Google Street View has come under fire again, this time for collecting wireless router information and some packets of data whilst wandering the globe and collecting pictures of our streets. It looks like the German authorities, in particular, may come down hard of Google though I’m at odds about the ‘calibre’ of the privacy violation – router information is fair game as far as I’m concerned, though data packets are a little dicier. But before I dig into that, let me outline what’s actually gone on.
Last Friday, Google announced that they had been inadvertently collecting some data packets sent via unencrypted wireless access points for the past three years. This admission came after the Street View program (again) came under criticism from German data protection authorities following Google’s (original, and earlier) admission that they had only been collecting information about wireless routers as they drove their cars around towns. Specifically, the original admission saw Google reveal they had collected the SSID and MAC addresses of routers. In layman’s terms, the SSID is the name of the wireless network that is usually given to the device during configuration processes following the installation of the device (e.g. Apartment 312, Pablo14, or any of the other names that are shown when you scan for wireless networks from your computer). The MAC address a unique number that is associated with each piece of Internet networking equipment; your wireless card in your computer, your LAN card, your router, and your iPhone all have unique numbers. After collecting both the SSID and MAC address of a wireless router the company identified the physical location of the device using a GPS system.
Google collects information about wireless networks and (almost more importantly) their physical location to provide a wifi-based geolocation system. Once they know where wireless routers are, and plot them on a map, you don’t need GPS to plan and trace a route through a city because a wireless card and low-powered computer will suffice. There are claims that this constitutes a privacy infringement, insofar as the correlation of SSID, MAC address, and physical location of the router constitute personal information. I’m not sure that I agree with this, as the Google service stands now.
Google’s collection does not generate information about an identifiable individual that could otherwise be understood as ‘private’, save for in cases where individuals sought to suppress their SSID and had that information collected by Google regardless of the individual’s intentions. We don’t know if Google did this or not; if they did then that might constitute a privacy violation. So far as we know, the information collected is not used to assign a unique number to an individual nor is there an effort to collate information around particular wifi access points. Also, as far as we know, Google is not taking the information provided by a wireless router to ‘track’ people as they move around; were this performed then that might constitute some form of tracking of individuals by proxy, and thus fall under the realm of a privacy infringement. Google’s unwillingness to perform this degree of surveillance is confirmed by Peter Fleischer, Google’s Global Privacy Council, who has effectively stated that such surveillance is impossible given how data has been gathered: “…we do not collect any information about householders, we cannot identify an individual from the location data Google collects via its Street View cars.” Given that privacy law tends to be driven by actual instantiations of violation – not the possibility of a violation following the aggregation of data – it doesn’t appear that a clear violation occurs with the collection of the SSID and MAC address alone.
The collection of the public information that a wireless router transmits, while creepy to some, doesn’t strike me as an actual privacy violation. If I stand on the street and take pictures of every car and person who walks up the street this might be seen as creepy, but it doesn’t constitute a privacy violation under Canadian privacy law (barring Quebec). Nor does the act of taking pictures of homes from the street; Google Street View wasn’t shut down because it didn’t clearly violate (non-Quebec) privacy regulations. While the wireless spectrum is less ‘visible’ than the shots we see in Street View it’s a very open question as to whether this spectrum’s invisibility to the human-eye means that wifi access point information is thus somehow private. As far as I can tell, the central issue with Google’s actions (in the Canadian situation) is that the company didn’t inform Canadian officials about this ‘added-feature’ of the Street View program on the basis that Google saw it as an entirely different process that was unrelated to Street View. To some this is going to be seen as a cop-out or lie, but it doesn’t strike me as necessarily untrue. Bell Canada ran into a similar experience with their deployment of Deep Packet Inspection; Bell saw the technology as used purely for billing and traffic management purposes and thus saw no underlying privacy issues with its usage. It should be noted that following the complaint against Bell that very little of the technology itself could be seen as privacy invasive: the most significant change to Bell’s operations included a minor addition to their online documentation.
Google’s most recent revelation, however, exits the ‘creepy’ stage and tentatively enters the ‘privacy invasive’ domain. While collecting information about wireless routers strikes me as OK (or, at least not bad), the collection of data packets while getting wifi information could be read as wiretapping of some ilk. The company has publicly declared that this collection was the accidental result of old code that was recycled for the wifi-collection program and that they will be bringing in outside consultants to confirm that the excess data is entirely removed from Google’s databases. Assuming that the company is telling the truth – and, to date, we have no reason to see them as lying – then this seems like a truly massive-scale error that is being corrected far later than it should. There are varying reasons for why this might not have been corrected previously: challenges in issuing new code to the Street View cars, poor cross- and inter-team communications (i.e. the groups actually dealing with the data sets just ignored the excess data instead of reporting its collection), or pure laziness. In effect, I would maintain we should avoid attributing to malice what we can more easily attribute to ignorance, laziness, and stupidity. This said, Alexander Hanff of Privacy International has a very different read on the collection of data packets transmitted on unencrypted wireless channels that is reasonably convincing. Even if he is right, however, I doubt that Google will ever admit that they were purposefully collecting the full data packets that were made available over unencrypted wifi routers.
In the best case scenario, the outcome of the accidental collection of payload data would include the following: a full accounting of the amount of data that was collected (i.e. are we talking about a packet or two of data, or thousands of packets per wireless access point, with the latter arguably being a very real and substantial privacy invasion regardless of the information being transmitted in the clear); the raising of public awareness of what it means to broadcast data in an unencrypted fashion. While the former might happen, the latter is almost certain to not. Raising awareness would mean that the public would understand that transmitting data over unencrypted channels is like choosing to send out private correspondence and responses to billing inquiries using postcards instead of envelopes. If someone happens to read your postcards then there hasn’t been an infringement of personal information, insofar as the transmitted of the information choose to correspond in an open fashion instead of using sealed envelops. Envelopes, in this example, means using some mode of encryption to demonstrate to those listening to data traffic that the packets are intended to be ‘private’ from external observation. It doesn’t matter if someone uses WEP, WPA, WPA2 (personal), WPA2 (enterprise) or alternate encryption system: if you aren’t encrypting your data, you’re transmitting your data on the equivalent of postcards. It’s not a violation for someone to read the content of your postcards, though it certainly may be ‘creepy’.
There have been some efforts to compare Google’s collection of wifi-based information with their (disastrous!) roll-out of Buzz, but I don’t think that that’s really an apples-to-apples comparison. Buzz leveraged already existing information – information that we knew Google had about particular individuals – to make it more publicly available. This went over poorly. In the case of the collection of wifi information, assuming that Google is telling the truth about their inability and unwillingness to map SSID information and MAC addresses to particular locations to follow people around, then this doesn’t constitute a form of surveillance and arguably doesn’t constitute a privacy violation given that the SSID and MAC are made publicly available whenever a wireless router broadcasts its name and status. If people have issues with this information ‘being public’ then I suggest that they go back to wired routers and disable their wifi access points. (And, I will note, that this just makes good security sense: there is almost no way to perfectly secure a wireless transmission – you can only make it more challenging to defeat the security – whereas wired communications are almost inherently more secure by nature of their design.) As for the data packets that the Street View cars were picking up, whether that genuinely constitutes a violation will be seen when the specific information that was collected is made available to the public, or at least announced in the consultant’s report.