Oct 2, 2012

Forget government data retention, Google has you wired

Mandatory data retention proposals have libertarians in a flap. But what Google and a bunch of other companies are doing via Wi-Fi is much worse.

Stilgherrian — Technology writer and broadcaster


Technology writer and broadcaster

If the mandatory data retention proposals currently being urged by Australia's protectors of freedom and democracy aren't scary enough, take a squiz at how the private sector is already tracking your every move. Literally. The smartphone boom has brought with it a boom in location-based services, providing information that's automatically tailored to where you are right now. Weather and traffic conditions, or the closest available bank ATM or Greek restaurant or dry cleaner or easy man-s-x. Providing these extremely satisfying services means reporting your location to everyone involved, with obvious privacy implications. But the creation and operation of the location services themselves -- they're the means by which your smartphone knows where it is -- raise their own questions. While most smartphones have a GPS receiver for satellite-based positioning, it's power-hungry and often turned off. But you can get something that's close enough for most purposes, accurate to a few metres, using Wi-Fi. The smartphone keeps track of which Wi-Fi hot spots it can see, and that's compared with a previously constructed map of Wi-Fi points. Google Maps has the best-known such service. As its Street View cars drove every street taking photographs, it also noted the location and identifiers of the Wi-Fi networks it encountered -- both the so-called SSID us humans use to identify the wireless networks we want to join, and the unique MAC address that individually identifies each Wi-Fi device. In 2010 it was revealed that Google had also recorded snippets of Wi-Fi data traffic -- the actual private communication -- "to see if the data could be used in Google's other products and services". One obvious example would be to identify the computers or people using that network, so location-based services could be provided to them as well. Google subsequently claimed that recording the communications was an accident and software developed as an experiment had ended up in operational systems. It also claimed it was an accident when it failed to delete all of this data for the UK following an order by the Information Commissioner's Office, even when it certified that they had. Google isn't the only provider of such a Wi-Fi-based positioning system (WPS). Less well-known companies Skyhook and Navizon already drive the streets compiling their hotspot maps -- in the case of Navizon by crowdsourcing the data from end users' smartphones. Both already have coverage in Australia's capitals and regional centres. When Google's Wi-Fi recording was first discovered, communications minister Senator Stephen Conroy launched a 10-minute tirade in Senate estimates. "Google takes the view that they can do anything they want," he said. "It is possible that this has been the largest privacy breach in history across Western democracies." So how does Conroy feel about Skyhook and Navizon's mapping work, even without any recording of the communication itself? "My office has been in contact with the Privacy Commissioner and the ACMA asking whether such activity would breach Australia's privacy provisions if it occurred in Australia," he told Crikey. A WPS service can obviously log your physical location, but so can the provider of every app using that service. And so can the provider of any advertising included in the app. So can the provider of the smartphone, as shown earlier this year when the media discovered that Apple logs the location of every iPhone. Now "compiling a database", even a "secret" one, isn't evil in and of itself, despite the rhetoric of the tinfoil hat brigade. (Example: this article putting the word "databases" in scare quotes.) We all compile databases, everything from our personal address books to our business' customer account records. Any privacy problems arise when the data is used, potentially in conjunction with other data, not in it mere compilation. But the number and scale of databases being compiled in this age of "big data" have destroyed the assumptions our privacy laws are based on: the notion that all that matters personally identifiable information (PII) like our name, date of birth, address, phone number and email address. Computer scientists Arvind Narayanan and Vitaly Shmatikov, of the University if Texas at Austin, have shown that everything and anything can be PII if you have enough of it. After all, there's only so many mid-30s females in postcode 2043 (filled out an opinion survey) who drive a Mazda (looked for a service centre online), play tennis (searched for tennis shoes) and took a holiday in Vietnam (posted photos to Flikr). And the more you know about someone, the more you can understand them, predict their moves or even influence them. As just one example, consider that a team from the University of Birmingham figured out how to predict where you'll be in 24 hours within 20 metres using only your smartphone's location records and those of the contacts in its address book. It all makes the government's plans look positively benign.

