When Google launched its Street View project in communities around the world in 2007, it sent cars up one street and down the next with an odd structure towering above the roof of each car. The first element identified was an array of cameras that recorded in all directions but it also included antennae to identify the Wi-Fi networks operating along the path traveled. Both visual and electronic sensors were completely indiscriminate.
The primary goal of collecting the electronic signals was to identify the Wi-Fi networks to aid locating ability in mobile devices. Each access point can be identified as part of the Wi-Fi protocols and they tend not to move around. While it’s certainly possible to move your access point from the front room on the main floor to a back bedroom on the second floor, in my experience most people never move them at all. They set them up in places convenient to the DSL or cable modem, turn them on, configure them, and that’s the end of it. Thus they become reliable beacons, like light houses on a stormy coast.
The Street View system was not designed to analyze the information collected, either images or electronic signals. All the cars did was collect both types of information and record the geographic coordinates of the vehicle at the time of collection. With images one assumes they also recorded the direction, that is a certain image was recorded from a specific location with the camera facing to the right. All of the data was stored to a hard drive in the car which was later processed and integrated to create a mosaic of the areas traversed.
Privacy advocates in Europe got excited about the images taken of people’s houses, and then noticed that some images included recognizable people. Google responded by giving property owners the ability to remove detailed images of their property from the final result. Google also took steps to blur faces that were recorded. Although I can’t see any reason to keep identifiable individuals in the images, I disagree with removing property images. In the US there is no issue here, if you can photograph something from a public place you are entitled to keep and use the image.
The same applies to the network information. As I said, the broadcast of the network identity is part of the way the network operates, it can’t work without that. It’s the nature of radio broadcasts of all kinds to emanate from the point of origin and travel in all directions (although some antenna designs are directional this is not normal for access points), ending only as physical impediments and the inexorable result of the inverse-square law dictate. It doesn’t matter if the signals are commercial radio, cell-phone conversations, or from Wi-Fi networks. If you’re entitled to be standing at a specific spot, you’re entitled to tune in. There is no legal basis for requiring the listener to turn over recordings of radio signals received.
Initiated by European authorities intent on protecting privacy, there has been a steady drumbeat of criticism toward Google about collecting data that was transmitted by those Wi-Fi access points. Remember that this is simply radio being broadcast, and the Street View car is as entitled to pick up those signals as it is to pick up the signals from the local “classic rock” station on the FM band. However, unlike the commercial radio station, a properly configured Wi-Fi access point never broadcasts any data at all. Only the network ID (SSID: the name of the network) and certain technical data such as the frequency range and channel and the system of encryption in use should ever be broadcast. If parts of e-mails, fragments of images, or login credentials for online banking are being transmitted, the network is simply not working correctly. Even the weakest encryption requires collecting hours of transmissions to have any possibility of cracking them. Had I been asked at the time this first came up I would have expected at most 10% of the networks to be transmitting “in the clear”, because the early Wi-Fi protocols involved long and difficult keys to be used. Not only were those early protocols fairly easy to crack, the long keys meant people didn’t use them. But that era passed, current products are much more secure and are easily setup, absent incredible incompetence there shouldn’t be more than a fraction of one percent network traffic ending up where a Street View sweep could record it.
In other words, if an individual’s private communication ended up in Google’s data repository, the responsibility lies entirely with whoever setup the access point, not with Google for driving by while this incompetence was being demonstrated. If I Were King I would caution Google to exercise some sense when dealing with the data they collected and order the government busy bodies to find a better use for their time than investigating the innocent sampling of data broadcast into public rights of way. And I would worry about the intelligence of my subjects who would broadcast this data and then be shocked to learn that someone received it.