Google and Wifi

So Google are in a bit of trouble because they captured a bunch of data from open wifi access points using their Street View cars.

Personally, I’m going to apply Hanlon’s razor to this: “Never attribute to malice that which can be adequately explained by stupidity.”

Google were collecting wifi data for the purposes of performing rough geolocation without the aid of a GPS module; if you collect the approximate position of a wifi access point (identified by its SSID and MAC address), then you can later calculate the location of a mobile device by cross-referencing with what wifi access points it can see. This is perfectly legitimate — all this data was being broadcast in the clear into public areas, it’s not personally identifiable, and Google were never going to disclose it directly anyway; only the results obtained from the use of the data.

The contentious bit is that they hoovered up payload data as well as just SSIDs and MACs. This means emails, web pages, downloads etc. etc. This isn’t too horrendous as anything actually important and sensitive e.g. financial stuff,  is encrypted at the transport layer by SSL anyway. The collected data could potentially be compromising and embarrassing however, and it is legally very dubious to collect and store.

Given that it’s a PR disaster and potentially illegal, I think the most plausible explanation here is cock-up. Somebody on the Street View team got sloppy and used some code from another part of the company without asking too many questions about what that code did, over and above what they were going to be using it for; said guy is now probably getting one hell of a bollocking.

Leave a Reply

Your email address will not be published. Required fields are marked *