Mobile // Mobile Applications
07:52 PM
Thomas Claburn
Thomas Claburn
Connect Directly

Google WiFi Grab Should Improve Security

For all the fuss over Google's inadvertent WiFi data collection, it's not clear the company has done anything illegal under U.S. law by grabbing WiFi packet data from unprotected networks.

For all the fuss over Google's inadvertent WiFi data collection, it's not clear the company has done anything illegal under U.S. law by grabbing WiFi packet data from unprotected networks.Outside the U.S., it's a different story, explained Catherine Meyer, counsel at Pillsbury Winthorp Shaw Pittman in the firm's data protection and privacy practice, in a phone conversation about Google's situation. "In Europe, you're not allowed to take someone's information unless you get consent," she said. "In the U.S., it's much more laissez-faire."

In the U.S., the major privacy violations involve wiretapping or eavesdropping.

Most states, Meyer explained, allow phone conversation to be recorded or overheard if one of the parties on the call consents. Twelve states have two-party consent, which actually means that all parties need to consent.

That why if you have a speaker phone conference call, you should make sure everyone knows they're on a speaker phone, said Meyer.

Likewise, if you've having a conversation at a table in a public place, you don't have an expectation of privacy, so eavesdropping would not be a crime.

So it is with a wireless router that broadcasts unprotected data. "With a wireless router that has no security, where is your expectation of privacy?" asked Meyer.

At the same time, Meyer observes there's gray area. "If you don't know [your data] being broadcast, are you consenting?"

Legally, Google's data collection appears to be analogous to picking up a wireless phone conversation or listening to the police communicating over an open channel with a radio scanner. Or, Meyer suggests, having Google's indexing spider crawl your Web server, where it finds publicly accessible documents.

But Google isn't out of the legal woods. It's possible it may face charges under the Computer Fraud and Abuse Act, which prohibits unauthorized access to a protected computer.

"That's the one area where Google may have issue, if those computers would qualify as a protected computer," she said, noting that much would hinge on whether Google's actions were deemed to be intentional, willful, or knowing -- three different legal standards.

Whatever happens in terms of penalties or prosecution, Google deserves some thanks for shining a light on the sorry state of WiFi router security.

As part of its ongoing crusade against Google, Consumer Watchdog recently sent drivers around Washington with WiFi sniffers to see if anyone could find networks that Google's Street View cars might have accessed.

Its drivers found several unprotected networks, one at the home of Rep. Jane Harman, D-CA, chair of the Intelligence Subcommittee of the Homeland Security Committee and former member of the Intelligence Committee, in her Washington, D.C.

Imagine if she had access to secret intelligence information. Oh, wait, she probably does.

We may laugh about the ineffectiveness of the ten recently caught Russian spies who were just returned home. But they could've saved themselves years of fruitless deep cover work by touring the D.C. suburbs and vacuuming WiFi data emanating from the wireless routers in the homes of government employees and the Beltway elite.

Let's hope Google's gaffe teaches us something.

Black Hat USA 2010 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 24-29, in Las Vegas. Find out more and register.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll