Feeds

Google's Wi-Fi sniff probe reveals 'criminal intent' - PI

'We paid them to say what?'

The Essential Guide to IT Transformation

An analysis of Google's Wi-Fi sniffing code, paid for by Google, suggests the company could find itself facing criminal charges, according to a privacy watchdog and pressure group.

Google's lawyers Perkins Coie paid computer forensics firm Stroz Friedberg to analyse the code used, presumably in order to defend itself against attacks from several privacy authorities in Europe and elsewhere.

Consultants from Stroz Friedberg analysed the source code for "gslite" - the program running while Google's Street View cars trundled along the street.

They found gslite - part of the gstumbler programme - was made up of 32 source code files and 12 extra files with config files and changelog information.

The software worked with Kismet - packet-sniffing software. gslite then parsed header information from any unsecured wireless network it passed. Kismet hopped channels five times per second in order to grab as many networks as possible.

The paper said that frames from encrypted networks were discarded by gslite. Unencrypted bodies were written straight to disc, but not parsed by the program.

Privacy International believe this represents criminal intent - data protection law does not normally allow the interception of communications in this way.

PI said: "This action by Google cannot be blamed on the alleged 'single engineer' who wrote the code. It goes to the heart of a systematic failure of management and of duty of care."

Gslite made no attempt to parse the body of any messages or file transfers, but it also collected numerical identifiers of kit attached to the network.

The program linked the information collected with GPS data from the car. The analysis notes that the GPS system provides geolocation data rather more slowly than network data so gslite corrects the difference between the two before storing the file.

PI's blog post is here, and it also has a link to the pdf report.

The "rogue engineer" theory was further undermined by Google's legal eagles' earlier moves to patent the network sniffing technology.

A Google spokesman said, "As we have said before, this was a mistake. The report today confirms that Google did indeed collect and store payload data from unencrypted WiFi networks, but not from networks that were encrypted. We are continuing to work with the relevant authorities to respond to their questions and concerns."®

Boost IT visibility and business value

More from The Register

next story
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
Adam Afriyie MP: Smart meters are NOT so smart
Mega-costly gas 'n' 'leccy totting-up tech not worth it - Tory MP
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.