Google and Skyhook mapping the location of your WiFi router

Thu May 27 00:20:02 EDT 2010

Tom Metro wrote:
> Scott Ehrlich wrote:
>> http://arstechnica.com/tech-policy/news/2010/04/google-talks-street-view-wifi-collection-details.ars
> 
> Quoting the article:
>> It's the WiFi information that has gotten Google into trouble
>> recently, with German officials asserting that this type of data
>> collection is illegal there. Fleischer says the company collects SSID
>> information as well as the MAC addresses of WiFi routers it
>> encounters along the Street View route--this is for use in Google's
>> location-based services, a la Skyhook Wireless' services that are
>> widely used on mobile devices without GPS. Google insists that it
>> only collects SSID and MAC information on routers that broadcast the
>> names publicly, as that information is accessible by anyone walking
>> down the street with a WiFi-compatible device.

Some more news on this, with a local angle:

Newton company Galaxy Internet sues Google for $10 million
http://www.wickedlocal.com/newton/news/x505217745/Newton-company-sues-Google-for-10-million

  Galaxy Internet Services, which is located on Needham Street and
  maintains WiFi systems in Government Center and Faneuil Hall,
  according to the suit, is filed on behalf of "all residents within the
  state of Massachusetts whose wireless data was captured stored, and
  decoded/decrypted by defendant, and all users of Galaxy's and its
  affiliates' WiFi installations."

  A similar suit was filed against Google in Oregon last week.
  [...]
  "People like me believe Google lives and dies on ad revenue, this
  gives them the ability to pinpoint neighborhoods using WiFi IDs," Carp
  said. "They could pick West Newton Hill - when someone from there
  Googles, the chances are they'd come up with ads fitting for them, in
  a higher demographic."

  The material Google collected is not easily readable without
  "sophisticated decoding or processing," according to the lawsuit.

This sounds a bit confused. Unless Google is running an application on
the end-user's device, how would it access the SSID or MAC of the
router?  Are they suggesting Chrome or other client-side Google products
might start extracting that information and reporting it back?

That last line refers to a Google admission:
http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html

  ...while Google did collect publicly broadcast SSID information (the
  WiFi network name) and MAC addresses (the unique number given to a
  device like a WiFi router) using Street View cars, we did not collect
  payload data (information sent over the network). But it's now clear
  that we have been mistakenly collecting samples of payload data from
  open (i.e. non-password-protected) WiFi networks, even though we never
   used that data in any Google products.

  ...we did not collect information traveling over secure,
  password-protected WiFi networks.

So what's that comment from the lawyer suggesting encryption?

With all the real security and privacy violations that happen on an
ongoing basis, I think this one is being blown out of proportion.

In this realm, I'd be more concerned with what Skyhook is doing with the
information than Google.

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/