Google, open WiFi and your privacy
10 Jun 2010 • TechnologyOne of the things I love about Twitter is the ability to fire-off quick thoughts that, from time to time, sparks spontaneous conversation. Once such tweet is this:
I’m big on civil liberties & privacy but this is BS. Broadcast unencrypted data; you can have no expectation of privacy http://bit.ly/cnpSIL
I’d just been reading about Privacy International’s claims that Google capturing open, unencrypted WiFi packets displays “criminal intent”. It irked me, and the tweet sparked up an interesting discussion with my CTO at work.
It’s right that Google are being pulled up on this. It’s daft. It was a foolish and unnecessary thing to do. Google claim it was a mistake, I’m inclined to believe them. Google, unlike Facebook, realise that their business depends on users trusting them. Without us trusting Google with our data their advertising strength is massively weakened. Google’s culture is to protect that trust at all costs. I don’t believe they’d do this “maliciously” (assuming collecting WiFi packets can be deemed malicious at all).
Anyway, I digress. My main issue with the PI approach is that it pursues headlines over facts and education. Focusing on Google being wrong and using terms like “criminal” says to the uneducated that using open WiFi is fine. Broadcasting your data to the world is not a problem and anyone who picks up that data is in the wrong and should be punished. This message is not only of dubious legal correctness it’s potentially dangerous.
As an organisation that exists to protect privacy and civil liberties PI had an excellent opportunity to highlight the dangers of open WiFi and push an education message to people. Encrypt your WiFi! That’s what the message should’ve been. Instead we’re left with dramatic headlines that’ provide short term publicity but no longer benefit to WiFi users.
Protecting your WiFi is a simple thing to do, there are dozens of guides around the web. People need to understand the risks of open WiFi, and this is an education opportunity missed.
A response from Steve Strong:
Completely agree on the views regarding Google here - I’m definitely in the “foolish, not malicious” camp. The bit that is harder is the education thing - my Mum wouldn’t have the faintest idea what “protecting your wifi” meant, and if she went to one of the dozens of good guides on how to do it, I’d say that there’s around a 50% likelihood that I’d be getting a phone call later that day saying her “web wasn’t working”, or words to that effect.
We’re in interesting times where technology is moving ahead at a high rate, with many consumers are being left behind, not having a clue as to what they should and shouldn’t be doing. Education is one aspect that for sure would help, but most of the non-techies I know are not in the slightest bit interested in how things work and what “best practice” for the box that BT just installed is. They just want to use it. They never needed education to use their TV safely.
I think that along with some attempt at education, there also needs to be a concerted effort by the manufacturers of these so called consumer products to ensure that they are setup correctly by default, to use non-technical phrases when writing manuals, to have a native speaker do the translation into other languages (I’ve read some router manuals that I find hard to understand!).
Without that, it’s inevitable that folk are going to end up with things badly configured, and through no fault of their own. Whilst that’s the norm (which I think it is today), I think it’s proper that they should have a degree of legal protection from people sniffing their conversations. Even with encryption as the norm (which would be a good thing), I still think some legal protection is useful. Do we really think that Joe Public is going to be great at picking passwords?
The key, in my head, is whether the law is applied appropriately. In Google’s case, if it really was an honest mistake then they should show the data is deleted and that should be the end of it. If they were intentionally sniffing data with the aim of profiting from it in some way, then I think that would be very poor form and they should be prosecuted.
Most TVs, for example, are pretty good. You plug them in and they pretty much sort themselves out. Most IT hardware is way short of that in terms of user-experience, and it ends up with folk sending their secrets out in the clear