Google has been in some hot water for a couple years now regarding revelations that its Street View cars traveling the highways and back streets around the world were collecting more than Street View images. Google also intercepted wireless network data, but the reality is that Google only captured wireless data that wasn’t properly protected in the first place.
Google has changed its story a number of times since the report first broke. First it claimed it only collected SSIDs and MAC addresses. Then it conceded that actual data was intercepted, but that a rogue Google engineer was responsible. New information illustrates that Google was aware that data was being collected for years before the activity was uncovered.
The FCC has been investigating, and recently fined Google $25,000 for the incident. In its report, the FCC concludes, “For more than two years, Google's Street View cars collected names, addresses, telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files, and other information from Internet users in the United States."
Knowingly gathering such sensitive personal information is a breach of privacy, and certainly seems to violate the “Do No Evil” mantra Google subscribes to. But, Google has argued that its actions do not violate the Wiretap Act, and it seems that--technically speaking--Google didn’t do anything wrong.
The fact is that Google only gathered data from wireless networks that were beaming that data unencrypted through the air where anyone within range could easily intercept it. Those homes where basic security measures were implemented, and the wireless data was protected with encryption were unaffected because the only thing the Google Street View cars would capture would be digital gibberish.
Google’s behavior might be shady, but at least we can be relatively confident that Google isn’t using the information for identity theft, or hacking into personal bank or credit card accounts. The same can’t be said for random roaming attackers who can intercept the same information just as easily.
On the one hand, the users who use insecure wireless networks, and set up wireless routers with no encryption are just as much to blame as Google. In fact, it can be argued that Google did the general public a favor by demonstrating and disclosing just how much information can be captured from these unprotected wireless networks.
Keep in mind that the same thing that makes a wireless network convenient for you to use is also one of its security weaknesses. If you can connect to your wireless router from the other side of your house, then your neighbor, or a rogue stranger sitting in a car by the curb might be able to connect just as easily.
If you have a wireless router, you need to have encryption enabled. WPA2 encryption is currently the best protection available for consumer wireless devices. WEP or WPA encryption are also options, but both can be cracked in minutes by a skilled attacker. Still, even WEP or WPA would prevent casual snooping, and would protect data from the sort of incidental snooping performed by the Google Street View cars.
This story, "Don't Let Google Intercept Your Wireless Data" was originally published by BrandPost.