back to article Google: Street View spycars did slurp your Wi-Fi

Google has said that its world-roving Street View cars have been collecting information sent over open Wi-Fi networks, contradicting previous assurances by the company. This means that Google may have collected emails and other private information if they traveled over Wi-Fi networks while one of the cars was in range. …

COMMENTS

This topic is closed for new posts.

Page:

  1. Mark 65

    Accidentally?

    My arse, they just got caught out by the German audit.

  2. Watashi

    Ofcom

    Telecoms regulation - you're doing it wrong.

  3. Anonymous Coward
    Jobs Horns

    gSpy

    And you thought they were just trying to photograph your house!

    If Google haven't used this data to build up geolocation maps for all the relevant countries in order to further their all seeing eye, I'm a Frenchman. By now, they can probably delete the raw data without losing anything important. The maps are created

    I spy with my little eye, something beginning with G...

  4. Anonymous Coward
    Grenade

    Slight flaw?

    Surely when running their phototaking ops they'd have noticed a storage drive use WAY above what would be expected? I know they'd have needed a *lot* just for the photos, but surely this would have raised eyebrows with *somebody*?

  5. Apocalypse Later

    Don't be evil...

    ...but if you just can't resist being evil, don't be caught.

  6. Anonymous Coward
    Anonymous Coward

    Riot

    If somebody wants to organise a riot, or protest, I'll be there. X

    Please can we have a new icon that depicts Google (and Facebook) as a satanic doer of evil, sly underhanded backstabber, maybe a nice icon of Judas with the Google logo?

    Could somebody please make a Google homepage logo in the style of this???

  7. Craig Foster
    Grenade

    Devil's Advocate

    It's not like you weren't putting out that information already...

    My Cisco AP lists the "Rogue APs" including SSID, strength, and MAC

    1. Anonymous Coward
      Anonymous Coward

      Sure

      But apart from the obvious point that those with unprotected WiFi must include the naive as well as the fools, and they, at least, need someone to look out for them (like kids need teachers/responsible adults), collecting the data 'because you can' is perhaps in the same ballpark - morally-speaking - as stalking? Or of covering the nation in CCTV?

  8. Deadly_NZ
    Terminator

    and they get away with it again

    http://www.stuff.co.nz/technology/digital-living/3702291/Google-halts-Street-View-Wi-Fi-data-collection A link to our local website but one line in particular almost made me spit coffee all over my keyboard....

    The engineering team at Google works hard to earn your trust - and we are acutely aware that we failed badly here," he said.

    Trust?? Trust?? You have got to be Joking who in thier right mind trusts them

    yep metal face and tinfoil hat

    1. epsilon
      Unhappy

      Do no Google

      It takes both software and hardware to collect wi-fi data. Perhaps the software side could have been an error (though, personally, I simply don't believe it) but why is wi-fi hardware fitted to the Street View cars? I can't believe it was installed if there was no intention to use it.

      Do I trust Google to remove properly all the wi-fi data collected? No way!

      Until now, I thought Google Street View was a useful addition to Google Earth/Maps. Now that Google have abused my 'trust' in this way, I think (sadly) that the UK should go the way the German authorities seem to be going and ban Google Street View entirely.

      'Do no evil'?- better 'Do no Google'!

      1. Al Jones

        There's nothing wrong with harvesting MACs

        The WiFi hardware was there to harvest MAC addresses and SSIDs, to improve the accuracy of geo-location for mobile users who don't have an accurate GPS fix.

        There's nothing sneaky or underhand about this - at this point radio signals are as much a part of our streetscape as street signs and traffic lights, they're just invisible to the human eye, but not to the gadgets that we increasingly rely on.

        So there was a perfectly legitimate reason to have WiFi hardware in the cars. The problem is that the software module/library/object that was used to extract the MAC address and SSID, was a bit too "general purpose". It was logging everything it "heard", which, in the case of open networks, included any traffic that happened to be transmitted when the StreetView cars were in earshot.

        If the system had just logged the MAC and SSID, along with the appropriate GPS coordinates, there wouldn't have been a problem, but it looks as though the system logged everything - possibly because it was post-processed to create the "radio map"", possibly because hoarding everything is in Google"'s DNA.

        I'm increasingly paranoid about Google's all seeing eye, but in this case, I actually think this was a genuine mistake, and they were really caught off guard when this data turned up in their logs.

  9. Tzael

    Deletion for Dummie (or in this case, Google)

    Quote: "and the company has promised to delete the data. But before doing so, it will be asking regulators in "the relevant countries" how this should be done."

    That's Google talk for "we'll ask officials in a few countries what to do and if they don't respond quickly enough we'll take it as given that we can do what the hell we like with private data that we shouldn't have captured in the first place".

    Do Google really expect the world to believe it needs help figuring out how to delete illegal data?

    1. Matt 141

      More complicated than you might realise...

      This data is not stored on a single hard drive.

      It is probably duplicated on several google servers, each with RAID arrays of disks and on several backup tapes.

      Even once you've identified all the disks / tapes it's held on you then have to decide how hard you should make it for someone to recover data from those disks. Threse days it's generally considered fairly easy (i.e. relatively cheap) to retrieve data from a disk that's been completely overwritten 5 or 6 times.

      And then you've got to convince everyone outside of google (i.e. governments etc) that you actually have securely destroyed every single copy.

      1. Tzael
        FAIL

        Re: More complicated than you might realise...

        Yes, and asking all the affected countries how to delete data from Google hardware makes perfect sense doesn't it? I'm sure every country has a portfolio giving detailed insight into Google infrastructure, thereby allowing those countries to become more competent with Google hardware than the Google engineers themselves!

        FTR every corporate I have worked for has had a rapid deletion policy that covers backup mediums in addition to day-to-day storage devices. Given that's something to expect as normal from big companies I am having a hard time witnessing your argument holding water.

  10. This post has been deleted by its author

  11. ShaggyDoggy

    And the rest please ...

    1. Why am I not surprised

    2. What else are they collecting that they haven't admitted to, oops I mean mistakenly collecting

  12. Anonymous Coward
    Flame

    The fool and his money will soon be parted

    Well, if you are not using encryption on your connections you get whatever Christmas you deserve.

    As far as Google its creepiness is what will bring it down. It is simply a matter of when.

    1. Anonymous Coward
      FAIL

      By that logic...

      ...if you are not wearing plate armour in the street its okay for someone to stab you right?

      1. Ed Blackshaw Silver badge
        Troll

        I would ahve thought that it is more akin...

        ...to saying if you don't wear any clothes in the street, it's okay for others to point and laugh at your genitals.

  13. Oz
    Black Helicopters

    Router SID and MAC = location?

    I'm about to move house, so if Google are reliant on this information to "locate" me, then will be locating me wrongly ad infinitum (or until I change my router). You would hope there is some method of over-riding this location information at Google's end, which would then prove that harvesting all this was unnecessary, as they could get location information by other means!

    1. Anonymous Coward
      Anonymous Coward

      Correcting Google's wireless geolocation data

      "You would hope there is some method of over-riding this location information at Google's end, which would then prove that harvesting all this was unnecessary, as they could get location information by other means!"

      https://services.google.com/fb/forms/wifibugs/

      Of course, they could only get information this way from people who willing volunteered it. I guess that is not enough and they have a burning need to learn the physical locations where people using their services are located. Maybe they need to tell the Chinese government where all those blogging dissidents live.

  14. Anonymous Coward
    Anonymous Coward

    Traceability....

    Depends on how long (if at all) Google retain their build configs....if they adhere to any form of 'standard' (e.g. ISO9002) then they should retain all their build configurations, which should show when any 'wi-fi' branch was added to the system, and any released build.

    Both code & build system could be inspected.

    And yes, straight 'shredding' of the payload data should suffice - although if it's been backed up for the last X years, then those backups have to be dealt with too, and they are normally tied up with other items - which always causes 'fun and amusement'.

    Still, if everyone changed their SSID, and (if possible) utilised MAC, then all locational data relating to specific SSIDs/MACs would be wrong.

