The whole Google debacle - collecting “wireless payload data” with its Google Street Views (GSV) data collection system - comes down to nothing more than a greed-driven lawsuit disguised as a case of social justice.
Let’s face it, the security of wireless data from 802.11 networks has been talked about for years. But if someone is doing important things on their wireless network and they’re not employing a reasonable level of security, then do they really have anyone to blame but themselves? They’ve opened their data up to anyone and the ones who really want that data aren’t going to openly admit that they collected some while driving by, like Google. No, those that want credit card and personal banking information and possibly someone’s identity, will sit much farther away, use directional antennas and collect data for much, much longer than Google does during a GSV drive-by. That’s the only way to get meaningful data.
To further illustrate this point, let’s assume the GSV vehicle drives so close to someone’s house that it passes an AP within a few feet. Let’s assume the vehicle is following a typical residential speed limit of 25mph as it drives directly by the AP. A typical AP has a range (and a generous one at that) of a few hundred feet in either direction, that’s about 400 linear feet, again assuming the GSV vehicle has driven right up to the AP. At 25mph, the vehicle can travel the 400 feet by the AP in just a little less than 11 seconds. So at best, Google has collected 11 seconds of data, assuming that the person was online at that specific time and that they have completely ignored all pleas by every 802.11 device manufacturer to use wireless security.
The issue, however, is that Google has no idea what channel anyone’s AP is set to, so it can’t drive by scanning on just one channel. It needs to scan all of the available channels to collect the data that’s really of interest, namely whether or not there’s an AP around, its network name, and the channel it’s broadcasting on. In the 2.4 GHz band there are 11 channels (in the US) and in the 5 GHz band there are typically 8 (again, in the US). Assuming they need to scan through all of these channels, data is only being collected on an individual’s specific channel 1/19 of the time, reducing the slice of data that has been collected by Google to less than 0.6 seconds. Perhaps some critical, unsecured data did cross the network in those 0.6 seconds, but that data is now combined with similar data from thousands upon thousands of other users. This sure doesn’t sound like the most effective solution to try to get access to user’s critical wireless data.
So in the end it’s not about data privacy, it’s about greed. Could Google have been a bit smarter and not collected the payload data? Well sure they could have. But is there anything malicious going on here? Only on the part of those trying to hide behind data privacy invasion for financial gain.
What’s not even considered in this debacle is all of the real data Google does collect, freely and with all our consent, every time we surf the web …