Google Octopus: Street View logs WiFi networks/Mac addresses

[elfismiles]

* Google Street View logs WiFi networks, Mac addresses
http://www.theregister.co.uk/2010/04/22 ... ogs_wlans/

Why are you doing this?, ask Germans

By Andrew Orlowski • Get more from this author

Posted in Government, 22nd April 2010 15:46 GMT

Free whitepaper – Selecting Server Processors to Reduce Total Cost

Google's roving Street View spycam may blur your face, but it's got your number. The Street View service is under fire in Germany for scanning private WLAN networks, and recording users' unique Mac (Media Access Control) addresses, as the car trundles along.

Germany's Federal Commissioner for Data Protection Peter Schaar says he's "horrified" by the discovery.

"I am appalled… I call upon Google to delete previously unlawfully collected personal data on the wireless network immediately and stop the rides for Street View," according to German broadcaster ARD.

Spooks have long desired the ability to cross reference the Mac address of a user's connection with their real identity and virtual identity, such as their Gmail or Facebook account.

Other companies have logged broadcasting WLAN networks and published the information. By contrast Google has not published the WLAN map, or Street View in Germany; Google hopes to launch the service by the end of the year.

But Google's uniquely cavalier approach to privacy, and its potential ability to cross reference the information raises additional concerns. Google CEO Eric Schmidt recently said internet users shouldn't worry about privacy unless they have something to hide. And when there's nowhere left to hide...?

More from ARD here and Der Spiegel, here. The latter describes Google as a "data octopus". ®

... VS ...

* Google backs Yahoo in privacy fight with DOJ
“DOJ wants to read email without warrants…”
http://news.cnet.com/8301-13578_3-20002423-38.html

Google and an alliance of privacy groups have come to Yahoo's aid by helping the Web portal fend off a broad request from the U.S. Department of Justice for e-mail messages, CNET has learned.

In a brief filed Tuesday afternoon, the coalition says a search warrant signed by a judge is necessary before the FBI or other police agencies can read the contents of Yahoo Mail messages--a position that puts those companies directly at odds with the Obama administration.

Yahoo has been quietly fighting prosecutors' requests in front of a federal judge in Colorado, with many documents filed under seal. Tuesday's brief from Google and the other groups aims to buttress Yahoo's position by saying users who store their e-mail in the cloud enjoy a reasonable expectation of privacy that is protected by the U.S. Constitution.

"Society expects and relies on the privacy of e-mail messages just as it relies on the privacy of the telephone system," the friend-of-the-court brief says. "Indeed, the largest e-mail services are popular precisely because they offer users huge amounts of computer disk space in the Internet 'cloud' within which users can warehouse their e-mails for perpetual storage."

The coalition also includes the Electronic Frontier Foundation, the Center for Democracy and Technology, the Progress and Freedom Foundation, the Computer and Communications Industry Association, and TRUSTe.

For its part, the Justice Department has taken a legalistic approach: a 17-page brief it filed last month acknowledges that federal law requires search warrants for messages in "electronic storage" that are less than 181 days old. But, Assistant U.S. Attorney Pegeen Rhyne writes in a government brief, the Yahoo Mail messages don't meet that definition.

"Previously opened e-mail is not in 'electronic storage,'" Rhyne wrote in a motion filed last month. "This court should therefore require Yahoo to comply with the order and produce the specified communications in the targeted accounts." (The Justice Department's position is that what's known as a 2703(d) order--not as privacy-protective as the rules for search warrants--should let police read e-mail.)

On December 3, 2009, U.S. Magistrate Judge Craig Shaffer ordered Yahoo to hand to prosecutors certain records including the contents of e-mail messages. Yahoo divulged some of the data but refused to turn over e-mail that had been previously viewed, accessed, or downloaded and was less than 181 days old.

A Yahoo representative declined to comment.

"This case is about protecting the privacy rights of all Internet users," a Google representative said in a statement provided to CNET on Tuesday. "E-mail stored in the cloud should have the same level of protection as the same information stored by a person at home."

That is, in fact, the broader goal of the groups filing Tuesday's brief. They're also behind the new Digital Due Process Coalition, which wants police to be able to obtain private communications (and the location of Americans' cell phones) only when armed with a search warrant.

Under a 1986 law written in the pre-Internet era, Internet users enjoy more privacy rights if they store data locally, a legal hiccup that these companies fear could slow the shift to cloud-based services unless it's changed.

The judge should "reject the government's attempted end-run around the Fourth Amendment and require it to obtain a search warrant based on probable cause before searching and seizing e-mails without prior notice to the account holder," the coalition brief filed Tuesday says. The Bill of Rights' Fourth Amendment prohibits unreasonable searches and, in general, has been interpreted to mean warrantless searches are unreasonable.

The legal push in Colorado federal court, and a parallel legislative effort in Congress to update the 1986 Electronic Communications Privacy Act, is likely to put the coalition at odds with the Obama administration.

A few weeks ago, for instance, Justice Department prosecutors told a federal appeals court that Americans enjoy no reasonable expectation of privacy in their mobile device's location and that no search warrant should be required to access location logs.

The U.S. Attorney's office in Colorado did not immediately respond to a request for comment.

Update 8:15 p.m. PDT Tuesday: I've heard back from a Justice Department representative who says he'll be able to answer questions on Wednesday after he talks to the cybercrime section.

Update 9 a.m. PDT Wednesday: The Electronic Frontier Foundation has posted a statement on the case, with EFF attorney Kevin Bankston saying: "The government is trying to evade federal privacy law and the Constitution." Yahoo's brief is also worth noting. Like the coalition's filing, it argues that "users have a reasonable expectation of privacy in their e-mails" and says the Fourth Amendment requires police to obtain a warrant to peruse stored messages. And it confirms that prosecutors want "all e-mail" in the targeted Yahoo Mail accounts, even if it's not relevant to the investigation or could include documents protected by the attorney-client privilege.

Update 9:30 a.m. PDT Wednesday: Yahoo has sent over a statement saying: "Yahoo values our trusted relationships with our users and works to protect their privacy while at the same time fulfilling our legal responsibilities. Yahoo's filing in this matter is a public document. Beyond what is contained in that document, Yahoo has no comment on the specifics of the case."

Update 2:20 p.m. PDT Friday: An important update: The Justice Department has abandoned its request for Yahoo e-mail messages. Here's our followup story.

[psynapz]

I assume this has to do with location-aware services.

If you have a cellphone or iPhone or whatever, it can figure out your approximate location based on cell tower triangulation. This is data fed back to you from the nearest tower, all of which know your device's (your!) approximate location and direction of movement at all times, for all time. They keep that record, and it has been admitted that it is routinely subpoenaed both historically and in realtime for criminal investigations, where they may not only know you tend to congregate in space with Drug Dealer X's mobile, Organized Criminal Y's crackberry, and Easily-Turned Future Informant Meth-head Bitch Girlfriend Z's iPhone, but that you're all together right now at Crack House A, where they can remotely activate your microphone to listen in on your incriminating dialogue, so as to build a scary case with which to lean against Z so she can catch the Big Deal going down next weekend.

All so you don't have to tell Google Maps where the hell you are now, in relation to where you're trying to be. Or tell UrbanSpoon you want a Mongolian barbecue joint somewhere downtown, not uptown. Without typing in your current whereabouts into the "From" field.

But if you have an iPod Touch or an iPad that only does WiFi, for instance, then the location-awareness system has to rely on the known location of the nearest WiFi network, such as public hotspots like the nearest Starfucks. So if you're in a residential neighborhood and the street signage sucks, your host WiFi network's MAC address can be passed to a lookup service where anyone can voluntarily register their WiFi network's geo location, to be passed back to your trendy little hunk of silicon and tantalum so you can figure out which way to your booty call. If that network is registered.

So apparently Google has found yet another way to play a chilling game of chicken with our privacy rights by piggybacking WiFi network geo location capture on top of their roving panoramobiles, presumably to feed a big open database of WiFi network addresses and GPS coordinates.

Damn handy if you've got nothing to hide. Damn scary if you're trying to organize a peaceful social revolution with your trendy mobile-subscriber friends.

[Joe Hillshoist]

Said it before, and I'll say it again.

Throw your mobile phone off a bridge.

[elfismiles]

"OOPS, she did it again!"

Front page of drudge...

Whoops! Google says mistakenly got wireless data

Alexei Oreskovic
SAN FRANCISCO
Fri May 14, 2010 6:04pm EDT


(Reuters) - Google Inc said its fleet of cars responsible for photographing streets around the world have for several years accidentally collected personal information that consumers send over wireless networks.

The company said on Friday that it is currently in touch with regulators in several countries, including the United States, Germany, France, Brazil and Hong Kong, about how to dispose of the data, which Google said it never used.

"It's now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks," Google Senior VP of Engineering and Research Alan Eustace said in a post on Google's official blog on Friday.

Google, the world's largest Internet search engine, did not specify what kind of data it collected, but a security expert said that email content and passwords for many users, as well as general Web surfing activity, could easily have been caught in Google's dragnet.

"The bottom line is a lot of personal content is definitely available in open WiFi hotspots," said Steve Gibson, the president of Internet security services firm Gibson Research Corp.

He noted that most non-Web based email products, based on the POP and IMAP standards, do not encrypt log-in information or the messages people send. And he said that Google's own web email product, Gmail, has only in recent months encrypted the email messages that users send after their initial sign-on, which has been encrypted.

Google's Street View cars are well known for crisscrossing the globe and taking panoramic pictures of the city streets, which the company displays in its Maps product.

Collecting the WiFi data was unrelated to the Google Maps project, and was done instead so that Google could collect data on WiFi hotspots that can be used to provide separate location-based services.

Google said the collection of data was a simple mistake resulting from a piece of computer code that was accidentally included from an experimental project. Google said it became aware of the mistake in the past week, shortly after telling a German regulator that it was not collecting such information.

A Google spokesperson said the Street View cars have been collecting the information since 2006 in more than 30 countries.

"As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible," Google's Eustace said, noting that Google had "failed badly" in maintaining its users trust.

(Reporting by Alexei Oreskovic, editing by Leslie Gevirtz and Bernard Orr)

http://www.reuters.com/article/idUSTRE64D60E20100514

Google Says It Mistakenly Collected Data on Web Usage
By JESSICA E. VASCELLARO

Google Inc. said an internal investigation has discovered that the roving vans the company uses to create its online mapping services were mistakenly collecting data about websites people were visiting over wireless networks.

The Internet giant said it would stop collecting Wi-Fi data from its StreetView vans, which workers drive to capture street images and to locate Wi-Fi networks. The company said it would dispose of the data it had accidentally collected.

Alan Eustace, senior vice president of engineering and research for Google, wrote in a blog post that the company uncovered the mistake while responding to a German data-protection agency's request for it to audit the Wi-Fi data, amid mounting concerns that Google's practices violated users' privacy.

Google had previously said it was collecting the location of Wi-Fi hot spots from its StreetView vehicles, but not the information being transmitted over those networks by users.

"It's now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) Wi-Fi networks, even though we never used that data in any Google products," wrote Mr. Eustace. "We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake."

Google said it has been collecting and keeping the data since around 2007. At that time, the team building the software to gather the location of Wi-Fi hot spots mistakenly included some experimental software that sampled all categories of publicly broadcast Wi-Fi data.

"It is another example of the how the company hasn't effectively grappled with the massive amount of information it collects," said Jeffrey Chester, executive director of the Center for Digital Democracy.

Due to the mistake, Google could have collected information about which websites people were accessing, from online videos they were watching to emails they were sending.

But Google would only have collected data if the website and the Wi-Fi connection weren't secured. Many major websites that carry personal information, such as financial-services sites, are encrypted so no data from such services were collected, a Google spokesman said. Mr. Eustace wrote that Google only had "fragments" of data, since its cars were on the move.

Google uses the Wi-Fi data to improve its location-based services. By having a database of Wi-Fi hot spots, Google can identify a mobile user's approximate location based on cell towers and Wi-Fi access points that are visible to their device. A Google spokesman said the company would continue to offer those products.

The disclosure comes as Google's collection of Wi-Fi data—along with other real-life imagery it uses in its mapping services—have come under intense scrutiny from some privacy advocates, specifically in Europe. In April, Google moved to defend the service and what it collects in a lengthy blog post in which it said it did not collect or store payload data.

Write to Jessica E. Vascellaro at jessica.vascellaro@wsj.com

http://online.wsj.com/article/SB1000142 ... 01220.html

[elfismiles]

“Operation Wardrive”

Austin Police Department announces “Operation Wardrive”
http://effaustin.org/2011/09/austin-pol ... -wardrive/

APD Ends Bizarre Plan to Sniff Out Open WiFi Connections
http://www.austinpost.org/content/apd-e ... -it-begins

APD postpones "Operation Wardrive" - kvue.com Austin
http://www.kvue.com/news/local/APD-cond ... 18768.html

Flashback: Mission Creep: RIAA / NDAA Training for Privacy Invasion
http://www.anomalymagazine.com/zine/200 ... -invasion/
http://www.youtube.com/watch?v=w5VbII56Ma4

On the heels of the Google Wifi Sniffing Controversey.

And their website is http://www.Rabbit-Hole.org ?!?

Dutch Troublemakers Turn Surplus Army Target Drone Into Autonomous Wi-Fi Sniffer
By Rebecca Boyle Posted 08.16.2010 at 1:16 pm

WASP Wi-Fi Hunter The friendly-looking homemade WASP drone can find Wi-Fi hotspots. Hak5 via sUASNews
Tired of driving around, laptop open on the passenger seat, searching for a wi-fi hotspot? The WASP, a flying wi-fi sniffer, can make the task easier.

It's an Arduino-powered aerial drone modeled, perhaps appropriately, after a Russian Cold War MiG jet. WASP stands for "Wi-fi Aerial Surveillance Platform." The folks at Rabbit Hole have detailed instructions on their Web site.

The plane is a surplus U.S. Army target drone, and is much bigger than your average RC aircraft. Controllers fly it for takeoff and landing, but when it's in the air, it automatically follows GPS coordinates the hacker team has plotted using Google Earth.

It has a wi-fi card in the nose that points downward, affording a 60-degree cone arc of coverage. At roughly 400 feet of altitude, it provides 1,000 square feet of coverage, according to one of the developers, Rich -- whose last name isn't given in this video from Hak5.

It also has a 3G cellphone and a cheap camera on board, allowing controllers to change the plane's direction if they see something interesting.

As the project's Web site says, the drone could "offer cyber-offensive and defensive capabilities, and visual/electronic surveillance over distance cheaply and with little risk."

It could be used for penetration testing of wireless networks, for instance. Other than that, the developers aren't clear about what they hope to do with their plane. But as sUASNews puts it, getting the attention of aviation authorities will probably be one of the first outcomes.

http://www.suasnews.com/2010/08/587/wi- ... form-wasp/

http://www.popsci.com/diy/article/2010- ... -questions

One Drone Thread to Rule them ALL
viewtopic.php?p=353209#p353209