Re: Google Maps offering to "map our locations"....concerns??

["SCHALIP, MICHAEL" <mschalip () CNM EDU>]

That's what was kind of funny in our case - this request originated through our "Marketing and Communications Office" - 
and they referred it to ITS.....we've also advised them to check with our Security group.....

M

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel 
Rosenblatt
Sent: Tuesday, April 17, 2012 1:19 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Google Maps offering to "map our locations"....concerns??

Hi,

I'm curious, who did Google approach to ask for permission to scan the campus?

Thanks,
Joel

--On Tuesday, April 17, 2012 3:04 PM -0400 Justin Azoff <JAzoff () ALBANY EDU> wrote:

> On Tue, Apr 17, 2012 at 01:21:45PM -0500, Heath Barnhart wrote:
> > I agree with this as well. There's a difference between walking 
> > around with your wifi adapter on and seeing what you see and actually 
> > capturing information, which I believe if anyone of us got caught 
> > doing would land us in a federal prison.
>
> There isn't a difference though.. unless by "see" you mean display to 
> the screen and "capture" you mean write to disk.
>
> > I would suggest, if asked for opinion by administration, that a 
> > stipulation be made that Google only be allowed to do passive scanning of the network only.
> > That way they can still gather their WiFi location data if they want 
> > but not get user data.
>
> "passive scanning" confuses two different concepts.  What google did 
> originally that got them in trouble was completely passive data 
> collection and didn't even involve any type of scanning.
>
> What google had intended on doing was to capture the unencrypted 
> 802.11 beacon frames which contain the SSID and BSSID.  They 
> accidentally captured all 802.11 frames, including those from people 
> using insecure wireless networks.  The only reason why google every 
> captured user data was users were being stupid and broadcasting their 
> data in the clear into public areas.
>
> --
> -- Justin Azoff
> -- Network Security & Performance Analyst



Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 
612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3

--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.