The engineer who wrote the code that scooped up people's private Wi-Fi data for Google's Street View has finally been named -- and before his time at Google he wrote the groundbreaking NetStumbler Wi-Fi sniffing app.
The New York Times identifies the engineer as Marius Milner. Before working at Google, he worked for Lucent and Avaya, his LinkedIn page notes. But most intriguing of all is that the page also lists hims as the author of NetStumbler, which he identifies as "the world's first usable 'Wardriving. application for Windows... a de facto wireless security tool, used by hundreds of thousands of people." In fact, he still lists himself as CTO of the NetStumbler company.
When NetStumbler was released it was a revelation. It allowed anyone to easily find Wi-Fi networks, and get information about them, including their signal strength, SSID, what channel they were broadcasting on, and more. It found countless uses. "Wardrivers" used it to map Wi-Fi networks throughout entire regions. Security pros used it to check whether there were any unauthorized Wi-Fi networks at corporations that could be exploited, and to check the security of authorized Wi-Fi networks. And it's likely that people looking to tap into unprotected Wi-Fi networks for nefarious purposes used it as well.
After its release, it won an award from PC Magazine/eWeek at NetWorld+Interop for being the most innovative wireless software and service. The award cited it because it "Combats hack attempts by plugging security gaps through its sniffer shareware program."
I was an early user of NetStumbler. I live in Cambridge, where there are plenty of Wi-Fi networks, and I was having problems with my home network. Using it, I found that several neighbors were using the same Wi-Fi channel I was using. I switched channels, and my problems went away.
The revelation that Milner is the engineer at the center of the Google Wi-Fi sniffing controversy makes one thing clear: Google certainly does a good job of hiring the right people. You couldn't find a more qualified person to write code to identify and map Wi-Fi networks than Milner.
Milner is taking a bad rap for his role in the Google sniffing scandal. Google has frequently implied that he was a rogue employee of sorts, embedding the code for grabbing personal Wi-Fi data on his own without telling anyone. But the FCC findings shows that's not true. Before the software was deployed for Street View, Milner wrote a report that clearly said his software would capture "payload data" from unencrypted private Wi-Fi networks -- personal information such as emails, passwords, and more. He also wrote that the information gathered would "be analyzed offline for use in other initiatives," although he never said what those initiatives were.
Milner sent that report to Street View project leaders along with a link to his software. They then sent the report and link to everyone else on the Street View team. The FCC also found that Milner explicitly told colleagues that Street View was collecting payload data.
So I hope that the New York Times revealing his name doesn't hurt Milner in any way. I certainly don't agree that he should have written software to grab private information from unencrypted networks. But he told his superiors and colleagues about it, so wasn't doing this on his own.