Privacy and SSIDs – in more than 140 characters

[ I don’t normally do this, but I’d like to point to Steve Wilson’s comment on this post, because I think his analysis is exemplary. The quote Oscar Wilde – “I wish I’d said that” ;^) ]

I really value the immediacy and ‘connectedness’ of Twitter, but now and again I get into a Twitter discussion which really suffers from having to be conducted in 140-character bursts. I was in one earlier today with @dakami and @roessler which arose from news coverage of Google’s admission that they had been ‘inadvertently’ collecting wireless network data in the course of capturing Streetview images.

To be fair to Dan Kaminsky, I did rather open things up by describing him as “disingenuous” – in that what he was reported as saying (here, on the BBC site) boiled down to “well, if you broadcast wireless data, you can hardly be surprised if someone picks it up”. Dan pointed out via Twitter that actually that quotation had been somewhat selective, and that the article did not accurately portray the real thrust of his comment, which was more along these lines:

“Given that WIGLE and Skyhook have both been mapping wireless networks since the turn of the millennium, it’s a bit daft to treat Google as an egregious offender in this area”.

(I hope I’ve done Dan’s position justice here – I’m extrapolating from a couple of tweets…)

OK – so here’s my position in the kind of detail which Twitter really doesn’t lend itself to.

First; fair enough – as Thomas Roessler pointed out (also via Twitter) – is there a real privacy issue in logging the SSIDs of wireless networks? Arguably not – particularly as one has the option not to broadcast an SSID in the first place. However, I struggle to see the utility of logging domestic SSIDs, or indeed commercial ones, if they are not the SSIDs of networks intended for public access. Who stands to benefit from that data? And if it is anyone other than the owner of the network, what’s the deal with that?

Second; similarly, Dan rightly points out that an SSID is something which is broadcast… so it’s perhaps a little churlish to gripe when someone notices it. On the other hand, even in my not-very-densely populated neighborhood, there are half a dozen ‘visible’ networks. For the sake of the people who I do wish to be able to connect to my domestic wifi network, it is more convenient to have a broadcast SSID which distinguishes it from the others. Under some circumstances, it might also help them avoid getting suckered into connecting to a rogue access point.

Third; there’s the matter of intent. I set up a domestic wireless network for a very clear, well circumscribed purpose: it is there so that members of my household can share access to the cable connection. That’s all. I didn’t install it, or name it, so that it could be plotted on a map. It is there for a specific purpose which is limited to my immediate family. As such, particularly if interfered with, it engages Protocol 1, Article 1 of the European Convention on Human Rights (ECHR) – “the entitlement to quiet enjoyment of one’s possessions”. By default, that is the legal position.

Now, I fully accept that, as far as the SSID alone is concerned, and given that it is a broadcast value and that broadcasting it is a matter of choice, it is arguable that no harm arises from collecting and publicising it. I still question what the utility is of doing that, for domestic networks.

However, the point is that that is not what Google were obliged to own up to, because what the German authorities uncovered was that they had also been capturing data packets from domestic networks, not just identifiers. In that case, we’re not dealing with just the ECHR – we’re talking about unauthorised access to computer systems, which (in the UK) is an offence under the Computer Misuse Act.

You might retort that it’s the network owner’s fault anyway for being stupid enough to leave their network unsecured. I have two issues with that response.

1 – The fact that I have left a window open does not make it less of an offense to climb into my house and steal my stuff. It might affect my insurance status, but it doesn’t mean theft is not a crime.

2 – There is no contract of any kind in place between companies like Google, WIGLE, Skyhook etc and the householder whose data is being recorded through these initiatives. As the German instance makes clear, there are regional and national differences of view as to what the ‘rules’ are, in the absence of such a contract. For my part, I simply note the practical difficulty faced by the householder in making his/her preference known. For example, if I wished to make it clear that I do not consent to unauthorised access to my domestic wireless network, there is no mecanism for “posting” and explicit notice to that effect, in the way that I might post a ‘please keep out’ sign at the boundary of my property.

As long as the householder has no viable technical means of making his/her preferences known, I would argue that the default should be a presumption of privacy, not a presumption that such data is free to be broadcast to the world.

Some of you may have seen danah boyd’s presentation at SXSW this year. I wasn’t there myself, but have since been lucky enough to see a video of it (authorised, I hasten to add…). One of the many points danah made with admirable clarity was this: taking data which is in the public domain and making it more public (for instance, by broadcasting it widely, or making it globally accessible where it was not before) is not privacy neutral. Actually she put it more strongly and said that it is a violation of privacy.

