Google’s WiFi Fiasco: A Wake-Up Call

On Friday, May 14, Google announced publicly that it had been collecting data sent over unencrypted WiFi networks through its Street View project. The Street View project is the name for Google’s mapping service, where Google-owned vehicles drive around city streets and gather photographic data for the purpose of producing panoramic views of many locations around the world. Street View, already controversial because of its implications regarding personal privacy, is now in even more trouble because Google cars have also been gathering data being sent over open (unencrypted) WiFi networks.

While this was very much a major mistake on Google’s part, and people are justifiably upset about the implications of what these Street View cars were doing. Anyone who logged into a bank account over an unencrypted WiFi network might have been recorded by Google. Google could have on its hand an enormous amount of bank account information, or any number of other deep dark secrets that were being transmitted at the wrong place and the wrong time.

Google very much deserves to be in hot water over this. The problem is, the criticism being leveled at Google is very much lacking in scope and foresight. To say that it is not enough to scold or maybe even punish Google is vastly understating the issue.

For one, people should never transmit sensitive information over open WiFi networks. Open WiFi networks should probably not even exist. For instance, by default they allow illegal filesharing of copyrighted materials. Regardless of one’s opinion about the filesharing of copyrighted materials, the fact is that it can lead to a devastating lawsuit against the provider of the open WiFi network… which could be a simple Mom and Pop coffee shop. I also check superboost wifi review and found out that still, there is a 50 over 50 opinions and comments about the device.

Second, if Google is able to gather data off an unencrypted WiFi network, so are other less scrupulous individuals. No one will hear about these miscreants until someone’s bank account gets compromised or some unwary celebrity’s dark secrets get exposed to the world, all because they transmitted this data over an open WiFi connection. Worse yet, the offending criminal may never even be caught. These victims may never even learn that they were compromised over an open WiFi link.

But even those dire facts utterly pale in comparison to the biggest threat of all: that is, every single Internet Service Provider (ISP) in the world. Every person on Earth who gets onto the Internet, goes through some kind of commercial or Government-funded ISP. That means that everything you put online, from your love letters to business contracts to personal pictures, baby photos, bank account passwords and medical information, goes through three (and almost always more than that) ISP’s – the one that you use to access the internet, the network links in between, and the ISP hosting the destination where your data ultimately goes. That is a lot of hands that pass your data along. And each hand represents one more chance for someone to monitor your data in the same way that Google just got caught doing.

Once you transmit your login password to a bank, you have no proof whatsoever that your ISP, or the ISP that hosts the bank’s website, or some link in between, did not record and keep that information. It is safe to assume that they do not, but it is impossible to be absolutely certain that they don’t record that data. The chances are even higher that your ISP that you trust with your online safety, could have one bad actor who could be somehow motivated to pluck your personal data from the stream and keep it for nefarious purposes.

Granted, ISPs have numerous internal rules and safeguards against this kind of behavior – or, at least, this is what they all say. No one, anywhere, even those who work at a given ISP, know for sure that they don’t have a worm in their proverbial apple, and you the consumer can never truly be sure that your ISP is not doing what Google is now in trouble for. You can only be reasonably certain, at best.

There is also the threat of the Government itself intercepting your information. Two Texas Republicans, Representative Lamar Smith and U.S. Senator John Cornyn, proposed a law requiring ISPs to maintain records of your internet activity. Known as the “Internet Safety Act”, Senate Bill 436 and House Resolution 1076 represent a pending bill in Congress that, if ever signed into law, would require ISPs to record your internet activity for two years, along with your identity. European Union’s Data Retention Directive was ultimately passed in 2006, which is remarkably similar to the Internet Safety Act. Essentially, in Europe, every ISP is required to do exactly what Google was lambasted for doing; and while this law has languished in the United States Congress and is not reasonably likely to be made into a law, again, it is impossible to be certain that all hopes for this law are dead forever in America. And wherever data retention exists, there exists a good opportunity for unscrupulous individuals to use that retained data for illegal purposes. And once that data is misused, the damage can almost never be undone.

Forget Google’s sins. Google’s privacy mistake means absolutely nothing. The only thing that matters is what you can do to protect your privacy from the hidden threats as well as the obvious ones. This is not a conspiracy theory, it is basic and easily demonstrated fact. If you are transmitting sensitive data, always use encryption. It may not be a perfect solution to protect your privacy, but it will make things harder for unscrupulous individuals to do irreparable harm to you, and in the world of digital security, making things harder for the bad guys is the best you can do.