Risk
3/11/2013
05:16 PM
Connect Directly
RSS
E-Mail
50%
50%

Google Preps $7 Million "Wi-Spy" Case Settlement

Google reportedly will settle with 30 states over its controversial Street View Wi-Fi hotspot sniffing program that was undertaken by a "rogue engineer."

Google Chromebook Pixel: Visual Tour
Google Chromebook Pixel: Visual Tour
(click image for larger view and for slideshow)
Google is reportedly close to reaching a $7 million settlement with 30 states' attorneys general over the search giant's Street View data collection practices.

The settlement is expected to occur early this week, reported All Things Digital, and the money would be split between the 30 states.

A spokeswoman for Google declined to comment via email on the proposed settlement. But she said of Street View: "We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue.”

None of the states' attorneys general have publicly confirmed reports of an imminent settlement. "We are party to the investigation, and the investigation is active and ongoing," said a spokeswoman for Connecticut Attorney General George Jepsen, speaking by phone.

[ Ski resorts are among the latest terrain conquered by intrepid Street View photographers. Read Google Street View Hits The Slopes. ]

As part of what's since been dubbed Google's "Wi-Spy" campaign, between 2007 and 2010, Google's Street View cars -- used to gather record data for building Google's maps -- were also sniffing all unencrypted wireless packets they encountered, then storing that data.

After European governments in early 2010 asked Google to detail exactly what data its Street View vehicles were collecting, Google investigated, and in May 2010 disclosed the Wi-Fi data gathering practices, which it said were inadvertent. Regardless, that led to strong rebukes from numerous governments, including some investigations and fines. Likewise, 30 states -- led by then-Connecticut Attorney General Richard Blumenthal -- launched their own investigation in 2010. That effort is what's now reportedly closing in on the $7 million settlement deal.

Google has long maintained that although the data collection had been a "mistake," the company hadn't broken any U.S. laws by collecting Wi-Fi data that wasn't password-protected. The Federal Communications Commission looked into Google's Wi-Fi data sniffing and ultimately fined Google $25,000 for obstructing its Street View investigation, but never filed any charges. Last year, the FCC's resulting report revealed that Google ascribed the "wardriving" to a "rogue engineer", who was interested in the product possibilities the data might enable.

Even if Google settles with the 30 states, the company still faces Street View investigations abroad. The Electronic Privacy Information Center (EPIC), which had urged the Justice Department to pursue Google for wiretap law violations, currently counts Street View investigations in at least 12 countries, nine of which have found that Google's Wi-Fi data collection violated their laws.

But another issue raised by Google's Wi-Fi data interception is why so few hotspots were set to encrypt data, given the ease with which that data could be intercepted by any third party. "If people are using unsecured Wi-Fi, I'm not sure Google should be paying anything at all," said "Dissent," which is the handle of the privacy advocate and data breach information blogger who maintains DataBreaches.net. "Don't users assume some risk or responsibility for the risk if they're using unsecured Wi-Fi?"

Security isn't necessarily the first thing people think of when they consider enterprise directories. But directories can be used in a number of ways to tighten and extend your organization's security. A Guide To Security And Enterprise Directories report, we examine enterprise directories—through the lens of Microsoft Active Directory -- and their potential as a solution for a wide array of security initiatives. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
3/24/2013 | 3:30:07 PM
re: Google Preps $7 Million "Wi-Spy" Case Settlement
This is a good outcome, and response from Google. The practices no doubt could be used for any intents and purposes, if held in the wrong hands. I know Google stated that it was a mistake, but I donGÇÖt believe that Google did not know that they were collecting wireless networks data in the process. A company like Google, there is not a lot of things happening that they are not fully aware of; they would have to be to get this far in business. We will see how it plays out in the other countries, but I think a $25,000 fine from the FCC is nothing more than a weak slap on the wrist. Had the lawsuits not been in place Google would have gotten away with a cheap fine, what is to stop them form doing it again?

Paul Sprague
InformationWeek Contributor
RobMark
50%
50%
RobMark,
User Rank: Apprentice
3/12/2013 | 5:47:42 PM
re: Google Preps $7 Million "Wi-Spy" Case Settlement
"rogue engineer" is what Google refers to a lack of oversight and institutional control! $7 Million is not a deterent for Google with tens of billions of dollars in the bank.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

CVE-2014-4449
Published: 2014-10-22
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-4450
Published: 2014-10-22
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.

CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.