Google’s “Passive Sniffing” Technique May Have Paved the Way for Wi-Fi Privacy Flap, Skyhook CEO Says
Every Wi-Fi network in every home and business broadcasts both public data—such as its network name and unique machine identifier—and “payload data,” or actual content such as e-mails and Web pages. For the last several years, Google said on Friday, the Street View teams who crisscross the world taking pictures and collecting Wi-Fi network location data have inadvertently been recording fragments of payload data traveling on those networks.
To stem concerns about the potential misuse of the data, the search giant has temporarily grounded its Street View fleet and is working with regulators in Europe—where an audit request this month triggered the discovery—to ensure that the private data is properly deleted. But while Google has traced the problem to a communications breakdown between its software engineers and Street View project leaders, a local observer familiar with location finding technology says the crisis may have originated earlier, with specific technical decisions about how Google collects Wi-Fi data.
“It’s really a matter of the questions you ask each [Wi-Fi] access point,” says Ted Morgan, CEO and co-founder of Boston-based Skyhook Wireless. “There are a couple of different approaches to getting the signal data; one of them is active scanning, and the other is passive sniffing. Both techniques have their pros and cons, but when you are doing the passive sniffing you have to make sure you are not accessing private network messages. It’s not a hard thing to do; you just do not record those messages.”
Skyhook has been collecting data on the locations of Wi-Fi networks around the world since 2003, to feed the database behind the location-finding software that it licenses to mobile device makers such as Apple, Motorola, and Dell. Skyhook has used only active scanning to collect the data, Morgan says, whereas Google’s Street View teams employ passive sniffing.
And that’s what seems to have set up Google for the current crisis. In a post on the company blog on Friday, Alan Eustace, a senior vice president of engineering and research at Google, said an engineer working on an experimental Wi-Fi project in 2006 “wrote a piece of code that sampled all categories of publicly broadcast Wi-Fi data. A year later, when our mobile team started a project to collect basic Wi-Fi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.”
Google surveys Wi-Fi networks for the same basic reason Skyhook does—to provide an additional way, beyond GPS and cell tower triangulation, for phones (in Google’s case, those powered by its Android operating system) to determine their locations. The devil, as always, is in the details. In active scanning, Wi-Fi surveyors driving down a public street send out probe requests that … Next Page »