IPcentral Weblog
  The DACA Blog
  Institutions
     
  Tanks
     
  Blogs
     
  Mags
     

Friday, July 9, 2010

 
Google Street View/Wi-Fi Privacy Technopanic Continues but Real Cybersecurity Begins at Home
(previous | next)
 

Congressmen working on national intelligence and homeland security either don't know how to secure their own home Wi-Fi networks (it's easy!) or don't understand why they should bother. If you live outside the Beltway, you might think the response to this problem would be to redouble efforts to educate everyone about the importance of personal responsibility for data security, starting with Congressmen and their staffs. But of course those who live inside the Beltway know that the solution isn't education or self-help but... you guessed it... to excoriate Google for spying on members of Congress (and bigger government, of course)!

Consumer Watchdog (which doesn't actually claim any consumers as members) held a press conference this morning about their latest anti-Google stunt, announced last night on their "Inside Google" blog: CWD drove by five Congressmen's houses in the DC area last week looking for unencrypted Wi-Fi networks. At Jane Harman's (D-CA) home, they found two unencrypted networks named "Harmanmbr" and "harmantheater" that suggest the networks are Harman's. So they sent Harman a letter demanding that she hold hearings on Google's collection of Wi-Fi data, charging Google with "WiSpying." This is a classic technopanic and the most craven, cynical kind of tech politics--dressed in the "consumer" mantle.

The Wi-Fi/Street View Controversy


Rewind to mid-May, when Google voluntarily disclosed that the cars it used to build a photographic library of what's visible from public streets for Google Maps Street View had been unintentionally collecting small amounts of information from unencrypted Wi-Fi hotspots like Harman's. These hotspots can be accessed by anyone who might drive or walk by with a Wi-Fi device--thus potentially exposing data sent over those networks between, say, a laptop in the kitchen, and the wireless router plugged into the cable modem.

Google's Street View allows you to virtually walk down any public street and check out the neighborhood

--making it easier to navigate to your intended destination, explore a neighborhood you might be thinking of moving to from out of town, point out potential maintenance or streetscape problems to your city, and any number of other wonderfully useful, totally benign things that you could do anyway if you just walked down the street with a camera or a notepad! CWD's letter tries to outrage Harman by telling her: "Your home is on display for the entire Internet with just a few clicks of a computer mouse." So what? It's on display to anyone walking or driving down the street, too! If you don't like that, put up a fence or landscaping to block the view--or move out of the suburbs to a more remote location!

The Street View cars that take these photos from cameras on their roofs were also equipped with Wi-Fi devices that, much like any Wi-Fi device, look for Wi-Fi hotspots within range. (Just look for "available networks" the next time you're at a laptop and you'll see what I mean). This isn't part of some evil Google conspiracy to "track consumers in their homes," as CWD alleges. Rather, building a map of wireless hotspots allows any consumer using, say, Google Maps to determine their location more accurately and quickly than would otherwise be possible: If my phone sees 6 hotspots nearby and Google can correlate that data with the pre-existing map of Wi-Fi networks generated by Street View cars, this helps Google Maps pinpoint my location--which make directions and other location-based services work better for me in the future.

But the Street View Wi-Fi software was accidentally misconfigured to capture all wireless data packets (chunks of data) they picked up as Street View cars drove by hotspots, regardless of whether those packets are data packets (potentially containing data sent by users over their home networks) or "beacon" packets that simply announce the presence of a network, and regardless of whether the packets were sent from an unsecured or secured network. The software was designed to discard any data packets from encrypted networks, but not from unsecured networks. Google claims this was an accident, and some security experts agree. Google has promised dispose of all of the data accidentally collected (beyond SSID names).

In early June, Google commissioned an independent analysis, which confirmed that the Wi-Fi software "does not analyze or parse the body of Data frames, which contain user content" and that such data frame bodies would be stored only if sent over an unencrypted wireless network but discarded if sent over an encrypted network. Translation: Google didn't use any of the packet data it collected.

Some have suggested that Google  should have collected only the network naems ("SSIDs") from the beacon packets, or perhaps no Wi-Fi data at all. But as cyber-security consultant Robert Graham explained in detail shortly after this story first broke, building an accurate network map with fast-moving vehicles requires collecting as many packets as possible. Again, the better the map, the greater the accuracy of Google's location-based services for consumers.

Bottom line: Google made a mistake in failing to discard user data after collection but otherwise had good pro-consumer reasons for what it was doing. But why let the facts get in the way of a good PR hit-job? CWD just did essentially the same thing Google's Street View cars did, driving by Harman's house to look for unencrypted hotspots. But they went a step further, actually publishing the names of two networks at Harman's home. If any company had published network names tied to street addresses, privacy advocates would have thrown a fit. But when Consumer Watchdog actually publishes such information... hey, it's an expose!

And if you were wondering where Rep. Harman lives, you could start by looking her up in publicly available databases, like the Huffington Post's campaign finance donation database (she's not in the white pages, that other Orwellian data set few seem to care about). It's all fine and well for the government to put our name, address and employer online every time we make a donation to a political candidate (along with the donation recipient and amount) because that's "Transparency." (Never mind the constitutionally protected right of non-profits like CWD to keep their donor lists private, while other groups like my own think tank voluntarily disclose such info.) But if Google puts up photos of what anyone can see from the street or attempts to map wireless networks to help us all get better, faster free location-based services with our mobile devices... well, that's an outrage!

Cyber-Security Begins at Home


Even more galling is that the Senate is rushing to pass legislation giving government sweeping new powers to protect our "national assets" in cyberspace. But cyber-security truly begins at home--with taking a few minutes to secure our own Wi-Fi networks, and then dealing with the hassle of having to remember the password every time we want to authorize a new device. If members of Congress can't be expected to take responsibility for that, why should we trust them with responsibility over cyber-security on a national level?

This controversy should highlight the need for consumers--especially Congressmen and other government employees--to secure their home Wi-Fi hotspots. While most people who log onto unsecure Wi-Fi networks are perfectly harmless, failing to secure your network could lead to real harms like identity theft--or perhaps even the theft of sensitive data. But those problems aren't caused by, or even made worse by, Google's efforts to map Wi-Fi networks. So haranguing Google won't fix the problem.

But was national security compromised, as CWD claims? Ms. Harman and other Congressmen do have to follow established security procedures, like using encrypted data cards, before accessing sensitive--and, certainly, classified--information. So it seems pretty unlikely that Google could actually have gotten access to any sensitive data even if they had wanted to. Again, their cars were driving by houses, picking up only very small amounts of data from unencrypted networks (unlike the dedicated hacker who might park out front and log data for hours). But if truly sensitive information can be picked up that easily, the Federal government really needs to get its own house--and its telecommuting employee's houses--in order! If that means sending out a nerd who can set up secure Wi-Fi networks in the Congresswoman's home (or just follow these simple instructions), that's probably a smart expenditure of tax dollars.

But that's the kind of serious discussion we should be having--instead continually looking to breathe new life into a contrived controversy with further innuendo and fear-mongering.

posted by Berin Szoka @ 8:42 AM | Privacy , Security

Share |

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment(6)

Comments

I personally feel should strengthen the network safety consciousness, personal popularity to give them some knowledge of network security, of course also need professional personage to prevent hackers, strong sense of security, anti attack ability is strong.

Posted by: tungsten watches at July 23, 2010 2:19 AM

Google has the brightest engineers on the planet. Accident? Highly doubtful. The bigger question is what, if anything, were they intending to do with such info. Probably of no use to them, imho.

Posted by: Sam at August 19, 2010 7:21 AM

Very interesting and informative blog. Perhaps there should be security lock for security purposes. It would be so bad if data be stolen or hacked.

Posted by: Identity Theft Report Boy at September 3, 2010 10:48 AM

The security of personal informations and data must be restricted to all web users especially to the WiFi users. The blog post discusses on how Google infringes the right to privacy of WiFi users and this is basically against the rights of the people. The web providers must be sensitive in this issue because personal information must not be shared on unless permission is given. This incident must be a huge concern to the Google and the company that corporates internet in their business.

Posted by: Junk Car Underground Towing at October 14, 2010 9:06 AM

Thank you for the enlightening post on security issues. Good job to tell it like is about ConsumerWatchdog's behavior, they have as much self-interest as anyone else.

Posted by: Best Make Money Online at November 21, 2010 8:41 PM

Haha that's rediculous. No way

Posted by: abaliasiply at December 16, 2011 6:13 AM

Post a Comment:





 
Blog Main
RSS Feed  
Recent Posts
  EFF-PFF Amicus Brief in Schwarzenegger v. EMA Supreme Court Videogame Violence Case
New OECD Study Finds That Improved IPR Protections Benefit Developing Countries
Hubris, Cowardice, File-sharing, and TechDirt
iPhones, DRM, and Doom-Mongers
"Rogue Archivist" Carl Malamud On How to Fix Gov2.0
Coping with Information Overload: Thoughts on Hamlet's BlackBerry by William Powers
How Many Times Has Michael "Dr. Doom" Copps Forecast an Internet Apocalypse?
Google / Verizon Proposal May Be Important Compromise, But Regulatory Trajectory Concerns Many
Two Schools of Internet Pessimism
GAO: Wireless Prices Plummeting; Public Knowledge: We Must Regulate!
Archives by Month
  September 2010
August 2010
July 2010
June 2010
  - (see all)
Archives by Topic
  - A La Carte
- Add category
- Advertising & Marketing
- Antitrust & Competition Policy
- Appleplectics
- Books & Book Reviews
- Broadband
- Cable
- Campaign Finance Law
- Capitalism
- Capitol Hill
- China
- Commons
- Communications
- Copyright
- Cutting the Video Cord
- Cyber-Security
- DACA
- Digital Americas
- Digital Europe
- Digital Europe 2006
- Digital TV
- E-commerce
- e-Government & Transparency
- Economics
- Education
- Electricity
- Energy
- Events
- Exaflood
- Free Speech
- Gambling
- General
- Generic Rant
- Global Innovation
- Googlephobia
- Googlephobia
- Human Capital
- Innovation
- Intermediary Deputization & Section 230
- Internet
- Internet Governance
- Internet TV
- Interoperability
- IP
- Local Franchising
- Mass Media
- Media Regulation
- Monetary Policy
- Municipal Ownership
- Net Neutrality
- Neutrality
- Non-PFF Podcasts
- Ongoing Series
- Online Safety & Parental Controls
- Open Source
- PFF
- PFF Podcasts
- Philosophy / Cyber-Libertarianism
- Privacy
- Privacy Solutions
- Regulation
- Search
- Security
- Software
- Space
- Spectrum
- Sports
- State Policy
- Supreme Court
- Taxes
- The FCC
- The FTC
- The News Frontier
- Think Tanks
- Trade
- Trademark
- Universal Service
- Video Games & Virtual Worlds
- VoIP
- What We're Reading
- Wireless
- Wireline
Archives by Author
PFF Blogosphere Archives
We welcome comments by email - look for a link to the author's email address in the byline of each post. Please let us know if we may publish your remarks.
 










The Progress & Freedom Foundation