An analysis of Google's Wi-Fi sniffing code, paid for by Google, suggests the company could find itself facing criminal charges, according to a privacy watchdog and pressure group.

Google's lawyers Perkins Coie paid computer forensics firm Stroz Friedberg to analyse the code used, presumably in order to defend itself against attacks from several privacy authorities in Europe and elsewhere.

Consultants from Stroz Friedberg analysed the source code for "gslite" - the program running while Google's Street View cars trundled along the street.

They found gslite - part of the gstumbler programme - was made up of 32 source code files and 12 extra files with config files and changelog information.

The software worked with Kismet - packet-sniffing software. gslite then parsed header information from any unsecured wireless network it passed. Kismet hopped channels five times per second in order to grab as many networks as possible.

The paper said that frames from encrypted networks were discarded by gslite. Unencrypted bodies were written straight to disc, but not parsed by the program.

Privacy International believe this represents criminal intent - data protection law does not normally allow the interception of communications in this way.

PI said: "This action by Google cannot be blamed on the alleged 'single engineer' who wrote the code. It goes to the heart of a systematic failure of management and of duty of care."

Gslite made no attempt to parse the body of any messages or file transfers, but it also collected numerical identifiers of kit attached to the network.

The program linked the information collected with GPS data from the car. The analysis notes that the GPS system provides geolocation data rather more slowly than network data so gslite corrects the difference between the two before storing the file.

PI's blog post is here, and it also has a link to the pdf report.

The "rogue engineer" theory was further undermined by Google's legal eagles' earlier moves to patent the network sniffing technology.

A Google spokesman said, "As we have said before, this was a mistake. The report today confirms that Google did indeed collect and store payload data from unencrypted WiFi networks, but not from networks that were encrypted. We are continuing to work with the relevant authorities to respond to their questions and concerns."®

Related stories

• Seven years on, Spain rattles tin cup at Google over Street View slurp (8 November 2017)

  https://www.theregister.com/2017/11/08/spain_fines_google_for_streetview_wifi_data_collection/

• Mozilla goes where Google fears to tread with geolocation service (29 October 2013)

  https://www.theregister.com/2013/10/29/mozilla_goes_where_google_fears_to_tread_with_geolocation_service/

• Google KNEW Street View cars were slurping Wi-Fi (30 April 2012)

  https://www.theregister.com/2012/04/30/google_slurp_ok/

• Euro bell tolls for UK's data protection regs (27 August 2010)

  https://www.theregister.com/2010/08/27/data_deadline_passes/

• Image recognition – defense against a Lampard replay? (10 July 2010)

  https://www.theregister.com/2010/07/10/goalline_technology_worldcup/

• Google's Wi-Fi snoop prompts Early Day Motion (29 June 2010)

  https://www.theregister.com/2010/06/29/google_edm/

• Apple feels heat from Germany for geo-tracking i-customers (28 June 2010)

  https://www.theregister.com/2010/06/28/apple_german_minister_privacy_policy_concerns/

• Scotland Yard mulls Google Wi-Fi slurp (23 June 2010)

  https://www.theregister.com/2010/06/23/google_police/

• Google claims Wi-Fi slurp legal in the US (22 June 2010)

  https://www.theregister.com/2010/06/22/google_wifi/

• 30 states may join probe of Google Wi-Fi snoop (21 June 2010)

  https://www.theregister.com/2010/06/21/google_wifi_snoop_inquiries/

• Google's Wi-Fi snoop nabbed passwords and emails (18 June 2010)

  https://www.theregister.com/2010/06/18/google_street_view_cars_wifi_data_includes_emails_and_passwords/

• Spain objects to Street View Wi-Fi snooping (14 June 2010)

  https://www.theregister.com/2010/06/14/street_view_spain/

• Google responds to privacy probe (14 June 2010)

  https://www.theregister.com/2010/06/14/google_wifi_snoop/

• Google blames Wi-Fi snooping on rogue engineer (4 June 2010)

  https://www.theregister.com/2010/06/04/schmidt_wifi/

• Google tries to patent tech that snoops Wi-Fi networks (3 June 2010)

  https://www.theregister.com/2010/06/03/google_wardriving_patent/

• Google halts deletion of Street View Wi-Fi data (21 May 2010)

  https://www.theregister.com/2010/05/21/google_halts_wifi_payload_data_deletion/

• Google turns on SSL encryption for search (21 May 2010)

  https://www.theregister.com/2010/05/21/google_search_ssl_encryption/

• Sergey Brin: 'We screwed up' on Street View Wi-Fi grab (19 May 2010)

  https://www.theregister.com/2010/05/19/sergey_brin_on_street_view_wifi_data_gathering/

• Google Street View whacked by German prosecutors, Czech data watchdog (19 May 2010)

  https://www.theregister.com/2010/05/19/google_streetview_europe_row/

• Google: Street View spycars did slurp your Wi-Fi (14 May 2010)

  https://www.theregister.com/2010/05/14/google_street_view_cars_were_collecting_payload_data_from_wifi_networks/