Skip to comments.U.S. top court rejects Google bid to drop Street View privacy case [illegal Wi-Fi wiretap]
Posted on 06/30/2014 10:07:27 PM PDT by Jim Robinson
(Reuters) - The U.S. Supreme Court on Monday rejected Google Inc's bid to dismiss a lawsuit accusing it of violating federal wiretap law when it accidentally collected emails and other personal data while building its popular Street View program.
The justices left intact a September 2013 ruling by the 9th U.S. Circuit Court of Appeals, which refused to exempt Google from liability under the federal Wiretap Act for having inadvertently intercepted emails, user names, passwords and other data from private Wi-Fi networks to create Street View, which provides panoramic views of city streets.
The lawsuit arose soon after the Mountain View, California-based company publicly apologized in May 2010 for having collected fragments of "payload data" from unsecured wireless networks in more than 30 countries.
Google was accused of having collected the data while driving its vehicles through neighborhoods from 2008 to 2010 to collect photos for Street View.
(Excerpt) Read more at reuters.com ...
The first comment at the source alleges that Google designed that in... they did war driving as they videoed, and grabbed neighborhood peripheral data as they went, from people who hadn’t bothered to password protect their networks.
That was pretty presumptuous of Google. I do not know what they hoped to accomplish by doing this. “Dear firstname.lastname@example.org: we took note of your email address while we were going down Main Street in Hackersville, USA. Please look at our photos of this street and let us know if you like them.”
Funny thing, though, a degree of snooping that might get an individual thrown in jail results in a fine that is a pittance for a corporation like Google.
Does anyone know how to get a job with Google driving around in a camera truck?
They were collecting wifi network names (SSID) and their locations so that they could use that data to help user geolocate themselves more quickly. The other data came along for the ride. People should have encryption enabled on their networks anyway. What google did is more analogous to recording CB radio transmissions than wiretapping.
They did it to provide mapping of open WiFi access points which many are public on purpose. For example a coffee shop or fast food restaurant.
The bottom line is, if people don’t secure their networks while using the public airwaves they should have no expectation of privacy. I think calling it an illegal tap is seriously bad law.
Especially since SSIDs are not guaranteed to be unique.
At best this is too clever by half. Oh, this guy’s email (which they can see if he is logged into gmail) looks like the chatter we found at the corner of 2nd and Maple, Anytown. We think we’ll bring that corner right up when he asks for Google Maps.
They managed to follow my MAC ID to suggest places I hadn’t been to in a coon’s age.
What is Location-Aware Browsing?You can test it out here: http://html5demos.com/geo
How does it work?
When you visit a location-aware website, Firefox will ask you if you want to share your location.
If you consent, Firefox gathers information about nearby wireless access points and your computers IP address. Then Firefox sends this information to the default geolocation service provider, Google Location Services, to get an estimate of your location. That location estimate is then shared with the requesting website.
If you say that you do not consent, Firefox will not do anything.
Well that’s kind of double-talky misleading.
Share your location? Well, unless my ISP will tell them that, they shouldn’t know.
I happened to be granted a US patent, by the way, on a means of location-adaptive website behavior. It was based on the user’s domain. If some voice had whispered to me that I should use some snooped network information, and hide the description of what I was doing on some other web site, I would have told it that it was crazy.
I mean how else, a bunch of cookie and Google-stored-data clearings later, would they know I had been in Maryland?
But somehow, yeah, they did it. On a completely new Linux installation on an old netbook that I had been using in Maryland. My MAC ID is the ONLY thing that would have been the same!
But it would be so CONVENIENT to be able to destination-map the truck stop that was next to the motel I stayed in for 3 months while contracting in Maryland 2 years ago...
Google is too big for its britches. When I want Google to forget, I mean it!
I call this creepy and spooky behavior. Unless I can know how Google knows something I expect it NOT to know!
I mean, they probably have a record of everything my MAC ID surfed in the Google network, right down to the last grotty You Tube video. A veritable Golem of snoopdata.
Well, maybe IRS should have been using gmail. Then Lois Lerner’s emails would never, ever, ever have been lost!
I would guess they simply recorded the packets they captured on the various WiFi channels as they drove by and processed all the data at a later time.
There’s a difference between sitting there and waiting for networks to identify themselves while scanning all the channels (the software you use). This is a drive-by where they capture whatever happens to be going on at the moment while briefly present.
If you can’t be bothered to minimally secure your network on the public airwaves then you have no right to complain that others are capturing what you’re broadcasting. I might add the the frequencies involved are unlicensed public frequencies.
Well even war-driving setups tend to be more intelligent than this. They will parse the traffic as they get it.
And one can argue about what “should” be done but the legal precedent is that if you intended it to be private (e.g. not on some agreed amateur frequency) then it is considered a violation of law to snoop. Google was counting on asking forgiveness later. That didn’t happen, at least formally.
People should be more careful. MAC IDs can tell more about you to Mother Google than you expected.
Are you sure they didn’t follow your whereabouts from your browser signature?
You MAC address shouldn’t be being passed over the Internet in IP packets.
Well somehow they managed to figure out where I’d been if it wasn’t MAC address. Well enough to show it as a choice when I visited Google Maps. Maybe it’s getting too late at night.
I meant to write “Your” and not “you”...
What would be clever is how they managed to do that across OS installations. And no I never consented to a “share my location” request.
If I am using dynamic IP how could that possibly be the same now, on my home network, as it was in Maryland when I was using the motel’s WiFi?
Your browser provides a lot information about your system, for example the browser type and version, the operating system type and version (including major service packs), the browser plug-ins and their versions, the screen resolution and DPI of your display. You add all that together and it makes a pretty good signature. People install different plug-ins (Adobe Reader, Flash, etc.) for different needs.
When you log into Youtube, Gmail or any other Google service they have who you are with your signature. So when the signature moves across different networks, they can track you without cookies or logging into anything. All without your MAC address.
IPv6 is different. It normally uses your MAC address as part of your IP address. Every MAC address is unique making each IP address unique. Therefore you can be tracked everywhere you go directly including everything you view online. I find IPv6 to be rather disturbing for that reason.
How you can hide (in terms of being tracked if you move around) is to use VMware or equivalent to virtualize your browser’s environment. Use a generic OS with a common screen resolution, DPI and color depth with only the minimum plug-ins needed to work and never log into any Google service with it. Erase your cookies if you allow them after every use. They shouldn’t be able to track you then.
They can do it with different OS installations if you’ve logged into any Google service with each OS install. It could be a simple as watching a Youtube video through a Youtube account. Then they have who you are and the signature of each OS you use.
Yes, you can spoof your MAC. But it requires some effort and knowledge to do so.
And I wouldn’t be surprised that at some point the government outlaws the ability to do so with normal commercial products because it hinders law enforcement.
It is big government’s wet dream to have an unambiguous way to track Internet traffic of the masses down to the individual device.
If you fail to lock your wifi, doors, windows or automobiles you’re taking a risk. Would it be okay if they compiled a list of houses with unlocked doors and/or windows, and published the list?
That would certainly be convenient. Don’t see how anyone could complain.
Just to follow up on this, you can check to see how unique your browser's signature is by using Panopticlick, a tool set up by the Electronic Frontier Foundation (EFF).
There are many excellent tools available for Firefox browser that can assist you in protecting your privacy. Here are a few of my favorites:
IMHO, the fact that you can be tracked 24/7 if you use a cell phone is way more potentially invasive than this.
I don't. FWIW, Im not sure that Google actually does the driving. I suspect that the driving is contracted. I base this on having seen the job ads for drivers in this area (the contact was not Google) and the fact that the local Google truck parking lots were at businesses that had nothing to do with Google directly (for example, a local land survey company).
Sounds like a good gig if you like to travel. Then again, I’m sure you’d have to go to the big city Amish areas.
Might be just my public education, but I don’t get it.
How SLOW does one have to drive to ‘...accidentally collected emails and other personal data...’
Even in my area, where there exists multiple SSIDs (all secure, so the little icon says), taking the strongest signal available; you’re still talking seconds to ‘handshake’, more still to snoop and more still to receive...all at the end/edge of these connections/from the street/etc before the signal drops ala range??