The head of Electronic Frontiers Australia is making ridiculous statements about Wi-Fi positioning: Google is being excoriated now in Australia for failing to disclose that it is scanning public Wi-Fi network signals while driving for Street View image captures and mapping. The electronic privacy advocacy group EFA's vice-chair Geordie Guy is way off base in his technical statements about this matter.
As a refugee from Google Buzz and someone who deleted his Facebook account permanently (or so I hope) several weeks ago, I have no truck with the notion that corporations gathering and collating information about me will use it appropriately. Buzz was proof of that. Buzz was a betrayal of Gmail users.
But there's a sky-is-falling attitude here about Wi-Fi signal scanning that needs to be fought back against, because it's simply wrong. There is no sensible way for Google to associate specific Wi-Fi networks with specific queries or individuals because the Wi-Fi network scan simply doesn't contain information that's sent out as part of a query to Google. (I'd be terrified if it did, however.)
As I wrote on 23 April 2010, Google--like Skyhook Wireless, which is mentioned in this Australian article--only scans publicly available passively scannable data.
EFA's Guy says, Google is "collecting data that could enable it to physically map that information to a physical street and presumably a physical house." I categorically reject that. The Wi-Fi network name and BSSID (the unique MAC address assigned to a Wi-Fi access point) aren't associated with data that's sent over a browser. Google can't determine the gateway IP address or a public IP address from a Wi-Fi router signal, nor do browser queries contain that information.
If you're using Google's extensions for geolocation--which is part of the latest release of its Chrome browser--Google could conceivably take the Wi-Fi information your browser provides as part of geolocation data and associate it with queries...but it's already doing that. If you let Google look up your location, well, they have your location now, don't they?
Guy goes on to ask technically inaccurate questions that weaken his valid privacy concerns. "Google talks about wireless routers at home but what about the printers, computers, mobile phones and other devices that might be sending out wireless information?" Those devices don't send out beaconing information. On unsecured networks, you could sniff that data, which is likely illegal to do in most developed nations, including the United States, Europe, and Australia. I don't suspect Google is pulling that information down. On secured networks, that information isn't actually available even to sniffers.
Guy also says the EFA is unaware of similar efforts. He apparently wasn't previously aware of Skyhook Wireless, which has been driving all Australia for a few years, along with a good hunk of the rest of the world. Guy excuses this by stating that Skyhook doesn't have cached search information against which to correlate scans, but I've already explained why that's not a valid concern in the form stated.
He goes on (this guy doesn't stop) to explain incorrectly what a MAC address is: "A MAC address on a home wireless connection or any other piece of electronics that uses Wi-Fi is a serial number, it's unique." Sure, but since when does a serial number get you anything about a product or a device?
Guy says, speciously, "If Google rang you up...and asked you to read out a serial number of your mobile phone, what would you say? I'd tell them its none of their business. If I saw them on the street with binoculars trying to read it, I'd close the curtains."
Right. And the strawman here? The Wi-Fi router address that's being publicly broadcast is like the street number on your house, not the serial number on your mobile phone.
A more sensible response is in the article from Australia's privacy commissioner. And might I say, bravo, Oz, for having such a commissioner. "From a privacy perspective, our preliminary inquiries have indicated that the information about Wi-Fi data that Google is collecting would not be considered personal information under the Privacy Act," said Karen Curtis. Right.
If you don't want your Wi-Fi router's public data that doesn't identify you personally scanned, don't use Wi-Fi or set your network to "closed," which prevents the kind of passive scanning from being performed by Google et al. If you use Wi-Fi, it uses public unlicensed airwaves, and the notion that some data might be leaked is just part of the rules of the game.
You're not obliged to use Wi-Fi, Guy.