homepage Welcome to WebmasterWorld Guest from 54.242.231.109
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Google / Google Finance, Govt, Policy and Business Issues
Forum Library, Charter, Moderators: goodroi

Google Finance, Govt, Policy and Business Issues Forum

This 155 message thread spans 6 pages: < < 155 ( 1 2 [3] 4 5 6 > >     
Google Street View WiFi Appears To Have Collected Email and Passwords
phranque




msg:4155139
 3:10 am on Jun 19, 2010 (gmt 0)


System: The following message was cut out of thread at: http://www.webmasterworld.com/goog/4147311.htm [webmasterworld.com] by engine - 10:26 am on Jun 19, 2010 <small>(utc +1)</small>


Google's Street View Wi-Fi data included passwords, email | Networking - InfoWorld [infoworld.com]
At the time, Google said it only collected "fragments" of personal Web traffic as it passed by, because its Wi-Fi equipment automatically changes channels five times a second. However, with Wi-Fi networks operating at up to 54Mbps, it always seemed likely that those one-fifth of a second recordings would contain more than just "fragments" of personal data.

That has now been confirmed by CNIL, which since June 4 has been examining Wi-Fi traffic and other data provided by Google on two hard disks and over a secure data connection to its servers.

"It's still too early to say what will happen as a result of this investigation," CNIL said Thursday.

"However, we can already state that [...] Google did indeed record email access passwords [and] extracts of the content of email messages," CNIL said.

... according to the French National Commission on Computing and Liberty (CNIL)

[edited by: engine at 9:27 am (utc) on Jun 19, 2010]
[edit reason] extended quote [/edit]

 

cwnet




msg:4155714
 10:22 pm on Jun 20, 2010 (gmt 0)

@buckworks 'specific laws'

The German law that applies is called Telekommunikationsgesetz - it basically says that sniffing of communication (including wi-fi, secured or not) may be punished with jail time of up to 2 years or a monetary fine. If you search, you will find similar laws in most civilized countries.

The law in German (German Department of Justice)
[bundesrecht.juris.de...]

buckworks




msg:4155716
 10:30 pm on Jun 20, 2010 (gmt 0)

a perfect case of trespassing


That would indeed apply for the case of someone entering a house ... but the metaphor doesn't carry us very far.

Google was on public ground gathering public signals from public airwaves. Where's the trespass there?

buckworks




msg:4155717
 10:32 pm on Jun 20, 2010 (gmt 0)

Everything is cool as long as I will not be prosecuted.


Cwnet, that is most emphatically NOT what Incredibill is saying.

ken_b




msg:4155719
 10:37 pm on Jun 20, 2010 (gmt 0)

Google was on public ground gathering public signals from public airwaves. Where's the trespass there?

Maybe the data capture is closer to this,.... is it ok to film what one sees happening in a private home if the window curtains are not closed?

.

TheMadScientist




msg:4155720
 10:48 pm on Jun 20, 2010 (gmt 0)

Took me a bit to track down a quote somewhere, and I would like a slightly more well known source, but
https://pantherfile.uwm.edu/aaronil2/www/Subpage1C.html

Packet sniffing programs, like "wardriving" are not inherently illegal according to FBI Special Agent Eric Brelsford. He said, "It is not illegal to own or use them as long as you are using them on a network where you have authorization to capture that information."

cwnet




msg:4155721
 10:50 pm on Jun 20, 2010 (gmt 0)

Well, you are missing the point (slightly). Due to the distracting case of home owners.

Sure enough, Google was on public grounds, gathering PRIVATE signals from maybe public airwaves.

The point is that Google recorded PRIVATE data that was publicly available. Trying to clarify, the point is not even 'listening' to the data but to record/store it.

That is what makes all the difference. Storing the data is the 'bad' part about the whole thing. You may read a postcard, you may accidently listen to a phone conversation or eavesdrop on your neighbors chat...all well and cool...BUT, once you record those, making them available for later use for whatever purpose you are in trouble.

Once you record/store those informations you are in the land of wire-tapping (wire-tapping is NOT reduced to telephone lines).

If you want to dig into European data protection laws you may go to [ec.europa.eu...]

Again, just ask your lawyer...I am sure the majority of people on this board have a lawyer at hand...as every business owner should.

cwnet




msg:4155722
 10:53 pm on Jun 20, 2010 (gmt 0)

@TheMadScientist

Excatly what I am saying: No problem if you have the consent of the data owner.

Unfortunatly for Google, they did not have authorization by data owners to capture their wi-fi information.

cwnet




msg:4155723
 10:56 pm on Jun 20, 2010 (gmt 0)

@incredibill and buckworks

Everything is cool as long as I will not be prosecuted.

Sorry if I got this wrong. I might have gone a little bit over the top.

buckworks




msg:4155724
 10:57 pm on Jun 20, 2010 (gmt 0)

I found what appears to be an English translation of a law called Telekommunikationsgesetz. [iuscomp.org...]

Interestingly, there are indeed some penalties in there for intercepting communications not intended for you BUT there are also requirements for ensuring that communications privacy is safeguarded in the first place.

... which an unsecured wi-fi network definitely does not achieve ...

The plot thickens.

[edited by: buckworks at 10:59 pm (utc) on Jun 20, 2010]

TheMadScientist




msg:4155725
 10:57 pm on Jun 20, 2010 (gmt 0)

@ cwnet

Yeah, I think maybe those who claim to practice 'tough love for the 'stupid people'' in this thread are in danger of being on the receiving end of some 'really tough love' for a few years if the wardriving statement made in this thread is true... Does 'what goes around' maybe apply here?

cwnet




msg:4155729
 11:08 pm on Jun 20, 2010 (gmt 0)

Good find buckworks...there are indeed penalties included for sloppy securing of data. It is however noteworthy that their is a distinction between professionals and individuals, meaning penalties of sloppy security practises only apply to companies dealing with data. Individuals are not covered by this law.

cwnet




msg:4155731
 11:10 pm on Jun 20, 2010 (gmt 0)

@TheMadScientist

'what goes around' 'comes around' ALLWAYS! (But then, that is only my believe and I have been wrong before).

cwnet




msg:4155735
 11:22 pm on Jun 20, 2010 (gmt 0)

U.S. Code § 2511. Interception and disclosure of wire, oral, or electronic communications prohibited

"any person who—

intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;

shall be punished"


Cornell University Law School

[law.cornell.edu...]

incrediBILL




msg:4155736
 11:30 pm on Jun 20, 2010 (gmt 0)

if the wardriving statement made in this thread is true...


OK, how many times do I have to explain it was just an example for educational purposes, not something I actually do?

My point was and is that thousands could be doing it right now and you wouldn't know it because they aren't driving down the street with a big "GOOGLE" logo on their car and they sure as heck aren't putting a "WIFI SNIFFERS" label on it either.

Laws don't stop bad people from doing bad things, only catching them does.

Who here doesn't exceed the posted speed limit on a regular basis?

So many people do it the police can only go after the worse offenders while thousands of offenders roll by.

With wifi sniffing and cracking it's an invisible crime the police can't even see making it a virtually toothless law until someone does something incredibly stupid, like Google did, and gets caught.

So which makes people feel safer, toothless mostly unenforceable laws or more secure technology?

I'm voting for better technology.

cwnet




msg:4155743
 11:37 pm on Jun 20, 2010 (gmt 0)

I am voting for better technology too! But I am sure happy the laws are there while waiting for technology to catch up.

And, I am voting for straight forward, non-nonsense posts too. You know, posts that do not give room for misunderstandings like the many post you made on this topic. (which did not undermine my respect for you in any way - BTW)

Cheers, Joern

TheMadScientist




msg:4155745
 11:44 pm on Jun 20, 2010 (gmt 0)

With wifi sniffing and cracking it's an invisible crime the police can't even see making it a virtually toothless law until someone does something incredibly stupid, like Google did, and gets caught.

Thanks for finally just saying it, because it may be what you're thinking, and I agree better technology would be better too, as would some basic education and possibly even simply better warnings or default settings on WiFi systems, but throughout this thread it sure sounds like you're defending Google's wrong actions and promoting better security, rather than simply stating how silly it is it takes something of this magnitude for something to maybe get done to fix it, and how Google should not have gone there in the first place.

IOW: In reading through the thread you're coming across as different than you may actually think or be personally, which I hope is the case.

cwnet




msg:4155749
 11:59 pm on Jun 20, 2010 (gmt 0)

Just one more thought why I believe those 'toothless laws' are really important and why Google should not be allowed to get away with what they did.

The law is needed to be able to prosecute offenders. Without a law there is no penalty. Catching offenders would be useless without a law applying penalties to the offense. The law defines what a society as a whole deems acceptable and what not.

Prosecuting Google over their breaking of the law would send a clear signal to everybody that justice, democracy and society as a whole still works and you cannot be bigger then the law or society.

moTi




msg:4155751
 12:03 am on Jun 21, 2010 (gmt 0)

the point is not even 'listening' to the data but to record/store it.

the procedure of email-harvesting should be quite a close analogy to reading data from an unsecured wifi. in both instances some form of technical equipment is required and in both cases there are methods to protect your data from sniffing.

well, there seems to be varying legislation per country. in the u.s. for example, collecting emails with harvesting tools is not illegal per se. however, quoting wikipedia:

In The United States of America, the CAN-SPAM Act of 2003 made it illegal to initiate e-mail to a recipient where the electronic mail address of the recipient was obtained:

* Using an automated means that generates possible electronic mail addresses by combining names, letters, or numbers into numerous permutations.

* Using an automated means to extract electronic mail addresses from an Internet website or proprietary online service operated by another person, and such website or online service included, at the time the address was obtained, a notice stating that the operator of such website or online service will not give, sell, or otherwise transfer addresses maintained by such website or online service to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.

so, according to this imo quite comparable case, there is indeed the question: does google merely colleting the data qualify for abuse? would they have to use that data in some way to make it illegal? is storing the data enough evidence to show the intent of using it?

if this ruling also applies to the street view case, the respective wifi participant would have to explicitly opt out of the practice of his data being collected, right? now in which way would he have to do that? this is a tricky one.

cwnet




msg:4155753
 12:15 am on Jun 21, 2010 (gmt 0)

Well, it would be nice if this case goes to court and your questions would be answered, no?

buckworks




msg:4155754
 12:20 am on Jun 21, 2010 (gmt 0)

explicitly opt out of the practice of his data being collected, right? now in which way would he have to do that?


He could start by securing his network.

cwnet




msg:4155755
 12:26 am on Jun 21, 2010 (gmt 0)

no need to opt out - sniffing of wi-fi data is illegal. What is needed is software to log illegal sniffing.

kaled




msg:4155760
 12:50 am on Jun 21, 2010 (gmt 0)

Google was on public ground gathering public signals from public airwaves. Where's the trespass there?

WRONG - the signals were private.

Original cell-phones were analog (i.e. unencrypted). Criminal investigations followed in the UK when the phone calls of certain members of the Royal Family were intercepted and recorded.

Google broke the law - it's that simple. Any argument to the contrary based on lack of encryption is utterly fallacious. In the UK, Google probably broke data protection laws too. I defy anyone to argue reasonably that a lack of encryption granted Google rights in respect of data storage.

Kaled.

incrediBILL




msg:4155770
 12:56 am on Jun 21, 2010 (gmt 0)

<dupe post>

[edited by: incrediBILL at 1:02 am (utc) on Jun 21, 2010]

incrediBILL




msg:4155771
 1:01 am on Jun 21, 2010 (gmt 0)

What is needed is software to log illegal sniffing.


