Google WiFi Grab Should Improve Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
Commentary
7/9/2010
07:52 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google WiFi Grab Should Improve Security

For all the fuss over Google's inadvertent WiFi data collection, it's not clear the company has done anything illegal under U.S. law by grabbing WiFi packet data from unprotected networks.

For all the fuss over Google's inadvertent WiFi data collection, it's not clear the company has done anything illegal under U.S. law by grabbing WiFi packet data from unprotected networks.Outside the U.S., it's a different story, explained Catherine Meyer, counsel at Pillsbury Winthorp Shaw Pittman in the firm's data protection and privacy practice, in a phone conversation about Google's situation. "In Europe, you're not allowed to take someone's information unless you get consent," she said. "In the U.S., it's much more laissez-faire."

In the U.S., the major privacy violations involve wiretapping or eavesdropping.

Most states, Meyer explained, allow phone conversation to be recorded or overheard if one of the parties on the call consents. Twelve states have two-party consent, which actually means that all parties need to consent.

That why if you have a speaker phone conference call, you should make sure everyone knows they're on a speaker phone, said Meyer.

Likewise, if you've having a conversation at a table in a public place, you don't have an expectation of privacy, so eavesdropping would not be a crime.

So it is with a wireless router that broadcasts unprotected data. "With a wireless router that has no security, where is your expectation of privacy?" asked Meyer.

At the same time, Meyer observes there's gray area. "If you don't know [your data] being broadcast, are you consenting?"

Legally, Google's data collection appears to be analogous to picking up a wireless phone conversation or listening to the police communicating over an open channel with a radio scanner. Or, Meyer suggests, having Google's indexing spider crawl your Web server, where it finds publicly accessible documents.

But Google isn't out of the legal woods. It's possible it may face charges under the Computer Fraud and Abuse Act, which prohibits unauthorized access to a protected computer.

"That's the one area where Google may have issue, if those computers would qualify as a protected computer," she said, noting that much would hinge on whether Google's actions were deemed to be intentional, willful, or knowing -- three different legal standards.

Whatever happens in terms of penalties or prosecution, Google deserves some thanks for shining a light on the sorry state of WiFi router security.

As part of its ongoing crusade against Google, Consumer Watchdog recently sent drivers around Washington with WiFi sniffers to see if anyone could find networks that Google's Street View cars might have accessed.

Its drivers found several unprotected networks, one at the home of Rep. Jane Harman, D-CA, chair of the Intelligence Subcommittee of the Homeland Security Committee and former member of the Intelligence Committee, in her Washington, D.C.

Imagine if she had access to secret intelligence information. Oh, wait, she probably does.

We may laugh about the ineffectiveness of the ten recently caught Russian spies who were just returned home. But they could've saved themselves years of fruitless deep cover work by touring the D.C. suburbs and vacuuming WiFi data emanating from the wireless routers in the homes of government employees and the Beltway elite.

Let's hope Google's gaffe teaches us something.



Black Hat USA 2010 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 24-29, in Las Vegas. Find out more and register.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll