Google wants to patent technology used to 'snoop' Wi-Fi networks
Lawyers in class-action suit link patent application to Street View data sniffing
Computerworld - Google's secret Wi-Fi snooping was powered by new sniffing technology that the company wants to patent, court documents filed Wednesday alleged.
A just-amended complaint in a class-action lawsuit first submitted two weeks ago claims that a patent Google submitted to the U.S. Patent and Trademark Office in November 2008 shows that the search giant purposefully created technology to gather, analyze and use data sent by users over their wireless networks.
The lawsuit, which was filed by an Oregon woman and a Washington man in a Portland, Ore. federal court May 17, accused Google of violating federal privacy and data acquisition laws when its Street View vehicles snatched data from unprotected Wi-Fi networks as they drove up and down U.S. streets.
Google acknowledged the privacy issue May 14, but said it had not known it was collecting data from unprotected wireless networks until recently.
The company faces multiple civil lawsuits in the U.S., and is under investigation by authorities in several countries, including Canada, the Czech Republic, France, Germany Spain and Italy. The U.S. Federal Trade Commission (FTC) has said it will take a "very, very close look" at the Google practice.
Lawyers for the plaintiffs in the Oregon lawsuit upped the ante Wednesday when they amended the original lawsuit to include charges that Google filed for a patent on Wi-Fi sniffing technology more than a year and a half ago.
According to the modified complaint, Google's technology can collect the make and model of wireless routers, the street address of that router and even the "approximate location of the wireless AP [access point] within the user's residence or business."
In its patent application, Google noted that multiple antennas could be mounted on vehicles, which would be able to obtain a more accurate estimate of the router's location based on a "stereo" effect.
Google has admitted that it sniffed basic wireless network information -- including the network and router identifiers -- to map those networks, which would then be used by mobile devices such as smartphones to pinpoint their locations in Google's mapping services. Google has claimed, however, that the code which grabbed data from unsecured Wi-Fi networks was added to the Street View vehicles data sniffers by mistake.
But the plaintiffs' lawyers said Google's patent application showed that the company's Wi-Fi locating technology had more in mind than just basic information.
"As disclosed in the '776 Application, the more types and greater the quantity of Wi-Fi data obtained, decoded, and analyzed by Google from any particular user, the higher its 'confidence level' in the calculated location of that user's wireless AP," the changed lawsuit stated. "Collection, decoding, and analysis of a user's payload data would, therefore, serve to increase the accuracy, value, usability, and marketability of Google's new method."
"Payload data" is the term given to the information transmitted over wireless networks, including the data that Google said it unintentionally snatched from the air as its Street View cars and trucks drove by homes and businesses.
"Google has employed one or more of the methods disclosed in the '776 Application to collect, decode, analyze, store, and make beneficial use of wireless data (including payload data) it collected from plaintiffs and class members," the lawsuit alleged.
The advocacy group Privacy International has had similar thoughts. In a letter last month to European Union privacy commissioners, the group said, "We are deeply unsettled by Google's assertion that this situation was caused by a mere 'mistake' brought about by accidental use of inappropriate code developed for sniffing the content of Wi-Fi networks. This explanation to us seems entirely implausible."
As part of the amended complaint, the plaintiffs' lawyers added another charge to the three original, alleging that Google violated Title 47 of the U.S. Code. They also asked that Google be forced to pay up to $100,000 to each person whose data it obtained.
Google did not immediately reply to a request for comment. Company lawyers have not yet responded to the class-action lawsuit with a court filing of their own.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
Read more about Privacy in Computerworld's Privacy Topic Center.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!