Free Trial

You've hit members-only content.

Sign up for a FREE 21-day trial to keep reading and get the best of Crikey straight to your inbox

By starting a free trial, you agree to accept Crikey’s terms and conditions


Leave a comment

16 thoughts on “Forget government data retention, Google has you wired

  1. Harper Colin

    Well, there you go.

    Last week an article on Iran which tried to convince crik*y readers that the Iranian government is the centre-piece of the Axis of Evil and this week an article ( no name to it ) is trying to convince us that the proposed govt data retention scheme is something we all should “forget”.

    Thanks crik*y, for giving us the option of choice on the lesser of the evils. We are all much safer now.

  2. Come On Carlton

    @Harper Colin

    Are you blind or something Harper? The author of the article was Stilgherrian. And a good article indeed. Reminding us about the Google intrusion is nothing light-weight.

  3. Edward James

    Our legislators are not even playing catch up with the speed and growth of technology and corporations interest in the idea that knowledge is power. Edward James

  4. Oscar Jones

    I have railed against Google for years now and feel like a lone voice.
    Google is a profit making corporation with decidedly dodgy morals as revealed by the $500M fine imposed upon them last year by US Justice for breaching drug advertising laws. They are currently being investigated under US Anti-Trust laws.

    Malcolm Turnbull says there is something dodgy how Google made $50M in profits in Australia yet paid a fraction in tax. They base themselves in tax havens but demand the world adhere to US laws (so-called ‘Freedom Of Speech’).

    Yet tech writers and legal writers (Fairfax) wring their hands when a European country hauls a Google exec into court when their laws are breached. Until the MSM stops worshipping Google and their ilk, nothing will change.

  5. Oscar Jones

    Edward James : our laws are inadequate as the recent trolling incidents have indicated and how Facebook are so stubborn about removing the appalling pages about the recent Melbourne murder that could de-rail a trial.
    Our politicians seem beholden to the power of the net and normally sensible legal writers actually claim that our laws on defamation and so on, should be changed to accommodate private business.In other words b**ger the citizen, let’s make it easy for Google to operate.

  6. Serenatopia

    Google misusing information to better sell us stuff is one thing…our Governments misusing information to implicate us in crimes we didn’t commit is a different thing altogether…

  7. Edward James

    @ Oscar Jones Posted Tuesday, 2 October 2012 at 6:01 pm Every time I publish a paid announcement in one of our local Central Coast papers and there have been around forty. I am literally betting my house. Understanding as I do the truth is not always a defense against a defamation action. Not being a politician I do not have the protection afforded them by cowards castle, when I identify local politicians by name as liars in print. What I do understand is I was naive to believe all I needed to do was expose abuse of power and systemic corruption in the court of public opinion and the rest would fall into place. I now understand full and well rusted on party supporters are a lot like the parents of problem children, they just refuse to accept the problems. Edward James

  8. zut alors

    Avoid the trap, don’t use smartphones. We’ve become addicted to IT and fallen for the dubious claims that our lives are better for it.

  9. Stilgherrian

    @Harper Colin: You seem to be unfamiliar with the colloquialism “forget X, look at Y”, which does not mean literally to forget X?

    Maybe have a read of some of the other things I’ve written about government data retention and you’ll see that any claim that I’m a supporter of it is very, very silly indeed.

    @Serenatopia: But don’t forget that being able to “better sell is stuff” can include selling products that are less healthy but more profitable, or political ideas that are less savoury but more beneficial to the promoter and so on — all based an a more sophisticated understanding of our psychology than we ourselves possess.

    The idea that this is just about not showing BWM adverts to people who don’t drive is way, way understating the capability.

  10. Edward James

    While I am not that good at spelling and grammar Stilgherrian. I have noticed you have written four paragraphs. The last two appears to have an error! “better sell is stuff” the word quoted is “us” the reference to “BWM” is the sort of proof reading error which often embarrasses me because I am just hopeless / lazy most of the time. Edward James

Share this article with a friend

Just fill out the fields below and we'll send your friend a link to this article along with a message from you.

Your details

Your friend's details