W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2011

Re: Opt-out for wifi network of the Google Location Server

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Sat, 26 Nov 2011 06:50:53 +0100
To: <Frank.Wagner@telekom.de>
Cc: <karld@opera.com>, <public-privacy@w3.org>
Message-ID: <hro0d7tf7klbbamcbrhgju7butdjics108@hive.bjoern.hoehrmann.de>
* <Frank.Wagner@telekom.de> wrote:
>We had this in Germany around all the discussions about streetview. They
>told that the collection of the SSID was a software bug. I wonder that
>the bug has not been fixed in other countries....

As I recall it, this story came to Germany by way of Peter Schaar, the
head of Germany's federal data protection agency who attended a meeting
by the International Working Group on Data Protection in Telecommuni-
cations where he learned that some other european data protection agency
audited a "StreetView" and found that the cars don't just take pictures
but also collect information on Wifi networks they encounter. That was,
according to him, news to everybody else attending.

Hamburg's data protection agency, Google in Germany is in their area of
responsibility, sought further information on this but couldn't get much
information at the time, Google in particular couldn't let them inspect
a car because Google did not know where its cars were at the time. Some
time later Google published a blog posting saying they did not disclose
this in earlier briefings and negotiations because they felt that's not
necessary, that they did not collect or store payload data, that it's
your fault if you broadcast such information, and so on. They did spe-
cifically admit to collecting SSIDs and MAC addresses, that was never
considered a bug as far as I am aware.

Hamburg's data protection agency then got to inspect a car, but Google
removed the hard drives with any software and data from it and sent it
to the United States, saying that couldn't be audited in Germany anyway
as the cars do not have read-access to the data. Google then announced
that in response to the Hamburg's DPA asking, they figured maybe they
should audit their systems themselves, and as it happens, it slipped
past them for several years that the cars collected much more data than
they were supposed to, namely the payload data they denied to collect a
couple of weeks earlier. That was the bug as far as I understand it.

I note that collecting this information via "StreetView" cars is needed
only for seeding, it has now fallen on to our neighbours to collect it,
with various browsers adding to the database when people use services
that use the geo location API. The ones I've seen naturally pass on the
raw SSID, raw MAC addresses, various raw IDs and tokens, one browser I
saw even went out of its way using ARP requests to scan the local net-
work for more data to submit, and all seem to even submit data on ad-
hoc networks which I thought move around and aren't useful for locating
where you are, unless that's your network. No attempt at minimizing the
data there that I could find; how much worse would geo location work if
you used, say, sha1(ssid) and sha1(mac) or even sha1(ssid . mac) given
that MACs and SSIDs don't seem to change all that much and you'd get a
slew of fresh data on a daily basis anyway? Not a question people seem
to care about much.

I also note that Fraunhofer IIS advertise their comparable "awiloc"
service as not needing SSIDs. If I look around my place here, there is
plenty of personal information stored in those, like nicknames people
likely also use online. But it doesn't seem like there is much interest
in the protection of the SSIDs and their association with MAC addresses
and geographical locations.

Anyway, what I found far more curious is that apparently it's a problem
when Google captures some payload fragments from unencrypted networks,
but Google holding the secret keys to your encrypted networks is not a
problem.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Saturday, 26 November 2011 05:51:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 26 November 2011 05:51:31 GMT