Police probe Google over Wi-Fi blunder
By Stewart Mitchell
Posted on 23 Jun 2010 at 08:35
The Metropolitan Police is to probe Google over the privacy blunder in which the company collected W-Fi data during a country-wide sweep for its Google Street View service.
“The MPS has received a complaint regarding alleged access to online activities broadcast over unprotected home and business Wi-Fi networks,” the Met said in a statement sent to PC Pro. “The matter is now under consideration.
“It has yet to be determined what, if any, offences may have allegedly occurred.”
The action follows a complaint from rights group Privacy International alleging that the data breach represented a criminal interception.
According to the Information Commissioner's Office (ICO) - which has so far not started its own investigation - Google had been collecting data that carried some personal ‘payload’ for three years, while using scanning equipment to capture details of local Wi-Fi networks in the company's Street View photography cars.
The police will first ascertain whether any laws have been breached as suggested by Privacy International which brought the action under two laws - the Regulation of Investigatory Powers Act and the Wireless Telegraphy Act.
According to Privacy International, the police investigation is likely to involve interviews with Google staff to ascertain who within the company is the “responsible person”.
Privacy International says it has been briefed on the prosecution process and that an initial investigation will take eight to ten days, after which the case will be escalated to a specialist team working at the national level.
No estimate has been given regarding the likely period of the main investigation, but the campaign group was obviously pleased with its work.
"We are pleased that the police have taken up this complaint for investigation. An evidence based approach to this complex matter is sorely needed now,” said Simon Davies, director of Privacy International.
"We have already told police that we will cooperate fully with any inquiries. I know Google will want to do the same.
"We hope that this difficult process will give Google pause for thought about how it conducts itself. Perhaps in future the company will rely less on PR spin and more on good governance and reliable product oversight."
Google was not available for comment at the time of going to press, but has previously said it would co-operate fully with the authorities looking into the breach.
Is your business a social business? For helpful info and tips visit our hub.
I can't imagine that a prosecution would be viewed as in the public interest.
By QbixQbix on 23 Jun 2010
This seems more of a publicity stunt for Privacy International than anything else.
Given that random wi-fi data has limited usefulness, it's all out of date and it hasn't been used anyway I'm not sure what all the fuss is about.
Obviously there are regulatory issues but the criminal law is entirely inappropriate in this case.
By milliganp on 23 Jun 2010
OK, so Google settle out of court, oops, sorry...
And then the mobile phone signal coverage it was recording?
Local radio stations?
What else was that car/van doing?
(I bet it even went over the speed limit at some point)
By Sercul on 24 Jun 2010
Waste of time
What a waste of public money and policing resources. This is yet another example showing that the police are out of control and totally unaccountable. My feeling is that most people would much rather see more effort devoted to catching dangerous and violent criminals. Still if you are one of the gallant "boys in blue" then I suppose you'd much rather spend your time investigating this sort of stuff, much less danger of getting injured and no interference with coffee breaks.
By gu55ett on 24 Jun 2010
Useless but interesting data
I very much doubt the Google got anything more personal than an IP address, which of cause is probably enough for hackers. There would be a lot more devious work to be done there after and most of the IP addresses will not be public IP addresses away.
Personally I would quite like to see the spread of WI FI throughout the country. As a bit of completely useless information it is quite interesting for us geeks. Since I set up my solitary home WI FI in quiet leafy Harrogate ten years ago there must be at least 10 to 20 connections now.
By wickyat33 on 24 Jun 2010
It's not whether the gathering of data by Google is worth the trouble of formal investigation, it's establishing and formulating a set of rules to ascertain what is permissable and what is not!
By louisbaron on 24 Jun 2010
Privacy International: quit your whining!
If Google have panicked people into securing their own wireless networks properly then that's a good thing, I'd love to see PI argue against that. Better for Google to access it than a criminal gang!
By mspritch on 24 Jun 2010
Let's be clear, any transactions not encrypted will have been captured. That includes email login username & password, and the content of any emails being sent at the time.
This is electronic form of breaking and entering and then opening any letters found on the door mat, and photocopying them to take away with you... but saying you won't read them, even though you're keeping the copy!
I'm sure the laws were changed to make accessing someone's unprotected WIFI some sort of offence.
Google do it country-wide and you are blasé about it, but if one man did it to a neighbour, he might get into trouble. The law should look at both equally.
If that really is the case, then this ISN'T a waste of police time, but important to stop the erosion of privacy.
OK. So the unprotected connections are a bit like leaving the door unlocked, but at least with a door, you can see yourself that you forgot to lock it. With WIFI, you can't "see" it. So it is also about education too.
And in the past, suppliers sent their routers out without encryption.
In fact just the other week, I saw a BT Business Hub was shipped with WEP encryption only. In this day and age that is no protection for a business!!! Oh, and it is so quick to break into WEP by sniffing encrypted traffic, that Google probably have enough data to crack most WEP encrypted access points if it chose to! Not suggesting they intend to do that, but their data capture country-wide really needs to be tackled!
The police stop you if you have a knife in your pocket, a baseball bat or gun under your seat in your car, or if you have a set of skeleton keys or lock picks in your pocket... you might have no intent to use any of them, but the police don't take lightly to it. Why should we trust Google to wander the streets of our nation with the tools for mass privacy erosion and get away with it?
By mdoragh on 24 Jun 2010
People keep making a comparison to paper mail saying it is like someone breaking in and reading your mail. But that is really a rather bad comparison because WiFi is a broadcast medium, it is more like you taking your mail, copying it in large letters, and handing a copy to everyone on the street.
If you use unencrypted WiFi every WiFi device in the vircinty receives a copy and chooses to discard it having received it based on some of the information in the packet.
If I paint a message the front of my house in large letters would you think it reasonable if I complained to the police that you are invading my privacy by reading it and storing it in your memory.
I too am over simplifying but if people choose to make comparisons at least use an appropriate one.
If you don't want anyone to read what you send over WiFi don't sent it over WiFi. Encryption of any kind only makes it harder to read thus reducing the risk of it being read.
By glennon3 on 24 Jun 2010
You write a letter, post it and put it in a post box. You trust the postal service not to steam it open & read it. Does that make you stupid?
By downview on 26 Jun 2010
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- Cut out the broadband jargon? What jargon?
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords