Class Action Lawsuit Launched Against Google, Because Some Woman Didn't Secure Her Own WiFi

from the blame-game dept

Late last week, of course, Google ‘fessed up to the fact that it was accidentally collecting some data being transmitted over open WiFi connections with its Google Street View mapping cars. As we noted at the time, it was bad that Google was doing this and worse that they didn’t realize it. However, it wasn’t nearly as bad as some have made it out to be. First of all, anyone on those networks could have done the exact same thing. As a user on a network, it’s your responsibility to secure your connection. Second, at best, Google was getting a tiny fraction of any data, in that it only got a quick snippet as it drove by. Third, it seemed clear that Google had not done anything with that collected data. So, yes, it was not a good thing that this was done, but the actual harm was somewhat minimal — and, again, anyone else could have easily done the same thing (or much worse).

That said, given the irrational fear over Google collecting any sort of information in some governments, this particular bit of news has quickly snowballed into investigations across Europe and calls for the FTC to get involved in the US. While one hopes that any investigation will quickly realize that this is not as big a deal as it’s being made out to be, my guess is that, at least in Europe, regulators will come down hard on Google.

However, going to an even more ridiculous level, the class action lawyers are jumping into the game. Eric Goldman points us to a hastily filed class action lawsuit filed against Google over this issue. Basically, it looks like the lawyers found two people who kept open WiFi networks, and they’re now suing Google, claiming that its Street View operations “harmed” them. For the life of me, I can’t see how that argument makes any sense at all. Here’s the filing:

Basically, you have two people who could have easily secured their WiFi connection or, barring that, secured their own traffic over their open WiFi network, and chose to do neither. Then, you have a vague claim, with no evidence, that Google somehow got their traffic when its Street View cars photographed the streets where they live. As for what kind of harm it did? Well, there’s nothing there either.

My favorite part, frankly, is that one of the two people involved in bringing the lawsuit, Vicki Van Valin, effectively admits that she failed to secure confidential information as per her own employment requirements. Yes, this is in her own lawsuit filing:

Van Valin works in the high technology field, and works from her home over her internet-connect computer a substantial amount of time. In connection with her work and home life, Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless connection (“wireless data”). A significant amount of the wireless data is also subject to her employer’s non-disclosure and security regulations.

Ok. So your company has non-disclosure and security regulations… and you access that data unencrypted over an unencrypted WiFi connection… and then want to blame someone else for it? How’s that work now? Basically, this woman appears to be admitting that she has violated her own company’s rules in a lawsuit she’s filed on her behalf. Wow.

While there’s nothing illegal about setting up an open WiFi network — and, in fact, it’s often a very sensible thing to do — if you’re using an open WiFi network, it is your responsibility to recognize that it is open and any unencrypted data you send over that network can be seen by anyone else on the same access point.

This is clearly nothing more than a money grab by some people, and hopefully the courts toss it out quickly, though I imagine there will be more lawsuits like this one.

Filed Under: , , , ,
Companies: google

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Class Action Lawsuit Launched Against Google, Because Some Woman Didn't Secure Her Own WiFi”

Subscribe: RSS Leave a comment
73 Comments
Liquid (profile) says:

Re: tick tock

There are a lot of articles out there about cops going around war-driving, and telling residents with open WAP’s that they are unsecured, and to make sure they take care of it. This has a lot to do with malicious war drivers, and the fact that you can get sues for someone leaching your bandwidth to upload/download movies and music,

Anonymous Coward says:

“Van Valin works in the high technology field, and works from her home over her internet-connect computer a substantial amount of time. In connection with her work and home life, Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless connection (“wireless data”). A significant amount of the wireless data is also subject to her employer’s non-disclosure and security regulations.”

Hopefully her company fires her for self admittedly violating NDA and security regs.

Skeptical Cynic (profile) says:

Personal Responsibility, it's personal now! Not.

I am sorry after having been in IT for over 20 years I can say that people always want to blame others for their lack of simple basic security knowledge. Stop being lazy people, it take 5 minutes to figure out how and secure your WiFi.

