Google Accused of Breach of Lawmakers’ Home Wi-Fi Networks

Google has been accused of drive-by spying on members of Congress, including those involved with homeland security, by uploading e-mail or Website viewing information while mapping for its Google Street View. According to a government watchdog group several members of Congress have unsecured wireless networks, including Rep. Jane Harman, D-CA, who heads the intelligence subcommittee for the House Homeland Security committee, and whose home was discovered to house unsecured networks named “harmanmbr” and “harmantheater.”

Google previously admitted that it had accidentally collected “samples of payload data” information in a rather innocuous update to a month-old press release last month and released a report on the breach June 10.  However, a advocacy group called Consumer Watchdog decided there needed to be more publicity to expose the “WiSpying” and the group decided to conduct its own experiment by sniffing out unsecured networks at Congress members’ homes. Sure enough, they hit paydirt. From the report:

Between June 27 and July 6, SNS Global LLC conducted a program to determine what networks could be identified near the residences of several members of Congress whose Washington-area homes are pictured in Google’s Street View database. The residences surveyed included those of House Energy and Commerce Committee Chairman Henry Waxman, Chairman Emeritus John Dingell, and Reps. Edward J. Markey, Rick Boucher, and Jane Harman.

The equipment used was two laptops running the Linux operating system and the Kismet wireless network detector, sniffer, and intrusion detection system.1 Kismet is an open source program used by Google to collect information about residential wireless networks in the United States and more than two dozen other countries.

The experiment reportedly showed the information Google inadvertently collected and kept on the congress members (and broadly hinted this happened to many others around the world.) In a letter to Harman, both Jamie Court and John Simpson of Consumer Watchdog urged a call to action:

This leaves little question that Google is currently in possession of sensitive data from the information networks used by members of Congress in their residences.

Because of your position, we believe this is not just an invasion of privacy but an unwarranted intrusion by Google into legislative branch matters. In our view, you have the right to demand that Google disclose to you any information it has collected regarding your home wireless networks.

In addition we urge the Energy and Commerce Committee to, at its earliest convenience, hold a hearing on Google’s WiSpying and data gathering practices.

What Google did was likely innocent since it claims its code accidentally collected all publicly broadcast WiFi data, but what was stupid was being unaware they were doing it at least for several months. If just a piece of unsupervised code can create such security havoc, what else does Google create and collect without anyone but a single engineer’s knowledge? (Google says it kept the information, segregated it and would dispose of it with the consent of interested parties.) Bad Google, and you deserve a slap on the server.

Consumer Watchdog’s concern is perhaps in the public interest, but their alarmist tactics are unnecessary. Unsecured wireless networks have always been a security risk — but any neighbor can see that private information. Google hasn’t done anything that hasn’t been done by millions of others with Wi-Fi access. As for Google’s photos of one’s street? There’s nothing illegal or immoral there as long as photos are taken in a public space — like a city street.