  15. P. Pod

    A title

    If you have an unsecured wifi connection anybody can see your stuff, not just Google. If Google were cracking secured connections to get the data then this would be a worthwhile story.

  16. Mage Silver badge
    Black Helicopters

    Sorry

    I just don't believe you can do this by accident. They got caught, public and governments don't like it so as PR they claim to stop.

    But how do we know they will stop?

    (What's that Wop, Wop, Wop noise?)

  17. Christoph

    How did it get stored?

    OK, so this unnoticed subroutine grabbed the extra data, and presumably stored it on the local drive.

    But how did it move on from there? How did it get into their central storage? Did they just grab the entire raw contents of every disk and archive them?

    If they were feeding specific data into their other systems I would expect it to transfer just that specific meaningful data, not a bunch of extra bytes that they didn't know the meaning or structure of.

    Google may be master information dealers, and storing *all* information they can find just in case, but junk bytes with no attribution are not useful information.

  18. Anonymous Coward
    Anonymous Coward

    deletion

    "promised to delete the data. But before doing so, it will be asking regulators in "the relevant countries" how this should be done."

    Either this means that google are technically incompetent - deleting data can't be that difficult.

    Or, it means that they want to bargain as to how little they need to delete.

    "forked tongue google" icon now!

    1. Summa

      How to delete data

      Nice arguments, but no, it's more complicated than that.

      Google can't just delete the data because the data are (potentially) evidence that Google committed a crime in collecting it in the first place.

      If Google were to simply delete the data, it may commit another crime by destroying the evidence of the first crime.

      It all gets ridiculously messy if Google tries to match up data with the people whose information they improperly collected and stored without revealling that data to the public or the government.

  19. Arclight

    Accidental?

    Two things I find curious, 1; just saying it was an accident is enough to stop US plod investigating, and would this work with any other offence? "I didn't run that red light" Case dropped.

    2; How do you accidently write code, include it in software, and actively drive around using it. Writing it and installing it isn't something that can be covered by the dictionary definition of accident

    1. Al Jones

      Yes, accidental.

      Saying it was accidental doesn't stop plod investigating, but the wiretapping laws weren't broken if this logging of data was accidental. Plod still gets to investigate, and Google could still be brought to court, but their defense wouldn't be "we didn't do it", but "we didn't intend to eavesdrop". Unless a prosecutor thinks that he can prove otherwise, the case probably won't go to court.

      Someone wrote a WiFi library some time ago, and one of the properties that it returns is the MAC and SSID. Someone else, who needed to record the MAC & SSIDs in the StreetView cars, included that WiFi library in their project. They didn't pay attention to the other data that this function logged - they probably weren't even aware of it. That falls well within my dictionary definition of an accident.

  20. Anonymous Coward
    Anonymous Coward

    Bizarre

    I can't understand how using some old code you would still be storing payload data. Surely you would only call the specific functions from that class that are needed and only expect a certain data type to be returned. In just a few levels of debugging you would be able to see that extra data is not only being made available, but being recorded as well.

    However, I really can't see a really good reason for Google to do this. I don't really think they are really using this data as they like snooping through e-mails and facebook updates. The very limited amount of data they could collect in those few seconds passing a property, combine with the fact that anyone could be connected to your open router, makes the data pretty worthless - surely?

    The only thing I can guess is they were doing a land-grab - using SSID, BSSID and packet sniffing to determine the required MAC and router information.

    Really though, you have far more to worry about if Google was able to capture this information than the fact they did!

  21. Anonymous Coward
    Anonymous Coward

    Take off your tinfoil hats

    Why is everyone need to see this as some evil conspiracy?

    They were geo-tagging MAC addresses, to capture a MAC address you need to capture the whole frame, it seems like their mistake was logging the whole frame instead of just the bytes they needed. It doesn't require a conspiracy to see how this could happen by accident.

    I doubt that these fleeting snapshots of internet traffic made it through the post processing into the useable database.

    1. Anonymous Coward
      Anonymous Coward

      Crooks

      If you or I did this and were caught, how do you think a court would take the defence of "it was accidental, while we were geo-tagging other people's WLANs without their permission" and "We did not mean to capture all this payload data - we were just negligent"?

      BTW, to find a MAC address you only to capture and store the headers of one single frame, not the full payload of several packets.

      I have had cause to use such tools within an inter-governmental organisation whose site is considered outside the jurisdiction of the country in which it is located (like an embassy) - but the ramifications and necessary precaution, procedures and limitations were first clarified with our legal department. Why did Google not do the same?

  22. Anonymous Coward
    Anonymous Coward

    Utter bullshit

    Next week form the Google Fuckup Spin Department :"A big boy made me do it"

  23. Anonymous Coward
    Anonymous Coward

    It's what they do,

    This isn't news to me, as soon as I heard about their wifi maps I knew they would be spying on peoples transmitted data.

    Anyone surprised by this has their head firmly stuck up their arse.

    Also, these people expect us to trust them with our printing jobs.

  24. John Munyard

    Cobblers

    I've read some corporate bullshit in my time but "We're sorry, we decided to equip our camera cars with aerials, detection and recording equipment but we didn't mean to accidentally capture people's router SSIDs" has got to be one of the lamest, most duplicitous lies I've ever seen.

    Aside from thanking the German authorities for highlighting this (something which the Home Office seemed to have missed) what do our Governments intend to do about it? What *can* they do about it? Is someone going to sanction Google? Force them to destroy all the data? Fine them some huge about for all this snooping?

    Of course not... move along people, nothing to see here. Google are immune to your complaints and will continue to do what they bloody well like. No matter that Sergei Brin is a Russian.

  25. Fred Flintstone Gold badge

    US law enforcement in action - or not

    Google is "saying it's an accident and that may be a good enough excuse to get them out of the wiretap liability,"

    I really have trouble buying the "accidental" here (and the fact that that is enough to avoid criminal investigation). You're sending cars all over the planet and collect huge data volumes and this remains unnoticed? Let's start earlier - I don't buy an "accidental" inclusion of such code either.

    Exactly how hard is it to spot "#include ECHELON_ng" in a code review?

    I call BS - as another poster commented, their only problem was that they were caught out. Exactly how much sponsorship do they get from the NSA?

  26. Will 28

    Why did they write it in the first place?

    I know it's impolite to mention the elephant in the room, but...

    it's one thing to expect us to believe that this software made it out of a source control system, and into active use on some hardware all by mistake. What they haven't explained is why they ever wrote some software that appears to be intended for the sole purpose of illegally intercepting data.

    It's a bit like Iran apologising because a nuclear missile was accidentally fitted onto a plane (well, a little bit anyway).

  27. Anonymous John

    "Street View cars have now been grounded"

    Google has flying cars?

  28. Anonymous Coward
    Anonymous Coward

    But WHY?

    I must have missed something --- like maybe the first part of the story, but am I the only one who is wondering WHY they collected this data in the first place?

    Never mind *collect* --- why did they even have equipment registering nearby router IDs?

    why? Why? Why?

    1. treboR

      Geolocation without GPS

      I don't know about other browsers, but in Firefox If you go on Google Maps, there's a button under the compass, which if you click it, churns away for a moment and centres the map on your approximate location. Since my computer doesn't have GPS, it must be doing it by working out what wifi networks are in range of my machine and looking it up in a database. It'll obviously work better in cities and built up areas where the networks are a lot denser.

      It's a neat feature, there's nothing overtly sinister about it - if it meant I could get location-aware services without turning on a battery-thirsty GPS chip I'd probably say it was a good thing.

      1. JohnG

        Sinister?

        "It's a neat feature, there's nothing overtly sinister about it....."

        I you happened to be a dissident blogger in one the world's less enlightened regimes, it might be very sinister if wireless geo-location brings men with guns to to cart you away for a spell of torture, followed by a long stay in jail.

  29. Muckminded
    Thumb Up

    The Island of Google

    Google may as well be a nation now. That would give them the ability to do this and chuck it in the self-defense bucket. Only big, dreamy nations get to screw you royally while claiming it was in their national interest. As a corporation, they are at the mercy of their host nation. Who the hell wants that?

