Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Judge OKs Wiretap Lawsuit Over Google Wi-Fi Sniffing

Soulskill posted more than 3 years ago | from the sending-a-message dept.

Google 137

An anonymous reader writes "Last year Google found itself in hot water after admitting to accidentally collecting payload data from unsecured Wi-Fi networks. Their admission led to a number of investigations and complaints around the globe, and a U.S. District Court Judge has now denied Google's motion to dismiss a class-action lawsuit which alleges the search giant violated federal wiretapping laws. 'Judge James Ware drew a distinction in yesterday's ruling between merely accessing an open WiFi network and actually sniffing the individual packets on that network. In the first case, one is only jumping onto a network to send and receives one own communications; in the second case, one is looking into someone else's communications, and doing so in a way that requires nontrivial technical ability or software.'"

Sorry! There are no comments related to the filter you selected.

a shame (1)

alphatel (1450715) | more than 3 years ago | (#36635146)

Google will likely plead innocence, but it's hard to believe this megalith would do such a thing unwittingly.

Re:a shame (3, Insightful)

secretcurse (1266724) | more than 3 years ago | (#36635212)

What did they do that's wrong? The dumbasses without encrypted networks were broadcasting their information out to a public road. The Google vehicles were in public when they received the plaintext information. If the people were outside screaming their online banking credentials out loud and Google happened to be driving a car with microphones recording ambient noise at the time, would that be illegal?

Re:a shame (1)

Bob the Super Hamste (1152367) | more than 3 years ago | (#36635298)

I would think that this is similar to the "on the internet" or "with a computer" type of patents where because something that is analogous in the physical world, shouting your banking info, and would be laughed out of court gets treated differently because technology is involved. I do wonder if charges could be brought for wire taping in a two party state?

Re:a shame (1)

black soap (2201626) | more than 3 years ago | (#36636108)

I would agree, except this broadcasting isn't obvious to most people the way some guy on a streetcorner yelling his credit card numbers would be. Remember the ruling on thermal imaging without a warrant?

Re:a shame (3, Insightful)

tftp (111690) | more than 3 years ago | (#36635686)

If the people were outside screaming their online banking credentials out loud and Google happened to be driving a car with microphones recording ambient noise at the time, would that be illegal?

IMO, it would be illegal if you use a high gain microphone and uncommon, expensive equipment. A packet sniffer, for most people, comes straight from spy stories, and it's not much different to placing alligator clips on phone wires. After all, we "broadcast" our phone conversations on public wires that aren't much protected.

The reason is that we deal in perception of privacy. There are no absolutes. However when two persons talk in the street, they believe to have privacy if there is nobody around close enough to overhear their conversation. It's common sense.

There is yet another note. "Broadcasting" means transmission that is intended for everyone to receive. Radio and TV stations broadcast. However cell phones don't broadcast - we say that they establish communication channels, point to point (from the handset to the base station.) Clearly intercepting that communication (however difficult today) would be wiretapping. But what's the difference between the cell phone that carries your protected oral speech and the email that carries your protected written speech? The encryption can't define that, otherwise it would be legal to break into unlocked homes.

Re:a shame (0)

Anonymous Coward | more than 3 years ago | (#36635912)

I could be mistaken, but it is legal to walk into unlocked homes so long as you have no intention of stealing or vandalizing the place.

Re:a shame (1)

tftp (111690) | more than 3 years ago | (#36636014)

I could be mistaken, but it is legal to walk into unlocked homes so long as you have no intention of stealing or vandalizing the place.

I wouldn't recommend you to test this legal theory of yours. If you are lucky you will be arrested for trespassing. If you are not very lucky, your body will be collected by the coroner. Note that you, a 30 y/o man (for example) don't need to wield a weapon to constitute a clear threat to a 90 y/o woman who just happens to have a .357 in the drawer. Remember, if an old man is not strong enough to fight you he will just kill you.

Re:a shame (1)

Sloppy (14984) | more than 3 years ago | (#36636890)

If you are lucky you will be arrested for trespassing. If you are not very lucky, your body will be collected by the coroner.

If you arrest or shoot me in your home, one thing's for sure: I am never going to trust your party invitations again. No one else will, either.

The point being, the whole come-into-home analogy is bullshit. If one person is going to map receiving the signals as equivalent to entering, then it's no less crazy to map broadcast of the signals as equivalent to sending out invitations.

Re:a shame (1)

GooberToo (74388) | more than 3 years ago | (#36636354)

I could be mistaken, but it is legal to walk into unlocked homes so long as you have no intention of stealing or vandalizing the place.

Maybe, maybe not, It depends on the particulars. It may be considered trespass if you were not invited, even if the door was left wide open. Simply entering a stranger's property, without an implicit understanding the public is invited (example, store front vs home) would be considered illegal.

Re:a shame (2)

Tanman (90298) | more than 3 years ago | (#36635924)

Even more than this, if you use a wireless phone then someone with simple radio equipment could easily listen in. Guess what? Still illegal.

What Google did is wrong. I wonder if they were also logging SSIDs for networks with SSID broadcast off? It's trivial to still obtain that SSID, but wouldn't that be circumvention of protection?

Re:a shame (0)

Anonymous Coward | more than 3 years ago | (#36635990)

Except they weren't screaming on megaphones. They were transmitting it on radio according to a well published digital standard. I'm not sure which of the two carries furthest and clearest, but I'll put my money on the digital radio transmitter. ;-)

Re:a shame (3, Informative)

zill (1690130) | more than 3 years ago | (#36636018)

IMO, it would be illegal if you use a high gain microphone and uncommon, expensive equipment. A packet sniffer, for most people, comes straight from spy stories, and it's not much different to placing alligator clips on phone wires. After all, we "broadcast" our phone conversations on public wires that aren't much protected.

Phone lines aren't public. They're owned by the ISP. So using alligator clips on phone wires would constitute both b&e as well as destruction of property. Landlines aren't "broadcasted" in any sense of the word. Landline signal only travel in private spaces, therefore there is a reasonable expectation of privacy, unlike open WiFi which is broadcasted to the public space.

