Open Source Enterprise Solutions

Open Source Journal

Subscribe to Open Source Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Open Source Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Open Source Journal Authors: Pat Romanski, Elizabeth White, Liz McMillan, Patrick Hubbard, Matt Davis

Related Topics: SEO Journal, Open Source Journal, Facebook on Ulitzer, Google, Google App Engine

Blog Feed Post

Google Street View Wi-Fi Snooping: Commentary

Thoughts on the FCC Report

On Saturday, April 28, the FCC released the full un-redacted report on ’s Street View project. The report is only 25 pages long and can be found at the bottom of this post.  I find the following tidbits particularly interesting:

" …Engineer Doe developed Wi-Fi data collection code that, in addition to collecting Wi-Fi network data for Google’s location-based services, would collect payload  that Engineer Doe thought might be useful for other Google services. …Google made clear for the first time that Engineer Doe’s was written specifically to capture payload data.“

Google Street View CarDespite all of Google's previous assertions to the contraire, this quoted section indicates that Google engineer[s] intended for payload data to be captured and stored. Google insists that this was done without the knowledge or approval of project leader and was not a necessary requirement. This would certainly indicate a failure on the part of project management as this drastically changes the scope of the project with far reaching implications. Even if this were indeed the case of a single engineer going rouge, it makes one wonder even more about the internal culture of the company with respect to consumer . Keep in mind that Wi-Fi traffic only travels between individual computers and an access point. Both end points, in this case, reside on private property. Why would anyone believe it acceptable to capture and store this data with affected individuals knowledge and/or consent?

” ..Google employees stated that any full-time software engineer working on the Street View project was permitted not only to access and review the code, but also to modify it without prior approval from the project managers if the engineer believed he or she could improve it. In addition to Engineer Doe, at least one other engineer wrote or modified an aspect of the Wi-Fi data collection code. “

If this is indeed the case, it might explain the feature creep. Were these modifications or “improvements” not documented as part of project documentation? It certainly should have been. Project managers can’t pass the buck on this.

A manager of the Street View project estimated that five engineers took turns [ deploying and testing] the Wi-Fi data collection code into Street View cars. Despite their hands-on work…these engineers claim they did not realize Google was collecting payload data”

Google engineers tasked with reviewing the code and deploying it to street cars claim they did not realize it captured payloads. Really? This must be the equivalent to the infamous ” I don’t recall” defense.  Or sheer ineptitude maybe?

Lastly, the FCC fined Google $25,000 for “impeding the investigation”. Google agreed to pay the fine though the company blames the delays in internal FCC processes. This has been the only penalty on Google to date in the US.

Read Full Report below:(Click on Full Screen at bottom right)

 

 

Related posts:

  1. Enter the Dragon browser, the more secure Google Chrome The open source engine that forms the basis for Google’s...
  2. Skipfish-Web Scanning Security Tool from Google Google has released an open-source Web security scanner called Skipfish...
  3. Use Google Apps or Gmail? Avoid getting hacked! It can happen to the best of us. Blogger and...

 


More Stories By William McBorrough

William J McBorrough is a Security Expert with many years of success Managing, Designing, and Implementing medium and large enterprise Physical and Information Technology Security Solutions. His experience spans the spectrum from small e-commerce start-ups to multi-campus state and federal agencies to multi-state financial sector organizations. He is also on the faculty of various universities including University of Maryland University College, EC-Council University, George Mason University and Northern Virginia Community College where he conducts research and teach graduate and undergraduate courses relating to cybersecurity, cybercrime, cyberterrorism, and information security and assurance. He holds a Bachelors of Science in Computing Engineering with a concentration in digital networks and a Masters of Science in Information Security and Assurance. He is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk Information System Control (CRISC), and Certified Ethical Hacker (CEH).He is well versed in personnel, systems and network security risk management. His core competancies include Developing cost effective solutions to enable mission assurance in the following areas: Enterprise Risk Management, IT Governance, Security Organization Development, Information Security and Assurance

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.