Google's wi-fi data collection and TWiL 67
After listening to the panel of lawyers on This Week in Law episode 67 discuss Google's legal trouble concerning their collection of wi-fi data, it seems to me that there's a lot of false or misleading information out there as a result of people not fully understanding technology and how it works. Now before I say anything that soudns critical, let me clarify that the panelists on this show are lawyers and not technologist, developers, IT pros, etc. They are generally very tech-savvy, but the technology is a tool for them not what they do, where as for a developer like myself, it's both.
In short, Google used an off the shelf product, Kismet, to collect wi-fi data for the purposes of populating a location database. This database would be used by any device with a wi-fi antenna, where it can take the list of available networks and signal strengths (same as you would see using any operating system, mobile or desktop, to connect to a network) and send that into Google's system and get back a location, probably in the firm of a latitude & longitude, thereby giving you a location much more accurate than "somewhere close to this cell tower", for example. This software by default collects all data, including the header, which contains the data needed for this database (and is also the basic data needed to make wi-fi work) and the payload (the data being sent over wi-fi). However, when the payload is encrypted, it's random noise and therefore dropped by Kismet. There is also a setting to ignore all payloads completely, Google's error was not realizing this and having it turned on from the beginning.
The first comment I want to take issue with is hostess Denise Howell trying to apply what Google did to laws that may or may not cover connecting to someone's open (unencrypted) wi-fi connection. The comparison isn't valid because Google didn't connect to anything! All they did was listen for and record the signals sent out by those wi-fi hotspots, in much the same way that an FM radio works.
One of the guests claimed that Google obviously knew what they were doing and intended to capture this data, and claimed that not recording the encrypted payloads was proof of that. To me the only thing this proves is that the speaker doesn't understand that Google was using the Kismet software and that's how it works. It also tells me he probably doesn't fully understand how data encryption works, in that it results in data that appears to be random noise except to the two ends of the connection (the hotspot and the connecting computer).
My question to anyone would be, how is what Google did any different than someone sitting in a restaurant or coffee shop overhearing the conversation at the next table? Answer: it isn't any different at all, as the people having the conversation could talk lower or go somewhere private to not be overheard and the wi-fi could be encrypted not to be "overheard". I don't see how anyone who understands the technology involved could claim otherwise.
I could go on with more detail and explanation, but instead let me summarize by saying this. I am offended by what happened, but I'm not offended by Google. I'm offended by the media who think this is newsworthy when it is clearly not and I'm offended by government prosecutors for wasting even one penny of taxpayer money on this. When Google realized their mistake, they should have deleted the data and that should have been the end of it. And I applaud the government agencies who have asked Google to do just that. For those agencies who have asked Google to keep the data until the situation can be resolved, they are clearly interested in harvesting the data for their own nefarious purposes, as the collection of the data that was publicly broadcast is clearly legal and any data would be incomplete anyway as it's unlikely any one hotspot was recorded for any length of time as the Google car was driving down the street.
