Google employees can connect to the Guest network. But it's slow and you can't connect to the corporate network (like your work Gmail, Calendar, etc.) so you don't. They just assume you're smart enough to know that.

More importantly, the Federal CALEA wiretapping law basically requires any ISP (including corporations, colleges, and other organizations that provide 'net access to their community) to record the identity of anyone given access to their network so that law enforcement agencies can gain access to usage logs.

The fact that Microsoft chose to conform with the letter of this law is to be expected; rather, the fact that Google's lawyers somehow decided they didn't have to do the same is surprising, at least to me.

Its possible that the argument is that all visitors at Google are recorded and thus those logs are the same as logging network users.

Curious though, I glanced briefly at the wikipedia article ( http://en.wikipedia.org/wiki/Communications_Assistance_for_L... ) and it seems mostly about hardware needing to be CAPABLE of logging, not always logging already. Can you explain your first statement?

My understanding is that CALEA effectively requires you to associate an identity with each active network node, so that requests for a "wiretap" could be addressed more or less in real-time, rather than after the fact. Being able to tap into hardware to observe active network streams is only one piece of the puzzle; you also have to be able to figure out which connections belong the the subject of the wiretap request, which in most cases means associating a name with an IP address.

The specific CALEA statute sections you're referencing are related to the "capability" to log detailed activity--not a mandate to do so outside of the auspices of wiretap warrant.

To limit exposure under common carrier safe harbor, and consequentially insurance premiums, most ISPs maintain only sparse activity logs and flush those on a periodic cycle.

These policies may also differ radically due to compliance with municipal and state laws (CALEA is federal) and/or private contractor facilities where "sensitive, classified, etc." work is undertaken.

To use an analogy, the phone company doesn't/can't record your conversations on a routine basis, merely the initiating and terminating routes. Still, they must have the "capability" of complying with a wiretap's mandates if called-on to do so. Don't get me started on the "warrant less wiretaps" fiasco.

I suspect that Microsoft could just as easily have an open WiFi network, but fine-grained policies go hand-in-hand with their corporate culture. Some would argue that Google's course-grained policies create their own set of problems. For a similar example, look at how hardware provisioning and technical support is done at both companies.

That's exactly what I meant -- they have to have the ability to associate an identity with an IP/active network connections, which usually means recording it at the time that access is first granted. (Doing otherwise usually indicates the to subject of surveillance that they are being watched, which is generally considered undesirable by the watchers.) Noting someone's name along with their DHCP lease is very much not the same thing as recording all traffic to and from that IP.

Interesting. How do coffee shops and airports get this information?

I would presume that most coffee shops have no idea that CALEA even exists. The airport question is a good one, though -- they've obviously pretty security-minded (however poorly they may implement said security), so I would assume they've found some middle ground that allows them to offer "anonymized" access.

Of course, any paid access immediately associates a name with an IP: the person on the credit card used to charge the access.

So you're telling me a big chain like Panera breaks the law and nobody says anything?

Except if you pay with cash.

Google public access has a captive portal requiring you login using your google account.

Google public access is NOT the on-campus Google Wifi.

On campus theres some Wifi network that is open and unrestricted. The public access one has a public portal (and vastly lower coverage in Mountain View last time I checked.)

Not one I've ever used.

normal, but silly.