WiFi Comes to Mountain View

The Google WiFi network is now up for public use. Accompanying this is a privacy policy specific to WiFi. It states, in part:

Content of communications. Google WiFi does not store the content of any of your online communications or data transfers. Google employees do not access the content of any communications or files users send or receive, except under certain circumstances as described by the Google Privacy Policy.

This is good.

They also state

On a regular basis, we delete the above account usage information associated with your use of Google WiFi from our logs.

Also good, but it'd be nice to know the time period of that regular basis. "We delete your data every fortnight," is much better than "We delete your data at the turn of each century." But they're both regular periods.

Overall, I think it's reasonable.

Welcome

Edit: Well, this used to be the first post you'd see, but no longer.

This entry is post-dated so it's always the first you see. Scroll down to see the most recent entry.
This blog exists to make public my posts to a Mountain View neighborhood mailing list about concerns I have regarding Google's offer to build a free city-wide wireless network. The city staff report on their proposal is available. My initial comments were made based on the city staff report and its content, not based on any other articles.

For the record, I believe that Mountain View should move forward with the agreement at this time. However, I do hope the issues raised are considered.

I am posting messages that contain primarily my original content, or my replies to others. I am doing this to give those who are not subscribers of the mailing list an opportunity to read the entirety of what I have written and my responses. There has been additional discussion coming from others that I have not directly participated in and I'm not reposting that. While I do know that my words have been forwarded on to others outside of the local mailing list, I do not feel it is necessary to do this for discussions I haven't directly been a part of.

If you would like to contact me, please leave a comment here. Or send email to my first name @gnosh.net.
Thanks!
Todd

Council Accepts plan

According to this article by Renee Koury (BugMeNot),the city council unanimously accepted Google's offer.

I do find it unfortunate that the council considers the privacy implications of their offer outside of their purview. Analysis from the article includes the following:

• City leaders say [privacy concerns are] beyond their realm; their involvement is limited to letting Google rent the city's street lamps for $12,600 a year to place transmitters.

According to the staff report Google will be offering library access in the near term and negoitate on public safety services in the future. Perhaps the privacy concerns are in the purview of the library? In that case we must hope that what Google offers is acceptable to them, otherwise one of the benefits of the agreement is moot.

• People who don't want to use the Google network system can simply opt out; users will have to take the initiative to log on.

That's not an acceptable scapegoat for something billed as a solution for closing the digital divide.

I haven't yet seen any other original reporting on the meeting besides a few notes from community members who attended it last night. If you see other articles out there, please respond in the comments.
Thanks!

undeleting Hal M

I received email from Hal Mounce earlier this evening giving me permission to unmask his name here. He raises a number of excellent points.

A clarification

(posted only to the blog)
In my last email I note that I am aware that some of what I have written is fodder for internal conversations at Google. For those in the HR and corporate security department at Google I'd like to point out:

• nobody I know there was asked to forward my concerns internally
• nobody I know there was asked to report to me if what I wrote to the mailing list came up internally

In short, please don't fire anybody I know because of what I've done as an individual.

a few more things about Google WiFi

I spoke to Minnie Ingersoll of Google this morning who has been quoted in the paper as the project manager for the free WiFi proposal.

After identifying myself, I was passed to her officemate Chris who is serving as a spokesman for this project.

I discussed my discoveries on my trip to Kapp's last night. (These still haven't been moderated to the mailing list yet.)

Basically, they believe that their current privacy policy does in fact cover the services they would be offering as an ISP. I contend that it does not, or if it does, it certainly does not do it in a very clear manner. I brought up the quotes from other service provider policies that are very brightline with regard to how they will treat user data under normal operations. I was told, and will grant them, that they are in a test environment with this deployment. I still do not think that precludes them from the necessity or ability to be just a smidgen more up front about their intent.

I also brought up my concerns about the Secure Access privacy policy, and I was told that if it's not good enough, then users could consider another VPN product.

They expect to present some bullet points about these issues at this evening's council meeting, but they were not prepared to discuss them this morning. Basically, I was told that they have 1000+ employees and their families who must be pleased with this service. Additionally, I was told that those employees are likely more conscious about being good internet citizens than most. I agree, that their rank and file personalnel are likely aware of these types of concerns, but the privacy policy basically says "trust us". I think we deserve more than that.

Some others on this list have said, in effect, "Hey it's free, let them do what they want. You don't have to choose to use it." For most of us, this is true. For library users and for those whom this is a tool for "closing the digital divide" it may not, in fact, be the case. I believe this gives us standing to voice concerns.

A Mercury News editorial today closed with "... Mountain View will be Google WiFi['s] 'business model' guinea pig ... that will lead a pampered life." They would have the council blindly say "'yes please'" today to [Google's] free-lunch offer". I hope that the council is more cautious in its acceptance of the offer.

I am aware that at least some of my postings on this topic have become fodder for internal Google discussion. To whoever decided to forward them, I appreciate that you felt that these issues needed to be raised. Some of what I have said, certainly initially, must be taken with a grain of salt and in the interest of having a complete record of my communications available I have reposted them to a blog here:
http://googlewifiquestions.blogspot.com/

In the interest of protecting at least a modicum of privacy for those individuals who have been having this conversation, I have redacted email addresses and last names. Additionally, I am only posting correspondence to the mailing list, not any of the personal messages that have been sent to me directly on this. I certainly didn't plan on getting as invested with this issue as I have, and I don't feel that it's appropriate for me to make that decision for others. Should you not want your name redacted, please contact me.

I imagine that by this time tomorrow, we'll be rejoicing this nifty opportunity. I hope that the issues raised will be addressed, if not tonight, in the very near future.

Thanks,
Todd

Re: Google's WiFi proposal

On Mon, 14 Nov 2005, Shannon M[deleted] wrote:

Howdy,

I actually visited the one and only Mounain View Google WiFi access point at Kapp's earlier this evening. I did so to discover what
the terms and conditions that the current service are offered
under. I don't know that the user experience or the terms will
remain the same in an eventual wider deployment, but it offers
a baseline to use in the resolution of some of my concerns.

I am not a lawyer and, regardless of my affinity for Law & Order,
I'm not sure that I fully understand what exactly the terms
they offer do actually mean. Specifically, I do not see a declarative
statement that they're not intending to log user traffic information.
The terms are here: https://wifi.google.com/tc.html

Here's a sentence from my ISP's General Policy that I'd love
to see Google plagiarize:
Sonic.net, Inc., functions as a common carrier; our standard policy is to not monitor or interrupt our users' activities, exert editorial control over their content, or censor them or their content.
Or perhaps Live555's policy for the free access point at
Dana Street Roasting Company:
"However, our base station never inspects the contents of your packets; it merely routes them to/from their destination on the Internet."

Unfortunately, Google's rather obtuse in the way it presents
its terms. They refer to their privacy policy multiple times, but becoming an ISP is so far out of line of their current business
practices that I'm not sure you can infer much from their
standard policy. Specifically, acting as an ISP gives them
access to a lot of data they didn't previously need policy for.

They're building a "free" network, so it's likely they'll
pay for it in some indirect manner. The potential corporate cost
savings I've previously projected not withstanding, I imagine
likely they'll turn to ad revenue. I don't think it's
unreasonable for them to be upfront about that aspect of
what they're doing, lest the city have 400 usless boxes
on light poles in five years because the company couldn't
support the network. I realize that's not a likely scenario
given the company's current financial outlook, but I don't
think it's an unreasonable concern.

These are real issues related to the impact of building out
this network that go unaddressed in the city staff report.
It was this lack of critical analysis that caused my initial
strong (but incorrect) reaction. I apologize for the brusqueness.
While I still hold the concerns outlined previously, I
do believe that council should cautiosly accept this proposal as it does offer a unique opportunity for Mountain View.

I've responded inline below to some of the other concerns that have been raised.

Thanks for reading this far. And I appreciate that
we're able to have the dialogue.

Todd

>> Do I blow someone out of the water each time I pick up my 2.4 GHz cordless
>> phone?
>
> Not so long as Google complies with FCC, part 15. You do realise this is
> already regulated, right?

The use of the 2.4GHz ISM (Instrument/Scientific/Medical) band is not particularly regulated. Anyone can use it and while there are restrictions on the amount of power you can output, a wide deployment of these transceivers would likely impact the number of channels available for others to use -- whether they be baby monitors, cordless phones, or other wireless access points.

