Apr 30, 2012

Street View Wi-Fi: is it Google’s News of the World moment?

Google is, at its heart, a software research, development and engineering company that's built and operates one of the biggest and most complex set of computer systems on the planet.

Stilgherrian — Technology writer and broadcaster


Technology writer and broadcaster

So, you know when Google’s Street View cars, the ones taking photos down every street, were also accidentally scooping up people’s unencrypted Wi-Fi traffic? Turns out the engineer who wrote the software did it deliberately, and his boss knew he did.

I for one am not the least bit surprised.

Free Trial

Proudly annoying those in power since 2000.

Sign up for a FREE 21-day trial to keep reading and get the best of Crikey straight to your inbox

By starting a free trial, you agree to accept Crikey’s terms and conditions


Leave a comment

8 thoughts on “Street View Wi-Fi: is it Google’s News of the World moment?

  1. izatso?

    ….given Snooping is so Pathetic, is not Google too big to be so Pathetic ? why not a ‘byline’ ….. “Google … it’s Your Business …. ” oh, I’m so pathetically naive, am I not ?

  2. Michael de Angelos

    So many think Google is their ‘friend’ rather than what it is-a giant rapacious US profit making corporation for better or worse.

    As they keep attempting to make all users adhere to US law and by-pass local country laws, the more Google etc are attacked in the courts the better.

    With the recent libel success against Yahoo in an Australian court, the gound is being laid to treat Google and similar for what they are : not simply search engines and internet platforms that provide users to create defamatory blogs, rather a company that supplies a notice board for any anonymous poison pen letter author to diseminate lies when they want.

    Google and simialr could avoid court actions by acting promptly to remove defamations. They do not.

  3. Scott

    I don’t think it is as cut and dried as you make it Stil

    Section 477 of the bill states
    “(1) A person is guilty of an offence if:

    (a) the person causes:

    (i) any unauthorised access to data held in a computer; or

    (ii) any unauthorised modification of data held in a computer; or

    (iii) any unauthorised impairment of electronic communication to or from a computer; and

    (b) the unauthorised access, modification or impairment is caused by means of a telecommunications service; and

    (c) the person knows the access, modification or impairment is unauthorised; and

    (d) the person intends to commit, or facilitate the commission of, a serious offence against a law of the Commonwealth, a State or a Territory (whether by that person or another person) by the access, modification or impairment.”

    The question is section d, whether there is intent to commit an offence with the data. Just getting the data I don’t believe is enough. So if the intent was to defame, use the information to steal money/trade shares/commit property crime/identity theft, or on-sell the info, I would agree. But it sounds like Google was collecting the data for broad use internally. Be hard to prove that there was illegal intent there.

  4. fozziewossie

    Thank you again Stilgherrian for another beat up worthy of publishing in any tabloid publication.

    As per any respectable online article it is expected that you link to the actual report that you are reporting on. Since you probably never read the report and only read the LA Times and two of your own articles, here’s the link:

    Wonderfully available in Word, PDF or Text format.


    “…were also accidentally scooping up people’s unencrypted Wi-Fi traffic?”

    – This isn’t clear by you. They were only collecting un-encrypted data from the WIFI side but in most cases where the website is sensitive the connection would have been over HTTPS and they wouldn’t have been able to read the content any way as it is further encrypted.

    “Turns out the engineer who wrote the software did it deliberately, and his boss knew he did.”

    – Please provide a quote from the document that verifies this. I found this reference:

    “Google stated that its employees reviewed payload data on only two occasions. First, Engineer Doe examined payload data to determine whether it might be useful . Second, when senior corporate officials became aware in 2010 that the Company had collected payload data from unencrypted Wi-Fi networks around the world, Google’s “engineering staff confirmed that this was the case” by inspecting the data. 102 Google represents that “[i]n no other instance has any employee, agent, officer, or director of Google analyzed the collected data.””

    – but I’m not quite seeing the conspiracy that you’re hinting at.

    “Do you imagine all this could happen if random, unknown pieces of program code “accidentally” found their way into operational systems?”

    – Did you not attack Google for their deficiencies in the Google+ platform? How the hell could that product not handle single word names? This seems to be the exact same kind of level. Seems you still don’t understand Google.

