News Clipping

State AGs heed our call for WiSpy probe


Fri, Jun 18, 2010 at 1:07 pm

    State AGs heed our call for WiSpy probe

    Attorneys general across the United States are responding to Consumer Watchdog’s call to investigate Google’s WiSpy debacle in which the company used its Street View vehicles to snoop on private WiFi networks for three years.

    I wrote the National Association of Attorneys General on May 26 asking that our request for an investigation be passed on to the AGs.  On June 2 NAAG’s executive director, James E. McPherson, responded that he appreciated my concern and would pass the message to the state AGs.

    Since then AGs in at least  Missouri, Connecticut, Illinois, Michigan, Massachusetts and New York have demanded answers from the Internet giant. Some examples of what’s happening:

    • Connecticut’s Richard Blumenthal, who announced he was probing the incident, organized a conference call among 30 state AGs to discuss the situation.
    • Today Massachusetts Attorney General Martha Coakley and Illinois Attorney General Lisa Madigan said they had sent  a request to the Internet giant  seeking information on the scope of the data collection.
    • Michigan AG Mike Cox send a letter to Google this week asking 12 tough question’s about the company’s WiSpy practices and gave the company ten days to respond. He also told Google “to preserve for 90 days all records and other evidence related to the collection, use, and disclosure of personal information that its ‘Street View’ cars collected from wireless networks in Michigan.”

    It’s not yet clear if the the states will coordinate their efforts, but the conference call is a good sign that they  are moving in that direction. The importance of coordinated state action was underlined by Joseph Menn in the Financial Times:

    While legal actions by individual states can force big changes at companies accused of wrongdoing, a multi-state effort has a better chance of making a substantial impact. Working together, the top legal officers of states can assign more specialists to a case and focus on the local laws with the strictest language.

    In the 1990s, coordinated lawsuits between states against the big tobacco companies secured advertising reforms and about $200bn in damages.

    And action continues at the federal level with probes by the Federal Trade Commission and possibly the Federal Communications Commission.  The legislative branch is concerned, too.

    Last week three Congressmen, Reps. Joe Barton, R-Texas, Edward Markey, D-Mass., and Henry A. Waxman, D-Calif.  were skeptical of Google’s response to their questions about WiSpy. Barton said “this matter warrants a hearing, at minimum.”

    Barton is far off the mark with his lame apology this week to BP CEO Tony Hayward, but he is spot on in the call for a Congressional hearing on WiSpy.

    Internationally, this week the French data protection agency CNIL said it was examining  data collected through WiSpy  to decide if Google should face criminal charges or other sanctions.

    Canada’s privacy commissioner is probing the collection, while police in both New Zealand and Australia said this month they would investigate. Probes are also underway in  Germany, Austria, Italy and the UK.

    As we said in our letter to the AGs:

    Google’s claim that its intrusive behavior was by ‘mistake’ stretches all credulity. In fact, Google has demonstrated a history of pushing the envelope and then apologizing when its overreach is discovered. Given its recent record of privacy abuses, there is absolutely no reason to trust anything the Internet giant claims about its data collection policies.

    I think there is a positive aspect to WiSpy, however.  People clearly understand that the Internet giant was snooping and gathering private data.  It’s been a wake-up call, focusing our collective attention on Google’s data gathering practices and the unprecedented massive amounts of information it stores in its global network of servers.

    Consumers are realizing that Google is run by people with this mind set: More data is always better no matter how you grab it. Don’t ask permission, you can always ask forgiveness.

    Now that people are beginning to understand how much data Google has sucked up and its cavalier attitude toward consumer privacy, they expect the the company be held accountable and are demanding the Internet giant behave responsibly.

    , , , , ,

    2 Responses to “State AGs heed our call for WiSpy probe”

    1. Daniel Brandt Says:

      I posted this comment at UK’s “The Register” two days ago, but it is worth repeating:

      It still surprises me that all the attention is focused on the collection of unencrypted WiFi data. Yes, I understand that this is the one characteristic of Google’s collection that most clearly crosses the line into illegality in numerous jurisdictions. But for me the line would have been crossed even if Google had not collected payload data.

      The MAC address, which is globally unique, is burned into each piece of networking hardware. With the addition of fairly precise geolocation data, probably within a radius of several households or one or two apartment buildings, this is information that takes on an entirely new dimension. It no longer identifies a specific WiFi router or WiFi-enabled smartphone, but also ties it to a time and place. In many cases, this amounts to a fairly short list of suspects. That makes it personally identifiable, given the investigative resources of any government.

      This MAC address is part of the WiFi protocol, and all WiFi devices broadcast the MAC in the clear, whether they are encrypted or unencrypted. This is what makes WiFi work. The SSID may or may not be present, but if it is present, it is also sent in the clear. The SSID will make it much easier to exactly identify the owner once the geolocation from the MAC is known, but it’s not necessary. All you really need is a search warrant to check out the device that broadcasted the MAC and confirm the number.

      All governments would like to have a database of MAC addresses being used for WiFi within their jurisdiction, with a time stamp and precise geolocation data. It’s an invaluable resource. Google has this information for some 30 countries.

      Even assuming that government intelligence agencies are always good guys, I nevertheless object to Google acquiring this information. If my WiFi router was plugged in while the cam car drove by, Google knows where my WiFi router lives. In the future, my neighbors will be using devices that depend on good geolocation data for Google’s advertising feeds, and their device will be sniffing local MAC address automatically, in the background, in order to zero in on my neighbor’s location. This information will provide an ongoing confirmation of not only their location, but also my MAC’s location, once it is corroborated with other neighborhood MAC addresses. It amounts to an ongoing, dynamically updated, cross-referenced system that no longer needs a Google cam car driving by periodically.

      Google did not ask anyone with devices that broadcast MAC addresses if they wished to be part of its evil system. An opt-out is not possible unless you stop using WiFi. That’s the essence of the entire issue. Google’s so-called “mistake” of collecting unsecured payload data is frosting on the cake because it is getting the attention of the proper authorities. But it’s the cake itself that worries me.

      I also addressed this same issue at a week ago. That item was listed in Google News for 24 hours, but then it disappeared from Google News for some reason.

      Here’s a new cartoon I made for Scroogle:

      If you think that this spoof ad I created is absurd, keep in mind that Google’s Android phones apparently already do this. If you tell the phone to “share your location,” it sniffs everything around you. Google’s MAC address database is probably updated at the same time. I’ve also seen items that lead me to believe that a similar feature is available in the most recent versions of the Chrome browser, but it apparently defaults to “off” and you have to turn it on.


    1. Today’s Recommended Reads « Google Monitor - 21. Jun, 2010

      […] State AGs heed our call for WiSpy probe […]

    Leave a Reply