Re: Google Maps offering to "map our locations"....concerns??

["Doty, Timothy T." <tdoty () MST EDU>]

It isn't clear that google wasn't also cracking wireless encryption. Somehow only one person at google knows and he 
pleaded the fifth. That doesn't exactly install confidence.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Justin 
Azoff
Sent: Tuesday, April 17, 2012 2:04 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Google Maps offering to "map our locations"....concerns??

On Tue, Apr 17, 2012 at 01:21:45PM -0500, Heath Barnhart wrote:
> I agree with this as well. There's a difference between walking around 
> with your wifi adapter on and seeing what you see and actually 
> capturing information, which I believe if anyone of us got caught 
> doing would land us in a federal prison.

There isn't a difference though.. unless by "see" you mean display to the screen and "capture" you mean write to disk.

> I would suggest, if asked for opinion by administration, that a 
> stipulation be made that Google only be allowed to do passive scanning of the network only.
> That way they can still gather their WiFi location data if they want 
> but not get user data.

"passive scanning" confuses two different concepts.  What google did originally that got them in trouble was completely 
passive data collection and didn't even involve any type of scanning.

What google had intended on doing was to capture the unencrypted 802.11 beacon frames which contain the SSID and BSSID. 
 They accidentally captured all 802.11 frames, including those from people using insecure wireless networks.  The only 
reason why google every captured user data was users were being stupid and broadcasting their data in the clear into 
public areas.

--
-- Justin Azoff
-- Network Security & Performance Analyst