What I think we need to learn – from companies like Google, WIGLE, Skyhook and others – is that privacy is seldom a binary concept. It does make sense, as danah has done, to describe some data as ‘public’ and other data as ‘more public’. It does make sense to talk of graduated consent to disclosure, rather than bald ‘consent’ or ‘refusal’. And it makes sense to think in terms of conditional disclosure, not just free-for-all or nothing.

Privacy, when it comes down to it, is not a technological construct: it is a personal, social and cultural construct, and a nuanced one at that. Inescapably, as more of our lives are technically-mediated, we face the challenge of mapping that shaded, complex social view of privacy onto a rather crude, binary set of tools. Companies like Google have shown themselves to be fantastic innovators in so many ways; it’s time they turned that ingenuity to the privacy question.

Advertisements

4 thoughts on “Privacy and SSIDs – in more than 140 characters

  1. @roessler says:

    My answer ended up being longer than what I'd tweet or put into a comment. Therefore: Wardriving, Streetview and Privacy

  2. Steve Wilson says:

    Good analysis Robin. Yes privacy is nuanced, although in this case, the issue is actually black and white. I am surprised how many commentators are either downplaying the breach on the spurious grounds that wifi data is "broadcast" and "public", or else rationalising that Google was doing a useful thing. To answer: – "public" does not nullify information privacy principles, because there are still limits on what can be done when you collect information, no matter where or how you got it – privacy is more about control than secrecy – wifi data is not actually "broadcast"; it is narrowcast a few tens of metres, so it's not automatically OK pick it up and mash it with globally accessible Google Maps – And even if the primary purpose for collecting wifi data were justified, even more reason for Google to follow the Privacy Principles. I assume we all agree to treat the sniffed wifi data as potentially identifiable, since Google has the resources to triangulate it with other data sets. If so, then Google has committed a very straightforward breach of privacy law, which generally prohibits the collection of personally identifiable information with no express reason, without telling the people concerned, and without any commitment to safeguard that information. Gathering payload data in addition to SSIDs was apparently a mistake, but I'd say it's exactly the sort of mistake that is made when an organisation, at its very core, has no belief in privacy. You cannot compile information about individuals just because it's there and it's interesting. And it doesn't matter whether domestic wifi networks are properly set up or not. Privacy law provides default protection for individuals who might have been lax in protecting their personal information. Privacy law prevents third parties exploiting personal information on the basis of self-serving presumptions that public availability represents consent to secondary usage. Cheers, Steve Wilson, Lockstep Technologies.

  3. Dan Kaminsky says:

    ===However, I struggle to see the utility of logging domestic SSIDs, or indeed commercial ones, if they are not the SSIDs of networks intended for public access. Who stands to benefit from that data? ===Geolocation.GPS is great and all, but it really, truly has issues among density, either among trees or concrete buildings.For all of human history, directions have been given in relevance to landmarks — hang a right at the building with the green sign.You can make whatever religious argument you want, but the technical utility of knowing where SSIDs are is unquestionable.

  4. Robin Wilton says:

    Dan – thanks for the follow-up comment…First, let me just flag my discomfort with your use of the term "religious"; it is altogether too loaded to be appropriate in this discussion – especially in the context of my specifically functional question about the utility of SSID location data. Describing my argument as "religious" implies that I am sticking dogmatically to an 'article of faith', and am not amenable to rational persuasion. I challenge that characterisation.Second – as you and Thomas have suggested, there is a potential use for SSID data as a means of providing reference points for navigation. You describe that utility as "unquestionable". I'd like to question it.Of course – I have been in urban environments where GPS didn't work – and there, navigating by SSIDs might be a useful alternative. On the other hand, the build urban environment is not exactly short of visual cues to location. "For all of human history", people have been navigating their way around using visual landmarks and even, dare I suggest it, maps; wireless-mediated navigation is a recent blip, in historical terms. It may be a useful option in some cases, but that is far from being a general principle, in my view.For instance, I have also been in areas where tree coverage made GPS useless. However, those were also often precisely the kinds of area where it would be unrealistic to expect to find a wireless signal.Lastly, there's the point I made to Thomas; I reserve the right to change the SSID of my network. That means it is potentially unreliable as a navigation aid. Again – in the kind of built-up environment where SSIDs might be useful for navigation, I suggest that there will be other cues which are more reliable.

Comments are closed.