Google has been snooping on your wireless network

Google admits it "accidentally" spied on open WiFi nets. Time for the search giant to go on a serious data diet -- before it screws up worse.

Right about now Facebook should be sending Google a bouquet of roses and a box of chocolates, because the search/advertising giant has committed a privacy violation that makes Facebook's recent troubles seem trivial.

The skinny: Google has been Hoovering up data from open WiFi networks around the world -- some 600 gigs' worth, according to the AP -- which is tantamount to wiretapping and may well violate federal and international laws.

Now that I've got your attention, here's some background.

When Google sends its fleet of camera-equipped cars into the streets to snap pictures of your neighborhood for its Street View product, these cars are also collecting something a little extra: The name and unique MAC address of every open WiFi network they encounter along the way.

Google has been doing this for years. So have other companies, like Skyhook. Why? Because it and Skyhook use this information to locate mobile users when GPS and cell towers are either unavailable (because you're indoors) or inaccurate (because the towers are too dispersed).

Here's how this works. The GSV van drives by, snapping pix and collecting the MAC addresses of every open WiFi router it encounters, then matches those addresses up to GPS coordinates. When you open your WiFi/GPS enabled device and ask it to, say, tell you where the nearest ATM is, it may also scan for local MAC addresses, match them to those stored in Google's database, figure out your lattitude and longitude based on the GPS coordinates captured by the van, and give you a more accurate read on where you are.

(I may have gotten some technical details wrong in the above paragraph -- I'm not really a geek, I just play one on television -- but that's my understanding of how this works.)

That alone is somewhat problematic. For one thing, a network ID could contain personally identifiable information, like your name, or something goofy but potentially embarrassing, like "My Neighbors Suck." (They get a lot raunchier than that, FYI.) By the way, if you haven't yet secured your WiFi network with a strong password, now would be a good time to do it. I'll wait.

Google's defense is the same one children use in the schoolyard: other kids were doing it too. The problem with that argument? Those other companies aren't Google. They don't possess a fraction of a percent of the other data Google has. It's like comparing a little league baseball team to the New York Yankees.

Still, it gets a lot worse.

Here's something nobody -- including apparently most of the people at Google -- knew until last week. In addition to the SSID and MAC address, Google's WiFi antennas were also siphoning off unencrypted data as it passed through wireless routers and out onto the InterWebs. That could potentially include email, passwords, Facebook or Twitter status updates, Web sites visited -- really, anything not protected by an encrypted SSL (https:) connection.

Apparently, a bug in the software Google has been using since 2007 automatically collected some of this data. Google itself wasn't even aware of this data collection (and as recently as April 27 firmly denied it). Google only discovered this after the Data Protection Authority in Hanover, Germany, demanded Google audit its WiFi data.

Since then, Google has admitted it screwed up, bad. It's stopped collecting this data and begun deleting it, under the direction of various countries where the data was collected. And it will introduce an encrypted search option next week.

I suppose you could call it an honest mistake. But accidental abuses of data can be just as damaging as intentional ones. If a giant steps on you because it's evil, or if accidentally trips and lands on your head, the result is still the same. You end up squashed.

Think about it this way. If, say, the Obama Administration was found to be sending vans through the streets photographing every home and capturing their WiFi information, there would be Tea Parties in the streets. Glenn Beck would do an entire month of shows about it. Sarah Palin would build her presidential campaign on top of it. It would be HUGE. The administration would probably never recover.

Of course, Google is not the government. But in terms of the volume of information it possesses about ordinary citizens, it's pretty darned close. In some ways, Google knows more about you than Uncle Sam. And there are far fewer rules restricting what it's allowed to do with this information.

All this WiFi data seems like a lot of information collected for a marginal benefit. It's time for Google to go on a serious data diet -- starting today. Because if it doesn't, eventually something really catastrophic will happen to all of that data -- OUR data -- Google so mindlessly vacuums up.

On the positive side, author Dan Tynan is happy to be writing about something other than how Facebook has screwed up (yet again). Discover his less serious side at his geek humor site, eSarcasm, or follow him on Twitter: @Tynan_on_tech.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies