Google Describes Wi-Fi Sniffing In Pending Patent

theodp writes "After mistakenly saying that it did not collect Wi-Fi payload data, Google had to reverse itself, saying, 'it's now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) Wi-Fi networks.' OK, mistakes happen. But, as Seinfeld might ask, then what's the deal with the pending Google patent that describes capturing wireless data packets by operating a device — which 'may be placed in a vehicle' — in a 'sniffer' or 'monitor' mode and analyzing them on a server? Guess belated kudos are owed to the savvy Slashdot commenter who speculated back in January that the patent-pending technology might be useful inside a Google Street View vehicle. Google faces inquiries into its Wi-Fi packet sniffing practices by German and US authorities."

Terrible summary, yellow journalism at its finest

[ukyoCE]

operating a device — which 'may be placed in a vehicle' — in a 'sniffer' or 'monitor' mode and analyzing them on a server?

As scary as the poster tries to make this sound, this is how you listen for public access points. This post is a scare-mongering dupe.

Yellow journalism is getting to be awfully common here on Slashdot. For instance this troll of a story which just so happens to be from the same author:

http://developers.slashdot.org/article.pl?sid=10/05/21/1427245 [slashdot.org]

Re:xmmm

[Daengbo]

There is no reading comprehension in the world, apparently. This patent is about what Google claims it was trying to do -- recording SSID and MAC information for location purposes. It has nothing to do with the "mistaken" data packets (sent unencrypted over the air). How the submitter connected the two, I don't know. I suspect lack of coffee and excess Google hate.

Re:Google is full of it

[shentino]

They can make mistakes on what part of the packet they sniffed.

A more accurate analogy would be going fishing for tuna and accidentally catching a dolphin.

Re:WTF?

[jibjibjib]

Because (as a little bit of common sense or a minute of reading the article would tell you) the patent is longer and more detailed than the Slashdot summary and actually describes a specific non-trivial innovation.

Re:Google is full of it

[bk2204]

The difference here is that they actually intercepted data by mistake. If you use Kismet [kismetwireless.net] (probably the best wireless sniffing tool for Linux), you can set it to not save data packets, only beacon packets (which really have all the data that Google needs), but by default, it saves everything, including any data packets it sees (encrypted or unencrypted).

It depends on what you're doing what packets you want. If you're trying to break WEP, you only care about encrypted data packets; if you're just doing innocent wardriving, you only want the beacons.

Re:What website is this again?

[ZosX]

No. Not strictly broadcasting an SSID, but open, unencrypted networks are much more of a grey area. Did someone leave the AP open so they could share? Is it a businesses AP for their customers and anyone else that might be able to get it? Consider that just about every new ap out there has encryption enabled by default. Obviously someone had to open up the AP, or they are running an ancient 802.11b device. Anymore open APs are pretty much the exception the the norm. I say if its open, you might as well try to get a signal if you can. I love my G1 for that since an AP is generally a lot faster than the 1mbit, 500ms latency 3g connection.

Re:Mr Hyde?

[LordLimecat]

Did you miss the part where everyone already knew they were sniffing packets to determine location, and that was never being denied? The issue has always been whether payload data was being recorded. See here: http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html [blogspot.com]

Im sorry if I come off as a google apologist, defending them all the time, but my goodness people just seem to want to ignore fact and the actual articles, so they can wildly speculate about what awful things google is doing. My understanding was that Slashdot, as a site for geek news, would be some kind of bastion of reason and intellect. Clearly, I must be new here.

Raw packets

[Anonymous Coward]

Here is a good technical description from a packet level:
http://erratasec.blogspot.com/2010/05/technical-details-of-street-view-wifi.html [blogspot.com]

Re:Really bad PR for Google

[butlerm]

The point is, that even if it's not "locked down" and may even appear to be open, behaving this way in a residential area is tantamount to trespassing

Using someone's service to actually send and receive Internet traffic is a completely different situation from analyzing unencrypted data packets. As in significantly different legal standards apply. In this case, it is ridiculous to consider passively listening to unencrypted traffic to be "trespassing", any more than parking on the side of the street would be.

I. As it happens, the Electronic Communications Privacy Act states "It shall not be unlawful under this chapter...to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;" (18 USC 2511, 2(g))

The wisdom of capturing traffic from a system configured so that the communication is "readily accessible to the general public" aside, Congress certainly doesn't consider such things to be a legally prohibited privacy violation. Otherwise it could be illegal, for example, to listen to a CB ("citizens band") radio just because the conversation was not addressed to you.

Now as it happens, it is illegal to listen to phone calls on certain bands, and Congress has made such traffic not readily accessible by prohibiting the manufacture and distribution of amateur radios, etc. that can listen on those bands. As of yet, Congress has not prohibited the sale and distribution of wireless network adapters, however, nor prohibited such adapters from transmitting traffic "readily accessible to the general public".

II. Besides the ECPA, a much older law governs what you can actually do with the contents of wireless transmissions not intended for you. Specifically, you cannot disclose the contents to others, nor can you use them for your own private benefit (cf. 47 USC 605). So it would seem that Google can legally capture the traffic, but they can neither disclose it, nor use the contents even for their own proprietary benefit.

There is a specific exception to this provision for viewing unencrypted satellite transmission under certain conditions, but no visible exception for divulging or making private benefit of (unencrypted) wireless network transmissions.