ask every Wi-Fi access point within range to respond. This happens very quickly. The downside is that if an in-range access point happens to be busy—say, helping its owner download e-mail—it won’t respond to the probe request, so the surveyors will miss that network.
The way around that problem is to use passive sniffing, which picks up all of the traffic traveling over active Wi-Fi networks, including key identifiers such as SSIDs (network names) and MAC addresses (similar to serial numbers, these are unique to each Wi-Fi router). The downside of passive sniffing is that it’s slower than active scanning, since routers may be broadcasting on any of a dozen channels, and each must be sniffed individually. “And you have to make sure you do not capture any of the network messages,” says Morgan.
Skyhook has never employed passive sniffing, in part because of the privacy challenges, Morgan says. “We have just found [active scanning] is more consistently reliable,” he says. “We feel very comfortable with the data we’re collecting, and it also keeps us from ever having to be perceived like we’re in the kind of situation that Google’s in. It’s actually impossible, with the approach we take right now, to observe or capture any private network data.”
Nor would it be possible for Google to record such data completely by accident, Morgan says. “At the engineering level it’s very easy to know whether you are capturing this data or not,” he says. So the error at Google, he says, probably happened “higher up the food chain…An engineer doesn’t care, and grabs whatever he can. But when there’s no one looking at it who’s got the broader perspective to understand the implications, that’s where the breakdown happens.”
Morgan says the choice to use active scanning at Skyhook was part of a sensibility about privacy concerns that was baked into the startup’s business model from the beginning. “It had to be, because early on, this was kind of an off-the-wall idea,” he says. “This was before there was such as thing as Street View cars, and people didn’t know what to make of it. So the first they would ask is, ‘What are you scanning for?’ We try to be very open about what type of data we collect and what we use it for so that we don’t get tripped up in situations like this.”
Eustace said in Friday’s post that Google will work with an outside party to review its Wi-Fi scanning software and confirm that the recorded payload data has been deleted appropriately. The company is also reviewing its procedures “to ensure that our controls are sufficiently robust to address these kinds of problems in the future,” Eustace wrote. He pointed out that payload data can be made inaccessible even to malicious passive sniffers by using the encryption features built into all modern Wi-Fi routers.
And he issued a dramatic apology. “The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here,” Eustace wrote. “We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake.”