    Is Australia still inhabited after that red cloud of death swept through? What's the asking price for a continent these days? I say it's time to take it up a notch. Think different.

    Also, there must be more of the electromagnetic spectrum that can be monitored. Can you check my pulse as you drive by? If my folks could Google my latest heartrate, that would probably comfort them.

    Don't worry, Earthlings. These bitches know what they doin'.

  30. AndrueC Silver badge
    Thumb Down

    Enough with the paranoia

    Seriously - Google might have suffered a technical screw-up but get some perspective. There's almost nothing of value they could have learnt from this. Anything they might have learned would be the result of an idiot not securing their network.

    But what could they have learnt? Their vehicles probably spent less than ten seconds within range of each network. I'm pretty sure Google has more sense (evil or not) than to deliberately set out to snoop on private networks. It would have to be the most inefficient privacy violation strategy in history.

    It's just a silly cock-up. Likely nothing of value was copied and the 'victims' would do far better to learn how to configure their equipment. Everyone else would do well to assume that any data packet that leaves the boundary of their property (either on a physical network or radio waves) can be compromised.

    1. Anonymous Coward
      Anonymous Coward

      The question still stands

      Why did they access those networks in the first place?

      Why were they even looking for wifi routers, let alone logging their details, let alone recording traffic.

      For some reason, everybody seems to take it for granted. Like maybe other people do this every time they walk the dog.

      Do they? What am I missing?

      1. Ole Juul

        What dog?

        "For some reason, everybody seems to take it for granted. Like maybe other people do this every time they walk the dog. Do they? What am I missing?"

        In my case the answer is simple: I don't have a dog. However, I suspect Google doesn't either, so it's even more mysterious. :)

        Seriously: No, it is not normal to collect information on private networks, especially by someone who has the ability to correlate this with other information about the people involved. A private person doing this would probably get thrown in the clink. I think Google just wants to collect as much information on people as possible. They'll go as far as they can get away with.

      2. Rolf Howarth

        Why did they access the networks?

        They collect the SSIDs of WiFi networks, secured or otherwise, and link them to a specific geographic location to implement a basic geolocation service in Google Maps for devices that don't have a GPS. Yes, if you move that will confuse things slightly for a short time. If you go to the Skyhook website you can manually request changes. Not sure if Google and Skyhook use the same database or are competing with each other.

    2. JohnG

      Breaking the law

      No. It is illegal. If I did it, I could expect to be arrested - why not the people who did this at Google? Incompetence or negligence is hardly a defence, especially for an organisation as large as Google who can afford to employ the necessary technical and legal experts.

      They did not "suffer a technical screw up" - the relevant code did not just happen - someone wrote it and it undoubtedly went through some layers of checking and change control before it was included in a software build used in the cars concerned. It is laughable to suggest that some code to acquire and store other people's WLAN payload data could have just "happened", as if by some freak accident.

      Additionally, the possession of hacking tools in Germany is illegal, other than by certified security professionals. Any of the car drivers/operators who were not CISSPs or similar at the time of their German outings are probably in trouble.

      1. Al Jones

        Better hide your FM radios!

        If listening to public broadcasts is "hacking" then we'd all be in trouble. I'm sure Sky would love to make watching OTA TV a crime, but it's not a crime, and it's not likely to be any time soon. If you choose to broadcast your WiFi traffic in the clear, then anyone who happens to overhear it is no more guilty of hacking than someone in earshot of an idiot shouting into his cellphone.

  31. Muckminded
    Thumb Up

    Post deleted by a moderator

    How Apple-esque.

    A tyrant's work is clever dun.

  32. Inachu
    Flame

    Hahahaha

    Who cares!

    Since then Ive been through 3 wifi routers and 4 computers.

    Also I format my pc once every 3 to 6 months.

    So any data spooks may be looking for has been gone replaced thrown away drive plattters made worthless even to data recovery experts.

    I am a spooks worst nightmare..... nothing around to incriminate me except to incite hate against Lars Vilks.

Page:

This topic is closed for new posts.

Other stories you might like