UK Metropolitan Police To Investigate Google Wifi Data Collection

Well Google has been getting quite a lot of flack lately over the fact that it had been scanning open Wi-fi access points whilst compiling data for street view.

At first people just thought it’s fair enough, they are just scanning for the SSID and recording if it’s publicly accessible or not – which in all honestly is useful info to have in a mapping system. What alarmed people was after some investigation they were also recording the actual payload data from the Wi-fi networks including any passwords that happened to be sent in plain text.

And they’ve been doing this for 3 years!

The Metropolitan Police force has confirmed it will investigate Google following the company’s recent admission it had mistakenly collected data from unsecured Wi-Fi networks for the past three years. “The MPS has received a complaint regarding alleged access to online activities broadcast over unprotected home and business Wi-Fi networks,” the police force told PC Pro.

“The matter is now under consideration. It has yet to be determined what, if any, offences may have allegedly occurred.” The police will first identify if any laws have been broken. If so, the initial investigation is expected to take up to ten days. The investigation follows a complaint from Privacy International over Google’s activities.

“I don’t see any alternative but for us to go to Scotland Yard,” Simon Davies from Privacy International said last week. Davies was referring to the UK Information Commissioner’s Office’s (ICO) reluctance to investigate the matter. The ICO said while it was aware of the issue, it would only investigate if it finds “evidence of significant wrongdoing”.

The initial investigation is currently ongoing to firstly ascertain if any laws have actually been broken, and well the UK has some pretty tight privacy and data protection laws so I’d be surprised if Google come out of this smelling of roses.

Thankfully the German’s had audited the data so everyone else in the World got to know what Google was really doing, now it’s up to individual countries to protect their users and do something about it.

Or not as the case may be as the people were basically broadcasting that data to the World by using an unencrypted public Wi-fi network and not logging in via SSL/TLS.

Google’s error came to light after the German data protection authority audited the Wi-Fi data collected by Street View cars for use in location-based products such as Google Maps for mobile.

The authority revealed that as well as collecting SSID information (the network’s name) and MAC addresses (the number given to Wi-Fi devices such as a router), Google had also been collecting payload data such as emails or web page content being viewed. However, the French National Commission on Computing and Liberty (CNIL), which has started its own investigation into the issue, passwords and emails were among the Wi-Fi data mistakenly collected.

“We are pleased that the police have taken up this complaint for investigation. An evidence based approach to this complex matter is sorely needed now,” said Davies. “We hope that this difficult process will give Google pause for thought about how it conducts itself. Perhaps in future the company will rely less on PR spin and more on good governance and reliable product oversight.”

Google did not respond to a request for comment.

The French are also stepping up and investigating the matter under CNIL, and it was they who exposed the fact Google were capturing e-mails and passwords.

At the moment it all stands under the premise of ‘mistaken collection’ and that perhaps the Google Engineers had enabled some testing features which captured too much data by mistake.

Google hasn’t responded to the claims or accusations so we’ll have to wait and see how this pans out.

Source: Network World

Posted in: Legal Issues, Privacy


Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

7 Responses to UK Metropolitan Police To Investigate Google Wifi Data Collection

  1. Dave June 28, 2010 at 12:27 pm #

    No. Don’t just “wait and see how this pans out.” Try to educate people. You have the knowledge… share it. Every opportunity you get.

    This whole thing will turn out badly if decisions are made based on emotions rather than knowledge. Unfortunately, politicians make decisions based on what they think will please the people who vote, and at the moment those people are making decisions based on their emotions because they don’t have any actual information. This information needs to be loudly and publicly disseminated so that the politicians know that the public know the facts.

    At the moment, no one even knows what is traveling over their wireless network and your article hasn’t done anything to try and help them. If Google got your passwords and your private emails then it because you are broadcasting those emails to everyone who wanders near your house.

    Encrypting your wireless is not hard and now might be a very good time to suggest to your mail administrator that he really should have switched to SSL logins by now.

    This is a time to tighten up our security, not to attempt to blame Google for our lack of security.

    • Darknet June 28, 2010 at 12:34 pm #

      Totall agree Dave, the problem is the readership here is extremely unlikely to require such education. I’d imagine most of use are using WPA2 and MAC address white-listing plus SSL/TLS for everything we do. And yes I do ‘educate’ everyone who will listen on how they should set up the Wi-Fi access points. To me the main problem is the hardware manufactures and how things default to insecure settings. They are getting better tho with most defaulting to WEP and some kind of encryption. Services like Gmail should force https though rather than making it optional.

  2. Adam Dempsey June 28, 2010 at 12:35 pm #

    I don’t see the problem with it, in my view it’s the users fault for leaving their wireless insecure and for not collecting email using SSL.

    Google haven’t done anything anyone else could do jsut driving down a street with a wireless laptop!

    • wim wauters July 4, 2010 at 7:35 pm #

      Just because someone’s front door is open, doesn’t mean you can walk in and read their mail! Google violated privacy, and should face criminal proceedings as this was no innocent error, this was setup on purpose and with intent: Google decided violate privacy for commercial gain.

  3. CBRP1R8 June 29, 2010 at 4:57 pm #

    I agree, I ROUTINELY walk around my neighborhood with my laptop on running a wifi tester just to see how many dim-wits in the neighborhood have it open. I’ve told my next door neighbor at least 5 times that he’s open, his response, I don’t care. I even offered to fix it for him but he just didn’t care cause he has nothing to hide (he says). Some people you just can’t get through to, no matter what.

    Every time I visit family, sisters or brothers I run it in their neighborhood too and its unreal the number of people who just leave everything wide open by default cause they don’t know any better. I blame it on the manufacturers for making it TOO idiot proof and not doing enough to ensure minimum security. C’mon how much paper does it take to instruct someone on how to set up a drop down list option of better security and a password at a minimum…or how to change a ssid/broadcast..

  4. Bogwitch June 30, 2010 at 2:45 pm #

    IANAL but perhaps the wording of the Telecommunications Act should be looked over?

    I’m pretty sure what Google have done would be a breach of that act. Breaches of the Telecommunications Act have, historically, carried some pretty hefty sentences….

  5. ANON July 4, 2010 at 3:11 am #

    if I find an open wireless network, i’ll login to the router, (default password of course) upgrade the firmware and turn on wpa with a nice long passphrase… that’l teach them, if not I just got another access point!