Risk
3/11/2013
05:16 PM
Connect Directly
RSS
E-Mail
50%
50%

Google Preps $7 Million "Wi-Spy" Case Settlement

Google reportedly will settle with 30 states over its controversial Street View Wi-Fi hotspot sniffing program that was undertaken by a "rogue engineer."

Google Chromebook Pixel: Visual Tour
Google Chromebook Pixel: Visual Tour
(click image for larger view and for slideshow)
Google is reportedly close to reaching a $7 million settlement with 30 states' attorneys general over the search giant's Street View data collection practices.

The settlement is expected to occur early this week, reported All Things Digital, and the money would be split between the 30 states.

A spokeswoman for Google declined to comment via email on the proposed settlement. But she said of Street View: "We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue.”

None of the states' attorneys general have publicly confirmed reports of an imminent settlement. "We are party to the investigation, and the investigation is active and ongoing," said a spokeswoman for Connecticut Attorney General George Jepsen, speaking by phone.

[ Ski resorts are among the latest terrain conquered by intrepid Street View photographers. Read Google Street View Hits The Slopes. ]

As part of what's since been dubbed Google's "Wi-Spy" campaign, between 2007 and 2010, Google's Street View cars -- used to gather record data for building Google's maps -- were also sniffing all unencrypted wireless packets they encountered, then storing that data.

After European governments in early 2010 asked Google to detail exactly what data its Street View vehicles were collecting, Google investigated, and in May 2010 disclosed the Wi-Fi data gathering practices, which it said were inadvertent. Regardless, that led to strong rebukes from numerous governments, including some investigations and fines. Likewise, 30 states -- led by then-Connecticut Attorney General Richard Blumenthal -- launched their own investigation in 2010. That effort is what's now reportedly closing in on the $7 million settlement deal.

Google has long maintained that although the data collection had been a "mistake," the company hadn't broken any U.S. laws by collecting Wi-Fi data that wasn't password-protected. The Federal Communications Commission looked into Google's Wi-Fi data sniffing and ultimately fined Google $25,000 for obstructing its Street View investigation, but never filed any charges. Last year, the FCC's resulting report revealed that Google ascribed the "wardriving" to a "rogue engineer", who was interested in the product possibilities the data might enable.

Even if Google settles with the 30 states, the company still faces Street View investigations abroad. The Electronic Privacy Information Center (EPIC), which had urged the Justice Department to pursue Google for wiretap law violations, currently counts Street View investigations in at least 12 countries, nine of which have found that Google's Wi-Fi data collection violated their laws.

But another issue raised by Google's Wi-Fi data interception is why so few hotspots were set to encrypt data, given the ease with which that data could be intercepted by any third party. "If people are using unsecured Wi-Fi, I'm not sure Google should be paying anything at all," said "Dissent," which is the handle of the privacy advocate and data breach information blogger who maintains DataBreaches.net. "Don't users assume some risk or responsibility for the risk if they're using unsecured Wi-Fi?"

Security isn't necessarily the first thing people think of when they consider enterprise directories. But directories can be used in a number of ways to tighten and extend your organization's security. A Guide To Security And Enterprise Directories report, we examine enterprise directories—through the lens of Microsoft Active Directory -- and their potential as a solution for a wide array of security initiatives. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
3/24/2013 | 3:30:07 PM
re: Google Preps $7 Million "Wi-Spy" Case Settlement
This is a good outcome, and response from Google. The practices no doubt could be used for any intents and purposes, if held in the wrong hands. I know Google stated that it was a mistake, but I donGÇÖt believe that Google did not know that they were collecting wireless networks data in the process. A company like Google, there is not a lot of things happening that they are not fully aware of; they would have to be to get this far in business. We will see how it plays out in the other countries, but I think a $25,000 fine from the FCC is nothing more than a weak slap on the wrist. Had the lawsuits not been in place Google would have gotten away with a cheap fine, what is to stop them form doing it again?

Paul Sprague
InformationWeek Contributor
RobMark
50%
50%
RobMark,
User Rank: Apprentice
3/12/2013 | 5:47:42 PM
re: Google Preps $7 Million "Wi-Spy" Case Settlement
"rogue engineer" is what Google refers to a lack of oversight and institutional control! $7 Million is not a deterent for Google with tens of billions of dollars in the bank.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

CVE-2014-7292
Published: 2014-10-23
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

CVE-2014-8071
Published: 2014-10-23
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to all...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.