infrastructure spending?

    More In Telecommunications


    Analysis, Industry, Internet - Jun 23, 2014 10:33 - 0 Comments

    ‘Google Schmoogle’ – how Yellow Pages got it so wrong

    More In Industry


    Blog, Digital Rights - Jun 30, 2014 22:24 - 0 Comments

    Will Netflix launch in Australia, or not?

    More In Digital Rights