This is just denying a dismissal of the suit, but it's pretty interesting. I'm still reading the opinion, but the court's reasoning appears to be that wifi shouldn't be considered a "radio communication" under the wiretap act because it didn't really exist at the time it was written (and doesn't really belong in a category with things like traditional radio systems), but, as "electronic communication", they find open wifi is not "readily accessible to the general public".
There is a distinction to be made here, but I'm worried about that particular one. It seems like it would be better to make it on something like accessing the data not meant for you and storing it/processing it (something closer to many privacy laws). Criminalizing the access of open wifi seems like it will quickly become problematic, and I'm sure some enterprising DAs will find it the perfect tool for some case they're having trouble making stick.
That said, this is just denying a dismissal, so we could get more nuance if this goes to trial.
That's exactly what I mean. The collection is the problem, but the court ruled on the phrase "readily accessible to the general public" (to be fair, though, that was the basis of the motion to dismiss and it would have been a stretch to expand the ruling). Anyone accessing an open wifi point is seeing other people's traffic. It's looking at it and storing it that seems to be the problem, but that's not the distinction the wiretap act makes.
I would hope the eventual decision is that unencrypted wi-fi is like CB radio or even a loud conversation in a public place. Practically, it's trivial for others nearby to overhear, even incidentally to their own use of the same shared medium, so people should expect it. If you want privacy, add some level of scrambling... and then penalize effortful descrambling, that violates an effortful expectation-of-privacy.
Ooh, massive privacy violation on one side, and on the other side Google is getting in trouble for grabbing data weev-style without having to hack into a network.
The discussion here should be fun one way or the other.
Indeed, should be interesting how we decide to balance laws that have to essentially apply to both individuals and global megacorps.
Certainly it would be weird if a computer activity that were legal if done by a person suddenly becomes illegal if done by a company that brings on one more new hire, make one more dollar of revenue, etc.
But at the same time we do have those kind of different requirements elsewhere in law for "real life" things since the scale is way different, so it's not as if there would be no precedent.
I doubt a collection of incidental packets from random unsecured access points recorded years ago would be terribly useful to them.
I personally don't think sniffing packets on an open WiFi network should necessarily break wiretapping laws. Or at least not the same laws. Bugging someone's phone just feels like a more serious crime to me than packet sniffing an unprotected network.
More like a massive new interactive map with dot for my home router instead of a Waze comment for the NSA spooks to look at.
I append _nomap to my SSID name in hopes that they wont collect the data they are scanning when they drive by. The word collect has different meanings these days so they may be storing the info but not look at it...
If you are using WPA2, the only thing they're going to be collecting is a long/lat -> SSID map. This is very useful for assisting in geo-location, so I don't know why you'd want to turn it off.
If you have SSID broadcasting enabled, it's public, and it helps other people detect your network, including those outside your home, easily.
I don't see how knowing your SSID/location is any worse than geo-IP, either way, your location can be identified a good majority of the time.
The real purpose of this system is to enable location API on the client without waiting for satellites. It's only going to get worse with BlueTooth LE beacons, which will soon be showing up everywhere and pinning your location down to the nearest meter indoors.
Would you mind citing specifically where the court says the collection of data packets was intentional? I'd prefer not to read the whole document, and as a casual observer of the case that comes as a surprise.
Why would Google intentionally save random stray packets of unencrypted wifi networks? What purpose would that serve?
Google didn't collect the data "by accident". A Google engineer wrote code to specifically capture wi-fi data. However, this was not sanctioned by higher management and Google argued that the engineer acted independently and that they had never intended to capture the wi-fi data.
Fair enough, I probably used the wrong words there. My point was that it's not like Google had some project to build better advertising profiles of you by driving to your home and sniffing your traffic. Assuming they didn't actually do anything with the collected data and had no intentions to do anything with it, the fact that it was collected doesn't seem like that big a deal to me.
I'm not sure it's fair to expect privacy for your unencrypted data that's being broadcast on any unencrypted network. To me, that feels like reading someone else's postcard. It's not a cool thing to do, but is it really like wiretapping?
I agree that their response to this news does not inspire, but I wonder if that was an attempt to minimize what had the potential to be really bad PR.
I think it's unfortunate that this is the case that is forming a discussion around Google and privacy. There are important, unanswered questions about what Google and similar companies do with data about you. But what they do with packets they saved essentially by accident a few years ago is not one of them.
Google has a rapacious appetite to collect data of every kind. They also seem to have a casual and lax attitude to the collection of that data. I really don't think they take privacy that seriously at all (security and privacy are not always the same things).
Just to recall some facts about Google's wi-fi exploit : various regulators around the world have mostly agreed with Google's assertion that it did not deliberately plan to collect wi-fi data. Yet this incident also suggests a lax internal culture towards gathering data. This incident occurred without consequence for Google until it was discovered by external investigators.
The US Federal Communications Commission (FCC), when they were investigating Google over this matter, said that Google had "deliberately impeded and delayed" the investigation for months.
Earlier this year, Google were given 35 days to delete wi-fi data by the UK Information Commissioner's Office. Google had earlier pledged to destroy additional discs containing private data but had failed to do so. Does this sound like a company where privacy and data collection are treated with high importance?
Let's not forget that Google collects a phenomenal amount of tracking data. Sure, they take security seriously, but do they take privacy seriously?
I don't totally disagree with everything you say, but my understanding is that Google was between a rock and a hard place because one branch of government was asking Google to delete the data, while another was asking them to keep it.
There is a distinction to be made here, but I'm worried about that particular one. It seems like it would be better to make it on something like accessing the data not meant for you and storing it/processing it (something closer to many privacy laws). Criminalizing the access of open wifi seems like it will quickly become problematic, and I'm sure some enterprising DAs will find it the perfect tool for some case they're having trouble making stick.
That said, this is just denying a dismissal, so we could get more nuance if this goes to trial.