Google off the hook - Aussie cops call off criminal investigation

Filed Under: Data loss, Google, Law & order, Mobile, Privacy

The Australian Federal Police (AFP) announced, late on Friday afternoon (usually a good time for bad news, catching journalists just after they have left for the pub for the weekend), that Google would face no criminal charges over its interception of WiFi traffic in Australia.

Google landed in hot water early in 2010 when it emerged that its Street View cars had been hoovering up and retaining snooped WiFi traffic whilst driving around the towns and cities of the world.

The plan, apparently, was to record and to map the names and MAC addresses of WiFi access points.

Google, it seems, not only recorded and retained network names and address, but also the contents of any data frames it sniffed as it went by.

This means that the search giant ended up with snippets of internet traffic, potentially from millions of users.

So if you were using unencrypted WiFi when Google drove past, you ran the risk of having personally identifiable information - snippets of email you were reading, perhaps, or fragments of pictures you were uploading - grabbed and retained by the 200kg gorilla of the internet search-and-advertising industry.

Google's excuse was that the possibly-personal data it acquired and retained was an accident. The code which grabbed network frames to extract the WiFi name and address inadvertently recorded the whole frame, including that possibly-personal payload portion, rather than extracting just the network name and address.

Also, only a tiny amount of possibly-personal data was captured for each WiFi access point - one, or a few, fragments from one, or a few, packets. If the access point was using any form of encryption - even, in this case, the dangerously-insecure WEP system - this data was just meaningless garbage. And, anyway, the data was being deliberately and publicly transmitted in an unregulated part of the radio spectrum.

Personally, I find the decision to have referred Google for AFP investigation on this particular matter to be a curious one. Street View, after all, has always relied on the systematic, massive-scale, continuous, contiguous collection and commercialisation of data about private property acquired automatically by driving around on public roads.

If you think that modern privacy and intellectual property laws surrounding photographs are satisfactory (by which the photographer generally gets the rights to any pictures snapped in or from public places), what moral or technical objection can you come up with to the WiFi sniffing which Google carried out?

After all, you can't unilaterally choose - and shouldn't, in any case, be forced - to build a taller fence to keep Google's all-seeing cameras out of your garden.

(In most metropolitan areas, your council simply won't let you build walls and fences of arbitrary height, for reasons of aesthetics, access to light, and safety.)

But you can set up a WiFi access point without asking anyone. And when you do, you can choose to make it the equivalent of an opaque three-dimensional fence entirely enclosing your property, simply by turning on WPA encryption.

So, if you haven't already, please follow Friday afternoon's advice from the Feds. "The AFP encourages internet users to secure their wireless devices to enhance their internet security."

Advice on what works (and what doesn't) can be found here:

http://nakedsecurity.sophos.com/2009/11/09/sun-sand-surf-security/

See? Encryption is your friend. Even the cops say so!

, , , ,

You might like

One Response to Google off the hook - Aussie cops call off criminal investigation

  1. Angela · 1333 days ago

    Of course they did, but look how fast they try and prosecute Julian Assange.
    Google should of been charged they take every9one for fools, nobody makes a mistake this large, what were they really looking for?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog