Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Google Wardriving: How Engineering Trumped Privacy
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
YMOM100
50%
50%
YMOM100,
User Rank: Apprentice
5/4/2012 | 4:44:05 PM
re: Google Wardriving: How Engineering Trumped Privacy
Yes, if you leave something valuable at the curb someone probably takes it. BUT, that would still be stealing and that is illegal! The Google case is different, folks left their valuables unencrypted on the digital curb and making a copy of it is not illegal.
I tend to agree with you that the laws should not be changed, because we enter a gray area otherwise. For example, SSIDs are sent out unencrypted. So would picking those up be illegal then? If yes, all existing hardware would need to be upgraded or tossed. So if SSID would be consider OK, what about the hundreds of other possible forms of data packets sent? Do we need to detail each one in the law and make a determination of what is allowed to retrieve and what is not? That would be entirely unmaintainable.
I rather see a change that adds clarity so that snooping unencrypted wireless data is explicitly allowed while making once again clear that unauthorized decryption of any data is not allowed. Sure, that puts the burden on consumers, but when they run wireless networks they should know what they are doing.
YMOM100
50%
50%
YMOM100,
User Rank: Apprentice
5/4/2012 | 4:35:37 PM
re: Google Wardriving: How Engineering Trumped Privacy
Not disagreeing, but in many other cases the FCC applied or has to apply different sets of rules to various services. For example, many rules apply to landline phone service that do not apply to VoIP services, although the use and intent are identical.
The problem here is that the current laws do not allow the FCC to come to any other conclusion and if they do the rightwingers and teabags flip out and scream "Communists!".
What Google did was legal, but it wasn't right and Google's take is that they stopped doing what they ethical, morally (but not legally) should not have done in the first place.
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
5/3/2012 | 9:43:49 PM
re: Google Wardriving: How Engineering Trumped Privacy
Oui, Oui, MyW0r1d!
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
5/3/2012 | 9:41:54 PM
re: Google Wardriving: How Engineering Trumped Privacy
Neglecting issues of perceived bad taste, just how is it different? If a photographer or painter makes a picture of my garden from the street and gets filthy rich selling, is that immoral or illegal? Does it harm me?

If you have a good logical argument why it is, your point is valid. If not, your argument devolves a bit to the realm of feelings
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
5/3/2012 | 9:39:58 PM
re: Google Wardriving: How Engineering Trumped Privacy
And everyone should reconfigure their AP to not broadcast the SSID, but I drive around town and know most private citizens and a big number of businesses are not. The article also referenced coffee shops and businesses with old equipment, few are interested in wasting their 5-10 minutes in the coffee shop ensuring their WiFi is secure to their liking (so they can't MAN UP for someone else's oversight). Is the answer assume all WiFi is unsecure and not use it? No, but like any social media do and say nothing you do not want to be public knowledge. I agree with other posts here that say each individual is responsible for their use. The concept of privacy was fundamental in the Bill of Rights which protects against unlawful search and seizure and self incrimination, shall we eliminate it as well? I no more want any government taking care of my needs, than the greater risk represented by commercial firms or an ex stalking me with GPS on my phone and enabled by Google's WiFi maps. The worst in this entire article is a government agency with regulatory responsibility (the FCC) using a 1934 reference to wash their hands of that responsibility.

PS There have been a number of precedents set by paparazzi photographing over those high fences, so if you can catch that plane and the occupant spying on you, it is probably a prosecutible offense (depending on local laws of course). Similarly, I would even say that Google maps or any similar have legal restrictions on the degree of resolution they can publish (they have to obscure license plates? as one example).
awatsonv2l
50%
50%
awatsonv2l,
User Rank: Apprentice
5/3/2012 | 9:29:28 PM
re: Google Wardriving: How Engineering Trumped Privacy
Sorry but trolling the streets and collecting data to build information profiles should be considered the same as trolling through the other unencrypted data that flows from peoples homes such as in garbage cans, licence plate numbers and yes, photos of people in the windows of homes. It's one thing to see something, a completely other thing to use that for some commercial or other purpose.
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
5/3/2012 | 2:11:59 PM
re: Google Wardriving: How Engineering Trumped Privacy
If I sunbathe nude in my fenced backyard with no other houses overlooking me, but a person in an airplane flys over and sees me in all my hirsute glory, is (s)he a Peeping Tom? Of course not. And collecting data that is flying through the air unencrypted for anyone to see is not an invasion of privacy, either., though it may be bad manners (and bad taste) akin to staring down at me from the plane.

