Google wants to face single mega-lawsuit over WiFi snafu

By Jacqui Cheng | Ars Technica

Google is attempting to consolidate the growing number of lawsuits against the company as a result of its "accidental" WiFi data collection. Meanwhile, a privacy group has analyzed an independent analysis of the situation and is now accusing Google of having "criminal intent" with the whole debacle.

Google filed a motion in the US Judicial Panel on Multidistrict Litigation this week, seeking to roll all eight lawsuits (plus any that might pop up in the future) pertaining to the data collection situation into one case. "All of the complaints in the Google Wi-Fi Cases assert claims under the federal Wiretap Act," wrote Google. "All of the complaints make very similar factual allegations, and thus any necessary discovery will be of common facts."

Because the cases span different jurisdictions, with some making claims under specific state laws, Google argues in its motion that there's potential for conflicting pretrial rulings, "especially with respect to the proper scope and extent of discovery, class certification and other factual and legal matters." Google would like a single, monster suit to be filed in the US District Court of Northern District of California—the company's home turf.

Meanwhile, Privacy International has turned up the heat on Google after having analyzed an independent report (PDF) on the situation conducted by technical services firm Stroz Friedberg. The report details what kind of data Google's code did and did not collect, as well as how it was processed and stored. Put simply, a program called "gslite" sniffed packets from unprotected WiFi networks as Google's Street View cars rolled down the street, separating out encrypted and unencrypted content. The encrypted data was dumped while the unencrypted data was then written to the car's hard drive.

Because of this specific behavior of the program, PI says it's clear that Google made no mistake at all—"It is a criminal act commissioned with intent to breach the privacy of communications," wrote PI. The group says that some jurisdictions allow for accidental interception of data, but that Google clearly had "intent to intercept" and therefore is in violation of criminal law.

Google CEO Eric Schmidt spoke openly last week about the company's gaffes, noting that he hoped Google's honesty would help reassure the public that it wouldn't happen again. Though most of the 600GB of data collected globally probably consists primarily of lolcats and fart app downloads, Google has definitely struck a sensitive nerve among users, privacy groups, and lawmakers alike.

Google's Street View Cars Spied on Wi-Fi Activity

Google Admits its Street View Cars Spied on Wi-Fi Activity
by Mike Harvey

Google's Street View cars have been spying on people's internet use for three years, the search giant admitted last night. It had been scooping up snippets of people's online activities broadcast over unprotected home and business wi-fi networks.

The logo of web giant Google. The California-based Internet firm has said it will end the collection of WiFi network information entirely by its fleet of Street View cars which have been used in over 30 nations after private data was 'mistakenly' collected from unsecure networks.(AFP/File)Google admitted that the cars' radio antennae snooped on e-mails and other bits of information when the vehicles trundled through towns and cities. Google said that the data was collected only in short bursts as the vehicles passed by, and was never used.

The cars, which have cameras on a pole, have covered most of the towns and cities in the UK. Street View, launched in the US in 2007, provides real-world images of streets and roads that the user can manipulate, as part of Google's online mapping products.

Its launch in the UK in April last year provoked a storm of protest, when people claimed that its images would help burglars seek out where to strike and invaded home owners' privacy.

The Information Commissioner's Office this year cleared Street View of any breach of the Data Protection Act but privacy regulators have expressed concern about the service. Yesterday's confession will raise more fears about internet users' privacy and how much personal information Google collects through its search engine and other services. Google admitted: "Maintaining people's trust is crucial to everything we do, and in this case we fell short."

Google made the admission after German authorities began to examine why Google was using the cars to collect wi-fi data at all. A month ago Google said it was collecting only the name and location of local wi-fi networks - information, it argued, that was publicly available and was useful to help it improve its location services. Its data collection was much more invasive.

Internet activity such as e-mails, photos and which websites a user was looking at could have been collected by the cars. Google said that activity on secure websites, such as banking websites, could not be accessed and any activity on password-protected networks was also safe.

"We will typically have collected only fragments of payload data because our cars are on the move; someone would need to be using the network as a car passed by; and our in-car wi-fi equipment automatically changes channels roughly five times a second," Alan Eustace, senior vice-president of engineering and research for Google wrote in a blog. "It's now clear that we have been mistakenly collecting samples of payload data from open networks."

Google said it had contacted some privacy authorities in Europe and wanted to delete data. Street View cars would not collect any more wi-fi data. Experts said passwords, as well as general surfing, could have been caught in Google's dragnet.