    “Didn’t he think that Google itself looking at private data was a breach of privacy? Didn’t he think that a breach, even a little one, is still a breach?”

    – Answered in:

    “Although Google recognizes that the collection of payload data as part of its Street View project should not have happened, that does not necessarily mean the collection was unlawful.”

    – Because it has been determined that having an un-encrypted network means you are freely giving this information to the public. So not in breach of US laws as they currently stand. The report does not cover Australia so your reporting of the 2010 Crikey Clarifier is not relevant.

    – I partly agree with you in this but Google have come a long way in the privacy arena since.

    “Is this Google’s News of the World moment?”
    – Please stop submitting articles to Crikey if you are just going to write beat ups. It’s not even close and you know it.

    Key information not reported:

    Google have already made changes to stop it (privacy violations) happening again: “Google announced changes to its privacy and security practices to prevent similar incidents in the future.” This was reported back in 2010.

    Real issues:

    Any one can collect this payload data and as a community we are not training and teaching people that this is even a problem.

    Who else is collecting this data that you’re not hearing about? They were using an open source and freely available tool. (Kismet –

    Most users when connecting to sensitive websites are connecting over HTTPS and even though they collected some data it was in fact encrypted. The only reason it wouldn’t have been is if the site was negligent to their users. Might be a story in that one for you too!

    The engineer in question “…Engineer Doe invoked his Fifth
    Amendment right against self-incrimination and declined to testify” potentially indicating criminal liability.

    The reason Google were found not guilty of the actual offence:

    “At the same time, based on a careful review of the existing record and applicable law, the
    Bureau will not take enforcement action under Section 705(a) against the Company for its collection of payload data. There is not clear precedent for applying Section 705(a) of the Communications Act to the Wi-Fi communications at issue here. Moreover, because Engineer Doe permissibly asserted his constitutional right not to testify, significant factual questions bearing on the application of Section 705(a) to the Street View project cannot be answered on the record of this investigation.”

    Which seems to indicate to me that there are some substantial legal grey areas here that need to be investigated further along with an investigation of the engineer in question.

    Why is so much of the document redacted?

    Why the fines are so low given the cost of completing an activity like this?


  5. shanghai

    Google do appear to be beyond reach…
    They have a service called ‘Google Checkout” – it’s a transaction service that merchants can use to sell their products via the net and Google obviously gets a transaction fee.
    Last year a person had a fraudulent transaction made on a credit card – it showed up as a Google Checkout charge.
    Unfortunately Google was not able to provide any view on the transaction despite months of circular correspondence and when the issue was formally lodged with the Aus Govt body responsible for investigation the matter was simply pushed under the table by the officers responsible resolving the issue.
    This lack of transparency raised serious issues at the time and from what this article implies the situation remains unchanged.

  6. ButFli

    I’m just going to put it out there: The offences people are talking about are actually in Division 477 of the [i]Criminal Code Act 1995[/i]. The [i]Cybercrime Act 2001[/i] merely amended the Criminal Code by adding sections to it.

    @Scott: Is the unauthorised access, storage and use of personal information not an offence under privacy legislation? (leaving aside the requirement for it to be a serious offence)

  7. John64

    “the closest is point six of Our Philosophy”

    I think in this instance, points 7 and 8 over-rode point 6.

  8. Meski

    The reason you see the same on your laptop and your Android is that you’re logged into a google/gmail account, the same one. Try logging into a different account on one and it will give a different answer.

    “Under the Cybercrime Act 2001 it’s illegal to access computer data without authorisation even if, in effect, the door is wide open  —  just like walking into your house is still trespassing and illegal entry even if the door is unlocked. It could also constitute an illegal communications intercept under the various state and federal acts.”

    Which we all do, by browsing what SSIDs are available to us. It isn’t *much* data, but it’s enough to go after you if they wanted. Another example of laws that are never enforced, unless they want you for something they don’t want to disclose.

    Consider routers that are made with ‘dual’ capabilities (such as WNDR3800), specifically for allowing guest access. If I open the secondary band for this, it’s tacit authorisation to use.

Share this article with a friend

Just fill out the fields below and we'll send your friend a link to this article along with a message from you.

Your details

Your friend's details