Google's Wi-Fi sniff probe reveals 'criminal intent' - PI
'We paid them to say what?'
Ensure Ease of Recovery with Asigra’s Agentless Software
An analysis of Google's Wi-Fi sniffing code, paid for by Google, suggests the company could find itself facing criminal charges, according to a privacy watchdog and pressure group.
Google's lawyers Perkins Coie paid computer forensics firm Stroz Friedberg to analyse the code used, presumably in order to defend itself against attacks from several privacy authorities in Europe and elsewhere.
Consultants from Stroz Friedberg analysed the source code for "gslite" - the program running while Google's Street View cars trundled along the street.
They found gslite - part of the gstumbler programme - was made up of 32 source code files and 12 extra files with config files and changelog information.
The software worked with Kismet - packet-sniffing software. gslite then parsed header information from any unsecured wireless network it passed. Kismet hopped channels five times per second in order to grab as many networks as possible.
The paper said that frames from encrypted networks were discarded by gslite. Unencrypted bodies were written straight to disc, but not parsed by the program.
Privacy International believe this represents criminal intent - data protection law does not normally allow the interception of communications in this way.
PI said: "This action by Google cannot be blamed on the alleged 'single engineer' who wrote the code. It goes to the heart of a systematic failure of management and of duty of care."
Gslite made no attempt to parse the body of any messages or file transfers, but it also collected numerical identifiers of kit attached to the network.
The program linked the information collected with GPS data from the car. The analysis notes that the GPS system provides geolocation data rather more slowly than network data so gslite corrects the difference between the two before storing the file.
PI's blog post is here, and it also has a link to the pdf report.
The "rogue engineer" theory was further undermined by Google's legal eagles' earlier moves to patent the network sniffing technology.
A Google spokesman said, "As we have said before, this was a mistake. The report today confirms that Google did indeed collect and store payload data from unencrypted WiFi networks, but not from networks that were encrypted. We are continuing to work with the relevant authorities to respond to their questions and concerns."®
COMMENTS
Re: Perhaps Google should counter-sue
No, case not closed.
This is like a thief counter-suing, because a home owner left the doors unlocked before the robbery.
only storing packets worth mining
Of course they didn't store encrypted packets, the fscking car didn't hang around long enough to sniff enough data to decrypt it. These packets were useless for data mining, not storing them is an admission of intent, not an excuse for a mistake.
They need to stop digging and start properly apologising.
Stupid, yes
I'll gladly concede that users are stupid not to secure their networks. That does not allow Google to prey on their stupidity (well not by half-inching their data at least).
IT infrastructure monitoring strategies
What you need to know about cloud backup
Enabling efficient data center monitoring
Agentless Backup is Not a Myth
Customer Success Testimonial: Recovery is Everything