Frankly, running an unecrypted access point is EXACTLY like standing in front of an open window. If you do something, people might see. If you don't know how public you are, that is YOUR problem. Folks need to man up and accept responsibility for their own actions or inactions.

Or move to France, where the government will take care of all your needs...
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
5/3/2012 | 12:42:44 AM
re: Google Wardriving: How Engineering Trumped Privacy
"The FCC in its report noted that Google may not have done anything illegal, either by intercepting information, or analyzing it, especially because it left encrypted data alone." Actually, I believe this would contridict a long standing position of the FCC. Telephone transmission for many years have been regulated and were not encrypted (except for certain state and defense needs). It was and is relatively easy to intercept, record, and distribute these comunications, however, the law prevents such illegal or unauthorized "wiretapping." Wardriving, while targetting a different form or structure of comunication, is nonetheless more similar than dissimilar.

I think any state serious about their privacy laws to protect their citizens rights will share this interpretation (see EU reconsideration) as opposed to the "everyone should be automatically as intelligent as I and responsible" mindset. I could stop any number of people on the street and test them on their technological competence, drill them on IPv4 vs. v6 or 128 vs 256 bit encryption, but the vast majority are users not technicians and expect the system designers to be responsible. We may get there, but I don't think it is accurate to say we are already.
JonoPorter
50%
50%
JonoPorter,
User Rank: Apprentice
5/2/2012 | 4:35:45 PM
re: Google Wardriving: How Engineering Trumped Privacy
Still the access points not being configured for encryption by default is not an issue that should be addressed by a law it is merely an awareness issue. Do a story?

As for banking: if a bank exists that transmits passwords in the clear and does not use SSL encryption they are negligent to the point of being criminal. If you know of any, you should compile a list, and do a story on these negligent banks. All the sites that I use that require username and password use SSL when you log in (including this one). So really the only thing encrypting your WI-FI does is make sure your neighbors (or anyone nearby) doesnGt know what kind of websites you visit and the contents of them.

As for Comcast not requiring encryption that actually shocked me. I know when I previously had Comcast (before they changed their name or got bought by Comcast) they did require it (the installer was very adamant). And so did the DSL provider in my area. I guess saying that it was in a EULA was going a bit far.
Mathew
50%
50%
Mathew,
User Rank: Apprentice
5/1/2012 | 8:22:43 PM
re: Google Wardriving: How Engineering Trumped Privacy
JonoPorter: You raise excellent points. Locks do deter criminals. And in an ideal world, everyone would have the latest and greatest Wi-Fi tech. Everyone would understand how to secure that tech. Service providers would only give subscribers routers with strong encryption enabled, unique access passwords, as well as unique admin passwords. Best Buy and its ilk would only sell the same. And more to the point, they would have never done otherwise.

But that's simply not true. How many routers ship with no admin password, or encryption not enabled by default? What about five years ago? Ten years ago? How many legacy routers provided by service providers are still at large, and in use, but can only handle WEP or which shipped without encryption enabled by default? Are you saying that when granny does her banking, and someone's parked outside her house and intercepting her signals, it's her fault if her service provider shipped her -- or Belkin sold her -- a router that didn't have strong encryption enabled by default?

In terms of service providers requiring encryption, moreover, a quick Google search turns up examples to the contrary. For example, here's what Comcast says:


For basic security, select 64-bit WEP (Low) from the WEP Encryption Strength drop-down box. As a default, Comcast enables the current highest level of wireless security at the time of professional installation--the 128-bit WEP (High) Encryption. If your signal strength and link quality are poor, you may change the strength to 64-bit or disable it completely by choosing None. WEP Encryption is not necessary for gateway operation, but is recommended for enhanced network security.



Needless to say, someone with the right tools can often crack 64-bit WEP in a few minutes. Or if there's no "enhanced network security," well, is the consumer really the one at fault?
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15886
PUBLISHED: 2020-07-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-15887
PUBLISHED: 2020-07-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2019-15888
PUBLISHED: 2020-07-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
CVE-2020-11827
PUBLISHED: 2020-07-14
In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileg...
CVE-2020-13845
PUBLISHED: 2020-07-14
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically vali...