When I published Misuse of network identifiers was done on purpose, Ben Adida twittered that “Kim Cameron answers my latest post with some good points I need to think about…”. And he came through on that promise, even offering me a “Get out of theatre free” card:
“A few days ago, I wrote about Privacy Advocacy Theater and lamented how some folks, including EPIC and Kim Cameron, are attacking Google in a needlessly harsh way for what was an accidental collection of data. Kim Cameron responded, and he is right to point out that my argument, in the Google case, missed an important issue.
“Kim points out that two issues got confused in the flurry of press activity: the accidental collection of payload data, i.e. the URLs and web content you browsed on unsecured wifi at the moment the Google Street View car was driving by, and the intentional collection of device identifiers, i.e. the network hardware identifiers and network names of public wifi access points. Kim thinks the network identifiers are inherently more problematic than the payload, because they last for quite a bit of time, while payload data, collected for a few randomly chosen milliseconds, are quite ephemeral and unlikely to be problematic. [Just for the record, I didn't actually say “unlikely to be problematic” – Kim]
“Kim’s right on both points. Discussion of device identifiers, which I missed in my first post, is necessary, because the data collection, in this case, was intentional, and apparently was not disclosed, as documented in EPIC’s letter to the FCC. If Google is collecting public wifi data, they should at least disclose it. In their blog post on this topic, Google does not clarify that issue.
“So, Google, please tell us how long you’ve been collecting network identifiers, and how long you failed to disclose it. It may have been an oversight, but, given how much other data you’re collecting, it would really improve the public’s trust in you to be very precise here.”
Ben also says my initial post seems “to weave back and forth between both issues”. In fact I see payload and header being two parts of the same WiFi packet. Google “accidently” collected one part of the packet but collected the other part on purpose. I think it is really bizarre that a lot of technical people consider one part of the packet (emails and instant messages) to be private, and then for some irrational reason assume the other part of the same packet (the MAC address) is public. This makes no sense and as an architect it drives me nuts. Stealing one part of the WiFi packet is as bad as stealing another.
Ben also says,
“I agree that device privacy can be a big deal, especially when many people are walking around with RFIDs in their passports, pants, and with bluetooth headsets. But, in this particular case, is it a problem? If Google really only did collect the SSIDs of open, public networks that effectively invite anyone to connect to them and thus discover network name and device identifier, is that a violation of privacy, or of the Laws of Identity? I’m having trouble seeing the harm or the questionable act. Once again, these are public/open WiFi networks.”
Let me be clear: If Google or any other operator only collected the SSIDs of “open, public networks that invite anyone to connect to them” there would be zero problem from the point of view of the Laws of Identity. They would, in the terminology of Law Four, be collecting “universal identifiers”.
But when you drive down a street, the vast majority of networks you encounter are NOT public, and are NOT inviting just anyone to connect to them. The routers emit packets so the designated users of the network can connect to them, not so others can connect to them, hack them, map them or use them for commercial purposes. If one is to talk about intent, the intent is for private, unidirectional identifiers to be used within a constrained scope.
In other words, as much as I wish I didn't have to do so, I must strongly dispute Ben's assertion that “Once again, these are public/open WiFi networks” and insist that private identifiers are being misappropriated.
In matters of eavesdropping I subscribe to EPIC's argument that proving harm is not essential – it is the eavesdropping itself which is problematic. However, in my next post I'll talk about harm, and the problems of a vast world-wide system capable of inference based on use of device identifiers.