As its name suggests, Google’s Street View, a feature of Google Maps, provides street-level images of locations across the world. Google captures these images through its Google Street View cars and trikes, which are specially equipped with cameras that capture 360-degree views of the streets through which they pass. While this feature has garnered praise for documenting the damage to Japan’s coastline following the March 2011 earthquake, Google now faces a growing class action lawsuit for allegedly violating wiretap laws through its Street View vehicles.

The lawsuit arises from Google’s admitted interception by its Street View cameras of personal information sent over open, non-password-protected Wi-Fi networks, known as “payload data.” In its official blog, Google initially called the incident a “mistake,” claiming that it intended for the cameras to gather only basic Wi-Fi network data, including SSID information (names of Wi-Fi networks) and MAC addresses (unique identifiers assigned to network devices like Wi-Fi routers). The company claimed that it sought to capture this information in order to improve its mapping services. Google blamed the interception of additional payload data on a lone engineer, whose experimental code, designed to collect publicly broadcast Wi-Fi data, found its way into actual Street View cameras. This “mistake” resulted in the collection of sensitive information sent over open Wi-Fi networks, including individuals’ online passwords, credit card information, and full emails.

On June 29, the District Court for the Northern District of California, in In re Google Inc. Street View Electronic Communications Litigation, rejected in part Google’s Motion to Dismiss the suit, allowing the plaintiffs to proceed on their Federal Wiretap Act claims. While granting Google’s Motion to Dismiss the plaintiffs’ state law claims, Chief Judge Ware devoted most of the opinion to the plaintiffs’ allegation that Google intentionally placed “wireless sniffer technology” in its Street View vehicles in order to capture, decode, and analyze information sent through Wi-Fi networks. To demonstrate Google’s intent, the plaintiffs showed that Google sought to patent this “sniffing” technology. The plaintiffs argued that Google’s data collection violated the Federal Wiretap Act, as amended by the Electronic Communications Privacy Act, which provides a private right of action against any person who “intentionally intercepts . . . any wire, oral, or electronic communication . . .” