Class Action Lawsuit Launched Against Google, Because Some Woman Didn't Secure Her Own WiFi
from the blame-game dept
Late last week, of course, Google ‘fessed up to the fact that it was accidentally collecting some data being transmitted over open WiFi connections with its Google Street View mapping cars. As we noted at the time, it was bad that Google was doing this and worse that they didn’t realize it. However, it wasn’t nearly as bad as some have made it out to be. First of all, anyone on those networks could have done the exact same thing. As a user on a network, it’s your responsibility to secure your connection. Second, at best, Google was getting a tiny fraction of any data, in that it only got a quick snippet as it drove by. Third, it seemed clear that Google had not done anything with that collected data. So, yes, it was not a good thing that this was done, but the actual harm was somewhat minimal — and, again, anyone else could have easily done the same thing (or much worse).
That said, given the irrational fear over Google collecting any sort of information in some governments, this particular bit of news has quickly snowballed into investigations across Europe and calls for the FTC to get involved in the US. While one hopes that any investigation will quickly realize that this is not as big a deal as it’s being made out to be, my guess is that, at least in Europe, regulators will come down hard on Google.
However, going to an even more ridiculous level, the class action lawyers are jumping into the game. Eric Goldman points us to a hastily filed class action lawsuit filed against Google over this issue. Basically, it looks like the lawyers found two people who kept open WiFi networks, and they’re now suing Google, claiming that its Street View operations “harmed” them. For the life of me, I can’t see how that argument makes any sense at all. Here’s the filing:
My favorite part, frankly, is that one of the two people involved in bringing the lawsuit, Vicki Van Valin, effectively admits that she failed to secure confidential information as per her own employment requirements. Yes, this is in her own lawsuit filing:
Van Valin works in the high technology field, and works from her home over her internet-connect computer a substantial amount of time. In connection with her work and home life, Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless connection (“wireless data”). A significant amount of the wireless data is also subject to her employer’s non-disclosure and security regulations.
Ok. So your company has non-disclosure and security regulations… and you access that data unencrypted over an unencrypted WiFi connection… and then want to blame someone else for it? How’s that work now? Basically, this woman appears to be admitting that she has violated her own company’s rules in a lawsuit she’s filed on her behalf. Wow.
While there’s nothing illegal about setting up an open WiFi network — and, in fact, it’s often a very sensible thing to do — if you’re using an open WiFi network, it is your responsibility to recognize that it is open and any unencrypted data you send over that network can be seen by anyone else on the same access point.
This is clearly nothing more than a money grab by some people, and hopefully the courts toss it out quickly, though I imagine there will be more lawsuits like this one.
Filed Under: class action, privacy, security, street view, wifi
Companies: google
Comments on “Class Action Lawsuit Launched Against Google, Because Some Woman Didn't Secure Her Own WiFi”
*whisper whisper*
Irrational fear of Google: proof that whisper campaigns of misinformation work.
I can just imagine this being the lawsuit honeypot of the future:
1) Create an open wifi
2) Wait for someone to drive by and notice
3) Slap a lawsuit on them and claim they stole your precious bits
tick tock
“While there’s nothing illegal about setting up an open WiFi network…”
Yet.
Re: tick tock
In the US
Re: tick tock
There are a lot of articles out there about cops going around war-driving, and telling residents with open WAP’s that they are unsecured, and to make sure they take care of it. This has a lot to do with malicious war drivers, and the fact that you can get sues for someone leaching your bandwidth to upload/download movies and music,
Re: Re: tick tock
Do they also go around checking to ensure doors and windows are locked too?
“Van Valin works in the high technology field, and works from her home over her internet-connect computer a substantial amount of time. In connection with her work and home life, Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless connection (“wireless data”). A significant amount of the wireless data is also subject to her employer’s non-disclosure and security regulations.”
Hopefully her company fires her for self admittedly violating NDA and security regs.
I Gots Class
Hey! My garage door was open the day the Google camera car came by taking pictures.
Can I get in on this lawsuit?
Re: I Gots Class
My fly was open when they came by my house…
Re: I Gots Class
My fly was open. Can I sue Google for taking naughty pics of me?
Re: I Gots Class
I was just moving in so I had boxes and stuff on my lawn, including a couch, and it makes me look like white trash (and I’m not even white!). Can I sue them, too?
Personal Responsibility, it's personal now! Not.
I am sorry after having been in IT for over 20 years I can say that people always want to blame others for their lack of simple basic security knowledge. Stop being lazy people, it take 5 minutes to figure out how and secure your WiFi.
I think Google actually did a service for free for these people. Google isn’t going to do anything with the information but there are plenty of people that will. So Google just highlighted how unsecured most personal WiFi networks are.
Re: Personal Responsibility, it's personal now! Not.
“I am sorry after having been in IT for over 20 years I can say that people always want to blame others for their lack of knowledge. … “
TFTFY
actually, shouldnt they be going after people like chris anderson who have encouraged people to leave their wireless unprotected? isnt that bad advice? we get into that weird techdirt world where we support open wireless and then find people dumb for leaving them open. the contradictions are mind numbing.
Re: Re:
There are 2 shift keys on your keyboard. Use at least 1 of them now and then.
Re: Re: Re:
Just not ALL the time.
Re: Re: Re:
He won’t, this is part of his new personality since he gave up the mantle of “The Anti Mike”. TAM used shift keys, this is definitely not TAM because, as you can see, he doesn’t use shift keys. Got it?
Re: Re:
Providing open wireless can be a valuable service to other people. But it is your responsibility to secure any network you do not want to be open.
Any contradiction exists only in your strawman argument.
Re: Re:
Yes, the contradictions you make are numbing to the mind. Perhaps you should stop making them?
Re: Re:
There is no contradiction in supporting the ability to maintain an open wireless connection while pointing out the silliness of people who have an open wireless connection, then complain about the very nature of their voluntarily open wireless.
Of course, TAM, the master of contradicting himself, probably sees contradictions everywhere.
Re: Re: Re:
mike, 3 posts in a row trying to shout me down? how many people are you paying to do this now?
Re: Re: Re: Re:
So, you think it’s more likely that Mike pays people to “shout you down” than it is that someone just disagrees with you or would make fun of your odd aversion to capital letters? You might want to google “Occam’s razor”.
Re: Re: Re:2 Re:
Just don’t tell them to Wikipedia it!
Re: Re: Re: Re:
If by “mike” you mean everyone who disagrees with you, by “shout you down” you mean point out the flaws in your logic, and by “paying” you mean being paid in the free laughter at your expense, then the answer is tinfoil.
Re: Re: Re:2 Re:
no, i mean mass ganging up, not even attempting to discuss the points, and rather stop it cold with misdirection and avoidance. it is a sure sign that someone is trying to shut down ideas, rather than discuss both sides of a discussion. it would appear that mike added more troops.
Re: Re: Re:3 Re:
no, i mean mass ganging up, not even attempting to discuss the points, and rather stop it cold with misdirection and avoidance.
Speaking of not attempting to discuss the points and misdirection, you do realize that you didn’t actual explain why you thought people were trying to shout you down or provide any supporting examples thereof. You just threw out an overgeneral accusation, assuming that everyone would just magically know why you felt the way you do. But perhaps for someone whose view of the world is so warped that they think anyone who disagrees with them must be a shill, it would make sense that you don’t apply the same standards to yourself as you do to others.
Re: Re: Re:3 Re:
People discussed the flaws in your logic. You choose, again, to go off on a paranoid conspiracy rant rather than address those flaws.
Amusing, as always.
Re: Re: Re:3 Re:
Or maybe people are getting really tired of your constant trolling?
Re: Re: Re: Re:
The Masnick Sidekick Strikes Again!!!
Re: Re: Re: Re:
Look, behind you! Another Mike!
Re: Re: Re:2 Re:
The Mikes are everywhere!
Re: Re: Re:3 Re:
I am the real Mike and so if my friend.
Re: Re:
No we find them dumb for filing a law suit because someone accidently tapped their network. Please try and keep up.
lavi d is right. It’s like they were posting personal letters on their walls… And then they sued someone because he, driving his car, has caught a glimpse of them.
VPN is secure...
If the lady was working from home, it is quite likely she had a VPN connection to her company’s network. In that case, the connection would have been encrypted so she has nothing to complain about.
Besides, can she prove they have her WiFi data? Can she prove their street view van went past her place while the data collection was taking place?
Re: VPN is secure...
wait a minute.
what is this “proof” you speak of?
is this a new way of saying “yes, we need more baseless lawsuits”?
*this comment brought to you by sarcmark((c)(r)(tm)(patent pending)(all rights reserved))
Open WiFi Supporter
I have deliberately set up an open access point at home. It is firewalled, isolated from the rest of my network and bandwidth limited to 500k (to prevent negative impact on MY use. I am not trying to be an ISP) However if one of my neighbors or customers wants or needs to use that connection under those restrictions they are free to do so, that is what it is there for. I have a secure wireless network as well for my use and those friends I trust that may be at my place, but the idea that somebody might try to make that illegal just chaps my hide.
Re: Open WiFi Supporter
i don’t like my neighbors enough to do this at my apt. complex. besides, with comcast threating to drop people who go over 250GB, i would be hard pressed to offer free bandwidth to the grannies in my complex. you never know, i may have granny-pirates as neighbors.
Re: Re: Open WiFi Supporter
I am fortunate to have FiOS (Currently 25 Mbps down / 20 Mbps up & without Node Sharing or Bandwidth Caps) – I also run a private server in my home to I am not exactly ‘normal’ usage.
Re: Re: Re: Open WiFi Supporter
And you’ve checked that your Terms of Service with your FiOS provider don’t prohibit having a deliberately open access point to share your connection?
OR…
You just don’t give a crap about the TOS.
Re: Open WiFi Supporter
I have deliberately set up an open access point at home.
Not that I disapprove, but what happens to you if one of your neighbors accidentally downloads something illegal, like child porn? Even if your neighbors aren’t the kind of people who would search for such material (and you never know who would), the anonymity of an open connection might make them bolder about searching for regular porn, and if they’re using a file sharing program like eDonkey, it’s incredibly easy to end up with something entirely different than what the filename suggests.
Traditionally, the FBI hasn’t been too understanding about honest mistakes when it comes to CP. In fact, from what I’ve read, they’ll usually jump through as many hoops as required to get a conviction, even if it’s obvious to everyone else that the person is innocent.
idiots
I love the fact that she admits she works in IT, and ignorantly uses an open wi-fi.
I want to know how she knows that data was captured of hers? Was she at home when the Google car drove by, was she sending email or other data at the time it went by? Where’s the proof they actually got anything from her or the other guy? And the fact, they just jumped on this after Google admits it had a scanner that could do this. Apparently they were aware of the fact they used open wi-fi without encryption, to just figure out that maybe Google got their data. If they knew it was open, why didn’t they lock it up?
And in the papers, it says she continues to use an open wi-fi. If I were her employer, I would be investigating her, because of the non-disclosure she agreed to and then blatently used an open wi-fi knowing that it could be stolen.
I think she should be thanking Google for pointing out that this can happen. Maybe she should be more worried about the guy that might live across the street actually stealing the data and actually doing something bad with it, or the guy that could drive by, spot the open connection and then get in and collect the data.
Our current society is so idiotically stupid in saying “yeah I left my doors open and left things up on my pc” and then sueing the guy that came by that said “hey I noticed the door was open and glanced inside and might have seen something personal or something you could get in trouble for leaving out and viewable to anyone that came by, I just wanted to let you know it could happen.”
Damn people take some responsibility and secure your own things. You leave it open, then you are the one to blame for it getting stolen!!! Don’t knowingly leave it that way then wait for the first guy to come by and see it and then sue the hell out of him for saying “hey dumbass your fly is open!!!”
The sheeple out there just piss me off, just looking for something to get get a quick buck from like this.
Hey!
None of the dumbasses that haven’t secured their network are reading this so…..
Hold on little mikee m and followers?
So here let me see if I understand this right little mikee m? It is YOUR resposibility to secure your WiFi, yet its NOT yyour responsibility when it comes to someone using your unencrypted connection to download infringing works?
I’m a bit confused how can it be both ways?
Re: Hold on little mikee m and followers?
That’s about it, yes. Infringement may have been committed, but not by the idiot with an unsecured network. The idiot is complicit only in being a twit.
Re: Hold on little mikee m and followers?
Please confuse “not password protected” with “unencrypted” a bit more. It makes us all want to follow you instead.
Re: Hold on little mikee m and followers?
How to troll Techdirt:
1) First, say Mike in some sort of condescending tone. Such as “little mikee” or “mike mike mike, tsk tsk tsk.”
2) Try to find a contradiction where there is none.
I have a non-password protected wireless access point.
but I also have my subnet set such that only 3 devices can obtain IP addresses (Those devices are always up, but have an extra long lease just in case) and my SSID is not broadcast.
Passwords are cute and all but I would say I am now less vulnerable, even if you happen to tool the name of my network you aint hacking another IP out of it.
Re: Re:
You can have 2 devices on your network with the same IP address. It is called an IP conflict and although it is a problem, it is perfectly possible.
Your plan, although creative, is not actually a very good one. Enable the security on your access point if you want it secure.
Re: Re:
I hope by non-password protected access point you just mean the password to modify the configuration. If you’re not encrypting your data then your SSID, IP Addresses, and MAC addresses can be pulled with a sniffer.
Re: Re:
You couldn’t be less secure even if you were Andy Dick.
Re: you aint hacking another IP out of it.
“But its a class A NAT so thats a crapload of guessing.”
254 guesses per segment, not that many.
chances are your ip range is 192.168.1.xxx Most are not technical enough to know how to change that.
“The DHCP server will not offer anything.”
“you aint hacking another IP out of it.”
Dont have to. Chances are your DNS is set to 192.168.1.1 as is the gateway. I set a static ip of 192.168.1.254 use net stumbler to acquire your SSID, use pingsweep to discover your machines, barring no local firewall is on, and sharing has been allowed. Then start trying to crack the local admin password to machines listed. Not very hard at all. To me, its not worth the time either. (Unless I know you have 100 gigs of mp3’s) LOL
If i knew you had something good, I might spend the time to sweep through 192.168.0-9.xxx I would use a CMD script to change IP and ping a range to a text file, then walk away for a while.
Only way to “secure” your wireless is to set up encryption(with a strong password), dont broadcast SSID, and use MAC filtering. MAC filtering is most important because it will deny access to the router, and stop the method mentioned above. Not that there are not other ways I wont describe here.
I disagree on 2 key points
“As a user on a network, it’s your responsibility to secure your connection.”
Tell that to my 67 year old Mother-in-law. I had Verizon & Comcast over the past 4 years, and neither one assisted with making the wireless connection secure. They came, plugged their stuff in, and left. No assistance whatsoever. Not once did the tech mention the risk of someone jumping on my wireless. Now I know better, because its my job. Most of the technically challenged out there would not even realize it was a threat. EX: my Mom, their neighbors, anyone over 50.
Would you give a gun to a 13 year old with no guidance?
“So your company has non-disclosure and security regulations… and you access that data unencrypted over an unencrypted WiFi connection… and then want to blame someone else for it?” YEP
Your company allows sensitive info over unsecured connections? That’s their fault. The company needs to provide VPN access. It would only be encrypted from the router to the machine. From the work server across the internet would still be open. It would not be PCI compliant.
Was the lawsuit warranted? No way. Just another jab at Google’s wallet.
“You can have 2 devices on your network with the same IP address”
Sure I suppose they have a chance of guessing one of the three IP addresses. But its a class A NAT so thats a crapload of guessing. The DHCP server will not offer anything.
Re: Re:
That’s called security through obscurity (warning Wikipedia). And you’re still looking a lot like a big juicy target for a netjacker.
Monitoring is not criminal
Long ago, before cellphones, the RBOC’s offered what was called “mobile” telephone service, based on analog VHF radio transmissions. Listening on a public service band VHF radio, you’d be able to hear the conversation, which was not necessarily illegal under FCC law; the problem would arise when you acted upon what you’d heard. I believe there are parallels here… if you chose to have insecure communications on that phone, you risked a small chance that it might be intercepted. Ditto unsecured wi-fi… wonder if analog-radio FCC law creates precedence here? And I’d disagree that sniffed packet datagrams are always “secret”, as the complaint alleges; decoded from hex to ascii — no secret there — html formats and even unencrypted e-mail passwords are plainly visible. Once again, failure to take personal responsibility for one’s own dopey actions.
I will concede that it is partial obscurity, but:
I am going to get a fat ip conflict dialog on one of my machines. So even when WPA2 cracking becomes quick and easy, I will still have methods that deter unauthorized access based off the architecture. And with IPv6 the guess work increases exponentially.
I have done some pen-testing and have not have found a method that would reasonably be able to determine one of the 3 ip addresses sitting on my network (nor gain access without a valid one). I would certainly bow gracefully if I could be shown otherwise.
Re: I will concede that it is partial obscurity, but:
Gimme your IP.
Re: Re:
You do realize they publish a book called Hacking Wireless Networks for Dummies, yes?
If your network is not authenticated, its a real easy pick.
Sniff sniff… I smell a free ride!
...seriously?
Ms Vanhootershnitzel? You work in the high technology field? And you don’t even put WEP in which would have stopped the sniffing that Google was gathering info from? U NOT SO SMRT!!!!! If you worked in the IT field I would be ashamed to have you working for me or working for you. Seriously, my GRANDMOTHER knows enough to put in some encryption to her wireless network and she has been dead for 20 years or more.
Re: ...seriously?
You don’t know when your grandmother died?
hope they throw it out
I’m no big fan of Google’s centralized mega-power, but yes, if they’re simply looking at unencrypted data, they should just throw this suit out.
Besides, practically speaking, if Google’s admitting to this, do you really think that they’re doing something nefarious with it? Even with my paranoid streak, I think not in this case.
Re: hope they throw it out
“do you really think that they’re doing something nefarious with it? “
No, but who they are selling this info to? That is what my concern is. Dont kid yourself, they were collecting this data with the hopes of selling it.
Just because I am paranoid, doesnt mean they are not after me.
Re: Re: hope they throw it out
I think they didn’t want the (“payload”) data from the open wifi access point, but rather its location. Put the location up on Google maps and sell ads to that web page.
What else do you expect from Google?
“chances are your ip range is 192.168.1.xxx”
What about Class A leads you to believe that?
Class A means you get to guess 16.5 million times, and means I am little beyond leaving defaults.
I have exactly 3 IPaddresses, no other IPaddress gains access. In order for x.x.x.254 to stumble anything, it has to be a valid IP address.
Re: Re:
You really do seem like a reasonably bright person, even if you don’t use ‘Reply’ or adopt reasonable network management practices. Go put a password on your net or some netnick might just bring a passive wifi sniffer by your home and chew up your bandwidth riding the torrents.
Your IP = 10.I.got.hacked
Your MAC = Mmmm Big Mac
Re: Re:
I’d simply use a passive net sniffer to find traffic on your system. Your MAC address and IP address are in those packets I’d sniff.
Your Class A 16.5 million options are reduced to what your system announces directly over the network which is easily listened in on.
Use encryption, because really, you have no idea what you are talking about.
Re: Re:
“What about Class A leads you to believe that?”
Class A NAT? You have a router that supports class A IP range. Its like saying your getting your wife a breast bra.
Get another machine, set a static ip in the range of your ip scope, connect to your network, ping another machine with file sharing turned on.
What exactly does her company due? It seems like they themselves are now open to a lawsuit for transmitting unencrypted data to this ladies house and her accessing it over an unsecured wireless connection.
Re: That might be telling...
What does her company do? That would be interesting to find out.
One possibility: her company provides the IT services for T.J. Maxx, Marshalls, et al. This would suggest that her job is safe…
what does a router password have to do with encryption?
any unencrypted data you send over that network can be seen by anyone else on the same access point.
Correction: can be seen by anyone within range of you, regardless of whether they are on your AP, or any AP at all. “Within range” is defined as a function of your transmit power and antenna gain and the snooper’s receive sensitivity and antenna gain: to wit, if the snooper has a high-gain antenna and a sensitive chipset, he or she can intercept your traffic at distances that you would not generally consider to be “within range” of you.
Only way to “secure” your wireless is to set up encryption(with a strong password), dont broadcast SSID, and use MAC filtering. MAC filtering is most important because it will deny access to the router, and stop the method mentioned above.
Stop at the first comma and you’re good to go. Hiding your SSID stops you from appearing in the visible AP list of most client utilities, but any hacker worth his or her salt will still be able to find you via active scanning (Probe frames). Even if you block your AP from responding to blank probe frames, the AP still has to respond to probes from your authorized machines, and the hacker can pick that up. It’s happening all the time in the background and there’s no way to stop it, so… hiding your SSID? Worthless from a security standpoint.
Likewise for MAC filtering. Spoofing a MAC address is trivial.
The bottom line is this: use WPA2 with a strong passphrase or enterprise authentication and call it a day. Anybody who can crack WPA2 is going to blow through your dinky little MAC filtering and hidden SSID, but the reality is that nobody is going to crack WPA2, so why bother with the other stuff?
Why is it that when google makes a minor mistake and quickly corrects it everyone jumps on it (ie: the FTC) but when others do the same only with far larger mistakes (ie: with Facebook and their glitch among many other companies and their mistakes) the government often looks the other way.