Google's Wi-Fi Snooping Settlement is Really, Really Awful
The recent settlement [PDF] between 38 states and Google over the company's Wi-Fi snooping fiasco sure is puzzling. While the settlement, called an Assurance of Voluntary Compliance, does little to punish Google for accidentally slurping up massive amounts of content from wireless networks using its roaming Street View vehicles, it does require the company to carry out a gratuitous and poorly thought out song and dance.
In particular, the settlement requires Google to:
- Hold an annual "Privacy Week" event, which will be promoted across Google offices.
- Develop and promote a "how-to-video" on YouTube that explains how users can encrypt their wireless networks. "This how-to-video shall remain on YouTube for at least two years from the date the PSC begins and at a minimum should demonstrate the configuration of wireless security modes: WEP... WPA-Personal... WPA2-Personal... and WPA-Enterprise & WPA2-Enterprise...."
- Write a blog post for the Google Public Policy Blog explaining the value of encrypting a wireless network, directing users to links to how-to videos on YouTube.
- Run at least one half-page educational newspaper ad in a newspaper of national circulation and at least one half-page educational ad in the newspaper with the greatest circulation rate in each state.
- Incorporate a discussion on WiFi security in an educational pamphlet about online safety and privacy.
- Run daily online ads promoting the how-to-video for at least two years.
- Pay $7,000,000, divided amongst each state.
Although it's easy to poke fun at the sillier aspects of this half-baked document—like the stipulation that Google must promote the incredibly outdated and deprecated WEP encryption protocol1—the settlement mistakenly suggests that locking down wireless networks should be viewed as a solution to the surveillance snafu.
This couldn't be further from the truth. The solution to public surveillance problems should not involve discouraging people from providing public resources like open wireless, since this cuts against the general interest and takes away a common good. As we've explained elsewhere, wireless encryption provides few benefits compared to the much stronger end-to-end encryption, a technology that can thrive alongside environments with open wireless access. The settlement could have gone so much farther by educating people how to run open wireless networks safely and securely—for example, through open guest networks.
It is apparent that too little thought and analysis went into this settlement document, and, as a result, the requirements do the public a huge disservice by hurting the Open Wireless Movement. (And we thought the content industry was bad.) We hope that Google is more thoughtful in implementing what the document mandates and embraces the value of open networks. In fact, we gladly would work with Google in creating educational materials with an informed view of wireless security and open networks. After all, open wireless is an important public good that needs to be nurtured, not stamped out by knee-jerk responses to complicated policy problems.
- 1. The issue here lies in the fact that WEP encryption is notoriously useless. It is child's play for anybody who wants to get into your network or sniff your data. And now, a legal settlement between 38 states and a gigantic technology firm with unbelievable influence mandates a how-to guide about implementing a deprecated encryption protocol. And this is supposed to fix the problem?
We've written up a script that Google is free to use for such a video:
VOICEOVER:Here's how to securely set up WEP encryption on your router.
Step 1: Don't.
Recent DeepLinks Posts
Aug 26, 2016
Aug 25, 2016
Aug 24, 2016
Aug 23, 2016
Aug 22, 2016
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Fair Use and Intellectual Property: Defending the Balance
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Free Speech
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Know Your Rights
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- State-Sponsored Malware
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trade Agreements and Digital Rights
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- UK Investigatory Powers Bill
- Video Games