
Google’s Wi-Fi Sniffing Might Break Wiretap Law, Appeals Court Rules - cyphersanctus
http://www.wired.com/threatlevel/2013/09/googles-wifi-wiretapping/
======
magicalist
This is just denying a dismissal of the suit, but it's pretty interesting. I'm
still reading the opinion, but the court's reasoning appears to be that wifi
shouldn't be considered a "radio communication" under the wiretap act because
it didn't really exist at the time it was written (and doesn't really belong
in a category with things like traditional radio systems), but, as "electronic
communication", they find open wifi is _not_ "readily accessible to the
general public".

There is a distinction to be made here, but I'm worried about that particular
one. It seems like it would be better to make it on something like accessing
the data not meant for you and storing it/processing it (something closer to
many privacy laws). Criminalizing the access of open wifi seems like it will
quickly become problematic, and I'm sure some enterprising DAs will find it
the perfect tool for some case they're having trouble making stick.

That said, this is just denying a dismissal, so we could get more nuance if
this goes to trial.

~~~
fleitz
There could be a distinction made between utilizing open wifi and sniffing
traffic.

It seems to me that collection of the packets is the crux of the issue.

~~~
magicalist
That's exactly what I mean. The collection is the problem, but the court ruled
on the phrase "readily accessible to the general public" (to be fair, though,
that was the basis of the motion to dismiss and it would have been a stretch
to expand the ruling). Anyone accessing an open wifi point is seeing other
people's traffic. It's looking at it and storing it that seems to be the
problem, but that's not the distinction the wiretap act makes.

------
gojomo
I would hope the eventual decision is that unencrypted wi-fi is like CB radio
or even a loud conversation in a public place. Practically, it's trivial for
others nearby to overhear, even incidentally to their own use of the same
shared medium, so people should expect it. If you want privacy, add some level
of scrambling... and then penalize effortful descrambling, that violates an
effortful expectation-of-privacy.

------
mpyne
Ooh, massive privacy violation on one side, and on the other side Google is
getting in trouble for grabbing data weev-style without having to hack into a
network.

The discussion here should be fun one way or the other.

~~~
vezzy-fnord
All the more interesting when you consider that Google's mass of data is an
invaluable resource to the authorities.

~~~
mpyne
Indeed, should be interesting how we decide to balance laws that have to
essentially apply to both individuals and global megacorps.

Certainly it would be weird if a computer activity that were legal if done by
a person suddenly becomes illegal if done by a company that brings on one more
new hire, make one more dollar of revenue, etc.

But at the same time we do have those kind of different requirements elsewhere
in law for "real life" things since the scale is way different, so it's not as
if there would be no precedent.

------
eli
I think it's unfortunate that this is the case that is forming a discussion
around Google and privacy. There are important, unanswered questions about
what Google and similar companies do with data about you. But what they do
with packets they saved essentially by accident a few years ago is not one of
them.

------
chestnut-tree
Google has a rapacious appetite to collect data of every kind. They also seem
to have a casual and lax attitude to the collection of that data. I really
don't think they take privacy that seriously at all (security and privacy are
not always the same things).

Just to recall some facts about Google's wi-fi exploit : various regulators
around the world have mostly agreed with Google's assertion that it did not
deliberately plan to collect wi-fi data. Yet this incident also suggests a lax
internal culture towards gathering data. This incident occurred without
consequence for Google until it was discovered by external investigators.

The US Federal Communications Commission (FCC), when they were investigating
Google over this matter, said that Google had "deliberately impeded and
delayed" the investigation for months.

Earlier this year, Google were given 35 days to delete wi-fi data by the UK
Information Commissioner's Office. Google had earlier pledged to destroy
additional discs containing private data but had failed to do so. Does this
sound like a company where privacy and data collection are treated with high
importance?

Let's not forget that Google collects a phenomenal amount of tracking data.
Sure, they take security seriously, but do they take privacy seriously?

The facts above are taken from the following BBC report:
[http://www.bbc.co.uk/news/technology-23002166](http://www.bbc.co.uk/news/technology-23002166)

~~~
koalaman
I don't totally disagree with everything you say, but my understanding is that
Google was between a rock and a hard place because one branch of government
was asking Google to delete the data, while another was asking them to keep
it.

------
bmmayer1
So Google can't do it but the NSA can?

~~~
negativity
But then again... Is there really a difference between the two?

[http://www.wired.com/dangerroom/2010/07/exclusive-google-
cia...](http://www.wired.com/dangerroom/2010/07/exclusive-google-cia/)

~~~
anxiousest
Because it's unusual for VC firms to invest in startups?

~~~
negativity
...more to the point, there are certainly some _unusual_ VC firms investing in
"startups", aren't there?