The reason is that we deal in perception of privacy. There are no absolutes. However when two persons talk in the street, they believe to have privacy if there is nobody around close enough to overhear their conversation. It's common sense.

When two people shout loudly to each other in the streets, they should have no reasonable expectation of privacy. That's exactly what open WiFi is.

Talking on the street the equivalent of encrypted WiFi, which doesn't apply to this case.

However cell phones don't broadcast - we say that they establish communication channels, point to point (from the handset to the base station.) Clearly intercepting that communication (however difficult today) would be wiretapping.

This is false. Cell phones broadcast unidirectionally on account of their antennae design. You can receive cell phone signals with a $100 scanner from radio shack. I'd hardly call that "uncommon, expensive equipment".

Decrypting those signals on the other hand, is much more difficult.

But what's the difference between the cell phone that carries your protected oral speech and the email that carries your protected written speech? The encryption can't define that, otherwise it would be legal to break into unlocked homes.

The difference is the encryption. Breaking into homes is illegal because there are laws against it. Whether the home is locked or not is irrelevant. There's nothing illegal about receiving public broadcasts, otherwise I would be be jail for all those years of participating in ham radio.

Re:a shame (1)

tftp (111690) | more than 3 years ago | (#36636160)

Phone lines aren't public. They're owned by the ISP. So using alligator clips on phone wires would constitute both b&e as well as destruction of property.

If you are a ham you should know that a simple magnetic loop will pick up enough signal to decode conversations without physically connecting to the bundle. The phone sends something like 0 dBm on the wire into 600 Ohm, that's plenty of current. Does it make it legal to wiretap?

Cell phones broadcast unidirectionally on account of their antennae design.

You are in danger of losing your geek card (if not the FCC license.) Cell phones' antennas are omnidirectional in the horizontal plane.

You can receive cell phone signals with a $100 scanner from radio shack.

The CDMA signal is DSSS, well below the noise floor of the receiver, You need to synchronize to the PRN code to pull it out. No $100 scanner from Radio Shack can do that.

There's nothing illegal about receiving public broadcasts, otherwise I would be be jail for all those years of participating in ham radio.

Try to manufacture and sell receivers for now extinct AMPS and you may yet find yourself locked up.

Re:a shame (1)

zill (1690130) | more than 3 years ago | (#36636700)

Phone lines aren't public. They're owned by the ISP. So using alligator clips on phone wires would constitute both b&e as well as destruction of property.

If you are a ham you should know that a simple magnetic loop will pick up enough signal to decode conversations without physically connecting to the bundle. The phone sends something like 0 dBm on the wire into 600 Ohm, that's plenty of current. Does it make it legal to wiretap?

No, because privacy laws protect phone lines.

Someone using magnetic loops to intercept landlines would be guilty of the wiretapping laws.

Someone using alligator clips to intercept landlines would be guilty of breaking and destroying the phone company's property, as well as violating the wiretapping laws.

There are currently no laws against receiving public broadcasts.
 

Cell phones broadcast unidirectionally on account of their antennae design.

You are in danger of losing your geek card (if not the FCC license.) Cell phones' antennas are omnidirectional in the horizontal plane.

Sorry, that was a typo.
 

You can receive cell phone signals with a $100 scanner from radio shack.

The CDMA signal is DSSS, well below the noise floor of the receiver, You need to synchronize to the PRN code to pull it out. No $100 scanner from Radio Shack can do that.

DSSS is part of the encryption scheme. The PRN code is one of the secret keys. I specifically said decryption of the signals will be very difficult. But a cheap scanner will still be able to receive the signal. Just like how in this case google just received and recorded the plaintext messages.

Re:a shame (1)

strength_of_10_men (967050) | more than 3 years ago | (#36636116)

So by the judge's reasoning, ISPs can be sued if they use packet sniffing to detect usage for throttling or shaping?

And to the GGP, it's a civil suit, there is no pleading of innocence.

Re:a shame (1)

tftp (111690) | more than 3 years ago | (#36636260)

So by the judge's reasoning, ISPs can be sued if they use packet sniffing to detect usage for throttling or shaping?

It's more of a legal territory. However ISP should be allowed to look into packets as long as that is necessary for fulfilling their part of the contract. USPS is also allowed to look at the address of my mail to find out where to send it to. FedEx will ask me what is in the envelope that I address to a foreign destination because of customs. All these actions are needed.

However Google is a 3rd party; its existence and involvement doesn't benefit any of the parties in the wireless conversation. Google would love to set up camp at a USPS facility and scan all mail - and we'd rightfully give them a ride out of town, on a rail.

Re:a shame (0)

Anonymous Coward | more than 3 years ago | (#36636810)

So by the judge's reasoning, ISPs can be sued if they use packet sniffing to detect usage for throttling or shaping?

That sounds familiar...

Re:a shame (0)

Anonymous Coward | more than 3 years ago | (#36636156)

A packet sniffer, for most people, comes straight from spy stories

I wasn't aware the judicial standards were now set based on the opinions of the average fucktarded person. Will the police be able to torture suspects now, since "most people" saw Jack Bauer do it on TV and it worked out great?

What Google did WRONG (0)

Anonymous Coward | more than 3 years ago | (#36635984)

looking into someone else's communications, and doing so in a way that requires nontrivial technical ability or software

Can't you even read the fucking summary?

Re:a shame (1)

breakfastpirate (925130) | more than 3 years ago | (#36636110)

I think a better analogy would be me shouting my banking information to some friend of mine over a random CB radio channel. There are IIRC 40 CB radio channels, so the chance that someone besides me and my friend are listening and are within range is remote, but still possible to do with a trivial amount of equipment and skill.

Re:a shame (1)

cdrguru (88047) | more than 3 years ago | (#36636200)

Is your telephone (land line) encrypted? No? Well then it would be perfectly alright with you to set up a small coil to receive the "broadcast" from the wire wouldn't it? This could easily be used by law enforcement to monitor any telephone conversation without actually involving a physical "tap" anywhere. Sure, the "tap" would be more efficient and less subject to interference but they could skip the warrant by just using the laws of physics and getting near the wire.

Maybe with the right equipment (not a $1.99 pickup coil) you wouldn't even need to get that close.

When you open the door to receiving stuff there is a lot more broadcast than you might think about.

If you don't have a problem with receviing information that is broadcast then of course Google did nothing wrong. They were just receiving what people were broadcasting. So can law enforcement or your neighbors extend this to recording telephone conversations.

They have scads of money (1)

Shivetya (243324) | more than 3 years ago | (#36636472)

that is what they have done wrong.

How Google was "unwitting" (2)

Sloppy (14984) | more than 3 years ago | (#36636572)

It's not that they listened to the public broadcasts unwittingly, it's that they thought that if a router's owner elected to make their network available to the rest of the world, then it would be available to Google too. They unwittingly thought they were subject to the same reality as everyone else, regardless of their megalithic size which makes people fear and loath them.

People are apparently perfectly fine with showing their network traffic to their neighbors, and to any non-Google wardriver. There's something special about Google in this case, and it's not crazy for Google to have been "unwitting" about that.

Prior to the hunt, you don't always know when you're going to be the witch. Having the contestants be unwitting about what their roles are going to be, is part of what makes the game so fun.

Ahhhh, I get it now (1)

cultiv8 (1660093) | more than 3 years ago | (#36635172)

Tracking GPS is good [slashdot.org] , sniffing wifi is bad.

Re:Ahhhh, I get it now (2, Informative)

erroneus (253617) | more than 3 years ago | (#36635220)

It's not WHAT they are doing, it's WHO is doing it that is at issue. Google is not law enforcement or government of any kind. And since they were not contracted by the government to do this and they have not collected data to offer to the government, it will not likely get a pass on this. On the other hand, if government thought for a moment that they could benefit from the information Google had collected, you can bet they would have gotten a pass on it just as Blackwater and other contractors got passes for the things they did/do.

Re:Ahhhh, I get it now (1)

shentino (1139071) | more than 3 years ago | (#36635410)

Conveniently enough they told Google not to shred it.

Probably becuase it's a back door to get their grubby paws on it without the bother of a warrant. Just accuse Google of unlawful wiretaps and bam, free evidence.

Re:Ahhhh, I get it now (1)

zill (1690130) | more than 3 years ago | (#36636032)

Big corporation and the government is the same entity. Film at 11.

Re:Ahhhh, I get it now (0)

Anonymous Coward | more than 3 years ago | (#36636464)

Wait, so you can break the law as long as you ARE the law?

In the case of warrantless GPS trackers, you are completely missing the issue at hand. It is not about the tracking part. As you know, law enforcement tracking of ones movements in public is not a violation of the 4th amendment and is not in violation of any property laws. It is about ATTACHING/PLACING THE DEVICE TO/ON PRIVATE PROPERTY WITHOUT A WARRANT.

In regards to GPS tracking, both the State of New York Court of Appeals and the United States Court of Appeals have agreed this is unconstitutional/illegal. The State of Wisconsin is the only outlier thus far (note this has not even been appealed - yet). The Supreme Court will hear the case during this session and, assuming the lawyers representing Mr. Jones can make a halfway decent argument, will most likely side with the United States Federal Court of Appeals and the State of New York.

In the case of Google, they are clearly in the wrong here and should be punished for this clear violation. My money says that since they are smart they will settle out of court and the matter will be resolved rather quickly.

Re:Ahhhh, I get it now (1)

erroneus (253617) | more than 3 years ago | (#36636542)

Yes, where have you been? The Bush and current president are both trampling the constitution -- the law above all other laws and supposedly the law that limits what they can do.

Fed. Wiretapping Laws? Really? (3, Insightful)

milbournosphere (1273186) | more than 3 years ago | (#36635178)

Not even the government follows them. The hypocrisy here is ridiculous. I'd much rather have Google sniffing my SSID than the FBI making a phone call to $TELCO to get warrant-less access to phone records and wiretaps, in addition to the rest of their available tracking tech and methods. The fed should police up their own people and regulations before going after Google.

Re:Fed. Wiretapping Laws? Really? (1)

maxume (22995) | more than 3 years ago | (#36635226)

It's amazing how much misunderstanding this case engenders.

Google has been completely unapologetic for sniffing SSIDs. Some people are angry that they would so large scale data gathering, but they generally just think it is improper.

The real shit-fits are over the unencrypted wifi packets that Google wrote to disk while they were driving around sniffing SSIDs (Google did say "oops-sorry" about that activity).

Re:Fed. Wiretapping Laws? Really? (2)

RockoW (883785) | more than 3 years ago | (#36635368)

Moral of the story: Don't disclose small errors to the public. Many lawyers will see an opportunity to get their pockets filled.

Re:Fed. Wiretapping Laws? Really? (1)

dnaumov (453672) | more than 3 years ago | (#36635452)

It's amazing how much misunderstanding this case engenders.

Google has been completely unapologetic for sniffing SSIDs. Some people are angry that they would so large scale data gathering, but they generally just think it is improper.

Why the hell should they be apologetic for accessing public information? Leaving your WiFi network unsecured is not akin to leaving your door open, because entering an open door would still be illegal tresspassing, but if you set up a machine inside your house that yells whatever you are doing out all the way across the street via massive speakers, you really only have yourself to blame.

Re:Fed. Wiretapping Laws? Really? (1)

maxume (22995) | more than 3 years ago | (#36635728)

I didn't say they should apologize, but the commenter I replied to thought that the SSID sniffing was the issue.

I don't really see the need to make a bunch of inaccurate analogies about the wireless communications involved, wireless access points that actively exchange packets with any hardware that is in range are clearly not intended to be private (there is room to argue about the intent behind openly transmitting data, but any legal argument about protecting the privacy of unencrypted communications is going to be quite a bit weaker than the encryption technology available to protect those communications) .

Re:Fed. Wiretapping Laws? Really? (0)

Anonymous Coward | more than 3 years ago | (#36635310)

WRONG.

Google is stealing your infos to repackage and sell and resell to the highest bidders in the world for PROFIT!

Your government just wants to ensure you have a DoublePlusGood experience in life.

Since I'm a xenothropist (I hate most foreigners, especially western europeans and russians) I would much rather have a DoublePlusGood day than have some fucking piece of shit Eastern Bloc ex-KGB untermensch even know of my existence.

