28 June 2010 | 6,587 views

UK Metropolitan Police To Investigate Google Wifi Data Collection

Prevent Network Security Leaks with Acunetix

Well Google has been getting quite a lot of flack lately over the fact that it had been scanning open Wi-fi access points whilst compiling data for street view.

At first people just thought it’s fair enough, they are just scanning for the SSID and recording if it’s publicly accessible or not – which in all honestly is useful info to have in a mapping system. What alarmed people was after some investigation they were also recording the actual payload data from the Wi-fi networks including any passwords that happened to be sent in plain text.

And they’ve been doing this for 3 years!

The Metropolitan Police force has confirmed it will investigate Google following the company’s recent admission it had mistakenly collected data from unsecured Wi-Fi networks for the past three years. “The MPS has received a complaint regarding alleged access to online activities broadcast over unprotected home and business Wi-Fi networks,” the police force told PC Pro.

“The matter is now under consideration. It has yet to be determined what, if any, offences may have allegedly occurred.” The police will first identify if any laws have been broken. If so, the initial investigation is expected to take up to ten days. The investigation follows a complaint from Privacy International over Google’s activities.

“I don’t see any alternative but for us to go to Scotland Yard,” Simon Davies from Privacy International said last week. Davies was referring to the UK Information Commissioner’s Office’s (ICO) reluctance to investigate the matter. The ICO said while it was aware of the issue, it would only investigate if it finds “evidence of significant wrongdoing”.

The initial investigation is currently ongoing to firstly ascertain if any laws have actually been broken, and well the UK has some pretty tight privacy and data protection laws so I’d be surprised if Google come out of this smelling of roses.

Thankfully the German’s had audited the data so everyone else in the World got to know what Google was really doing, now it’s up to individual countries to protect their users and do something about it.

Or not as the case may be as the people were basically broadcasting that data to the World by using an unencrypted public Wi-fi network and not logging in via SSL/TLS.

Google’s error came to light after the German data protection authority audited the Wi-Fi data collected by Street View cars for use in location-based products such as Google Maps for mobile.

The authority revealed that as well as collecting SSID information (the network’s name) and MAC addresses (the number given to Wi-Fi devices such as a router), Google had also been collecting payload data such as emails or web page content being viewed. However, the French National Commission on Computing and Liberty (CNIL), which has started its own investigation into the issue, passwords and emails were among the Wi-Fi data mistakenly collected.

“We are pleased that the police have taken up this complaint for investigation. An evidence based approach to this complex matter is sorely needed now,” said Davies. “We hope that this difficult process will give Google pause for thought about how it conducts itself. Perhaps in future the company will rely less on PR spin and more on good governance and reliable product oversight.”

Google did not respond to a request for comment.

The French are also stepping up and investigating the matter under CNIL, and it was they who exposed the fact Google were capturing e-mails and passwords.

At the moment it all stands under the premise of ‘mistaken collection’ and that perhaps the Google Engineers had enabled some testing features which captured too much data by mistake.

Google hasn’t responded to the claims or accusations so we’ll have to wait and see how this pans out.

Source: Network World



Recent in Legal Issues:
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- Teen Accused Of Hacking School To Change Grades
- Royal Canadian Mounted Police Arrest Heartbleed Hacker

Related Posts:
- Australian Privacy Commissioner Rules Google Wifi Actions Illegal
- Massive Data Theft Operation Uncovered
- Police to Monitor Indian Cyber-Cafes

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,550 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,470 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,465 views

Low-cost VPS Hosting

7 Responses to “UK Metropolitan Police To Investigate Google Wifi Data Collection”

  1. Dave 28 June 2010 at 12:27 pm Permalink

    No. Don’t just “wait and see how this pans out.” Try to educate people. You have the knowledge… share it. Every opportunity you get.

    This whole thing will turn out badly if decisions are made based on emotions rather than knowledge. Unfortunately, politicians make decisions based on what they think will please the people who vote, and at the moment those people are making decisions based on their emotions because they don’t have any actual information. This information needs to be loudly and publicly disseminated so that the politicians know that the public know the facts.

    At the moment, no one even knows what is traveling over their wireless network and your article hasn’t done anything to try and help them. If Google got your passwords and your private emails then it because you are broadcasting those emails to everyone who wanders near your house.

    Encrypting your wireless is not hard and now might be a very good time to suggest to your mail administrator that he really should have switched to SSL logins by now.

    This is a time to tighten up our security, not to attempt to blame Google for our lack of security.

    • Darknet 28 June 2010 at 12:34 pm Permalink

      Totall agree Dave, the problem is the readership here is extremely unlikely to require such education. I’d imagine most of use are using WPA2 and MAC address white-listing plus SSL/TLS for everything we do. And yes I do ‘educate’ everyone who will listen on how they should set up the Wi-Fi access points. To me the main problem is the hardware manufactures and how things default to insecure settings. They are getting better tho with most defaulting to WEP and some kind of encryption. Services like Gmail should force https though rather than making it optional.

  2. Adam Dempsey 28 June 2010 at 12:35 pm Permalink

    I don’t see the problem with it, in my view it’s the users fault for leaving their wireless insecure and for not collecting email using SSL.

    Google haven’t done anything anyone else could do jsut driving down a street with a wireless laptop!

    • wim wauters 4 July 2010 at 7:35 pm Permalink

      Just because someone’s front door is open, doesn’t mean you can walk in and read their mail! Google violated privacy, and should face criminal proceedings as this was no innocent error, this was setup on purpose and with intent: Google decided violate privacy for commercial gain.

  3. CBRP1R8 29 June 2010 at 4:57 pm Permalink

    I agree, I ROUTINELY walk around my neighborhood with my laptop on running a wifi tester just to see how many dim-wits in the neighborhood have it open. I’ve told my next door neighbor at least 5 times that he’s open, his response, I don’t care. I even offered to fix it for him but he just didn’t care cause he has nothing to hide (he says). Some people you just can’t get through to, no matter what.

    Every time I visit family, sisters or brothers I run it in their neighborhood too and its unreal the number of people who just leave everything wide open by default cause they don’t know any better. I blame it on the manufacturers for making it TOO idiot proof and not doing enough to ensure minimum security. C’mon how much paper does it take to instruct someone on how to set up a drop down list option of better security and a password at a minimum…or how to change a ssid/broadcast..

  4. Bogwitch 30 June 2010 at 2:45 pm Permalink

    IANAL but perhaps the wording of the Telecommunications Act should be looked over?

    I’m pretty sure what Google have done would be a breach of that act. Breaches of the Telecommunications Act have, historically, carried some pretty hefty sentences….

  5. ANON 4 July 2010 at 3:11 am Permalink

    if I find an open wireless network, i’ll login to the router, (default password of course) upgrade the firmware and turn on wpa with a nice long passphrase… that’l teach them, if not I just got another access point!