FCC Investigating Google Street View Wi-Fi Data Collection

adeelarshad82 writes "The Federal Communications Commission is looking into whether Google's Street View Wi-Fi data collection violated the Communications Act. At issue is a May admission from Google that equipment attached to its Street View cars collected data that was traveling over unencrypted Wi-Fi networks, known as payload data. At first Google said it did not know if that data included personally identifiable information, but the company admitted last month that it did include entire e-mail addresses, URLs, and passwords. Google has pledged to work with the FCC."

Re:Why? WHY???

[The Salamander]

Access point MACs, signal strength, and latitude / longitude coordinates gives you a geolocation database you can use to calculate your position via WiFi, ie: skyhook.

Re:Why? WHY???

[TheClarkster]

The software they used was had a log of the traffic data. They did not know about it, they didn't plan to collect it. And the moment they found out about it they told everyone. If they had just silently deleted it no one would have known. But Google felt it was best to be open about their mistake.

Re:Why? WHY???

[Stuntmonkey]

The point of collecting information on wifi hotspots is to do more accurate geospatial targeting. Mapping IPs to lat/long is very coarse, since it maps to your ISP. With a database of wifi hotspot locations you can do much better. And given that they're driving around anyway to take street view photos, it doesn't cost Google anything to collect this data.

Now about recording the text information traversing unprotected hotspots -- which is the part of this that has people concerned -- that apparently was unintended. The explanation given by Google is that they were using some open source library that by default logged this information. Honestly I don't see that it would do them much good to do random packet sniffing like this, so I personally can't see a nefarious motive here although I do know we have some paranoid people in our midst.

Re:Why? WHY???

[cdrguru]

Just MAC and SSID? Well, you might be interested in the fact that the MAC is pretty much a vendor-specific ID, meaning that in most cases you can correlate the MAC to a vendor and model. What this means is that by collecting MAC addresses you can build a database of router vendors and models.

Manufacturers and retailers will then beat a path to your door to buy that database for marketing purposes. That is the true value of collecting that information.

Absolutely Google sells data like this and makes plenty from it.

Re:Why? WHY???

[Anonymous Coward]

You need to examine Skyhook's web-site more closely...

http://www.skyhookwireless.com/howitworks/coverage.php/ [skyhookwireless.com]

"To develop this database, Skyhook has deployed drivers to survey every single street, highway, and alley in tens of thousands of cities and towns worldwide, scanning for Wi-Fi access points and cell towers plotting their precise geographic locations."

Re:Why? WHY???

[TheEyes]

They didn't do it on purpose. [blogspot.com]

"Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data. "

In other words, they did what every other software engineer does: they reused old code to get a job done. This time the code happened to have a bug in it, or rather an unintended consequence, that collected snippets of people's personal information as the vans drove by people's unencrypted wifi connections, which they've since publicly admitted and gone on to delete, or at least they would have deleted it except now they can't because all the lawyers have gotten involved and want to extract money/publicity to themselves by suing Google.

The whole thing is a giant tempest in a teapot. Even worse, it's a major distraction from real, more important, privacy issues.

Re:Why? WHY???

[_Sprocket_]

Having played with Kismet (which is what Google is using [slashdot.org]), it seems to me that it's really easy to accidentally capture packet payloads. Kismet will dump payloads in to handy pcaps by default.

Wardriving generally sucks for data capture. It's good for surveying (its interesting to see the proliferation of WAPs and secured APs at that... and some people choose really amusing SSIDs). But driving around alters signal strength which means losing packets. You're also channel hopping which means losing packets. If you really want to log people's data, you wardrive first to identify targets then come back and listen to just that (or a very small subset) of targets.

Re:Why? WHY???

[icebike]

Why would they even REMOTELY think this was a good idea? What's the point of Google collecting this kind of information

Have you been asleep for the last 6 months?

It was an error, they didn't even know they were collecting it and never used it for anything. They simply filtered out the beacon data to locate wifi hot-spots. None of these wifi hot-spots were encrypted

Google themselves reported this when they discovered they were collecting way more data than they wanted. But even Google didn't look into the data and see what was there.

Governments demanded the data, and THEY began sifting it and gathering email addresses. Now WHO violate the laws? Seems to me the government busybodies sifting thru the data that google never even looked at are the guilty ones.

How in gods name can you be so unaware of the details of this incident after all this time?