Google Can Be Sued for Violating Wiretap Act, Court Rules
A class action lawsuit filed against Internet behemoth Google for secretly collecting data from Wi-Fi networks can move forward, the 9th U.S. Circuit Court of Appeals ruled.
The lawsuit stems from information gleaned while the company had agents driving around to collect images for its Street View program between 2007 and 2010 in the United States as well as a number of foreign countries.
Ostensibly, the tech giant was merely collecting Wi-Fi identification information in order to enhance its location-based services like the map function on smartphones, but in the process it accumulated an enormous stash of personal data, collecting 600 gigabytes worth of emails, usernames, passwords, personal videos and documents.
The federal Wiretap Act provides an avenue for civil lawsuits against anyone who “intentionally intercepts . . . any wire, oral, or electronic communication,” and the class action Joffe v. Google has been pending since 2010.
Google attempted to have the lawsuit dismissed, claiming that what it did was no different from listening to the radio or capturing any “form of electronic communication readily accessible to the general public.”
First a district court and now the 9th Circuit rejected the company’s reasoning. “Payload data transmitted over an unencrypted Wi-Fi network is not readily accessible to the general public,” the unanimous decision states. “Surely Congress did not intend to condone such an intrusive and unwarranted invasion of privacy when it enacted the Wiretap Act to protect against the unauthorized interception of electronic communications.”
“We are disappointed in the Ninth Circuit’s decision and are considering our next steps,” a Google spokesperson said in a statement.
The FCC also investigated, and eventually cleared Google of charges while imposing a $25,000 fine for impeding the investigation.
Creepy Collection Habits
“This appeals court decision is a tremendous victory for privacy rights. It means Google can’t suck up private communications from people’s Wi-Fi networks and claim their Wi-Spying was exempt from federal wiretap laws,” John M. Simpson of Consumer Watchdog, which is representing the plaintiffs, told Bloomberg News. “Because Google’s Wi-Spy activity was so extensive, the potential damages could amount to billions of dollars.”
Google’s credibility also suffered because it made a series of statements about its creepy collection habits that turned out to be false. Initially in 2010, the company denied that it was collecting data at all. Later, it claimed it piled up the information by mistake, and said it was deleted. Last year, it came to light that Google hadn’t deleted all of the data after all.
The ruling is a welcome clarification that information transmitted over Wi-Fi isn’t legally accessible to the public. “The Ninth Circuit is the first appellate court to look at the issue closely,” says Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation. “Lower courts have issued conflicting opinions.”
Google’s argument that nabbing the info was no different than tuning into a radio broadcast pushed the limits of plausibility. Even with access to an unsecured wireless network, it is a lot more challenging and perhaps beyond the ability of the average Joe Q. Public to pick out actual emails, passwords and other data that’s being transmitted over the airways, compared to turning a knob to listen to the radio.
The court’s decision serves as a lesson to others who might try to pick up Wi-Fi data, regardless of the intent.
“Ultimately, to the private citizen, intercepting data sent over unencrypted WIFI could be a wiretap act violation to the extent they capture payload data,” Fakhoury says. “While perhaps not a lot of ordinary citizens engage in that behavior, many security researchers do for legitimate, noble aims (such as to test the integrity of a network). So for those individuals, they should definitely consult with a lawyer before they try and do any wifi sniffing.”