I think Google actually did a service for free for these people. Google isn’t going to do anything with the information but there are plenty of people that will. So Google just highlighted how unsecured most personal WiFi networks are.

Anonymous Coward says:

actually, shouldnt they be going after people like chris anderson who have encouraged people to leave their wireless unprotected? isnt that bad advice? we get into that weird techdirt world where we support open wireless and then find people dumb for leaving them open. the contradictions are mind numbing.

Anonymous Coward says:

Re: Re:

There is no contradiction in supporting the ability to maintain an open wireless connection while pointing out the silliness of people who have an open wireless connection, then complain about the very nature of their voluntarily open wireless.

Of course, TAM, the master of contradicting himself, probably sees contradictions everywhere.

Anonymous Coward says:

Re: Re: Re:2 Re:

no, i mean mass ganging up, not even attempting to discuss the points, and rather stop it cold with misdirection and avoidance. it is a sure sign that someone is trying to shut down ideas, rather than discuss both sides of a discussion. it would appear that mike added more troops.

Hulser (profile) says:

Re: Re: Re:3 Re:

no, i mean mass ganging up, not even attempting to discuss the points, and rather stop it cold with misdirection and avoidance.

Speaking of not attempting to discuss the points and misdirection, you do realize that you didn’t actual explain why you thought people were trying to shout you down or provide any supporting examples thereof. You just threw out an overgeneral accusation, assuming that everyone would just magically know why you felt the way you do. But perhaps for someone whose view of the world is so warped that they think anyone who disagrees with them must be a shill, it would make sense that you don’t apply the same standards to yourself as you do to others.

John Doe says:

VPN is secure...

If the lady was working from home, it is quite likely she had a VPN connection to her company’s network. In that case, the connection would have been encrypted so she has nothing to complain about.

Besides, can she prove they have her WiFi data? Can she prove their street view van went past her place while the data collection was taking place?

BearGriz72 (profile) says:

Open WiFi Supporter

I have deliberately set up an open access point at home. It is firewalled, isolated from the rest of my network and bandwidth limited to 500k (to prevent negative impact on MY use. I am not trying to be an ISP) However if one of my neighbors or customers wants or needs to use that connection under those restrictions they are free to do so, that is what it is there for. I have a secure wireless network as well for my use and those friends I trust that may be at my place, but the idea that somebody might try to make that illegal just chaps my hide.

Rekrul says:

Re: Open WiFi Supporter

I have deliberately set up an open access point at home.

Not that I disapprove, but what happens to you if one of your neighbors accidentally downloads something illegal, like child porn? Even if your neighbors aren’t the kind of people who would search for such material (and you never know who would), the anonymity of an open connection might make them bolder about searching for regular porn, and if they’re using a file sharing program like eDonkey, it’s incredibly easy to end up with something entirely different than what the filename suggests.

Traditionally, the FBI hasn’t been too understanding about honest mistakes when it comes to CP. In fact, from what I’ve read, they’ll usually jump through as many hoops as required to get a conviction, even if it’s obvious to everyone else that the person is innocent.

Jeff (profile) says:

idiots

I love the fact that she admits she works in IT, and ignorantly uses an open wi-fi.

I want to know how she knows that data was captured of hers? Was she at home when the Google car drove by, was she sending email or other data at the time it went by? Where’s the proof they actually got anything from her or the other guy? And the fact, they just jumped on this after Google admits it had a scanner that could do this. Apparently they were aware of the fact they used open wi-fi without encryption, to just figure out that maybe Google got their data. If they knew it was open, why didn’t they lock it up?
And in the papers, it says she continues to use an open wi-fi. If I were her employer, I would be investigating her, because of the non-disclosure she agreed to and then blatently used an open wi-fi knowing that it could be stolen.

I think she should be thanking Google for pointing out that this can happen. Maybe she should be more worried about the guy that might live across the street actually stealing the data and actually doing something bad with it, or the guy that could drive by, spot the open connection and then get in and collect the data.

Our current society is so idiotically stupid in saying “yeah I left my doors open and left things up on my pc” and then sueing the guy that came by that said “hey I noticed the door was open and glanced inside and might have seen something personal or something you could get in trouble for leaving out and viewable to anyone that came by, I just wanted to let you know it could happen.”

Damn people take some responsibility and secure your own things. You leave it open, then you are the one to blame for it getting stolen!!! Don’t knowingly leave it that way then wait for the first guy to come by and see it and then sue the hell out of him for saying “hey dumbass your fly is open!!!”

The sheeple out there just piss me off, just looking for something to get get a quick buck from like this.

Anonymous Coward says:

I have a non-password protected wireless access point.

but I also have my subnet set such that only 3 devices can obtain IP addresses (Those devices are always up, but have an extra long lease just in case) and my SSID is not broadcast.

Passwords are cute and all but I would say I am now less vulnerable, even if you happen to tool the name of my network you aint hacking another IP out of it.

weneedhelp (profile) says:

Re: you aint hacking another IP out of it.

“But its a class A NAT so thats a crapload of guessing.”
254 guesses per segment, not that many.

chances are your ip range is 192.168.1.xxx Most are not technical enough to know how to change that.

“The DHCP server will not offer anything.”
“you aint hacking another IP out of it.”
Dont have to. Chances are your DNS is set to 192.168.1.1 as is the gateway. I set a static ip of 192.168.1.254 use net stumbler to acquire your SSID, use pingsweep to discover your machines, barring no local firewall is on, and sharing has been allowed. Then start trying to crack the local admin password to machines listed. Not very hard at all. To me, its not worth the time either. (Unless I know you have 100 gigs of mp3’s) LOL

If i knew you had something good, I might spend the time to sweep through 192.168.0-9.xxx I would use a CMD script to change IP and ping a range to a text file, then walk away for a while.

Only way to “secure” your wireless is to set up encryption(with a strong password), dont broadcast SSID, and use MAC filtering. MAC filtering is most important because it will deny access to the router, and stop the method mentioned above. Not that there are not other ways I wont describe here.

weneedhelp (profile) says:

I disagree on 2 key points

“As a user on a network, it’s your responsibility to secure your connection.”

Tell that to my 67 year old Mother-in-law. I had Verizon & Comcast over the past 4 years, and neither one assisted with making the wireless connection secure. They came, plugged their stuff in, and left. No assistance whatsoever. Not once did the tech mention the risk of someone jumping on my wireless. Now I know better, because its my job. Most of the technically challenged out there would not even realize it was a threat. EX: my Mom, their neighbors, anyone over 50.

Would you give a gun to a 13 year old with no guidance?

“So your company has non-disclosure and security regulations… and you access that data unencrypted over an unencrypted WiFi connection… and then want to blame someone else for it?” YEP

Your company allows sensitive info over unsecured connections? That’s their fault. The company needs to provide VPN access. It would only be encrypted from the router to the machine. From the work server across the internet would still be open. It would not be PCI compliant.

Was the lawsuit warranted? No way. Just another jab at Google’s wallet.

Vidiot (profile) says:

Monitoring is not criminal

Long ago, before cellphones, the RBOC’s offered what was called “mobile” telephone service, based on analog VHF radio transmissions. Listening on a public service band VHF radio, you’d be able to hear the conversation, which was not necessarily illegal under FCC law; the problem would arise when you acted upon what you’d heard. I believe there are parallels here… if you chose to have insecure communications on that phone, you risked a small chance that it might be intercepted. Ditto unsecured wi-fi… wonder if analog-radio FCC law creates precedence here? And I’d disagree that sniffed packet datagrams are always “secret”, as the complaint alleges; decoded from hex to ascii — no secret there — html formats and even unencrypted e-mail passwords are plainly visible. Once again, failure to take personal responsibility for one’s own dopey actions.

Anonymous Coward says:

I will concede that it is partial obscurity, but:

I am going to get a fat ip conflict dialog on one of my machines. So even when WPA2 cracking becomes quick and easy, I will still have methods that deter unauthorized access based off the architecture. And with IPv6 the guess work increases exponentially.

I have done some pen-testing and have not have found a method that would reasonably be able to determine one of the 3 ip addresses sitting on my network (nor gain access without a valid one). I would certainly bow gracefully if I could be shown otherwise.

Free Capitalist (profile) says:

Re: Re:

I have done some pen-testing and have not have found a method that would reasonably be able to determine one of the 3 ip addresses sitting on my network (nor gain access without a valid one).

You do realize they publish a book called Hacking Wireless Networks for Dummies, yes?

If your network is not authenticated, its a real easy pick.

Sniff sniff… I smell a free ride!

Berenerd (profile) says:

...seriously?

Ms Vanhootershnitzel? You work in the high technology field? And you don’t even put WEP in which would have stopped the sniffing that Google was gathering info from? U NOT SO SMRT!!!!! If you worked in the IT field I would be ashamed to have you working for me or working for you. Seriously, my GRANDMOTHER knows enough to put in some encryption to her wireless network and she has been dead for 20 years or more.

Dave says:

hope they throw it out

I’m no big fan of Google’s centralized mega-power, but yes, if they’re simply looking at unencrypted data, they should just throw this suit out.

Besides, practically speaking, if Google’s admitting to this, do you really think that they’re doing something nefarious with it? Even with my paranoid streak, I think not in this case.

Anonymous Coward says:

“chances are your ip range is 192.168.1.xxx”

What about Class A leads you to believe that?

Class A means you get to guess 16.5 million times, and means I am little beyond leaving defaults.

I have exactly 3 IPaddresses, no other IPaddress gains access. In order for x.x.x.254 to stumble anything, it has to be a valid IP address.

Free Capitalist (profile) says:

Re: Re:

You really do seem like a reasonably bright person, even if you don’t use ‘Reply’ or adopt reasonable network management practices. Go put a password on your net or some netnick might just bring a passive wifi sniffer by your home and chew up your bandwidth riding the torrents.

Your IP = 10.I.got.hacked

Your MAC = Mmmm Big Mac

Ccomp5950 (profile) says:

Re: Re:

I’d simply use a passive net sniffer to find traffic on your system. Your MAC address and IP address are in those packets I’d sniff.

Your Class A 16.5 million options are reduced to what your system announces directly over the network which is easily listened in on.

Use encryption, because really, you have no idea what you are talking about.

Joshua (profile) says:

any unencrypted data you send over that network can be seen by anyone else on the same access point.

Correction: can be seen by anyone within range of you, regardless of whether they are on your AP, or any AP at all. “Within range” is defined as a function of your transmit power and antenna gain and the snooper’s receive sensitivity and antenna gain: to wit, if the snooper has a high-gain antenna and a sensitive chipset, he or she can intercept your traffic at distances that you would not generally consider to be “within range” of you.

Only way to “secure” your wireless is to set up encryption(with a strong password), dont broadcast SSID, and use MAC filtering. MAC filtering is most important because it will deny access to the router, and stop the method mentioned above.

Stop at the first comma and you’re good to go. Hiding your SSID stops you from appearing in the visible AP list of most client utilities, but any hacker worth his or her salt will still be able to find you via active scanning (Probe frames). Even if you block your AP from responding to blank probe frames, the AP still has to respond to probes from your authorized machines, and the hacker can pick that up. It’s happening all the time in the background and there’s no way to stop it, so… hiding your SSID? Worthless from a security standpoint.

Likewise for MAC filtering. Spoofing a MAC address is trivial.

The bottom line is this: use WPA2 with a strong passphrase or enterprise authentication and call it a day. Anybody who can crack WPA2 is going to blow through your dinky little MAC filtering and hidden SSID, but the reality is that nobody is going to crack WPA2, so why bother with the other stuff?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...