Australian Government v. Google on privacy issues...
I hope somehow that this ends in a humiliating defeat for BOTH sides.
Robert McClelland, Australia's Attorney General, has asked the police to investigate the collection of network information by Google's StreetView cars. The Australian Federal Police High Tech Crime Centre confirmed to iTnews that it was considering a full probe. McClelland said his department had received many complaints but …
Take what might be the most farcical 'deliberate hack ever.. A few seconds data gathered once or maybe twice, randomonly, for a 30 second period. And only if you could not be bothered with even the mildest encryption on their wifi, and do not use ssl to login to your mail..
Scream 'they are stealing my passwords'.
Personally; the more these twits talk the less I hear.
Facebook is right to ignore them too.
And Jim Gamble.. dont get me started.. I notice the Bloody Sunday and Operation Ore reports are still not out.
Using SSL to login to email doesn't matter much if, like a lot of services it automatically falls back once you've logged in (Yahoo as an example) and hence everything is sent in the clear.
Don't blame all users when the manufacturers used to and some still do send out the devices with no security on (or crappy WEP enabled) and more recently found that a simple sticker on the underside with SSID and password in conjunction with WPA/WPA2 works wonders.
Interception of communications without authorisation is still illegal in most jurisdictions so stop making excuses and shifting the blame. All evidence would seem to indicate it was deliberate, they got caught, and they are arseholes for doing it. End of.
Sorry the laws that are there for interception of comms/telephony where designed for encrypted and protected systems to legally define hacking in a court of law. They've essentially extended this (by being lazy and not actually revising the law) that war riding is also illegal but extension.
This is a poor law as anyone who operates what is essentially an open relay and subsequently has their private data stolen then they deserve everything they get. They're operating their wifi network cheap, insecure and as an idiot. So much so that the Queensland branch of the AFP is currently roam QLD for open networks.
Also if you use a service for anything critical and it doesn't serve everything through SSL then your an idiot. If Yahoo operates in such a manner then its a wonder why anyone uses it. Hell if i cannot verify the SSL i wont touch the site or enter any data that i actually care about.
Security doesn't have to be difficult or complicated.
Hacking a telephone line is trivialy simple at the house end. Attaching two crocadile clips to the copper cable still works in alot of places. Should this therefor be legal? Should people be at fault in law for not locking there doors? Just because it is easy dosen't make it less wrong.
Given that practically all Wi-Fi routers issued in the past few years have some form of encryption set as default (and a suitably generic SSID that usually just identifies the brand of router), then those with no encryption either (a) have a router so ancient it doesn't have any form of encryption enabled by default (and their ISP hasn't got around to issuing an update yet), or (b) the users have deliberately disabled it, possibly unaware that by doing so they're sharing their net connection with half the neighbourhood.
So you could argue that by having no encryption whatsoever, they're placing their network info in the public domain. After all, anyone with a laptop and a logging wireless network sniffer could obtain the same information through driving around their neighbourhood...
Cyncial epileptic tree: use the information harvested to "improve" their ad-serving technology, so more ads get shown to these (presumably) gullible fools. Who will spend more money with the advertisers, so the advertisers will spend more money with Google...
After all, the people who have unencrypted Wi-Fi connections are unlikely to be using a decent browser, let alone AdBlockPlus or NoScript... :)
I have read a number of commentators - in responses to various articles about this matter - make comments like '... you could argue that by having no encryption whatsoever, they're placing their network info in the public domain.' It's a weak argument, as any number of everyday analogies will serve to prove.
It's all too easy for those of us 'technically inclined' to scoff at 'idiots' using an open network or WEP, but doing so helps little in addressing the issues at hand. Let's not forget that some people out there are well, 'just human' after all.
Although my day-to-day job is software development I have been amazed at just how many people I have encountered on a personal level who run with open or WEP WiFi. It is quite common to be told that 'the chap advertising in the paper - who claims to be an IT expert - set up my wireless network'. More often than not, what I see on a local level, is a story that involves a self-proclaimed expert - who is in fact little more than a jobsworth monkey - being paid for providing a sub-standard service. Similarly, I often find pensioners who cannot afford to pay someone to secure their WiFi, place full trust in their equipment manufacturer. In fact this is such a common occurance, I have recently donated some of my time to securing a number of WiFi networks for pensioners for free - the kind sould that I am ;)
My point here is that it is far too easy for us 'geeks' to assume that everyone should know everything that we know. It is useless to generalise and call those running open/WEP WiFi 'idiots who deserve whatever they get'. In fact, to me, that stinks of ego and elitism. (No reference to any comments in these responses should be inferred here).
What this whole Google episode has done however, is to ferment discussion. Part of the natural discourse should now be a consideration to increase pressure on certain hardware manufacturers to 'up their game' in this respect.
Do I believe however that the 'snooping' episode was a simple oversight on the part of Google? Not for one minute! However, whether or not this was an intentional act by Google is wholy irrelevant. If they have broken laws, they should be held to account. Ignorance is no defence in a court of law. Ignorance is believing Google when they say 'Do no evil'... Yes you can make money without doing evil, but you'll make a whole lot more by doing just that ;)
OK, I wonder what proportion of people with Wi-Fi have routers shipped with no encryption whatsoever? I'm sure most ISPs within the past 3-5 years have shipped routers with some form of encryption enabled by default. OK, WEP is easy to crack, but at least it is a form of encryption (and presumably requires a few minutes of effort to crack).
To take the house analogy: you probably wouldn't get any insurance whatsoever if you had no locks on your door. If you had a lock that was very easy to pick, you'd probably get some form of insurance, as that alone would deter casual thieves.
As for the legality, what information exactly is Google obtaining? If it's just SSIDs and MAC addresses, which are freely broadcast, the courts would probably struggle to find a relevant law. After all, web sites can grab your IP address and referring page through standard HTTP headers, and possibly a lot more via various scripts. If they grabbed data packets being sent across the network, they'd be in significantly murkier waters.
you do not have to protect your valuables...
but if you went out leaving your front door open and got burgled then you insurance probably won't pay out.
Though I think there is a far stronger case for blaming insecure wifi users for "unauthorised access" than requiring them to shut or lock the door of their house to prevent burglaries . After all your equipment is broadcasting an offer to connect to your network beyond the boundaries of your property (your SSID), if someone accepts that offer your automated system (DHCP) then facilitates the connection... so the crime wouldn't have happened without your help.
Is it illegal to walk up to a man in the street who is wearing a Rolex and a short sleeved shirt and say:
"could I please have that Rolex your wearing"
It's only a crime if you swipe it without permission or bash him over the head and rip it off his wrist.
If he just says "sure, here you go" you've just got yourself a nice new watch!
Also if someone intercepts what you send over an unsecured wifi network from the street then I don't see how that is different from walking passed a window while someone is shouting and overhearing what they say. You're the one who put the information in the public domain you're the one to blame for someone seeing it.
The fact that many people aren't able to setup their own equipment is not that surprising but if your negligent in doing something you might be held liable.
Not that I'm advocating a free for all for war drivers... if you find a Rolex laying in the street you aren't allowed to just pick it up and keep it. It just seems to me that a standard unsecured wifi network is a lot closer to an invitation than a watch laying on the ground.
Biting the hand that feeds IT © 1998–2022