Monday, June 14, 2010

Google Wi-Spy Scandal Update: Company Had "Criminal Intent"

The Google Wi-Spy scandal is looking more and more like the makings of a great screen play for the next dystopian techno-future thriller...coming to theaters near you.

Of course, there's always the far out possibility that Google is telling the truth and they just happened to be sucking up all this user data on accident, but I find that just a tad hard to believe.

For those unaware, here's the backdrop: A few weeks ago the corporate giant admitted (after lying at first) that its StreetView cars were gathering private information from unaware local residents as they photographed neighborhoods - yet again demonstrating the company’s lack of concern for privacy and the need for government inspection of the data the company is collecting and storing.

Google first revealed that Street View cars were collecting wireless data in April, but said that no personal data from Wi-Fi networks was involved. But an audit requested by German regulators forced the company to admit, or "discover", that it indeed HAD been collecting and storing everything from email addresses to web searches.

As a result, a host of suits have been filed by people accusing Google of violating their privacy and breaking the law. Since then Google has been ordered to make two copies of a hard drive containing data from the United States and turn them over to the court.

Three U.S. lawmakers, concerned Google may have violated U.S. privacy laws, also took action, asking the company to tell them how much personal data was gathered. California Republican Representative Joe Barton, California Democrat Henry Waxman and Massachusetts Democrat Edward Markey said in a letter to Google's Chief Executive Eric Schmidt that they also wanted to know how Google planned to use that information.

Lawyers suing Google have asserted that the company deliberately programmed its Street View cars to collect private data from open Wi-Fi networks, despite claims to the contrary. This assertion has been backed up by an independent report by Privacy International (PI) that details what kind of data Google's code did and did not collect, as well as how it was processed and stored.

The program, called "gslite", sniffed packets from unprotected WiFi networks as Google's Street View cars rolled down the street, separating out encrypted and unencrypted content. The encrypted data was dumped while the unencrypted data was then written to the car's hard drive.

Because of this specific behavior of the program, PI says it's clear that Google made no mistake at all—"It is a criminal act commissioned with intent to breach the privacy of communications," wrote PI. The group says that some jurisdictions allow for accidental interception of data, but that Google clearly had "intent to intercept" and therefore is in violation of criminal law.

Also indicating "intent" on Google's part was the discovery of a patent application describing a method to increase the accuracy of location-based services — services that would allow advertisers or others to know almost the exact location of a mobile phone or other computing device. The patent application involves intercepting data and analyzing the timing of transmission as part of the method for pinpointing user locations.

The so-called “776″ patent application, published by the U.S. Patent and Trademark Office in January, describes “one or more of the methods” by which Google collects information for its Street View program.

According to former prosecutor Paul Ohm, Google “likely” breached a U.S. federal criminal statute — but not for siphoning private data from internet surfers using unsecured networks. Ohm believes Google didn't violate wiretap regulations, but instead might have breached the Pen Register and Trap and Traces Device Act for intercepting the metadata and address information alongside the content.

“I think it’s likely they committed a criminal misdemeanor of the Pen Register and Trap and Traces Device Act,” said Ohm, a prosecutor from 2001 to 2005 in the Justice Department’s Computer Crime and Intellectual Property Section. “For every packet they intercepted, not only did they get the content, they also have your IP address and destination IP address that they intercepted. The e-mail message from you to somebody else, the ‘to’ and ‘from’ line is also intercepted.”

...

Ohm and other privacy scholars suggest that loopholes would make it difficult for the government to bring a wiretapping case. Wiretap Act violations are felonies, and the act can be invoked in civil court.

As far as a criminal court goes, it is not considered wiretapping “to intercept or access an electronic communication made through an electronic communication system that is configured to that such electronic communication is readily accessible to the general public.”

It is not known how many non-password-protected Wi-Fi networks there are in the United States.

If this isn’t illegal to do this, then it could be OK for the government,” said Kevin Bankston, an Electronic Frontier Foundation attorney.

Click here to read more.

In other words...this is getting good.

No comments: