Does Google Have Wi-Fi Data from Your Company?
Google is facing scrutiny and investigation around the world following revelations that it has been capturing and archiving wi-fi data collected by its Google Street View vehicles that drive around capturing the image data used by the Street View service. It is questionable whether Google should have done that, but what is not questionable is whether or not Google should have any data from your wi-fi network.
France, Italy, and Germany--which has some of the strictest privacy protection--have all launched investigations to find out what data Google has collected, and what, if anything, it has done with it. United States congressmen have asked the Federal Trade Commission to explore whether or not Google has violated any laws.
While it may seem like an invasion of privacy--and in some countries or jurisdictions it may very well be--it is not necessarily against the law here in the United States. Frankly, there is no reasonable expectation of privacy for data that you willingly broadcast unencrypted into public airwaves.
Every other restaurant or coffee shop these days offers free wireless access. There is no agreed upon convention for SSIDs, the network name of the wireless network, so there is no real way for individual users on the street, or for the Google Street View car for that matter, to discriminate between wireless networks that are intended for public use, and wireless networks that are intended to be private, but just happen to be insecure.
So, is it possible that Google has sensitive or confidential data from your company? The answer should be an unequivocal "no", because your wireless network is of course protected with at least WEP encryption--as insecure as that might be. Right?
Your wireless network should really have WPA2, or at least WPA encryption enabled. Without encryption turned on, your data can be intercepted by unauthorized users (or Google Street View cars). That same convenience that allows you to connect to the wireless network from the conference room 200 feet from the router, also allows any other wireless device within range of the router to connect as well.
WEP encryption is known to be easily cracked. There are tools available that can crack a WEP encryption key in a manner of minutes. In terms of providing any real protection for your data, WEP is woefully inadequate. But--even WEP encryption would at least protect your data from being intercepted by casual passersby (or Google Street View cars).
Google's "Oops, we captured and saved years' worth of wireless data accidentally" story seems a little suspect, and in some cases may explicitly violate laws. Regardless of Google's activities or motives, though, if you have taken even the most basic precautions with your wireless data, you can rest assured that Google doesn't have your data.
Follow Tech Audit on Twitter.