UK Metropolitan Police To Investigate Google Wifi Data Collection


Well Google has been getting quite a lot of flack lately over the fact that it had been scanning open Wi-fi access points whilst compiling data for street view.

At first people just thought it’s fair enough, they are just scanning for the SSID and recording if it’s publicly accessible or not – which in all honestly is useful info to have in a mapping system. What alarmed people was after some investigation they were also recording the actual payload data from the Wi-fi networks including any passwords that happened to be sent in plain text.

And they’ve been doing this for 3 years!

The Metropolitan Police force has confirmed it will investigate Google following the company’s recent admission it had mistakenly collected data from unsecured Wi-Fi networks for the past three years. “The MPS has received a complaint regarding alleged access to online activities broadcast over unprotected home and business Wi-Fi networks,” the police force told PC Pro.

“The matter is now under consideration. It has yet to be determined what, if any, offences may have allegedly occurred.” The police will first identify if any laws have been broken. If so, the initial investigation is expected to take up to ten days. The investigation follows a complaint from Privacy International over Google’s activities.

“I don’t see any alternative but for us to go to Scotland Yard,” Simon Davies from Privacy International said last week. Davies was referring to the UK Information Commissioner’s Office’s (ICO) reluctance to investigate the matter. The ICO said while it was aware of the issue, it would only investigate if it finds “evidence of significant wrongdoing”.

The initial investigation is currently ongoing to firstly ascertain if any laws have actually been broken, and well the UK has some pretty tight privacy and data protection laws so I’d be surprised if Google come out of this smelling of roses.

Thankfully the German’s had audited the data so everyone else in the World got to know what Google was really doing, now it’s up to individual countries to protect their users and do something about it.

Or not as the case may be as the people were basically broadcasting that data to the World by using an unencrypted public Wi-fi network and not logging in via SSL/TLS.

Google’s error came to light after the German data protection authority audited the Wi-Fi data collected by Street View cars for use in location-based products such as Google Maps for mobile.

The authority revealed that as well as collecting SSID information (the network’s name) and MAC addresses (the number given to Wi-Fi devices such as a router), Google had also been collecting payload data such as emails or web page content being viewed. However, the French National Commission on Computing and Liberty (CNIL), which has started its own investigation into the issue, passwords and emails were among the Wi-Fi data mistakenly collected.

“We are pleased that the police have taken up this complaint for investigation. An evidence based approach to this complex matter is sorely needed now,” said Davies. “We hope that this difficult process will give Google pause for thought about how it conducts itself. Perhaps in future the company will rely less on PR spin and more on good governance and reliable product oversight.”

Google did not respond to a request for comment.

The French are also stepping up and investigating the matter under CNIL, and it was they who exposed the fact Google were capturing e-mails and passwords.

At the moment it all stands under the premise of ‘mistaken collection’ and that perhaps the Google Engineers had enabled some testing features which captured too much data by mistake.

Google hasn’t responded to the claims or accusations so we’ll have to wait and see how this pans out.

Source: Network World

Posted in: Legal Issues, Privacy

,


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


7 Responses to UK Metropolitan Police To Investigate Google Wifi Data Collection

  1. Dave June 28, 2010 at 12:27 pm #

    No. Don’t just “wait and see how this pans out.” Try to educate people. You have the knowledge… share it. Every opportunity you get.

    This whole thing will turn out badly if decisions are made based on emotions rather than knowledge. Unfortunately, politicians make decisions based on what they think will please the people who vote, and at the moment those people are making decisions based on their emotions because they don’t have any actual information. This information needs to be loudly and publicly disseminated so that the politicians know that the public know the facts.

    At the moment, no one even knows what is traveling over their wireless network and your article hasn’t done anything to try and help them. If Google got your passwords and your private emails then it because you are broadcasting those emails to everyone who wanders near your house.

    Encrypting your wireless is not hard and now might be a very good time to suggest to your mail administrator that he really should have switched to SSL logins by now.

    This is a time to tighten up our security, not to attempt to blame Google for our lack of security.

    • Darknet June 28, 2010 at 12:34 pm #

      Totall agree Dave, the problem is the readership here is extremely unlikely to require such education. I’d imagine most of use are using WPA2 and MAC address white-listing plus SSL/TLS for everything we do. And yes I do ‘educate’ everyone who will listen on how they should set up the Wi-Fi access points. To me the main problem is the hardware manufactures and how things default to insecure settings. They are getting better tho with most defaulting to WEP and some kind of encryption. Services like Gmail should force https though rather than making it optional.

  2. Adam Dempsey June 28, 2010 at 12:35 pm #

    I don’t see the problem with it, in my view it’s the users fault for leaving their wireless insecure and for not collecting email using SSL.

    Google haven’t done anything anyone else could do jsut driving down a street with a wireless laptop!

    • wim wauters July 4, 2010 at 7:35 pm #

      Just because someone’s front door is open, doesn’t mean you can walk in and read their mail! Google violated privacy, and should face criminal proceedings as this was no innocent error, this was setup on purpose and with intent: Google decided violate privacy for commercial gain.

  3. CBRP1R8 June 29, 2010 at 4:57 pm #

    I agree, I ROUTINELY walk around my neighborhood with my laptop on running a wifi tester just to see how many dim-wits in the neighborhood have it open. I’ve told my next door neighbor at least 5 times that he’s open, his response, I don’t care. I even offered to fix it for him but he just didn’t care cause he has nothing to hide (he says). Some people you just can’t get through to, no matter what.

    Every time I visit family, sisters or brothers I run it in their neighborhood too and its unreal the number of people who just leave everything wide open by default cause they don’t know any better. I blame it on the manufacturers for making it TOO idiot proof and not doing enough to ensure minimum security. C’mon how much paper does it take to instruct someone on how to set up a drop down list option of better security and a password at a minimum…or how to change a ssid/broadcast..

  4. Bogwitch June 30, 2010 at 2:45 pm #

    IANAL but perhaps the wording of the Telecommunications Act should be looked over?

    I’m pretty sure what Google have done would be a breach of that act. Breaches of the Telecommunications Act have, historically, carried some pretty hefty sentences….

  5. ANON July 4, 2010 at 3:11 am #

    if I find an open wireless network, i’ll login to the router, (default password of course) upgrade the firmware and turn on wpa with a nice long passphrase… that’l teach them, if not I just got another access point!