{"id":1130,"date":"2010-06-16T10:40:31","date_gmt":"2010-06-16T18:40:31","guid":{"rendered":"\/?p=1130"},"modified":"2010-06-19T23:17:13","modified_gmt":"2010-06-20T07:17:13","slug":"could-the-non-content-trump-the-content","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1130","title":{"rendered":"Does the non-content trump the content?"},"content":{"rendered":"<p>In my<a href=\"\/?p=1129\">\u00a0previous post <\/a>I referred to an interesting\u00a0<a href=\"http:\/\/www.wired.com\/threatlevel\/2010\/06\/google-wifi-debacle\/?intcid=postnav\" class=\"broken_link\">Wired story<\/a> in which former\u00a0U.S. federal prosecutor Paul Ohm says Google \u201clikely\u201d breached a U.S. <a href=\"http:\/\/www.law.cornell.edu\/uscode\/html\/uscode18\/usc_sec_18_00003121----000-.html\">federal criminal statute <\/a>by intercepting the metadata and address information on residential and business WiFi networks.\u00a0\u00a0The statute refers to a\u00a0&#8220;pen register&#8221;\u00a0&#8211; an electronic device that records all numbers dialed from a particular telephone line. \u00a0<a href=\"http:\/\/en.wikipedia.org\/wiki\/Pen_register\">Wikipedia tells us <\/a>the term has come to include any device or program that performs similar functions to an original pen register, including programs monitoring Internet communications.\u201d\u00a0 The story continues:<\/p>\n<p style=\"padding-left: 30px;\">\u201cI think it\u2019s likely they committed a criminal misdemeanor of the Pen Register and Trap and Traces Device Act,\u201d said Ohm, a prosecutor from 2001 to 2005 in the Justice Department\u2019s Computer Crime and Intellectual Property Section. \u201cFor every packet they intercepted, not only did they get the content, they also have your IP address and destination IP address that they intercepted. The e-mail message from you to somebody else, the \u2018to\u2019 and \u2018from\u2019 line is also intercepted.\u201d<\/p>\n<p style=\"padding-left: 30px;\">\u201cThis is a huge irony, that this might come down to <a href=\"http:\/\/www.law.cornell.edu\/uscode\/718\/usc_sec_18_00003121----000-.html\" class=\"broken_link\">the non-content they acquired<\/a>,\u201d (.pdf) said Ohm, a professor at the University of Colorado School of Law.<\/p>\n<p>I understand how people unacquainted with the emerging role of identity in the Internet can see this as an irony &#8211; a kind of side-effect &#8211; whereas in reality Google&#39;s plan\u00a0to establish a vast centralized database of device identifiers\u00a0has much longer-term consequences than the misappropriation of content.\u00a0 Metadata is no less important than other data &#8211;\u00a0 and\u00a0&#8220;addresses&#8221;\u00a0being referred to are really\u00a0device identifiers clearly associated with individual users,\u00a0much like the telephone numbers to which the statute applies.\u00a0 Given the\u00a0similarity to\u00a0issues that arose with\u00a0pre-Internet communication, we should perhaps not be surprised that there may already be regulation in place that prevents &#8220;registering&#8221; of the identifiers.<\/p>\n<p>The Wired article continues:<\/p>\n<p style=\"padding-left: 30px;\">Google said it was a coding error that led it to sniff as much as 600 gigabytes of data across dozens of countries as it was snapping photos for its Street View project. The data likely included webpages users visited and pieces of e-mail, video and document files&#8230;<\/p>\n<p style=\"padding-left: 30px;\">The pen register act described by Ohm, which he said is rarely prosecuted, is usually thought of in terms of preventing unauthorized monitoring of outbound and inbound telephone numbers.<\/p>\n<p style=\"padding-left: 30px;\">Violations are a misdemeanor and cannot be prosecuted by private lawyers in civil court, Ohm said. He said the act requires that Google \u201cknew, or should have known\u201d of the activity in question.<\/p>\n<p style=\"padding-left: 30px;\">Google denies any wrongdoing.<\/p>\n<p>In fact, Google knew about the collection of MAC addresses, and has never said otherwise or stated that their collection of these addresses was done accidently.\u00a0 In fact they have been careful\u00a0to never\u00a0state\u00a0explicitly that their collection was limited to Wireless Access Points.\u00a0 The Gstumbler report makes it clear they\u00a0were parsing and recording both the source and destination MAC addresses in all the\u00a0WiFi frames they intercepted.\u00a0<\/p>\n<p>The Wired article explains:<\/p>\n<p style=\"padding-left: 30px;\">As far as a criminal court goes, it is not considered wiretapping \u201cto intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is <a href=\"http:\/\/www.law.cornell.edu\/uscode\/uscode18\/usc_sec_18_00002511----000-.html\">readily accessible to the general public<\/a>.\u201d<\/p>\n<p style=\"padding-left: 30px;\">It is not known how many non-password-protected Wi-Fi networks there are in the United States.<\/p>\n<p>What makes this especially interesting is the fact\u00a0that it is\u00a0not possible to configure a WiFi network so that the MAC addresses\u00a0are hidden.\u00a0 Use of passwords protects the communication content\u00a0carried by the network, but does not\u00a0protect the MAC addresses.\u00a0 Configuring the WIreless Access Point\u00a0not to broadcast an SSID does not prevent\u00a0eavesdropping on MAC addresses either.\u00a0\u00a0\u00a0Yet we can hardly say the\u00a0metadata\u00a0is readily accessible to the general public, since\u00a0it cannot be\u00a0detected\u00a0except acquiring and using very specialized programs.\u00a0<\/p>\n<p>Wired\u00a0draws the conclusion that,\u00a0 &#8220;The U.S. courts have not clearly addressed the issue involved in the Google flap.&#8221;<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google knew about the collection of MAC addresses, and has never said otherwise or stated that their collection of these addresses was done accidently. <\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6,47,11,77],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1130"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1130"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1130\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}