Friday, May 14, 2010

We're taking pictures! (Slap!) Wardriving! (Slap!) Taking pictures! (Slap!) Wardriving!

Forgive the gratuitous "Chinatown" reference in the title, but Google just got caught with its own privacy scandal. It seems that its Street View cars aren't only taking pictures of streets; they're also refining Google's maps and other geolocation services. There's nothing wrong with that, of course, but one of the techniques that the company has been using has been to detect Wi-Fi networks along the way and map their locations to GPS coordinates.

There's nothing wrong with that, either; Wi-Fi access points and routers broadcast their MAC addresses, which are usually (but not guaranteed to be) unique for each device. Map a MAC address to a pair of coordinates, and as long as the access point doesn't move, if you can pick up the access point, you're near those coordinates. However, that wasn't all that Google was doing. For some reason that completely escapes me, Google has been collecting not just MAC addresses and locations, but actual data being broadcast by open (unencrypted) access points, possibly for as long as four years. They've been doing this everywhere in the world where Google has Street View cars.

The company says that it has temporarily stopped collecting data with Street View cars and will permanently stop using Wi-Fi network data, and that it will delete the collected Wi-Fi data "real soon now." Google claims that, since its Street View cars were constantly moving, it only collected a small amount of data from any access point. Also, it's been known for years that running an open access point is a lot like taking the drapes off all your windows and keeping the lights on 24 hours a day. But that neither explains not excuses why Google has been collecting this data since 2006. They don't need it for geolocation. Shouldn't someone have caught on when Street View cars went out empty and came back full of spurious data, say, four years ago?

Google's been violating privacy laws and laws against interception of transmissions in the U.S., Europe, and probably everywhere else Street View goes. This is likely to have very serious consequences for the company worldwide. Further, between what's been going on with Facebook and now Google, I wouldn't at all be surprised to see action taken in the U.S. to strengthen data privacy laws, much along the line of the EU's rules.

If you haven't already locked your Wi-Fi access port down with WPA encryption, now would be a good time.

Reblog this post [with Zemanta]

No comments: