Google's South Korean office raided by police

Google’s South Korean office has been raided after suspicion that the search giant illegally collected information about its users. The investigation is related to Google’s upcoming street view services and specifically states that the collection of information from Wi-Fi networks is the cause for concern.

According to Reuters, "[The police] have been investigating Google Korea LLC on suspicion of unauthorized collection and storage of data on unspecified Internet users from Wi-Fi networks."  This is not the first time Google has come under fire for its Wi-Fi collection, and the EU has already voiced concern about the behavior.

The practice that has come under scrutiny is when Google’s street view cars collect information from Wi-Fi networks as they take images for the service.  Google compiles this data for use in other products and future offerings.   

The investigation has just begun, so it will be some time before we learn the outcome of the raid in South Korea. Nevertheless, for a company whose motto is “Don’t be evil”, they certainly have come under fire from several government agencies as of late. 

Report a problem with article
Previous Story

Impulse Top 10 for August 7th

Next Story

HTC's unibody WP7 'Schubert' leaks, AT&T and Orange said to be ordering

18 Comments

Commenting is disabled on this article.

When you broadcast over wireless, secure or not you are agreeing to the laws and policies surrounding wireless. I seem to remember a while back when the major WEP vulnerabilities were discovered there was a clause added to the user agreement on using a wireless router that said something along the lines of if you broadcast on public channels (eg, using the 802.11 standard) you are making your data publicly available and are therefore you are responsible for whatever happens to that data. basically if you put it out there dont blame us if someone gets hold of it.

I dont know if that clause still exists but its likely

This is retarded. I like Steve Gibsons take on it.

This is what he said on Security Now - Episode 249

Correct. So what we found out was that, I believe it was Germany that was pressing Google because the Germans were very upset, just sort of felt a little creepy from a privacy standpoint, were apparently really pressing Google for exactly what data it was that they were capturing. And that forced an admission from Google that, whoops, well, we didn't really intend to, we didn't mean to, we didn't want to, but it turns out that, despite all of those disclaimers, we were capturing the payloads of the WiFi data that our Street View cars encountered as they were roaming around Germany, and storing them on disk drives, and we have all that. So the reporter from Reuters said, "Steve, what does that mean?"

And I said, "Well, it's funny you should ask because we've talked about this issue a lot on Security Now!, the podcast I do with Leo Laporte." I explained that, well, that could be the websites people were visiting, the email that they were transacting. Very often, if they're using POP or IMAP protocols, that is, not web-based mail typically, but regular sort of earlier protocols, their username and password would be in the clear. Not supersensitive stuff, which is generally deliberately encrypted by their connection, if not - and in this case not by the WiFi network. I said, but, you know, radio is radio. It's being broadcast. This stuff is in the clear.

Now, I did hear in part of Google's explanation for how this happened, a plausible source of, like, code. Apparently some other researcher doing something else years before had written some code that did do promiscuous capture, that is to say, it simply sucked in everything that a WiFi radio could receive and stored it. And when, years later, a different group who were doing the Street View project said they kind of looked around Google's massive project and software repository, it was like, oh, look, over here is some code that we could use that somebody wrote before. So they just kind of grabbed it, in sort of typical open source mode, and dropped it into their technology for Street View, and saved themselves reinventing the wheel.

Now, what this code did was record all the payloads of all the packets, rather than only what they really needed. As we've discussed before, what they really needed was the beacon's SSID, the hotspot's SSID, and the MAC address tagged with the current GPS coordinates, and presumably the signal strength. Because if I were doing this, I would incorporate signal strength in so that, as the car was moving, you'd get a sense for - you could actually do very good triangulation over time to get a sense for the physical location of this node whose SSID and MAC address you've acquired by looking at the signal strength as the car drives around.

So I think the problem is that hard drives are huge. I mean, and lord knows Google must have some sort of serious quantity discount they get on buying hard drives, with indexing and caching the Internet and Gmail that apparently has endless storage and so forth. I mean, Google's probably got more storage than anything else on the planet. So hard drives don't cost much. They probably weren't worried about saving hard drive space. So they were probably recording packets and maybe tagging it with this extra metadata, SSID, MAC address, well, actually that would be part of the packet, and like the GPS information, and maybe just who knows, I haven't looked in detail at their Street View technology; but, sure, they could be doing all of this processing in the vehicle as it drives around. Or they could just massively...

That's my, yes, that's my guess is that they had a relatively brain-dead massive capture operation where they were just sucking this stuff in, tagging the packets with the GPS metadata. And then offline, or off the street, rather, like back at headquarters, then they would reprocess the data and do all the computations necessary to geolocate the specific MAC address and SSID node. I mean, that makes sense. So they didn't have to do it that way, but that was probably the path of least resistance, which makes sense they would do. So I guess my overarching feeling is, hey, the best thing about this is it serves as a wakeup call about unencrypted WiFi.

And in other news, and I can't remember whether I mentioned this, whether we had a Q&A, I think we actually do, somebody mentioning a recent judgment by the German government about unencrypted WiFi. But to me this helps raise awareness of the relative exposure that people have, not having their wireless networks encrypted. I mean, we've talked about it all the time.

http://www.grc.com/sn/sn-249.htm

Well, given this is repeat news in a new location...it would seem really odd if this turned out to be true (of Google) . I mean, how often does something need to happen before you learn? Seems more likely this is purely suspicion and/or someone looking to make a name for themselves.

Haven't we heard this all before?

I thought they were just collecting totally menial data such as the name of the wi fi network?

closetgeek said,
Haven't we heard this all before?

I thought they were just collecting totally menial data such as the name of the wi fi network?


They also collected data sent across unprotected networks, which could contain personal information. However, if people are stupid enough to send their data in public like that (anyone can pick up unprotected WiFi packets...), they should be responsible themselves if someone stores that data.

zackiv31 said,
Is it actually confirmed that they used the data? I thought they stored it in the EU but claimed to never use it.

The fact that they might possess personal data seems like illegal to me since no one gave such permission.

Nicholas P. said,
The fact that they might possess personal data seems like illegal to me since no one gave such permission.

When will people learn that nobody cares what "seems" to you... they only care what's written in law.

This is a repeat of what happened in Germany and the EU with some loud mouthed politician looking for press spouting off about things they have no understanding of... I doubt this will turn out any differently.