Details Of Google Wi-Spy Investigation Show Disorganization And Bad Controls, Rather Than Malicious Spying

from the why-you-don't-use-open-wifi dept

It's been nearly two years since Google revealed that it had been collecting (but not using) some data from unencrypted WiFi networks as it drove around with Google's StreetView vehicles. While the data collection was associated with its efforts to use WiFi networks to help determine location info, it was stupid and looked bad. However, as we've explained repeatedly, the real issue there was simply people not protecting themselves by using encryption on WiFi. The simple fact here is that anyone on those networks could collect the same info easily. In recent weeks, the news came out that not only did the FCC clear Google of breaking the law with the activity, but so did the DOJ. Add that to the FTC investigation that found nothing wrong with the activity, and that's now three federal agencies that have said collecting such data didn't break any laws. The FCC did fine Google $25,000 for not being particularly cooperative -- which does reflect poorly on Google. But the simple fact of the matter is that what Google did in collecting this data isn't illegal. If you don't just kneejerk into "Google's evil" mode and want to understand why, Mike Elgan recently did a nice explainer.

That said, over the weekend, Google released the full FCC report redacting just names -- and even the name of the key engineer has since been revealed. The FCC had released a report that redacted a lot more info. The report reveals a lot more of the background here, and it's giving new ammo to critics, who are insisting that it shows a much more evil situation than had come out before. Specifically, it shows that Marius Milner -- working on Google's famed "20% time" -- came up with the code, and shared the details with some others, including one who debugged the code, and a supervisor. Milner, among other things, helped create NetStumbler, a tool that plenty of folks have used to monitor WiFi networks.

Some are trying to claim that this shows the effort was planned and not an "accident." Though, in actuality, the details still suggest nothing nefarious at all. It was still just this engineer coding it up, rather than some big plan. And yes, he shared the fact with a few others, but none of them seem to have paid much attention or done anything. In fact, while it was suggested to some that such data might be useful, that idea was dropped when people told the engineer that it wouldn't. There still doesn't appear to be a single shred of evidence that Google ever touched this data or did anything with it. Furthermore, the whole reason that three federal agencies all closed their investigation without charging Google with anything is because -- as many people pointed out from the beginning -- nothing illegal was done. Broadcasting your internet connection over an open WiFi network means that anyone can collect that data. That's not illegal. It may be silly for individuals to do that, but the responsibility is on them.

Also, pretty much every mainstream press report on this whole thing totally ignores that Google could not get access to any encrypted data -- meaning that most email, financial transactions, etc were always protected anyway. Instead, lots of reports talk about "emails and passwords," but that's only true if people used insecure sites in the first place -- and, again, they would be just as vulnerable to anyone who wanted to capture that content.

In the end, it's no surprise that Google haters will try to make more of this than is really there -- they have to grasp at whatever straws they can find. However, about the only thing this really seems to show is that Google had ridiculously poor process and controls concerning putting code into live projects. That allowed this code to get in there, without anyone really thinking through the consequences. Google has more or less admitted that these weak controls were a problem in the past and things are better these days. Of course, you can also understand why Google would have loose controls in the first place, seeking to encourage people to be creative (the reason for the 20% time concept in the first place). The problem, of course, is that if you have someone with nefarious intent -- or just tremendous naivete -- bad stuff can occur. In this case, it seems being naive was the key issue, rather than anything nefarious, and with three federal agencies all coming to the same conclusion that no laws were broken, it's pretty bizarre to see people still freaking out about this. It's fine not to trust Google. But that distrust shouldn't lead to simply making up crimes that don't exist.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Josh in CharlotteNC (profile), May 1st, 2012 @ 10:38am

    Loose controls

    However, about the only thing this really seems to show is that Google had ridiculously poor process and controls concerning putting code into live projects.

    If this is a crime, than probably nearly all of the major companies around the world are guilty at one level or another.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    MrWilson, May 1st, 2012 @ 11:31am

    [insert predictable troll comment here about how Mike is a Big Search apologist]

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, May 1st, 2012 @ 11:35am

    You just hate Freedomę™ , Mike !

    [Trolly enogh?]

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, May 1st, 2012 @ 11:36am

    I figured it was kind of obvious that Google was innocent when they came forward. No one would have found out otherwise. They could have deleted the data and told no one about it.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    :Lobo Santo (profile), May 1st, 2012 @ 11:37am

    Everybody else was doing it, I just wanted to be popular...

    Big Search!

    Big Mike!!

    But, but piracy!

    /amidoingitright?

