Mobile // Mobile Applications
Commentary
7/9/2010
07:52 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google WiFi Grab Should Improve Security

For all the fuss over Google's inadvertent WiFi data collection, it's not clear the company has done anything illegal under U.S. law by grabbing WiFi packet data from unprotected networks.

For all the fuss over Google's inadvertent WiFi data collection, it's not clear the company has done anything illegal under U.S. law by grabbing WiFi packet data from unprotected networks.Outside the U.S., it's a different story, explained Catherine Meyer, counsel at Pillsbury Winthorp Shaw Pittman in the firm's data protection and privacy practice, in a phone conversation about Google's situation. "In Europe, you're not allowed to take someone's information unless you get consent," she said. "In the U.S., it's much more laissez-faire."

In the U.S., the major privacy violations involve wiretapping or eavesdropping.

Most states, Meyer explained, allow phone conversation to be recorded or overheard if one of the parties on the call consents. Twelve states have two-party consent, which actually means that all parties need to consent.

That why if you have a speaker phone conference call, you should make sure everyone knows they're on a speaker phone, said Meyer.

Likewise, if you've having a conversation at a table in a public place, you don't have an expectation of privacy, so eavesdropping would not be a crime.

So it is with a wireless router that broadcasts unprotected data. "With a wireless router that has no security, where is your expectation of privacy?" asked Meyer.

At the same time, Meyer observes there's gray area. "If you don't know [your data] being broadcast, are you consenting?"

Legally, Google's data collection appears to be analogous to picking up a wireless phone conversation or listening to the police communicating over an open channel with a radio scanner. Or, Meyer suggests, having Google's indexing spider crawl your Web server, where it finds publicly accessible documents.

But Google isn't out of the legal woods. It's possible it may face charges under the Computer Fraud and Abuse Act, which prohibits unauthorized access to a protected computer.

"That's the one area where Google may have issue, if those computers would qualify as a protected computer," she said, noting that much would hinge on whether Google's actions were deemed to be intentional, willful, or knowing -- three different legal standards.

Whatever happens in terms of penalties or prosecution, Google deserves some thanks for shining a light on the sorry state of WiFi router security.

As part of its ongoing crusade against Google, Consumer Watchdog recently sent drivers around Washington with WiFi sniffers to see if anyone could find networks that Google's Street View cars might have accessed.

Its drivers found several unprotected networks, one at the home of Rep. Jane Harman, D-CA, chair of the Intelligence Subcommittee of the Homeland Security Committee and former member of the Intelligence Committee, in her Washington, D.C.

Imagine if she had access to secret intelligence information. Oh, wait, she probably does.

We may laugh about the ineffectiveness of the ten recently caught Russian spies who were just returned home. But they could've saved themselves years of fruitless deep cover work by touring the D.C. suburbs and vacuuming WiFi data emanating from the wireless routers in the homes of government employees and the Beltway elite.

Let's hope Google's gaffe teaches us something.



Black Hat USA 2010 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 24-29, in Las Vegas. Find out more and register.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.