[governance] Google Wi-Fi gaffe breached Privacy Act

Imran Ahmed Shah ias_pk at yahoo.com
Tue Aug 21 22:27:46 EDT 2012


Ronald, please have a look onto the following articles at "computerworld":
 
    Google Analytics breaks Norwegian privacy laws, local agency said 
    http://www.computerworld.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/#closeme
 
 
    'Google Australia must destroy Street View data: Privacy Commissioner'
    http://www.computerworld.com.au/article/432980/google_australia_must_destroy_street_view_data_privacy_commissioner_/#closeme
 
“I do not require Google to retain the additional payload data and, unless there is a lawful purpose for its retention, Google should immediately destroy the data,” Pilgrim wrote.
Thanks
 
Imran
From: Roland Perry <roland at internetpolicyagency.com>
>To: governance at lists.igcaucus.org 
>Sent: Monday, 20 August 2012, 10:36
>Subject: Re: [governance] Google Wi-Fi gaffe breached Privacy Act
>
>In message <CAEP5zKT3BCjWJ7gi7KvZp66DwS344iw5X+hzyiT-AHwsUyf_WA at mail.gmail.com>, at 02:42:16 on Mon, 20 Aug 2012, Chaitanya Dhareshwar <chaitanyabd at gmail.com> writes
>> Never mind how it was illegal - basically that would basically tell them:
>> 
>> 1. Network existance, security level, possibly the encryption type used,
>> frequency used and SSID
>
>That the network existed, and its SSID (or I suspect its MAC address as SSIDs can be cloaked), were the things they [and others with similar projects] were seeking to determine. It's used for geolocation. Indeed, anyone with a wifi laptop or phone is potentially doing the same thing.
>
>The frequencies are not important, because there's only around a dozen, and the hotspots can change frequency easily (and sometimes automatically). It's pretty much transparent to the user.
>
>The security level/encryption type might be interesting for statistical purposes, but of little extra assistance to an attacker, who is going to have to drive his own car to outside the premises if he wants to "sniff" that wifi, at which point he can just as easily determine those parameters himself.
>
>And all of this was just a snapshot taken on one day perhaps three years ago (for the UK, anyway), and many things may have changed. I've moved my hotspot since then - first to a different premises two miles away, and now to a third premises a hundred miles away.
>
>> 2. If unencrypted, the IP range in use, possibly the gateway IP (via a 3-4
>> point tracert)
>
>Which is once again information anyone in the vicinity could determine, if the wifi was unsecured (another way to secure it is to only accept connections from specific MAC address equipment, but I wonder how often consumers turn that feature on).
>
>> 3. Also perhaps if they were sniffing maybe a bit of info about who's using
>> it (unlikely given the way wifi works)
>
>Not who, but what was being sent for a very short period of time. But amass enough such short periods of time from enough consumers, and you are bound to have collected *something*.
>
>> Which gives us.... what?
>
>If the collection of the snippets of data was intentional, it might[1] have infringed the US's Electronic Communications Privacy Act (ECPA) when done in the US. Similar laws in other jurisdictions.
>
>[1] It appears to depend on whether the communications from a wifi point are protected under the Act, or whether they are public information on account of being broadcast by wireless. This is actually a *very important* and interesting bit of Internet Governance!!
>
>The US Department of Justice is apparently not going to prosecute (similar decisions were once made in the UK's "mobile phone [SMS] hacking" scandal until recently) but there may be a number of civil suits in the pipeline.
>
>> On Sun, Aug 19, 2012 at 10:01 PM, Roland Perry <
>> roland at internetpolicyagency.com> wrote:
>> 
>>> In message <1345283393.42074.**YahooMailNeo at web125102.mail.**ne1.yahoo.com<1345283393.42074.YahooMailNeo at web125102.mail.ne1.yahoo.com>>,
>>> at 02:49:53 on Sat, 18 Aug 2012, Imran Ahmed Shah <ias_pk at yahoo.com>
>>> writes
>>> 
>>>> Does this action of "Information Collection" by Google really breach the
>>>> Privacy Act, PIPA
>>>> 
>>> 
>>> What Google did was to wiretap (and keep) small fragments of the traffic
>>> on wifi hotpots as they drove past.
>>> 
>>> That's probably an offence under long standing law in most countries (I
>>> wouldn't want to start making a list of them off the cuff).
>>> 
>>> For it to have been a real threat to the persons in question, they would
>>> have had to refrain from switching on encryption[1] and to have been
>>> sending/receiving some emails (or whatever) in exactly the few seconds the
>>> Google Streetcar was listening to that particular hotspot.
>>> 
>>> [1] Even the simplest type would have been sufficient, the fragments
>>> captured are not enough to start any useful "cracking".
>
>-- Roland Perry
>
>
>____________________________________________________________
>You received this message as a subscriber on the list:
>    governance at lists.igcaucus.org
>To be removed from the list, visit:
>    http://www.igcaucus.org/unsubscribing
>
>For all other list information and functions, see:
>    http://lists.igcaucus.org/info/governance
>To edit your profile and to find the IGC's charter, see:
>    http://www.igcaucus.org/
>
>Translate this email: http://translate.google.com/translate_t
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120821/fb94ee2e/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t


More information about the Governance mailing list