Blog Post

State AGs heed our call for WiSpy probe

Posted by

Fri, Jun 18, 2010 at 1:07 pm

  • Share
State AGs heed our call for WiSpy probe

Attorneys general across the United States are responding to Consumer Watchdog’s call to investigate Google’s WiSpy debacle in which the company used its Street View vehicles to snoop on private WiFi networks for three years.

I wrote the National Association of Attorneys General on May 26 asking that our request for an investigation be passed on to the AGs.  On June 2 NAAG’s executive director, James E. McPherson, responded that he appreciated my concern and would pass the message to the state AGs.

Since then AGs in at least  Missouri, Connecticut, Illinois, Michigan, Massachusetts and New York have demanded answers from the Internet giant. Some examples of what’s happening:

  • Connecticut’s Richard Blumenthal, who announced he was probing the incident, organized a conference call among 30 state AGs to discuss the situation.
  • Today Massachusetts Attorney General Martha Coakley and Illinois Attorney General Lisa Madigan said they had sent  a request to the Internet giant  seeking information on the scope of the data collection.
  • Michigan AG Mike Cox send a letter to Google this week asking 12 tough question’s about the company’s WiSpy practices and gave the company ten days to respond. He also told Google “to preserve for 90 days all records and other evidence related to the collection, use, and disclosure of personal information that its ‘Street View’ cars collected from wireless networks in Michigan.”

It’s not yet clear if the the states will coordinate their efforts, but the conference call is a good sign that they  are moving in that direction. The importance of coordinated state action was underlined by Joseph Menn in the Financial Times:

While legal actions by individual states can force big changes at companies accused of wrongdoing, a multi-state effort has a better chance of making a substantial impact. Working together, the top legal officers of states can assign more specialists to a case and focus on the local laws with the strictest language.

In the 1990s, coordinated lawsuits between states against the big tobacco companies secured advertising reforms and about $200bn in damages.

And action continues at the federal level with probes by the Federal Trade Commission and possibly the Federal Communications Commission.  The legislative branch is concerned, too.

Last week three Congressmen, Reps. Joe Barton, R-Texas, Edward Markey, D-Mass., and Henry A. Waxman, D-Calif.  were skeptical of Google’s response to their questions about WiSpy. Barton said “this matter warrants a hearing, at minimum.”

Barton is far off the mark with his lame apology this week to BP CEO Tony Hayward, but he is spot on in the call for a Congressional hearing on WiSpy.

Internationally, this week the French data protection agency CNIL said it was examining  data collected through WiSpy  to decide if Google should face criminal charges or other sanctions.

Canada’s privacy commissioner is probing the collection, while police in both New Zealand and Australia said this month they would investigate. Probes are also underway in  Germany, Austria, Italy and the UK.

As we said in our letter to the AGs:

Google’s claim that its intrusive behavior was by ‘mistake’ stretches all credulity. In fact, Google has demonstrated a history of pushing the envelope and then apologizing when its overreach is discovered. Given its recent record of privacy abuses, there is absolutely no reason to trust anything the Internet giant claims about its data collection policies.

I think there is a positive aspect to WiSpy, however.  People clearly understand that the Internet giant was snooping and gathering private data.  It’s been a wake-up call, focusing our collective attention on Google’s data gathering practices and the unprecedented massive amounts of information it stores in its global network of servers.

Consumers are realizing that Google is run by people with this mind set: More data is always better no matter how you grab it. Don’t ask permission, you can always ask forgiveness.

Now that people are beginning to understand how much data Google has sucked up and its cavalier attitude toward consumer privacy, they expect the the company be held accountable and are demanding the Internet giant behave responsibly.

Share
, , , , ,

This post was written by:

John M. Simpson

- who has written 362 posts on Inside Google.

John M. Simpson is a leading voice on technological privacy and stem cell research issues. His investigations this year of Google’s online privacy practices and book publishing agreements triggered intense media scrutiny and federal interest in the online giant’s business practices. His critique of patents on human embryonic stem cells has been key to expanding the ability of American scientists to conduct stem cell research. He has ensured that California’s taxpayer-funded stem cell research will lead to broadly accessible and affordable medicine and not just government-subsidized profiteering. Prior to joining Consumer Watchdog in 2005, he was executive editor of Tribune Media Services International, a syndication company. Before that, he was deputy editor of USA Today and editor of its international edition. Simpson taught journalism a Dublin City University in Ireland, and consulted for The Irish Times and The Gleaner in Jamaica. He served as president of the World Editors Forum. He holds a B.A. in philosophy from Harpur College of SUNY Binghamton and was a Gannett Fellow at the Center for Asian and Pacific Studies at the University of Hawaii. He has an M.A. in Communication Management from USC’s Annenberg School for Communication.

Contact the author

2 Responses to “State AGs heed our call for WiSpy probe”

  1. Daniel Brandt Says:

    I posted this comment at UK’s “The Register” two days ago, but it is worth repeating:

    It still surprises me that all the attention is focused on the collection of unencrypted WiFi data. Yes, I understand that this is the one characteristic of Google’s collection that most clearly crosses the line into illegality in numerous jurisdictions. But for me the line would have been crossed even if Google had not collected payload data.

    The MAC address, which is globally unique, is burned into each piece of networking hardware. With the addition of fairly precise geolocation data, probably within a radius of several households or one or two apartment buildings, this is information that takes on an entirely new dimension. It no longer identifies a specific WiFi router or WiFi-enabled smartphone, but also ties it to a time and place. In many cases, this amounts to a fairly short list of suspects. That makes it personally identifiable, given the investigative resources of any government.

    This MAC address is part of the WiFi protocol, and all WiFi devices broadcast the MAC in the clear, whether they are encrypted or unencrypted. This is what makes WiFi work. The SSID may or may not be present, but if it is present, it is also sent in the clear. The SSID will make it much easier to exactly identify the owner once the geolocation from the MAC is known, but it’s not necessary. All you really need is a search warrant to check out the device that broadcasted the MAC and confirm the number.

    All governments would like to have a database of MAC addresses being used for WiFi within their jurisdiction, with a time stamp and precise geolocation data. It’s an invaluable resource. Google has this information for some 30 countries.

    Even assuming that government intelligence agencies are always good guys, I nevertheless object to Google acquiring this information. If my WiFi router was plugged in while the cam car drove by, Google knows where my WiFi router lives. In the future, my neighbors will be using devices that depend on good geolocation data for Google’s advertising feeds, and their device will be sniffing local MAC address automatically, in the background, in order to zero in on my neighbor’s location. This information will provide an ongoing confirmation of not only their location, but also my MAC’s location, once it is corroborated with other neighborhood MAC addresses. It amounts to an ongoing, dynamically updated, cross-referenced system that no longer needs a Google cam car driving by periodically.

    Google did not ask anyone with devices that broadcast MAC addresses if they wished to be part of its evil system. An opt-out is not possible unless you stop using WiFi. That’s the essence of the entire issue. Google’s so-called “mistake” of collecting unsecured payload data is frosting on the cake because it is getting the attention of the proper authorities. But it’s the cake itself that worries me.

    I also addressed this same issue at http://www.p2pnet.net/story/40785 a week ago. That item was listed in Google News for 24 hours, but then it disappeared from Google News for some reason.

    Here’s a new cartoon I made for Scroogle: http://www.scroogle.org/gifs/goosniff.jpg

    If you think that this spoof ad I created is absurd, keep in mind that Google’s Android phones apparently already do this. If you tell the phone to “share your location,” it sniffs everything around you. Google’s MAC address database is probably updated at the same time. I’ve also seen items that lead me to believe that a similar feature is available in the most recent versions of the Chrome browser, but it apparently defaults to “off” and you have to turn it on.

Trackbacks/Pingbacks

  1. Today’s Recommended Reads « Google Monitor - 21. Jun, 2010

    [...] State AGs heed our call for WiSpy probe [...]

Leave a Reply


6 × = twenty four