>On his LinkedIn page, Mr. Milner lists his occupation as “hacker,” and under the category called “Specialties,” his entry reads, “I know more than I want to about Wi-Fi.”
I am more than moderately offended/troubled/irked by this excerpt, as it appears to deliberately depict the engineer as a "hacker" in the sense of Hollywood culture, rather than "hacker" as we know it in makers' terms.
In the wrong hands, the English language is much more potent and destructive than any programming language. An English Specialist can often cause more harm than a Wi-Fi Specialist.
I've long thought that trying to adopt "hacker" as a professional term was a bad idea. I told friends that I was going to a government hackathon once, and they thought I was going to be arrested.
Why do we have to be hackers? What was wrong with being developers?
Because society took both hacker and developer and changed their meaning.
But the article (and my anecdotal experiences) are proof that this hasn't actually happened. We decided to call ourselves 'hackers', but society as a whole doesn't.
given a choice criminal sounds cooler then wage slave.
I think that's my main problem with "hacker". It's an attempt to be cool.
In the wrong hands, deep knowledge of Wi-Fi can be far more destructive than the conventional methods of a non-technical journalist. It's a new level of power in snooping.
It's a good thing journalists generally do no have Milner's level of knowledge, as surely they too would abuse it. Maybe even worse than Google. Milner's comment reflects the power of the knowledge he has. He has to take some responsibility for it.
Both Google engineers and NYT journalists do snooping on others for a living.
They are just at odds with each other, for various reasons; engineers for companies like Google generally do not like journalists and generally the same is true vice versa.
Google has a genuine PR problem. And journalists are watching their careers disintegrate with the advance of communications technology. It's an amusing little spat to watch.
Given that he developed a "wardriving" application, black hat connotations are not entirely unreasonable. The use of his talents to hoover up data without permission certainly doesn't offer much in the way of defense, either.
Ha, your parent post could almost have been written about your post too.
Looking past the scare quotes, according to the FCC report it was just Kismet, and the problem basically just came down to deciding to write the non encrypted payloads to disk. He might know too much about wifi, but probably half the regular HN posters could have implemented the same system, if they chose to.
I know Kismet exists. I know I can install and run it. I know I can even break wi-fi encryption in some cases. But that doesn't mean I'm going to do this, for commercial purposes, for a company like Google.
Depicting his actions as the work of a rogue “requires putting a lot of dots together,” Mr. Milner said enigmatically Sunday before insisting again he had no comment.
It doesn't sound particularly enigmatic to me. It seems like Milner is clearly saying that Google deliberately misrepresented his behavior as a rogue action to facilitate their legal self-protection when in fact it's obvious from their choice of the author of NetStumbler to work on Street View that his designated role was likely to involve making use of his expertise with Wi-Fi networks.
Of course they hired a WiFi expert for their WiFi-related project. But that doesn't mean their claim of rogue behavior is simply self-protection. What if they hired him for his expertise with Wi-Fi and told him they only wanted to collect the minimal amount of data but he went rogue and collected ALL the data anyway? But I'm with those people that think the freely broadcast unencrypted packets are in the public domain and Google didn't do anything illegal.
Sigh. They're not related per se, but the same cars were used to collect street view photos and SSID->location mappings (used for Android positioning).
It feels to me like they were just logging everything for future analysis so they don't have to come back and do a second pass when they upgrade their software.
But then again I'm sorry, I have never seen what the big deal was about this. If you broadcast your crap around you can't blame people for receiving it.
Sure people's passwords may be in the data stream, but they broadcast it over an open connection. If your going to blame anyone blame the electronics shop sales guy, the hardware vendor and the TV "experts" that tell people that using an unencrypted wifi access point is completely reasonable.
> By your logic then if someone gets robbed on the streets, then it's their fault for "walking around freely"?
Well, to more strictly match the analogy--if someone is walking around with a purse that is constantly leaking coins, and they get "robbed" (by someone finding some of said coins and wandering off with them), then I would say that that is their own fault, yes.
So by your logic simply owning a Wi-Fi access-point at home and not adding strong cryptography is reason enough for a corporation to drive their car to your house and capture your data?
So to keep Google away from logging my network data I need a strong virtual fence now, otherwise they'll come spying on my traffic?
That is 100% wrong. Google shouldn't be snooping on my data at all, not even if my AP was within their corporate headquarters reach. That is simply not acceptable behavior from a major corporation.
No, just like photography being allowed in public does not mean that a video camera is going to be pointed at your house 24 hours a day and you'll be mandated to like it.
On the other hand, the existence of the paparazzi is not enough to justify banning the freedom to take pictures in public places.
All of these laws have to be carefully balanced to make sure we retain our rights.
The paparazzi make a living from those photos, so there is a reason for them to be out there doing that(not saying I agree, just saying there's a reason for it).
What is Google doing driving around collecting personal data for? Google is a search engine with several great products around it. WTF are they driving around collecting data for? See? It doesn't make any sense, this is plain creepy.
...because Google Maps has backup-geolocation through a database of wi-fi access point ID/GPS-pair mappings, which can only be discovered by exactly this wardriving process? It's kind of the central point of the story, here.
I'm surprised that you think the smelling analogy is valid. There is nothing really at stake with letting the aroma from my kitchen waft onto the street aside from maybe what's in the meal I've prepared.
Personal information is a different matter. It's perfectly reasonable to take issue with Google for taking people's data without their knowledge about it.
Personal information becomes public when it's not properly secured and then broadcasted out into the world... even if the user doesn't understand it's happening.
I agree that it's not a perfect analogy, but it is quite a bit closer than being robbed, as the the OP suggested.
>By your logic then if someone gets robbed on the streets, then it's their fault for "walking around freely"
Your analogy is broken, and I think you know it.
The bigger question is, "is it OK for someone to methodically collect data that people (inadvertently) broadcast about themselves?". The advertising industry has been doing it for years, and it's really a legal and ethical fuzzy area. The more productive conversation will revolve around privacy rights and expectations.
> By your logic then if someone gets robbed on the streets, then it's their fault for "walking around freely"?
Come on that a bit excessive...
No one is hurt if packets are captured. Its not a violent act. Surely we can loose the hyperbolae.
I am saying that its not realistic to expect privacy if you do things in a public space, including broadcasting your data. If you choose to tell a story out on the street and I hear it you don't get to then say I am invading your privacy by hearing it.
> You don't see what the deal is with a major corporation doing wardriving and packet capturing?
I don't, actually. There was no "hacking" or exploitation of any kind - any idiot with a wifi card can do the same thing.
>By your logic then if someone gets robbed on the streets, then it's their fault for "walking around freely"?
If I stand on the corner shouting out my social security and bank account numbers, I expect somebody will rip me off. Changing the type of wave from a sound wave to a radio wave doesn't really change anything.
> I don't, actually. There was no "hacking" or exploitation of any kind - any idiot with a wifi card can do the same thing.
What the hell? So if Pizza Hut were to start capturing radio waves you'd find that normal?
Why is it normal for Google to go around capturing customer data? That is my question. Even if my data is open to the public, absolutely not encrypted, why is it normal for a major corporation to go around capturing it. THAT is the question, not whether I had encryption or not!
IMO no corporation should be going around recording my data even if it was broadcast in plain sight.
It seems like you're missing the point. The only reason we're hearing about this is because Google is a huge, popular company and somebody leaked it. I could be listening to your wifi right now, and you wouldn't even know. There's no way you can know. Making it illegal isn't going to protect you.
The only way to protect your information is to not broadcast in the open.
Ethical behavior is not a zero-sum game. Yes, people should have secured their sensitive data, but they didn't. It doesn't make it ethical to record it, any more than it would be ethical to go into someone's unlocked house and sit on their couch and watch TV while they're out.
Exactly. We don't go into people's homes not because they have a fence and a shotgun but because we were not invited, that is the whole point.
Most of the arguments here circle around "ah you were a fool to let your data out, so Google was wise and snooped it". WTF kind argument is that? Since when is it ok for a corporation to hire "experts" who go around collecting private data? What is this data for? Why, in the first place, do they have a wifi expert driving around doing that?
I think you are not aware of the context here. The reason they have a wifi expert roaming around is because they are marking free wifi spots as part of streetview.
To mark hotspots you don't need packet sniffing or data capture of any kind. Why is Google capturing packet payload during "wardriving"? Nobody does that. All you do is store the GPS location, plus basic AP identification, period.
No it isn't a zero-sum game... but this isn't "invading" their network.