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, May 1st, 2012 @ 11:39am

    That's right, I said 'enogh'

    Without a 'u' ;)

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, May 1st, 2012 @ 12:10pm

    Re: That's right, I said 'enogh'

    Because I've had enogh of U....

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    TheStupidOne, May 1st, 2012 @ 12:18pm

    I for one was convinced that Google was trying to steal my personal info through wifi sniffing. Google should NEVER have that kind of info and they deserve to be punished.

    Found via Google search in Chrobe browser on my Android phone.
    Call me on my new Google Voice number 123-456-7890!
    email me at totally_fake@gmail.com

     

    reply to this | link to this | view in thread ]

  9. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, May 1st, 2012 @ 12:34pm

    Ummm, Mike do you find it difficult type while fellating Eric Schmidt?

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    DCX2, May 1st, 2012 @ 12:44pm

    WiFi and infrared

    I once had a discussion with a colleague where I analogized unintended reception of open WiFi networks to the use of infrared. My colleague insinuated that since SCOTUS ruled that IR search for "grow" houses was a violation of the Fourth amendment, then so should sniffing WiFi.

    However, it was noted in the SCOTUS opinion (forget what it was called - it was pretty recent, last decade or two) that IR searches require tools that are not generally available to the public. This is in stark contrast to WiFi, which is quite prolific and easy for just about anyone to do (pretty much every laptop in the past 10 years and every smart phone can do this).

    Of course, it also ignores a case where the FBI hacked into some guy's computer through his open WiFi.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Torg (profile), May 1st, 2012 @ 12:57pm

    "with three federal agencies all coming to the same conclusion that no laws were broken, it's pretty bizarre to see people still freaking out about this."

    While I doubt Google did anything wrong in this case, I don't understand what the legality of their actions has to do with that. How long has the federal government been trustworthy?

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    harbingerofdoom (profile), May 1st, 2012 @ 12:59pm

    Re: Re: That's right, I said 'enogh'

    okay, that made me laugh

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    John Fenderson (profile), May 1st, 2012 @ 1:06pm

    Re: WiFi and infrared

    it also ignores a case where the FBI hacked into some guy's computer through his open WiFi.


    That's a beast of a whole different color. WiFi sniffing involves passively listening to the radio signals. Hacking involves interacting with the WiFi and is actually illegal if access controls were bypassed.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, May 1st, 2012 @ 1:35pm

    Re:

    ...you think fellatio is done with the hands? wtf, eh?

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, May 1st, 2012 @ 1:46pm

    Re:

    Do you find it difficult to type with imagines of hot man on man action sweating and panting loudly in your head?

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, May 1st, 2012 @ 1:48pm

    Astro-turfing and lobbying are still legal and that doesn't make me any more comfortable about their practice.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, May 1st, 2012 @ 2:11pm

    Re:

    where's bob? he must not have seen this one, yet :-)

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Enzite Bob, May 1st, 2012 @ 6:00pm

    Re: Re:

    I'm right here - smiling ever so wildly. Yes, I'm still in PMITA prison. Big Search ... big search .... big smile.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    tqk (profile), May 1st, 2012 @ 9:02pm

    Re: That's right, I said 'enogh'

    Without a 'u' ;)

    So, you're not Australian?

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, May 2nd, 2012 @ 3:01am

    Re:

    honestly, for him it's mostly point and click

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, May 2nd, 2012 @ 3:04am

    Re:

    honestly, for him it's mostly point and click

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    Ninja (profile), May 2nd, 2012 @ 5:01am

    Re:

    And that was pretty good argumentation on why gathering info on open wi-fi is a crime. Oh wait...

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Unagoogler, May 2nd, 2012 @ 7:26am

    Malicious Spying?

    Spying in and of itself isn't malicious?

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, May 2nd, 2012 @ 7:40am

    Re:

    "with three federal agencies all coming to the same conclusion that no laws were broken, it's pretty bizarre to see people still freaking out about this."

    Those angencies are wearing the very precident that these corporate spies are relying upon, and conversely if these spies are found guilty, what precident does that set for the governments spying on its own citizens?

    They are all in cahoots. Technology is driving, governments are riding shotgun, and all of us are systematically being shoved into the trunk by the corporations sitting in the back seat.

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    Jim (profile), May 3rd, 2012 @ 1:32am

    Hypocrites

    Yep, if anyone else defends a company they are called "fanboys" yet here we are with Google the knight in shinning armor. Well I'm glad your happy for them. Just remember how you feel next you go to call some one a fanboy.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This