Tuesday, May 01, 2012

There’s nothing evil Google can do with the extra WiFi data

Google’s WiFi scandal is a good test of Internet activism. Are activists intellectuals with a special insight into the consequences of technology? Or are they more like dogs that chase every passing car?

The implication is that Google was able to capture your personal information as they drove by in their StreetView cars. In fact, the data they collected is too fragmentary to be useful. Most WiFi is encrypted (and hence, not eavesdroppable), and even if unencrypted, chances are that StreetView collected nothing in the few seconds it took to drive by.

In other words, Google had as much chance of capturing your password/email as they did of taking a picture at the precise moment you stepped out of your shower with the curtains open. Sure, such events happened a few thousand times, but this was tiny compared to the billions of homes StreetView drove past worldwide.

This is the test for Internet privacy activists. They aren’t intellectuals. They don’t understand the technology of WiFi sniffing. They don’t understand that what Google collected is worthless. They assume the worst, about what Google was able to collect, and about Google’s intentions.

It’s funny to watch. Google hasn’t been forthcoming with details about the WiFi overcollection because they recognize that there is a witch-hunt going on. Since any rational person should be able to recognize the overcollected data is worthless, any attack must therefore come from the lunatic fringe. But this convinces the fringe that there is an important cover-up. It’s like how the US keeps Area 51 secret (it’s a military base where they test stealth technology), which convinces the fringe that there is a UFO cover-up.

You can verify this yourself. Download “BackTrack 5 r2”, the well-known Linux destro with a bunch of hacking tools. Boot your laptop with BackTrack and run “Kismet”, then drive around neighborhoods for a few hours. Then, back home, run the collected data through hacking tools like ‘dsniff’ or ‘ferret’ to see if you got anything useful.

I consider myself an "activist", but I hate being lumped in with the fringe. The road to tyranny is paved with good intentions of ignorant activists. We should not have laws preventing StreetView from taking pictures of naked people in their bedrooms, we should instead expect people to close their curtains. We should not have laws preventing StreetView from collecting unencrypted data, we should expect people to encrypt. Freedom means personal responsibility, getting rid of personal responsibility gets rid of freedom.

Update: Some people have suggested other analogies. One is "lynch mob" instead of "witch hunt". Another is "cry wolf": Google deserves a lot of criticism, but when you attack them for invalid concerns, you destroy your credibility.
Update: You can easily counter the argument of this post by demonstrating how Google can use that overcollected data for evil.


Christopher Parsons said...

Whether Google was intentionally or unintentionally collecting data is secondary: their data collection was in contravention of privacy and data protection laws around the world. While penalties will vary depending on the jurisdiction, Google broke the law. Plain and simple.

As for the issue of whether Google caught anything sensitive or not: In their analysis of the logs, the privacy commissioner of Canada found that "Although our tests were designed to minimize further privacy intrusions, we were troubled to have found instances of particularly sensitive information, including computer login credentials (i.e., usernames and passwords), the details of legal infractions, and certain medical listings. While the raw data collected by Google would not always allow for perfect identification, the information collected was sufficiently capable of being linked to individuals through data matching or aggregation." (Source: http://www.priv.gc.ca/cf-dc/2011/2011_001_0520_e.asp#summary)

Did Google plan to use this data that they'd collected? I very, very, very much doubt it. I don't buy the conspiracy theories. I think that what happened was unintentional and incredibly unfortunate for all involved. Nevertheless, sensitive information was collected without the consent of Canadians. We cannot simply elide the violation of law by saying 'no intentional harm, no foul' - there are responsibilities for developing and implementing systems in the real world and we cannot give companies a free pass on the basis that they weren't intending on being evil.

Frank Meulenaar said...

I like how you wrote "Linux destroy"

Robert Graham said...

Mr. Parsons, you miss the point.

Yes, the Canadian commissioner found instances of "sensitive information", but the point of my post is that they were few and far between, as often as the accidental nude photograph that appears in StreetView pictures. If you don't believe me, drive around your own neighborhood and check for yourself how much sensitive data you get.

It doesn't matter if Google planned to do evil with this data: they didn't collect enough to do anything significant with it.

As for "illegal", the law is unclear, which is why the FCC didn't prosecute. In much the same way you can eavesdrop on CB radio, it's likely that you can eavesdrop on unencrypted communication in the unlicensed bands like 2.4 GHz. Moreover, if it's not legal, it should be, in much the same way it should be legal to look inside somebody's window from the street if they don't close their curtain.

Dan said...

Holy Cow! Someone is rational about the "Google Privacy Debacle"!

The raging anti-corporate idiots that picked up this banner should pause and consider the ramifications on our society if the opposite were true and this (listening to broadcast information) was illegal.

Fausto Cepeda said...

What can I say? All true. Thanks for your comments.