The Little Geeni

Google Street View, a Google Maps feature that lets users see images of streets and the surrounding areas, continues to generate controversy. Since its launch in May 2007, the feature has prompted questions about whether it constitutes an invasion of privacy, complaints about inappropriate images, and even a lawsuit.

Aaron and Christine Boring vs. Google

The lawsuit came from a Pittsburgh couple in April 2008. The couple lives on a private road. However, Google’s Street View team travelled down the road and continued taking images all the way up to the couple’s home. The images were then posted to Google Maps and included close-ups of the couple’s home, swimming pool, and outbuildings.

Google’s response? “Complete privacy does not exist in this world except in a desert, and anyone who is not a hermit must expect and endure the ordinary incidents of the community life of which he (or she) is a part (1).”

While Google’s assertion that its Street View imaging team is an “ordinary incident of community life” is far-fetched, Google does make some good points in its response. Namely, that the plaintiffs could have simply requested that Google remove the offending images from Street View via a form available on Google Maps. Instead, the couple filed suit and in doing so have made the matter public record and ensured that the images will be viewed by even more people.

Since the lawsuit, Google has removed the images in question, but the suit remains open.

The Borings’ Neighbors

On Goldenbrook Lane, a nearby street, some of the Borings’ neighbors also had an incident with the Street View team. In this incident, the Street View team drove up Goldenbrook Lane and into the driveway of the McKee residence. They continued to drive, snapping Street View images the whole way, up to the garages of the McKees (2). While it appears that the McKees didn’t resort to a lawsuit, Google has removed the images of the home that were taken from private property from Street View.

Street View in California

In California, the antics of the Street View drivers continued. Drivers reportedly went on over 100 private roads in Sonoma County according to an analysis done by PressDemocrat.com. In another instance, Street View drivers went past two no trespassing signs as they photographed the 1,200 foot private road leading up to Betty Webb’s house in Humboldt County. In another incident reported by PressDemocrat.com, Street View drivers ignored a no trespassing sign, passed through a gate, and drove through someone’s yard on a dirt road near Freestone.

Street View and U.S. Military Bases

In March 2008, the Pentagon requested that Google remove some images of military bases taken from public streets due to the potential threat those images posed to national security. “It actually shows where all the guards are. It shows how the barriers go up and down. It shows how to get in and out of buildings,” said General Gene Renuart, commander of U.S. Northern Command (3). According to Google spokesman Larry Yu, Google has honored the Pentagon’s requests (4). However, the Pentagon was still reviewing the many images of military facilities that were included in Street View (5).

Street View Goes Global

After the complaints in the U.S., other countries warned Google that Street View would have to be modified to comply with their stricter privacy laws. To this end, Google has improved facial recognition technology so that it can find faces in images and blur them so that they are unrecognizable. This technology has also been applied to license plates. The blurring feature has since been applied to U.S. Street View imagery in addition to images in other countries where Street View is now available.

Accountability

While Google has removed some of the aforementioned locations from Street View, the burden to monitor Google’s actions, be it Street View or other Google services, continues to fall on people like you and me. With regard to Street View, Google argues that “many people–visitors pulling in the driveway, neighbors turning around at the end of the road, deliverymen delivering packages–can all plainly see the exterior of the (Borings) home (6).” While these examples are likely accurate for the Borings and the population in general, they involve people that we know or strangers that we requested to come to our homes. Private residents didn’t request that Google visit these neighborhoods nor would residents reasonably expect that someone would be driving down their streets taking photographs of everything. In fact, I suspect that if you or I were to do the same thing, someone would call the police and we’d have some difficult questions to answer down at the station.

Potential Consequences

So, what could the consequences of Street View be? Well, while the feature has been used to aid police in a kidnapping investigation (7), I think the feature could be far more useful to criminals. For example, a criminal could use Street View to case a neighborhood–checking Street View for cars that are parked in garages or driveways so they could know when someone isn’t at home, scan the yards and windows for any signs indicating that homes have security systems, check the proximity of neighboring houses using Street View and Google’s satellite imagery, look for signs of pets that could pose problems for a thief, see if the homes have newspapers delivered (which might help the thief determine if the residents were on vacation) and, assuming the criminal found a good candidate, select a few potential access points (like open windows) for breaking into the home. If the Street View car happened to pass through your neighborhood on garbage day, the camera might even capture the box of that new HDTV you got. Scary, huh?

Protecting Your Privacy

So how can you protect yourself? First, check your address using Street View. To report a concern with Street View imagery, enter the address you desire and click “Search Maps.” Then, click “Street View” in the thought bubble that appears on the map. Once the “Street View” image appears, click “Report a Concern” in the bottom left corner of the Street View image and enter the details of your complaint.

Second, be mindful of how your information is used and act when you feel your privacy is being threatened. Google’s Street View can be a helpful tool, but it is meant to help Google sell ads and make money, not protect your privacy. You can write your local, state and federal representatives and even the local paper to voice your opinion.

Oh, and if you believe as Google does that “complete privacy does not exist,” then you should check out the house where Google CEO Eric Schmidt reportedly lives using satellite imagery from Google Maps. It looks like he has had some construction done in the past few years. A simple Google search of the address (366 Walsh Road, Atherton, CA) will tell you that Schmidt merged two adjacent lots in 2001 (8) to create the new lot and then added a new fence, retaining wall, and drainage in 2004 (9). Eric, that creepiness that you’re feeling is probably approaching the level of the people who had Street View vehicles in their driveways. So, while it is Google’s mission to “organize the world’s information and make it accessible and useful,” the company should thoroughly consider how that information can adversely impact the same people it is meant to help.

Sources

1. Preliminary Statement.” Boring vs. Google, Allegheny County, PA
2. TheSmokingGun.com “Google is in Your Driveway!”
3. Reuters. “Google pulls some map images at Pentagon’s request.” Mar. 6, 2008.
4. Ibid
5. Ibid
6. Preliminary Statement.” Boring vs. Google, Allegheny County, PA
7. Telegraph.co.uk. “US police use Google Street View to find missing child.” Jan. 9, 2009
8. Town of Atherton City Council Minutes, May 16, 2001.
9. Palo Alto Online, September 24, 2001.

(C) Medium Blue 2009

Google Concerns, Continues, Google, Privacy, Raise, Street, View

As with any other year, in 2008 network and systems administrators will have to face challenges which will tax their ability to adequately protect corporate networks. Experience shows that maintaining and improving on security is never easy; hackers, malware creators, spammers, malicious insiders and other, mostly unpredictable, elements all add up to the factors which tend to give these network security professionals many a sleepless night.

Various 2008 threat predictions have already hit headlines. Some mention VOIP and virtualization , others mention malware evolution and Facebook widgets that will be used to distribute malware; However, facts and figures indicate that the challenges faced in 2008 will not stem from technology itself; for in its nature technology is a neutral element that can either be used in a good or in a bad way. The biggest threat for 2008 is the same threat to businesses that has been around for the last 200,000 years – the Human Being himself!. Human beings, their weaknesses, fallacies and inquisition can all be exploited to wreck havoc within organizations.

Human Overconfidence

History shows that we tend to rely too much on the claims which operating system vendors and business software vendors make. New systems sell themselves as being more secure and more fail-safe than their predecessors. While this is undoubtedly true, one must remember that at every release of each operating system and business software throughout the years vendors have all made the same claim, over and over again, year after year. This has never. However. deterred hackers and other malicious individuals from researching and executing attacks against newer systems.

A case in point is Microsoft Windows Vista, which by end 2007, will hit the 10% market share, with a projected 30% adoption rate expected by end 2008. Microsoft Windows Vista does not only equate to a new operating system, it also equates to a new user expierience. While this system is much more secure than its predecessors, its users are still the same as before, and therefore they are the path of least resistance to the average network environment exploit. Through social engineering, security features such as the new user access control can be easily circumvented, duping users in installing software which is insecure or tainted with malware.

Humans’ misplaced trust

Trust should be earned and not automatically afforded. Dangers to business do not only lie outside of the business perimeters; recent history shows that insider attacks to businesses cost as much, if not more, than attacks originating from the outside. Insiders have their own advantages for they have an intimate knowledge of your network and its inner workings. In 2008, an ever increasing proliferation of portable storage and communication devices (iPods, USB drives, USB WiFi cars, etc) will highly facilitate data theft, logic bombs and other forms of sabotage that can throw your business back to the Stone Age. Yet again, while it might be easy to put the blame on such devices it’s not these devices that are at fault; once again, technology is a neutral entity. The main fault here is the use made of such devices – banning them will simply not work because you simply cannot rely on voluntary compliance, supervision is too laborious, the devices can be easily concealed and you’ll just create dissent.

Human lack of knowledge

When it comes to network security, ignorance in neither bliss nor excuse. In 2008, a lack of basic security principles and a lack of knowledge in the trends that malware, spyware, spam and other malware are taking will greatly contribute to the downfall of network security. This most often is due to lack of time or resources to research security principles and trends; an issue that translates into a firefighting approach to network security: reacting to incidents after being hit.

This is, once again, a human issue. Malware does not evolve on its own, in a vacuum. The reason why malware evolves is greed – Hackers and other malicious individuals today create targeted attacks not to create havoc but for financial gain. Targeted exploits that attempt to address the inquisitive human nature to make them click on a tainted link will become more and more commonplace. This makes them much more dangerous than ever before, making the issue of lack of knowledge even more critical. Limiting human inquisitiveness through a blanket ban on access to resources will also backfire since it will create both dissent and boredom, all of which hamper productivity.

Human gullibility

Being gullible does not only make you the butt of jokes but also exposes you to myriad network security threats. In 2008, targeted email spam will continue in its evolution with newer and novel attempts to breach network defenses using social engineering. These will extend beyond email and attempt to, for example, compromise VOIP infrastructures through denial of service attacks, SIP vulnerabilities and Spit (Spam Over Internet Technology) attacks. In 2008, an increase in the number of attacks targeted at specific individuals or businesses is also expected, and it is highly plausible that the perpetrators of such attacks will use social engineering to gain access to confidential information that enables them to gain access to your systems.

As with malware, social engineering attempts at exploiting human gullibility evolve for financial gain. No one will be calling anyone up asking for passwords; more subtle methods such as targeted attacks on social networking sites (myspace, facebook, etc) where users are duped in exchanging personal information for virtual goods empower hackers and other malicious individuals to gain unauthorized access to networks.

Conclusion

In 2008, network and security administrators will have to wear more hats than ever before and employ all sorts of defenses against attacks directed at the human nature – overconfidence, trust, lack of knowledge and gullibility will all be decisive factors in how successful network security will be. More than ever before it will be a question of managing the risks that humans pose to businesses; for even if the risks humans pose are the same risks as before, the motivation behind attacks in 2008 is changing and becoming much more dangerous. The best way to defend infrastructures from potential threats is for administrators to implement methods to:

• Monitor the user’s activity 24 x 7 x 365

• Control access to network resources

• Safeguard all the business information

• Backup all communications to, from and within the business

• Enact technological barriers that permit device use according to a clear and defined policy.

• Train network resource users in both network security and information disclosure policies.

In 2008, systems administrators will have to find the fine balance that suits and encourages the human inquisitive nature – without becoming the dreaded medieval Inquisitors!

Computer Security 2008, Administrators, Concerns, Major, Network, Systems