What We Can Learn from Google Street View

Many wireless LAN planners, administrators and enthusiasts routinely discover nearby networks. In the workplace, discovery is essential to identify interference sources and rogue devices. Outside, "war drivers" often use discovery tools to map available WLANs. In fact, this practice is so common that WiGLE.net, a community-sourced WLAN database, now contains 59 million names and locations.

WLAN discovery results can be put to good uses, including trend analysis and client locationing. So why did the Federal Communications Commission (FCC) investigate the Google Street View project for discovering WLANs from 2007 to 2010, which it summarized in a recent report? And what lessons can the Wi-Fi community learn from the FCC's findings?

What the Fuss Is About

WirelessMay7-PHOTO.jpgIn April, the FCC published a report detailing its investigation into Street View for possible violation of Section 705(a) of the Communications Act of 1934, which pertains to unauthorized publication or use of communication except as authorized by the Wiretap Act. The investigation focused on this provision:

No person not being authorized by the sender shall intercept any radio communication and divulge or publish the existence, contents, substance, purport, effect, or meaning of such intercepted communication to any person. No person not being entitled thereto shall receive or assist in receiving any interstate or foreign communication by radio and use such communication (or any information therein contained) for his own benefit or for the benefit of another not entitled thereto.

According to the report, Street View did more than record WLAN names and GPS coordinates to create a locationing database. It also collected "payload" data - the content of Internet communications - including e-mail and text messages, passwords, Internet usage history and other personal information. Investigators determined that an unnamed developer had incorporated code that recorded "all wireless frame data, with the exception of the bodies of encrypted 802.11 data frames." Quoting the report:

Google engineers decided that the Company should also use the Street View cars for "war driving"... By collecting information about Wi-Fi networks (such as the MAC address, SSID, and strength of signal received from the wireless access point) and associating it with GPS information, companies can develop maps of wireless APs for use in location-based services. To design the Company's program....Engineer Doe developed Wi-Fi data collection software code that, in addition to collecting Wi-Fi network data for Google's location-based services, would collect payload data that Engineer Doe thought might prove useful for other Google services.

How Data Was Used

Upon analyzing over 200GB of data collected by Street View between 2008 and 2010, investigators concluded that, in some cases, sufficient unencrypted payload data had been gathered "to construct an accurate picture of the communication of an often identifiable user." To avoid further risk of violating privacy laws, Google revised Street View to disable all data frame capture in May 2010, enabling location collection to resume.

Ultimately, the FCC assessed a penalty for failure to respond to investigation requests in a timely and complete manner. However, no penalty was assessed for payload data collection. Why? The Wiretap Act provides this exception:

It shall not be unlawful under this chapter...for any person...to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.

Google successfully argued that all data Street View had collected was readily accessible to the general public because it came from unencrypted Wi-Fi networks; thus no laws had been violated. Upon review, the FCC opted to forego action, stating: "Although Google also collected and stored encrypted communications sent over unencrypted Wi-Fi networks, the Bureau has found no evidence that Google accessed or did anything with such encrypted communications."

Four Lessons

First, this case focused on data payload. Beacons, probe responses, and other headers commonly used for WLAN analysis do not seem to have posed concern. Lesson: We can be comfortable recording these frames during WLAN discovery.

Second, although the Act allows interception of electronic communication readily accessible to the general public, the investigation was triggered by data payload recording. Lesson: If payload is not necessary, don't record it.

Third, WLAN owners can consent to recording their own traffic, but Street View recorded traffic from other WLANs. Furthermore, what was done with that data played a big role. If encrypted data had been cracked, the ruling could have differed. Lesson: If you plan to drill into data, get permission first.

Finally, every WLAN professional should understand what data their tools record so that it can be treated appropriately. This just might be the biggest lesson of all.

Email and Social Media Links: Share securely via email |  |


Unconfirmed NY Times report puts a familiar face on Street View's "Engineer Doe" --


Hint: Every war driver knows his name.

"Leave only footprints" - Check out this interesting take on the Street View case, the history of war driving, and related ethical analysis:


Join the Webtorials Community
Subscription Maintenance

Featured Sponsors

Recent Comments

Webtorials TechNotes

Featured Analysts

Gary Audin, Delphi, Inc.

Michael Finneran, dBrn Associates

William A. Flanagan, Flanagan Consulting

Douglas Jarrett, Keller and Heckman LLP

Jim Metzler, Ashton, Metzler & Associates

Lisa Phifer, Core Competence

Dave Powell, Independent Technical Writer

David Rohde, TechCaliber Consulting LLC

Steven Taylor, Distributed Networking Associates, Inc.

Joanie Wexler, Technology Analyst/Editor


Steven Taylor

TechNotes is a special program of Webtorials and Distributed Networking Associates, Inc.


Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at http://www.webtorials.com/reg/.  Continuing past this point indicates your acceptance of our terms of use as specified at Terms of Use.

Webtorial® is a registered servicemark of Distributed Networking Associates. The Webtorial logo is a servicemark of Distributed Networking Associates. Copyright 1999-2013, Distributed Networking Associates, Inc.