14 DAY TRIAL // The results of a third-party audit of Google’s Wi-Fi sniffing code have been released. The audit shows that the Google software did indeed store unprotected payload data from Wi-Fi networks. This, Privacy International, an advocacy group from the UK, says, is proof that Google had “criminal” intent in collecting the data that it claims is enough for a court to pursue charges against the company. However, Google had already acknowledged all of the findings in the report.
The report found that the software used by Google in its Street View cars to collect Wi-Fi network information, gslite, was designed in such a way so as to store all unprotected payload data it intercepted. The software received data from the GPS unit and the well-known, in certain circles, Kismet packet-sniffing software. It dropped the data from encrypted networks but kept everything else. Gslite correlated the Wi-Fi data with the location information and then stored it all. The software did not parse the Wi-Fi data in any way.
This is in line with what Google has said so far. But Privacy International says the report establishes “beyond reasonable doubt,” that Google had “intent to systematically intercept and record the content of communications and thus places the company at risk of criminal prosecution in almost all the 30 jurisdictions in which the system was used.”
The reasoning is that the software is too complex for the ‘mistake’ theory to hold up. Google meant to store payload data and this makes the company criminally liable. “This action by Google cannot be blamed on the alleged ‘single engineer’ who wrote the code. It goes to the heart of a systematic failure of management and of duty of care.”
However, the report doesn’t really add anything new to the mix. Google explained that its software stored unprotected data and this was what the analysis found. Obviously, the software didn’t write itself or had this functionality added to it by mistake. But Google says the original piece of code was written for another purpose, a theory that experts say is plausible.
The mistake, Google says, was using the unmodified existing code in the production vehicles. This indicates negligence on the part of Google that, frankly, has no place in a company its size. But the ‘intent’ for collecting the personal data is not so evident. We’ll have to wait for the authorities to sort this out for a final verdict, but even the best case scenario doesn’t look good for Google.
Coverage of the Google Wi-Fi Data Collection blunder: - German Officials ‘Horrified’ by Google Street View WiFi Snooping - Google Details Its Wi-Fi Data-Collection Policies - Google Admits to Collecting Personal Wi-Fi Data - Google’s Personal Wi-Fi Data Debacle Unravels - Google Stops Deleting Personal Wi-Fi Data It Collected - Google Refuses to Hand Over Wi-Fi Data to Regulators - Media Scaremongering in the Google Wi-Fi Blunder - Google to Hand Over Wi-Fi Data to European Regulators