Heard of Google Streetview? Have you ever zoomed in to a Google Map, and seen exactly the building you’re looking for? Cool, isn’t it?
They did that by sending crews to drive around with cameras mounted to the roof, literally all over the US, or at least where it’s paved. No sweat, huh? Some people got upset by being caught and immortalized in those ugly shorts they only wear while gardening, but for the most part Google was nice about removing things that raised a protest.
The down side is this: they were also capturing wireless network communication. They were kind of snide about the issue when it was discovered, essentially saying that if your network revealed anything that was your own damn fault. The Federal Trade Commission recently wrapped up an investigation, since some of that captured data was both financial and confidential. Google lucked out with them.
Not so much the Federal Communications Commission.
For all you wanna-be hackers and pen testers out there, be familiar with this:
The Electronic Communications Privacy Act, Title 18, Crimes and Criminal Procedure, Part I: Crimes, Chapter 119, Wire and Electronic Communications Interception and Interception of Oral Communications, Sec. 2510: Definitions and Sec. 2511: Interception and disclosure of wire, oral, or electronic communications. (Start digging at http://www.fcc.gov/telecom.html.)
To make it simple: unless you have specific permission, and personally I insist on WRITTEN permission, it is strictly illegal to scan and capture data this way. Google tried to argue the harmlessness of the captured data, but has since had to admit it contains things like user logins and session cookies. There’s one good, brief article at http://www.infosecurity-us.com/view/13946/fcc-to-investigate-google-street-view-data-capture/.
It’s more than just a little bit of a shame that Google blindly ignored an issue any responsible hacker textbook pounds into the reader within the first chapter: you can’t wander around capturing people’s data. Not legally, that is.