If they connected to the AP and ran nmap against my server yes it would be like that... but simply capturing packets that are broadcast into a public space I don't think is reasonable or realistic to expect it is some grave violation of privacy.
> It's more like hearing a loud mouthed neighbor say to his wife "It's a secret! don't tell any one.. its very private too... we have won the jackpot"
Yeah, if it was only near your home. But if you went around driving and listening to hundreds of "loud neighbors" for a day that'd change from passive listening to being outright creepy.
Yeah and if you were driving around taking pictures of peoples homes some might call that creepy---but that's exactly what Google did to create Street View.
I don't think it benefits anyone to argue against the analogy, rather than arguing against the reality in this case.
And still not unethical. Why is "near my home" any different from "not near my home"? Or is it the volume/number of loudmouthed neighbors you listened to, from the public street, what you object to?
The data collection, which took place over three years, was legal because the information was not encrypted, the F.C.C. ultimately determined.
Interesting how this works. If I went wardriving and collected personal emails from unencrypted networks, I'd have my house rummaged by FBI agents, be hit with a 25,000-count felony wiretapping indictment and have some go-getter federal prosecutor try to convince a judge to sentence me to 7,000 years in prison. Then an appeals court might say reverse on the grounds that it was unencrypted. Maybe.
Google does it? A slap on the wrist and a small fine for "obstructing an investigation."
That's because the software Google used didn't actively browse the networks to look for documents, but passively intercepted and logged packets. If they wrote a program that actually searched the networks for shared folders and copied information that way, then conceivably they could be guilty of unauthorized computer access.
"The F.C.C. report also had Engineer Doe spelling out his intentions quite clearly in his initial proposal. Managers of the Street View project said they never read it."
I think the authors intended this to be read as 'wink wink yeah sure', but this sounds entirely plausible on both sides. The more detailed the spec is, the less likely anyone will read it. They probably just forwarded it around and assumed someone competent to render an opinion would raise a red flag if anything were not well thought out.
The issue is that it is not just the initial proposal. As the NYTimes article points out in the previous paragraph, and the complete FCC report [1] clearly states, there were additional events after the proposal was submitted where other members of the Street View team came in contact with the actual code while doing code review or debugging, but later claimed during interviews with the FCC that they were unaware that it was collecting data.
On page 15, the report even mentions "Engineer Doe" sending an email to a manager stating, "You might recall asking me about URLs seen over Wi-Fi...", and talking about the number of unique URLs retrieved (only 32,000 from 300 million packets). The manager asked if the URLs were sniffed from WiFi packets, and Doe responded in the affirmative.
The engineer who created this system is completely irrelevant since the production implementation of Street View collected all data.
The fault lies solely with Google whether by intent, lack of legal or legal ethics advice, lack of technical oversight, or management incompetence etc. This also seems to be the regulator's view.
However, Google itself and, of course, the media are quite happy to muddy the waters with a bit of "gone rogue" nonsense, though for differing reasons.
> On his LinkedIn page, Mr. Milner lists his occupation as “hacker,” and under the category called “Specialties,” his entry reads, “I know more than I want to about Wi-Fi.”
While I don't know for sure which use of the word "hacker" Milner intends, the author of this article ought to have added a line like, "Software engineers use the word 'hacker' in a positive, non-malicious sense...", since this is effectively taking his words out of context.
The public doesn't have the right to know, since no law was broken. The engineer was identified by a "former state investigator [who] spoke on the condition that he not be identified because he was not authorized to speak."
Yes we do, it's in the second paragraph of the article.
"The F.C.C. recently closed its 17-month inquiry into the project, Street View, with a finding that Google broke no laws but had obstructed its investigation."
Even if we didn't, that's also a reason for not disclosing this person's identity: innocent until proven guilty.
Well, usually, the individual who comes into possession of the information decides whether it should be public, using their own sense of ethics. And questions like "how does this benefit the public good?" are precisely the kind of thing used as input to that ethical calculation.
I am more than moderately offended/troubled/irked by this excerpt, as it appears to deliberately depict the engineer as a "hacker" in the sense of Hollywood culture, rather than "hacker" as we know it in makers' terms.
In the wrong hands, the English language is much more potent and destructive than any programming language. An English Specialist can often cause more harm than a Wi-Fi Specialist.