Warning: Rant ahead...proceed with caution.
If you want to read one of many articles about what I'm going to talk about, look here: http://www.wired.com/threatlevel/2010/06/google-wifi-sniffing/ or just google "google wifi legal".
Google recently launched a project which was to help map out wi-fi hotspots and connectivity in relation to physical geographic location. They have done similar projects in the past like the "street view" many of us have seen on Google Maps (where you can type in an address and then click on Street View and actually SEE a picture of the building, street, etc.).
Well, as a consequence of how they did this wi-fi mapping project, they also collected a bunch of random wi-fi traffic. I won't go into all the technical details, but basically, if you have a wireless router, it runs in a "broadcast" mode, which means that all the traffic being sent back and forth between your laptop and the router is "out in the air" for everyone within range to see - much like a radio or TV station broadcasts their signals, but on a much smaller scale. Of course almost any modern router can be configured to encrypt this traffic, so that only the device that initiated a particular connection can decrypt its own traffic (and no one else's). Which is totally fine for the purposes of what Google was trying to accomplish - they didn't care WHAT the data being sent back and forth was, all they cared about was the unique ID of the router and mapping that to where geographically they were at when they picked up the signal.
However...not everyone configures their routers to encrypt traffic, sometimes intentionally - if you configure for encryption, you must have a password to connect to the router, and if you want a router to be an "open hotspot" like they have at coffee shops, etc. then you can't be set up for encryption. So, while Google was capturing the data it actually wanted (the router ID, etc.) it also captured bunches of random unencrypted data.
The amount of data they "collected" from any one router was 5 seconds or less.
Despite all of that, various law enforcement and legal branches of countries around the world have decided that this was not an accident, that Google must have had malicious intent, and that they should be prosecuted.
There are MANY problems with this. So here we go...
1) Google didn't do anything that ANYONE else with a wireless device can't do. Sure, they did it on a large scale, but if the owner of a router is making their router "open" by not encrypting traffic, they are assuming the risk of all their traffic being seen BY ANYONE who is in range of that router. Period. End of story.
2) Google has the LEAST motivation or anyone to use such a manpower-intensive method to try and potentially collect personal data, given that they have more data available to them than anyone on the planet with searches, gmail, etc. (yes, you should all remember that we all TRUST Google when we use all their great neat free stuff - all our "personal" data is still on THEIR servers somewhere). If they were really after the kind of data you can get doing random wi-fi captures, they have much better, easier, quicker, and cheaper ways of doing it.
3) Google has been cooperative, shown how this process works and turned over all their source code, and has followed the requests made of many countries to either given them the data collected, destroy it, etc. They don't want it, need it, and don't care if it's just destroyed.
The reason this bothers me so much is that all of this has now entered the political, corporate, etc. realm. We are spending time, energy, and resources prosecuting something that doesn't need to be prosecuted, when we don't even have a legal system that is capable of keeping up with the "real" technology bad guys out there. So since we have no laws or means of finding the people that need to be found and prosecuted, we're prosecuting the big, visible target because it's available.
The message that SHOULD be coming out of all of this is that it is YOUR responsibility to manage YOUR privacy in this networked world. If all router owners configured for encryption, this would have been a non-issue. And people need to realize that whatever they put out onto the internet, "in the cloud" is out there and is no longer completely in your control. Not only do you trust someone like Google or Facebook to keep your data private (and even then THEY have access to it should they choose to) but you also trust your ISP, phone service provider, etc. because THEY have access to everything you do, should they choose to. It is certainly in all these companies best interest to provide you with privacy but there is no guarantee of that.
You can have your opinion about how much power Google is going to wield as time goes on with how much information and data they have and control. And that should be watched. But our legal system needs to be changed or updated to handle the fast pace that our world changes.
Subscribe to:
Post Comments (Atom)
1 comment:
Well I can understand people's confusion and concern. When was the last time you saw a giant mega-corp not doing something evil?!
Post a Comment