March 22, 2013 | By Dan Auerbach and Adi Kamdar

Google's Wi-Fi Snooping Settlement is Really, Really Awful

The recent settlement [PDF] between 38 states and Google over the company's Wi-Fi snooping fiasco sure is puzzling. While the settlement, called an Assurance of Voluntary Compliance, does little to punish Google for accidentally slurping up massive amounts of content from wireless networks using its roaming Street View vehicles, it does require the company to carry out a gratuitous and poorly thought out song and dance.

In particular, the settlement requires Google to:

  • Hold an annual "Privacy Week" event, which will be promoted across Google offices.
  • Develop and promote a "how-to-video" on YouTube that explains how users can encrypt their wireless networks. "This how-to-video shall remain on YouTube for at least two years from the date the PSC begins and at a minimum should demonstrate the configuration of wireless security modes: WEP... WPA-Personal... WPA2-Personal... and WPA-Enterprise & WPA2-Enterprise...."
  • Write a blog post for the Google Public Policy Blog explaining the value of encrypting a wireless network, directing users to links to how-to videos on YouTube.
  • Run at least one half-page educational newspaper ad in a newspaper of national circulation and at least one half-page educational ad in the newspaper with the greatest circulation rate in each state.
  • Incorporate a discussion on WiFi security in an educational pamphlet about online safety and privacy.
  • Run daily online ads promoting the how-to-video for at least two years.
  • Pay $7,000,000, divided amongst each state.

Although it's easy to poke fun at the sillier aspects of this half-baked document—like the stipulation that Google must promote the incredibly outdated and deprecated WEP encryption protocol1—the settlement mistakenly suggests that locking down wireless networks should be viewed as a solution to the surveillance snafu.

This couldn't be further from the truth. The solution to public surveillance problems should not involve discouraging people from providing public resources like open wireless, since this cuts against the general interest and takes away a common good. As we've explained elsewhere, wireless encryption provides few benefits compared to the much stronger end-to-end encryption, a technology that can thrive alongside environments with open wireless access. The settlement could have gone so much farther by educating people how to run open wireless networks safely and securely—for example, through open guest networks.

It is apparent that too little thought and analysis went into this settlement document, and, as a result, the requirements do the public a huge disservice by hurting the Open Wireless Movement. (And we thought the content industry was bad.) We hope that Google is more thoughtful in implementing what the document mandates and embraces the value of open networks. In fact, we gladly would work with Google in creating educational materials with an informed view of wireless security and open networks. After all, open wireless is an important public good that needs to be nurtured, not stamped out by knee-jerk responses to complicated policy problems.

  • 1. The issue here lies in the fact that WEP encryption is notoriously useless. It is child's play for anybody who wants to get into your network or sniff your data. And now, a legal settlement between 38 states and a gigantic technology firm with unbelievable influence mandates a how-to guide about implementing a deprecated encryption protocol. And this is supposed to fix the problem?

    We've written up a script that Google is free to use for such a video:

    Here's how to securely set up WEP encryption on your router.
    Step 1: Don't.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

The NSA is stopping "about" searching. That's a victory for privacy protections, but it's just the beginning.

Apr 28 @ 5:25pm

We lifted this month's uberly stupid patent from last week's headlines

Apr 28 @ 12:33pm

The New York Times reports that NSA "halts collection of Americans’ emails about foreign targets."

Apr 28 @ 11:16am
JavaScript license information