> If you'll take the time to go out and read their Privacy Agreement,
> you'll notice, first off, that it's hugely simplified compared to the likes
> of SBC/Yahoo and MSN. And secondly, Google have repeatedly expressed their
> dedication to privacy--something SBC and MSN have not.

An expressed dedication to privacy does not, in fact, mean the company
protects users' privacy well nor that it does the most it could to provide for its users' privacy.

Upon accepting the Google WiFi terms, users are directed to install
their Secure Access client. See https://wifi.google.com/faq.html

From the Secure Access privacy policy: "Google may log some information from your web page requests ..."

The Google WiFi terms do not have such an explicit statement, but from the way the privacy paragraph reads within those terms, it appears that they expect users to be using the Secure Access client.

It is possible to access the internet after accepting the terms,
regardless of installation/activation of the Secure Access client,
but nothing on the webpage indicates that is intended behavior.

> The only reason I bothered ever responding to this thread at all was because
> of Todd's assertion, " I think this proposal should be roundly rejected."

Please see my comments above, as this is no longer my position.

>> Even if Google does this, they're not FORCING anyone to use it! And yeah,
>> I should hope they'd make everyone who uses it create an account--how else
>> would they track down and block abusers of the system??

This is not entirely true. Those who live near poles with access points may find their computers associating to Google's network without any particular effort in configuration on their part.

As it is, there does not currently appear to be any individual
authentication required. Whether or not that remains when the WiFi offerings move beyond their first few locations is to be seen.

In addition, the staff report indicates that Google will be offering
access in the library, so it is possible that public library users will be put into a situation where these terms must be accepted.
Not to mention that if this is part of "closing the digital divide",
we should work to make sure that the terms are fair and reasonable.

Re: Google's WiFi proposal

[This message to which I am replaying was initially sent to members of the city council, city staffers, and the local mailing list. My reply went to them as well.]
[post updated with full name]
Hal Mounce wrote:

Hi Hal,

> I have a number of concerns, and have found some information I believe is useful.
>
> Before I get into things let me just say that I am very much FOR the
> Google proposal, and want the city to enter into agreements with Google
> without further council approvals. I trust the city manager and city
> attorney to manage the details and get the best deal they can for us.

Thank you for putting these concerns forward in a more effective manner than I did. At this point, I too would agree that it is in the best interest of the city to enter into this agreement, but that our council members and city staff should be cognizant of these issues as the finalize the agreement.