AH HA!

Sadly that's a problem because the cards can listen (because it's a broadcast) without being detected, you're only detected when you attempt to connect.

That's why I said it's a toothless law because you leave no trail until you actually interact with the network.

Dictionary says:
broad·cast
3. To send a transmission or signal; transmit.

Doesn't say how far or with which protocol, just transmit.

The protocol would have to change to make your card ping the network to let them know you're lurking, which could reduce the bandwidth and possibly would overflow wifi logs on current devices in no time. By the time you found a problem so many things would be pinging the wifi that there would be a good likelihood the data you need had scrolled off.

Obvious solutions are 16GB SDD's for longer term storage but that would (currently) drive the price up too much.

With changes to the hardware technology someone would simply remove the "ping the network" code from the chips and flash a new wifi card that's undetectable yet again, just like people hack region specific DVD drives, unlock cell phones, etc.

Here's a good for instance that could happen daily (and probably does) that someone sits in big wifi hotspots around town and captures email addresses and passwords then sell them to someone in a foreign country which obscures the trail of the crime greatly.

Does it happen?

Probably.

Your best option is to always use a secure VPN and a 58 or 64-bit key minimum to avoid hackers and disconnect from the VPN after long periods because time is the hackers friend when analyzing VPN.

If everyone simply used VPN we wouldn't really care about the wifi security whatsoever.

I defy anyone to argue reasonably that a lack of encryption granted Google rights in respect of data storage.


I won't argue that, but I'll argue anyone using a lack of encryption isn't really concerned about security until something bad happens.

Law or no law, criminals do what criminals do all day every day, not that I think Google had any criminal intent, and the only way to outsmart the criminals is make the technology basically bullet proof.

Ever read of anyone intercepting calls on cells using EVDO/CDMA that didn't have a wire tap?

Nope.

See, I like my security so I use the cellular broadband.

Others prefer to be penny-wise and pound foolish and risk it rolling the dice on wifi without VPN.

buckworks




msg:4155776
 1:24 am on Jun 21, 2010 (gmt 0)

Criminal investigations followed


A criminal investigation is just that, an investigation. It might find that a crime had been committed by the person suspected/accused, but then again it might not.

@kaled, was someone actually prosecuted and convicted in the situation you refer to? I'd be curious to know more about it.

[edited by: buckworks at 1:47 am (utc) on Jun 21, 2010]

StoutFiles




msg:4155782
 1:30 am on Jun 21, 2010 (gmt 0)


Your best option is to always use a secure VPN and a 58 or 64-bit key minimum to avoid hackers and disconnect from the VPN after long periods because time is the hackers friend when analyzing VPN.


Yes, if I live in constant paranoia with huge passwords and constantly unplugging my router I'd be safe. That's a great way to live!

Look, if I had a neighbor who was peering in my window, trying to get into my router, rummaging through my trash...my first instinct would not be "Haha, well it's my fault! I'll make sure my blinds are always closed, my router hack-proof, and my documents shreaded before they go in the trash!" I'd go over to the neighbor and say some things I probably can't say here. Everyone here would do something about it, not try to live in a defensive paranoia like you're suggesting.

Google is that creepy neighbor. Legal or not, it's not right.

buckworks




msg:4155786
 1:41 am on Jun 21, 2010 (gmt 0)

And while you're busy yelling at the creepy neighbour, a different creepy neighbour whom you didn't notice is still able to do exactly the same things ...

TheMadScientist




msg:4155793
 1:50 am on Jun 21, 2010 (gmt 0)

And while you're busy yelling at the creepy neighbour, a different creepy neighbour whom you didn't notice is still able to do exactly the same things ...

Do you mean 'Creepy Uncle G'?

incrediBILL




msg:4155824
 4:12 am on Jun 21, 2010 (gmt 0)

not try to live in a defensive paranoia like you're suggesting.


It's not defensive paranoia - it's called preventive security, it's the world we live in.

Disconnecting VPN after a few hours is only a suggestion for using it in an open wifi hotspot as time online is the hackers friend. On a properly secured network no need to ever disconnect VPN.

What, you don't shred?

Neither did I until I caught local dumpster divers collecting and spreading out papers looking for who knows what. In a different instance, walked into an office I used to work for late one night about 11pm and found the all trash from the CFO and CEO uncrumpled and neatly laid out on the floor - they got fired on and had some nice long discussions with the police.

FWIW, as careful as I am, I rarely use my CC in restaurants I don't know, I tend to pay cash in strange places where I can't see the swiper and a year ago, I broke that rule taking my mom out to two different places in her hometown in one day. One of them cloned my card and it was being used in Indiana (across the country) just a couple of days later and Wells Fargo stopped them without allowing a single purchase - most likely because I was still using it in person in California!

Not paranoid, realistic.

I find these discussions quite amusing because we're all webmasters, we build hardened servers to stop hackers, we pay for secure hosting, and we update scripts with security flaws to keep our sites safe daily then turn around and argue about being paranoid over open wifi security - total disconnect.

If open wifi is OK why not just forget the server firewall?

Keeping Google out of wifi is so trivial I can't believe it even happened.

Sgt_Kickaxe




msg:4155829
 6:33 am on Jun 21, 2010 (gmt 0)

That’s the first thing that should be reassuring in all this — it’s not as if Google heard minutes or hours worth of what you were “saying” on the web.

As it seeks to destroy the data


Think bigger

The real value is in knowing the access range of Joe Bloe at 123 anystreet, yourtown, Surveillance States. A more powerful probe, from say 20,000 miles up, can focus on exactly that spot and continue the listening.

Then again, that's probably already being done without Google so this really is a moot thread now isn't it.

I'm always amazed at how they find someone who threw a cigarette out their vehicle window days after it starts a forest fire. Access satellite data - rewind to fire start point - follow vehicle to nearest intersection - look at license plate via traffic cam - find possible witnesses in same manner...

zett




msg:4155860
 7:06 am on Jun 21, 2010 (gmt 0)

Interesting thread. Here are my two Cents.

1) Metaphors are increasingly irrelevant. I see this in copyright discussions all the time, and because we are talking about digital goods, arguments get tangled quickly when using metaphors from the real world. But we are talking digital, and that still is not the real world. So, I'd suggest to stop using metaphors and discuss whether the actions Google have taken have been (a) intentional, (b) illegal, and (c) what we can learn from this. The second item may vary by country.

2) Those who defend Google here are already fighting a show fight, because the public perception has moved on much more quickly. Where I live, people get increasingly tired of Google grabbing data of any kind and using this to build profiles. PEOPLE DON'T WANT THIS, so they move on. Google had their climax, and have now begun the downturn. All their beautiful free products can't restore the trust they have lost with the public.

3) I'd even say that webmasters have moved on, and only the die-hard fans (who depend on Google traffic) actually do care. This thread is a good example. Where in the past there would be a heated debate, now we see a good discussion about whether WiFi should be encrypted or not (yawn!), how anyone could do what Google did (bah!), and how life in general is a risk (big yawn!). But that does not touch the very core - that Google has lifted the curtain and we could briefly peek into the dark minds at the Plex. And what we see is - quite ugly.

4) Instead of defending the rights of those who get sniffed (an action which IS ILLEGAL in some legislations), I am surprised that some here still try to defend the un-defendable. Hmmm. Actually I am not that surprised. The recent "Feedback days" showed clearly that a certain type of discussion pushes members away; if the un-defendable is defended, the crowd moves on, shrugging, wondering what a strange place this is.

Which is what I will be doing now. Back to lurking mode again.

This 155 message thread spans 6 pages: < < 155 ( 1 2 [3] 4 5 6 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google Finance, Govt, Policy and Business Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved