James Butler's Blog

GGL: Wifi Data Capture Criminal?

June 12, 2010 05:00

Was Google's Street View wifi data capturing activity criminal?

Maybe ... it depends on how much data they captured.

As most of you already know, I Am Not A Lawyer, so don't take this to the bank.

But from what I know of this situation, Google would have needed to collect enough of the broadcast wifi packet "payload" to be able to make some sense of it in order to compromise the communication thread that those packets were part of. Without knowing what the CONTENT of the communication was, Google would not be criminally liable for intercepting and recording the packet data ... nothing "private" was compromised.

If they only recorded a few packets' data at a time, there simply would not be enough there to be able to learn anything about the CONTENT of the communication. If they recorded a whole bunch of packets' "payloads", then they may have eventually collected enough of those bits of info to put some pieces of the thread puzzle into an order that could then be parsed for some fragments of the CONTENT of the communication, thereby compromising the user of that wifi access point's personal, "private" exchange.

As a crude illustration of the issue, here is a simplified version of the wifi data collection process:

  1. Google Street View vehicle drives into range of a wifi router that is letting the world know it exists
  2. The location of the "access point" is recorded using its GPS coordinates for later use by the Google Maps web application, and probably for other purposes.
  3. The "public" SSID of the router is recorded to potentially enable its use.
  4. The "public" MAC address of the router is recorded as a unique identifier for the device.
  5. Since the whole point of having an Internet access point is to be able to do things on the Internet using Internet protocols, the wifi router sends packets back and forth between the router users', like a family computer, and the Internet service provider's access points.

    Google apparently recorded the CONTENTS of some of those packets, too.

    Did they only record: _ _  N E _ _  M _ R _  _ _ _ P

    or did they record: W _  N E E D  M _ R E  S O _ P ?
Aye, there's the rub.
My current guess is that the reason Google included the capability to record this type of data in their data-gathering programs in the first place is to help them distinguish between personal and public access points for filtering in whatever application they were thinking of using it. And while I admire that goal, I cannot agree with the method they used in their classification effort.
In order to do any good, enough packets need to be collected to be able to figure out what is being communicated to a level that allows the determination of the purpose of that communication. You need to be able to say, "Oh, this is a letter to grandma" or, "This is chatter from a bunch of workstations". The technical details of the packets that would need to be collected to validate any benevolent use of such data do not require that deep capture level.
Probably my example is far too extreme, and that is where hope for Google lies.
If they only collected enough info to figure out something like the router's traffic rate, and then to use that type of anonymous metric to classify the connection, then that might be acceptable. However, if they collected enough to really be able to tell that Johnny wasn't doing too well in college, then they would be up the proverbial creek.
We'll need to wait for much more evidence to be able to determine criminal liability for this. In the mean time, most would agree that this type of activity approaches an ethical line from which a company who's motto is "Don't be evil" would want to keep a distant arm's length.



Add comment
Accessible and Valid XHTML 1.0 Strict and CSS
Powered by LifeType - Design by BalearWeb