Thanks,
Todd

>
> My[Hal's] concerns:
>
> 1) Google indicates a requirement for each user of the service to establish an account with Google. As far as I can tell, this is not a technology based requirement.
>
> 2) What prevents Google from snooping around in the data traffic? I would prefer to limit them to eavesdrop on our network interactions only to the extent necessary to operate the network. For example, I don't want information collected from my use of the network to be used to tailor advertising campaigns.
>
> 3) What prevents Google from mining data from my computer, perhaps through communication with their Google Toolbar software? I am reminded of a nasty invasion of privacy by Prodigy a decade or so ago, where they were (perhaps inadvertently) uploading private data form their subscriber's computers.
>
> 4) Will a citywide deployment of WiFi tranceivers by Google effectively preclude other organizations from similar deployments? I'm not so much concerned about the economic disincentives for other service providers as I am concerned about the chunk of the RF spectrum that Google will occupy. There are only so many channels available in the 2.4GHz space.
>
> 5) What about interference with other devices in the spectrum Google will be using? Are there likely to be problems with baby monitors? Cordless phone transmissions? Existing WiFi installations? 2.4GHz ZigBee installations?
>
> 6) Will our health be affected? I suspect most of my internal systems run below 75Hz, but what about bursts of radio frequency at rates close to those that I'm running at? What happens if we set one of these transceivers up in the parking lot over at El Camino Hospital?
>
> 7) How will we handle upgrades? I suspect the system will be largely obsolete in just a few years. Who would pay for a technology refresh? Would we be locked into a (then) low tech infrastructure which inhibits citywide deployment of more advanced technology? Currently, I can refresh the technology in my own home easily enough, but at $4K a pop, can the city afford to hot up 100 trancievers every 5 years?
>
> 8) Are there areas of the city without cobra head street lights? Can one of these things be strapped to a lamp post in Old Mountain View?
>
> 9) Once deployed, could Google sell off their mountain view network? I'd hate for Clear Channel to grab us by our 802.11s.
>
> I'd like city staff to call other cities with similar deployments to see what issues they wish they had known about up front. I'd also like for the city attorney to try and get some of those covenant things to covers the privacy issues, and to add language to force a new contract, should Google want to sell its network to some other outfit.
>
> I'd like to enter enter into an agreement with Google even if we can't get a deal which addresses the concerns I've mentioned. This is a good thing, and we shouldn't pass up this opportunity. But we should at least know what we're getting into.
>
> I have a work commitment Tuesday night, but hope other neighbors are there to raise some of these concerns at the council meeting.
>
>
> I found useful background information in these documents:
>
> DoD Electromagnetic Spectrum
> http://www.jsc.mil/images/speccht.jpg
>
> NTIA US Frequency Allocations
> http://www.ntia.doc.gov/osmhome/allochrt.pdf
>
> FCC Radio Frequency Safety FAQ
> http://www.fcc.gov/oet/rfsafety/rf-faqs.html
>
> FCC Questions and Answers about Biological Effects and Potential Hazards of Radiofrequency Electromagnetic Fields
> http://www.fcc.gov/oet/info/documents/bulletins/#56
>
> FCC A Local Government Official’s Guide to Transmitting Antenna RF Emission Safety: Rules, Procedures, and Practical Guidance
> http://www.fcc.gov/wtb/siting/FCC_LSGAC_RF_Guide.pdf
>
> Wikipedia IEEE 802.11
> http://en.wikipedia.org/wiki/IEEE_802.11
>
> Tropos MetroMesh Architecture
> http://www.tropos.com/pdf/tropos_metro-scale.pdf
>
> IEEE Radiofrequency Interference with Medical Devices
> http://www.ewh.ieee.org/soc/embs/comar/interfer.htm

Re: Free city-wide Wifi

Boris B[deleted] wrote:
> Eventually some entity has to process your internet
> traffic. How is Google any less trustworthy than SBC
> or Comcast?

Neither SBC or Comcast are particularly in the business of selling of or making money off of information related to their users' activities.

Given Google's primary business of information collection and correlation, I believe the company should be up front about this possibility.

Todd

Re: Free city-wide Wifi

Tony M[deleted] wrote:
> I completely disagree with this statement. I believe SBC
> and Comcast very much would like to know the usage habits of
> their user base. One reason is precisely so that they can offer
> a wide variety of* additional* services.
>
> In the worst case scenario, Google would be no different.

Agreed. I think there is the opportunity to get something different, though.

> However, if I am a paying SBC and/or Comcast customer, then those
> two companies know exactly when* I* am on the network. I.e. The
> modem/router/gateway is accessing the given network. They know the
> point of origin of the network access. My DSL company (not SBC)
> knows exactly when my router is sending/receiving packets of data
> over the network. This is absolutely 100% true as verified during
> a tech support call.

Yes.

> If I connect to any open wireless network, then the only hard piece
> of info that network can have on me is the MAC (Ethernet) address of
> the wireless card in my computer. It would be beyond the scope of
> wireless networks to try and match this address with me (the owner
> of the computer).

As long as you never visit any of their affiliated websites which
have access to any unique identifier for you, then sure.

I doubt Google is up to anything particularly nefarious. I'd like to see
them take a more proactive approach to saying that, though, given the
treasure trove of data that they do sit upon.

Ultimately, de-wiring Mountain View makes a lot of economic sense
for them:

Annual rental to city:    $12,600
Electricity:              $ 4,000
                         -------
Recurring costs:          $16,600

Initial setup:
Pole-top equipment:    $1,000,000    ($2500x400 -- high estimate I believe)

Annual Savings:        $300,000 - $900,000


Savings are calculated based on the company no longer
having to reimburse their MV employees for DSL access because
they can hop on the company-provided wireless network from home.

low end:     500 employees @ 50/mo
high end:    1000 employees @ 75/mo

So, they recoup their money in a couple of years, maybe shorter if the poles are cheaper to equip, maybe longer if bandwidth costs (which I didn't account for) are significant.

It's the smart thinking we've come to expect from them.

Todd