Seriously, you're dumb for trusting the black market.

Re:Fed. Wiretapping Laws? Really? (0)

Anonymous Coward | more than 3 years ago | (#36635722)

"Xenothropist" isn't a word, but if you look at it closely you'll see that if it were, it would mean just about exactly the opposite of what you think it does.

Re:Fed. Wiretapping Laws? Really? (0)

Anonymous Coward | more than 3 years ago | (#36635904)

Actually, I don't think it would mean anything at all if it was a word. Working on the assumption that we can just arbitrarily combine word roots and anything that comes out is a word, we'd still have to wind up at "xenoanthropist" as thropist on its own isn't anything. But even then, "strange or foreign" combined with "pertaining to man" doesn't really get us to a word. In any event, the actual word he was looking for is "racist".

Re:Fed. Wiretapping Laws? Really? (1)

Riceballsan (816702) | more than 3 years ago | (#36636054)

Actually there is where google and facebook vary, Google dosn't sell information to the highest bidder, unless you consider themselves the highest bidder always. Google isn't going to tell joe schmo marketer that you go through 10 rolls of toilet paper a day, google will tell toilet paper vendors "we know who use alot of toilet paper, pay us and we'll make sure they see your advertisements", they don't want to directly sell off your information that would be like selling the goose that lays the golden egg. That being said I'm hard pressed to come up with any intentional use for the packet sniffing allegations. The cars don't stick around in one spot long enough to gather anything useful, so I find it fairly easy to believe that it honestly was a goal to map public wifi hotspots, via sending and receiving data to try to triangulate their location, and that picking up extra data was an unintended side effect.

Re:Fed. Wiretapping Laws? Really? (1)

jhoger (519683) | more than 3 years ago | (#36635632)

The distinction should be solely between encrypted and unencrypted traffic. Encrypted traffic presumes an expectation of privacy. Unencrypted *should* not.

Re:Fed. Wiretapping Laws? Really? (1)

TheEyes (1686556) | more than 3 years ago | (#36636074)

How do you encrypt your voice? Your handwriting?

No, I don't think encryption should be the only measure of whether or not a communication should be considered "private" for the purposes of wiretapping/privacy laws; I also think that both intent and the nature of the technology should play a role. For example, a quiet whisper into someone else's ear can be private, but now a shout, because one is obviously meant to be private and the other is obviously meant to be a "broadcast". Similarly, a cell phone should be private, while unencrypted wifi networking is not, because one is a point-to-point sharing technology, while the other is about broadly sharing information.

In other words, Google shouldn't be charged with wiretapping for sniffing open wifi packets, but my ISP should be when it uses deep packet inspection to throttle down my bittorrents and Netflix streams in favor of its own on-demand video service.

Re:Fed. Wiretapping Laws? Really? (0)

Anonymous Coward | more than 3 years ago | (#36636738)

whispering and envelopes

i think the analogy still holds, if it's being shouted for everyone to hear it's public, if you're writing it on a billboard on a freeway, it's public.

Re:Fed. Wiretapping Laws? Really? (1)

hedwards (940851) | more than 3 years ago | (#36636882)

The weather in Burma is quite warm this time of year.

Ah, but it isn't yet time for shorts.

Seems like it's not that hard to do.

Re:Fed. Wiretapping Laws? Really? (0)

Anonymous Coward | more than 3 years ago | (#36636362)

my thouhts exactly. When can I vote Google into office?

Importance of Judge's reasoning? (2)

LordLimecat (1103839) | more than 3 years ago | (#36635206)

even if unencrypted, data traveling over Wi-Fi networks is not considered "readily accessible to the general public," he found.

So for the legal buffs out there-- if google can demonstrate compellingly that that reasoning is wrong (in a way that a judge accepts), would google then have any leverage to again file for dismissal, since the reason their motion was overturned would have been removed?

I ask because one might be able to demonstrate that many laptops these days DO intercept unencrypted traffic in order to reveal "non-broadcasting" SSIDs-- in order to reveal their existence, packets must be "intercepted", and their target SSID / MAC shown. Further, as Im sure google will argue, software like Kismet, GrimWEPa, WiFite, Aircrack, et al very trivially and automatically begin gathering traffic; it takes no special expertise these days (after 10 years of progressively better WEP crackers) to do what it seems Google did.

Re:Importance of Judge's reasoning? (1)

Local ID10T (790134) | more than 3 years ago | (#36635466)

"nontrivial technical ability or software"

Just because the judge doesn't know how to do it, does not mean that it is not trivial, or that the software in question is not commonly, and legally, available for free.

Re:Importance of Judge's reasoning? (1)

tftp (111690) | more than 3 years ago | (#36635774)

Just because the judge doesn't know how to do it, does not mean that it is not trivial

IMO, it is nontrivial if the laptop doesn't come with that software.

But even setting technicalities aside, isn't it obvious that reading someone else's emails just might be wrong? If your coworker walks away from his desk, will you jump on the opportunity to go through his GMail account? It's not encrypted, and the access software is trivial (your eyes.)

Re:Importance of Judge's reasoning? (1)

Kilz (741999) | more than 3 years ago | (#36635928)

"If your coworker walks away from his desk, will you jump on the opportunity to go through his GMail account?"

No, because its on their machine and you would be "searching through what isnt clearly visible on someone elses property. But if they were reading it on an open radio transmitter and you heard them on your radio while searching through the stations there would be no problem.

Re:Importance of Judge's reasoning? (1)

tftp (111690) | more than 3 years ago | (#36636072)

No, because its on their machine and you would be "searching through what isnt clearly visible on someone elses property.

Let's make the test case even simpler then. He has his GMail in the browser, in full-screen mode. He walks away without locking the PC (trusting his fellow man.) Will you LOOK at his screen while he is away? The screen "broadcasts" photons for anyone to receive...

Re:Importance of Judge's reasoning? (1)

LordLimecat (1103839) | more than 3 years ago | (#36636080)

IMO, it is nontrivial if the laptop doesn't come with that software.

That is my point--

  • *Toshibas these days come with ConfigFree, which "sniffs" out non-broadcasting SSIDs
  • *Laptops with Intel WiFi come with ProSet, which has similar functionality in its GUI
  • *Dells have some ControlPoint garbage which does the same thing I think

Etc etc. My point was exactly that-- that many (most?) laptops these days have the functionality these days to "invade privacy" by sniffing out nonbroadcasting SSIDs and displaying the sniffed info. Necessarily, to get those hidden SSIDs, you must capture packets that were not "broadcast" (in the sense that they had one intended recipient) and could be considered private communication.

Re:Importance of Judge's reasoning? (0)

Anonymous Coward | more than 3 years ago | (#36635838)

"nontrivial technical ability or software"

Just because the judge doesn't know how to do it, does not mean that it is not trivial, or that the software in question is not commonly, and legally, available for free.

Kind of the way I see it. Potentially flawed analogy for example's sake: Someone is talking to public to a friend. Even if this is the case, even if anyone could hear them, and even if you are in a single party consent state for audio recording there is a difference between being next to them, being far from them but in ear shot and using a home-rigged "sonic-ear" to a tape recorder and saving it. Even if said device is open source and legal.

Re:Importance of Judge's reasoning? (2)

AliasMarlowe (1042386) | more than 3 years ago | (#36636094)

"nontrivial technical ability or software"

Just because the judge doesn't know how to do it, does not mean that it is not trivial, or that the software in question is not commonly, and legally, available for free.

Exactly. An analogy would be some people communicating via American Sign Language in a public place. Such a conversation would probably be meaningless to the judge and to the lawyers and to most observers. Indeed, many people might even consider it nontrivial to understand, requiring a certain degree of expertise.

However, nobody in their right mind would accuse a bystander who did understand it of illegally eavesdropping a public exchange using American Sign Language. Perhaps this is one line of reasoning that Google's lawyers might use.

Re:Importance of Judge's reasoning? (0)

Anonymous Coward | more than 3 years ago | (#36636518)

Google also intercepted email, usernames and passwords. It's not as benign as them just sniffing SSIDs.
 
Re: Kismet, Aircrack, etc.: Just because technology makes an action easy doesn't make it legal. Guns make killing trivially easy, but that doesn't make it any more legal.

Skype (0)

Anonymous Coward | more than 3 years ago | (#36635258)

I thought only teh evil Micro$$$oft did this kind of thing? Where's all the fanbois crying about this nonsense now?

Nontrivial technical ability? (1)

whoda (569082) | more than 3 years ago | (#36635306)

I don't know how to sniff or probe any sort of wireless network signal, but I bet with 5 minutes of searching I could have a program that would do it for me.

Re:Nontrivial technical ability? (1)

hellkyng (1920978) | more than 3 years ago | (#36636114)

I'll save you 4 minutes and 55 seconds: www.wireshark.org And it runs on linux! The nontrivial technical ability probably refers to how you have to hit a button to start the thing running.

Non-trivial? (1)

chemicaldave (1776600) | more than 3 years ago | (#36635312)

in the second case, one is looking into someone else's communications, and doing so in a way that requires nontrivial technical ability or software.

Please, packet sniffing is trivial. Anyone with a cursory knowledge of networking can use Wireshark to investigate traffic. It becomes even more trivial given the availability of Wireshark in a GUI interface for almost all platforms.

Re:Non-trivial? (1)

Talderas (1212466) | more than 3 years ago | (#36635356)

There exists only two barriers to how trivially easy it is to sniff wireless track.

#1 - The user must have a wireless nic.
#2 - The user must be aware of the software.

Re:Non-trivial? (1)

hedwards (940851) | more than 3 years ago | (#36636920)

If you type "sniff wireless traffic" into duckduckgo, the first result is a tutorial related to, you guessed it, sniffing network traffic with wireshark. That's about as trivial as it gets.

Re:Non-trivial? (0)

Anonymous Coward | more than 3 years ago | (#36635432)

Word. And on the flip side, if I was to describe the process of translating vibrations in the atmosphere into chemical and then electrical impulses, I could make "I couldn't help overhearing your conversation" seem pretty non-trivial and technical as well.

Re:Non-trivial? (1)

omnichad (1198475) | more than 3 years ago | (#36636118)

And patent it, while you're at it.

it was authorized by the WAP owners (3, Insightful)

Anonymous Coward | more than 3 years ago | (#36635326)

If you run an open WAP, you have authorized people to listen to the data going by.

If you do not want that, the protocol provides an official blessed way to say you want your data private.

You get to pick which one you want. Don't pick one and then bitch about your own choice. Punishing google for this WILL set a dangerous precident that will be used against all of us by big corporations in the future. We MUST maintain a world where we are free to listen to unencrypted signals going through our own property.
It's critical. The bigger issue here has nothing to do with google: it's about preserving our OWN freedom.

Re:it was authorized by the WAP owners (1)

chemicaldave (1776600) | more than 3 years ago | (#36635608)

Actually it does sound like it's about google. The court is siding with the plaintiffs claim that sniffing packets is non-trivial. I would be interested to know how their opinion would change if google showed how easy it is to sniff plaintext packet payloads. It appears that the court's decision is hinging on the triviality of such.

Re:it was authorized by the WAP owners (1)

zill (1690130) | more than 3 years ago | (#36636326)

I would love to be the expert witness who types in "apt-get install kismet", answer a few questions, and then receive a paycheck.

Re:it was authorized by the WAP owners (1)

chemicaldave (1776600) | more than 3 years ago | (#36636514)

Exactly. While Google did write custom software, the independent report states they do not believe the Kismet source was altered in anyway. The reason the software is custom is so they can marry the SSID and mac address to some GPS data.

Re:it was authorized by the WAP owners (4, Insightful)

symes (835608) | more than 3 years ago | (#36635710)

No - it is about reasonable expectations for privacy. To some extent we cannot expect absolute privacy with our neighbours, but we should expect that wholesale corporate intrusions to privacy are scorned upon. Could I, for example, point a higjhly sensitive microphone at someone's house, from a public street, and record their conversation? You could say that unencreypted data is public, but you could also argue that doing so violates the interlocutors expectations of privacy.

Re:it was authorized by the WAP owners (0)

Anonymous Coward | more than 3 years ago | (#36636064)

Could I, for example, point a higjhly sensitive microphone at someone's house, from a public street, and record their conversation?

The WiFi situation is more like "If you are shouting at each other so loud that I can hear you from the street, would I have to cover my ears so I can't hear you?"

How am I supposed to know which signal I am allowed to pick up and which not? What if I want everybody to be able to pick up the signal? To find out whether or not a broadcast is private or not you have no choice but to listen to it. Which would be already illegal.

Also note that it's probably hard to develop WiFi chips/antennas, find interferences, etc. without using a spectrum analyzer which also listens to these signals. I absolutely agree with the GP here, we must maintain the freedom of listening to unencrypted radio signals.

Re:it was authorized by the WAP owners (1)

jdgeorge (18767) | more than 3 years ago | (#36636718)

The question you allude to is whether the expectation of privacy by the people running open wifi is "reasonable". For most people who understands the technology, it is NOT reasonable to expect that someone will not read unencrypted traffic broadcast in public. Whether that means that the court would find that the general public's expectation of privacy is not reasonable is unclear.

However, that is not what this suit is about. This is about money, and trying to do anything possible to damage Google's reputation.

Re:it was authorized by the WAP owners (1)

hedwards (940851) | more than 3 years ago | (#36636938)

Right, unlike giving a key to the neighbors for safe keeping or leaving your door open, a person that happens upon an open AP has no way of knowing that the user intends for it to be private. However, if I leave the door to my house unlocked, it's still trespassing to open the door without my permission and go inside.

Re:it was authorized by the WAP owners (1)

cdrguru (88047) | more than 3 years ago | (#36636338)

Land line telephone lines can be "sniffed" with the use of a pickup coil that you can get for $7.99 at Radio Shack. [radioshack.com] Wow, they used to be a lot cheaper. Anyway, this will enable the user to receive "broadcast" telephone conversations with just about anything that can be used as an amplifier. It does not require any sort of technical ability and the tools are commonly available.

So it would be legal in your opinion to listen to or record such conversations as long as it was done without actually connecting to the wires but just relying on the information that was being "transmitted"?

Users are not stupid (3, Insightful)

cheeks5965 (1682996) | more than 3 years ago | (#36635364)

Before the "people with unprotected networks are stupid and deserve what they get" meme develops, I wanted to get a few thoughts out there. First, there are many good and valid reasons for leaving a wifi network unpassworded. For example a coffee shop may have an open network which users join, then the users info gets sniffed. Second, the google sniffing is more intrusive than a reasonable person would expect. Lets say a guy was using a telescope to spy on you through your window to watch the email you're typing. You could say the user is stupid to not pull the shades on his window, but I would say the guy is being extraordinarily creepy even if what he's doing is legal.

Re:Users are not stupid (1)

zill (1690130) | more than 3 years ago | (#36636292)

Lets say a guy was using a telescope to spy on you through your window to watch the email you're typing. You could say the user is stupid to not pull the shades on his window, but I would say the guy is being extraordinarily creepy even if what he's doing is legal.

That's actually illegal.

Photographing other people's houses is legal because it's not an invasive act. Peeping inside with a telephoto lens is illegal because that's inherently and intentionally invasive.

Re:Users are not stupid (1)

cheeks5965 (1682996) | more than 3 years ago | (#36636330)

it's the same thing as the packet sniffing

I have the expectation of privacy within my home. However, my house leaks all sorts of electromagnetic radiation, including wi-fi and photons that shoot out my windows. It's unreasonable for me to live in an EM-proof cave inside a faraday cage.

Just as the telephoto guy is intentionally invasive, so is the google wi-fi guy.

Re:Users are not stupid (1)

zill (1690130) | more than 3 years ago | (#36636442)

I totally agree on the EM leakage part. Using highly sensitive equipment to sniff EM leaks should be a crime.

But open WAP isn't leakage. You're intentionally broadcasting it to the public.

The difference is that one requires thousands of dollars worth of specialized equipment, and the other one the equipment comes standard with every laptop on the self. If you criminalize the latter, then you will also criminalize everyone that has kismet or wireshark installed on their laptop.

Re:Users are not stupid (1)

cheeks5965 (1682996) | more than 3 years ago | (#36636590)

yeah but as mentioned ad nauseum above, both require specialized information that >99% of the population does not have. For people on slashdot it's simple and obvious, but that's like saying for people on telephoto snooping blogs it would be trivial to do.

In short, while the equipment is cheap, the knowledge is specialized w.r.t. the population at large.

Re:Users are not stupid (1)

cdrguru (88047) | more than 3 years ago | (#36636352)

In many jurisdictions it is not legal to point a telescope below a certain angle. I know New York City has such laws and they aren't the only ones.

Re:Users are not stupid (0)

Anonymous Coward | more than 3 years ago | (#36636494)

Having a good reason to leave WiFi unprotected DOESN'T mean that the users should have a reasonable expectation of privacy. I haven't seen a WiFi network chooser in YEARS that didn't tell you if a network was protected or not. The user is given the choice to connect, or not connect, based on selecting the network.

As to whether a reasonable person would expect that Google's sniffing was too intrusive, it has been at least a decade since I saw a WiFi router that shipped with all encryption disabled. That means the user had to make a choice to disable the encryption in most cases, which puts the whole reasonable expectation of privacy right out the window.

Granted, there is still the issue where manufacturers ship devices with a well known SSID and password, but I don't believe that Google is being accused of using well-known SSIDs/Passwords to connect to encrypted networks.

Finally, the thing that most people aren't even talking about is the fact that Google did the right thing, and fess'd up when they realized what they had done. They could have just deleted all the information, and kept their mouth's shut, but they didn't.

Kudos to Google for being honest.

Re:Users are not stupid (0)

Anonymous Coward | more than 3 years ago | (#36636888)

The problem with your first statement is that having a "good and valid reasons for leaving a wifi network unpassworded" doesn't mean that those reasons afford you an expectation of privacy, and so, is irrelevant to the discussion.

As to Google's sniffing being more intrusive than a reasonable person would expect, there is no need for the metaphorical telescope. This situation is more akin to going around your neighborhood, telling everyone that they are free to use your windows and doors, and then acting surprised when someone sees you in the shower. The people who are utilizing open WiFi are sending out beacons saying "I'm here, I'm unencrypted, feel free to use me."

Keep in mind, the WiFi Alliance has mandated that Access Point ship with encryption enabled by default for something like a decade, which is longer than the expected lifespan of most wireless gear. The vast majority of people utilizing Open networks have, at some point, made a choice to have their network be unencrypted and accessible by anyone who cares to join.

Re:Users are not stupid (1)

mossholderm (570035) | more than 3 years ago | (#36636952)

(Reposted because I forgot to log in)

The problem with your first statement is that having a "good and valid reasons for leaving a wifi network unpassworded" doesn't mean that those reasons afford you an expectation of privacy, and so, is irrelevant to the discussion.

As to Google's sniffing being more intrusive than a reasonable person would expect, there is no need for the metaphorical telescope. This situation is more akin to going around your neighborhood, telling everyone that they are free to use your windows and doors, and then acting surprised when someone sees you in the shower. The people who are utilizing open WiFi are sending out beacons saying "I'm here, I'm unencrypted, feel free to use me."

Keep in mind, the WiFi Alliance has mandated that Access Point ship with encryption enabled by default for something like a decade, which is longer than the expected lifespan of most wireless gear. The vast majority of people utilizing Open networks have, at some point, made a choice to have their network be unencrypted and accessible by anyone who cares to join.

What about 2 party states? (1)

Bob the Super Hamste (1152367) | more than 3 years ago | (#36635374)

I wonder how this would go over in states with wire taping laws that require consent from both parties? If I were going to fight this that would be how I would do it since it seems this ruling is based on lack of technical knowledge, not following the law. As a previous poster mentioned what is different between this and shouting your banking info in a public area and having Google record it?

Note: I don't agree with 2 party consent laws for recording conversations, but that is a different issue.

Re:What about 2 party states? (3, Insightful)

tftp (111690) | more than 3 years ago | (#36635862)

I wonder how this would go over in states with wire taping laws that require consent from both parties?

The process would be the same as for one-party consent because neither party here was aware of the wiretapping. Google is not a party to the conversation.

As a previous poster mentioned what is different between this and shouting your banking info in a public area and having Google record it?

You can shout your banking information in the middle of a desert and expect to be safe. However Google broke your expectation, however incorrect it was in the first place. Unbeknownst to you, Google buried microphones in the sand, for no reason other than to intercept whatever visitors to the desert might be saying.

We are supposed to be secure in our communication. Written laws don't cover all the ways of communication, and they don't cover all the ways of being secure. It's for a qualified human (known as judge) to decide. The judge have decided based on common sense, not on technicalities. But geeks like to ride on technicalities; if something was technically possible for an attacker to do, then it's OK. Obviously that's not so; almost every door lock can be picked, but it doesn't make it legal to go around and pick locks - even if you only look inside. House windows are transparent, but it doesn't make it legal or moral to go around and peek into windows.

WiFi spectrum belongs to the public (0)

Anonymous Coward | more than 3 years ago | (#36635464)

In the United States, the WiFi spectrum is owned by the public. When you broadcast data using WiFi, you are doing it using part of that public spectrum. How is this any different than recording CB radio transmissions? Or AM/FM radio stations? Or Ham radio operators?

It should not be Google's responsibility if someone broadcasts their sensitive information unencrypted in public locations.

If I put a big sign up in the window of my house with all my credit information, can I sue anyone who takes a picture of it? If I put all my passwords on paper and throw it into the street, can I sue someone that finds it and photo-copies it?

Re:WiFi spectrum belongs to the public (1)

zill (1690130) | more than 3 years ago | (#36636238)

Actually in the US the entire radio spectrum is owned by the public.

FCC leases some spectrum out through the public auction of licenses. So while cell providers has the right to use these frequencies through their licenses, ownership of those frequencies still belongs to the people.

Corporations cannot own our airwaves.

Well, not yet at least.

Nontrivial? (0)

cpu6502 (1960974) | more than 3 years ago | (#36635540)

>>>"one is looking into someone else's communications, and doing so in a way that requires nontrivial technical ability or software.'"

All it takes is a $50 wifi receiver.
God judges are freaking stupid.

Re:Nontrivial? (1)

EkriirkE (1075937) | more than 3 years ago | (#36635934)

$50?? What, does monster cable sell Wifi adapters now?

Courtroom is indeed filled with idiots.

Let me get this out of the way (1)

slimjim8094 (941042) | more than 3 years ago | (#36635662)

Radio broadcasts have, to my knowledge, *never* been considered private information. Anybody who wants to keep it private must encrypt it, with some extremely specific exceptions (you can't sell a scanner that can access unencrypted cellphone frequencies, for example).

So here's what I can't figure out. Let's say I use a small FRS (unlicensed) handheld radio to communicate with my friends on a hiking trail. There is absolutely no expectation of privacy, either on my part or by the government. And there shouldn't be. This isn't an analogy - it's *exactly the same thing*, but WiFi has a computer hooked up at each end. Given a few hours, I could actually access the Internet over a FRS radio (AX.25 and a few TNCs), and as established anybody could sniff my traffic.

Again, THIS IS NOT AN ANALOGY! WiFi is a short-range radio BROADCAST, just like any other radio broadcast. Unless you go to specific lengths to prevent others accessing it, there is an implicit expectation of public access, in the fact that you went to lengths to make it publicly available. Even WEP, though ineffective, should be sufficient to make the point that your signal was not intended to be public. But if you have an open network, and your router is broadcasting the SSID, you are inviting anybody who can hear you to connect. And without encryption, you're broadcasting all your data in the clear to anyone who can hear, and IMHO your failure to even nominally protect it is a tacit understanding that anybody can receive it.

Billboards aren't private. AM radio broadcasts aren't private. Unencrypted WiFi isn't private. You haven't even indicated that you didn't want others to hear, DESPITE there being easy and available ways of doing so.

Re:Let me get this out of the way (1)

EkriirkE (1075937) | more than 3 years ago | (#36635882)

For this reason alone, I always VPN to my home router when connecting to open networks. I can't find the article right now, but I believe the FCC already states radio waves are free to receive, but circumvention of protections is illegal. Put your protections on (encryption)! And isn't the 2.4GHz band free-to-use? i.e. no real regulation of proper usage beyond power level? Just like RC toys...

If I flash my passwords plaintext in morse code using a light, and someone records it - even inadvertently, is there a law being broken? No, because *I* am the idiot, not the receptors.

Re:Let me get this out of the way (1)

slimjim8094 (941042) | more than 3 years ago | (#36636188)

It's open for unregulated usage, but there are HAM bands available in there. See, for example, the "hinternet": http://en.wikipedia.org/wiki/Hinternet [wikipedia.org] . My license actually allows me to set up my G router with 1.5kW of power (up from the 90mW or so stock), though I wouldn't do that because I'd rather not show up on the screens of laptops in a 150 mile radius - aside from the fact that it wouldn't work because they couldn't talk back.

Also, it'd probably be bad for the chips - though Part 15 says it's not my problem ("must accept any harmful interference received'), it would be considered a "dick move".

Interestingly enough, check this out: http://frwebgate.access.gpo.gov/cgi-bin/get-cfr.cgi?TYPE=TEXT&YEAR=current&TITLE=47&PART=15&SECTION=9 [gpo.gov]

Except for the operations of law enforcement officers conducted under lawful authority, no person shall use, either directly or indirectly, a device operated pursuant to the provisions of this part for the purpose of overhearing or recording the private conversations of others unless such use is authorized by all of the parties engaging in the conversation.

I must say I was unaware of that particular portion of the regulation. Google is using a Part 15 device (their WiFi card)... The question is, is unencrypted data a "private conversation"? I think the answer is a clear "no" but there's more of a case than I'd been giving it credit for...

Re:Let me get this out of the way (1)

tftp (111690) | more than 3 years ago | (#36636822)

The question is, is unencrypted data a "private conversation"? I think the answer is a clear "no"

It is a clear "no" as long as you don't object to me listening to your conversations within your own home using this here high gain microphones and laser pickups of vibration of glass in your windows.

However if you don't like my plan then the answer to the original question must be a clear "yes."

Re:Let me get this out of the way (1)

zill (1690130) | more than 3 years ago | (#36636100)

Well said.

I just like point out a small error: hooking up TNC to FRS radio is illegal under the FCC rules. FRS cannot be used to transmit data except using FCC certified transmitters.

Re:Let me get this out of the way (1)

Bill_the_Engineer (772575) | more than 3 years ago | (#36636166)

You are confusing broadcasting with communications.

Broadcasting is when a radio station is sending a signal with the expectation that it will be listened to by more than one individuals. These are always one way communications (eg. Radio Transmitter Tower broadcasts to your FM receiver in your car). There is generally no expectation of privacy with broadcasts, since that isn't the way it's suppose to work.

Communications is when a when more than one radio transmitter/receiver stations are engaged in two-way communications. Expectation of privacy is the same regardless of the communication band. It is against the law (and FCC regulations) to rebroadcast the contents of a two-way communication. It is also against the law to eavsedrop on these wireless communications. There is no legal requirement for encryption or for the reception to be "non-trivial" in order for the expectation of privacy to remain valid.

I defer to FCC rules on Part 15 devices which I believe covers unlicensed operations of WiFi radio devices:

15.9 Prohibition against eavesdropping.

Except for the operations of law enforcement officers conducted under lawful authority, no person shall use, either directly or indirectly, a device operated pursuant to the provisions of this part for the purpose of overhearing or recording the private conversations of others unless such use is authorized by all of the parties engaging in the conversation.

Re:Let me get this out of the way (1)

slimjim8094 (941042) | more than 3 years ago | (#36636228)

Yes, I actually just found that particular portion of Part 15. I must admit there is more of a case here than I'd given credit for. But I argue that the lack of encryption, combined with the ease of encryption, should be seen as deliberate rather than an omission, making the conversation not private.

Non trivial? (0)

Anonymous Coward | more than 3 years ago | (#36635712)

Come on... Sniffing unencrypted wireless packets is incredibly easy. What if I'm diagnosing a problem at work? I'm suddenly violating wireless tapping laws?

Re:Non trivial? (1)

EkriirkE (1075937) | more than 3 years ago | (#36635906)

Its not even so much as sniffing, but not ignoring them. Sniffing implies hunting for something. (Unencrypted) WiFi is thrown in your face and your adapter has to block what it doesn't want. All you have to do is be promiscuous (this is what they call it) - not care what goes in.

fear (1)

Khashishi (775369) | more than 3 years ago | (#36635766)

Google should just say they were tracking people in the interest of national security, and then everything will become just fine.

Horsepucky (1)

blair1q (305137) | more than 3 years ago | (#36635826)

Collecting data from packets is trivial. All you have to do is get a symbol lock and record all the bytes without looking for headers at all.

If you're recording bytes, you have to go way, way, way out of your way to not record the payloads. It would be like making a sound recording of a crowd without recording anything recognizable in the voices nearest you. It would be like recording a video without recording the faces of people walking towards you. It would be like buying the newspaper but not getting any of the printed words with it. It would be like driving your car but not seeing every other mile of road out of your windshield. It would be like breathing without getting any nitrogen. It would be like becoming a judge without having any common sense (oh wait, that one, according to this case, can happen rather easily).

This assessment of the situation by this court is, at this point, a fucktard's ball.

What is the difference... (0)

Anonymous Coward | more than 3 years ago | (#36636710)

I just read the analysis of the program used by Google to capture the data. (http://static.googleusercontent.com/external_content/untrusted_dlcp/www.google.com/en//googleblogs/pdfs/friedberg_sourcecode_analysis_060910.pdf)

It occurred to me that what Google did was similar to someone recording something communicated over walkie-talkies accidentally, but NOT actually listening to the recording. The key thing here is that while Google's gslite program captured the data, it didn't actually DO anything with it. Yes, it stored it, but it stored lots of other data too.

To me, unless someone can show that Google actually tried to use the data, this just seems like an accidental occurrence. Put on your big boy/big girl pants and get over it.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?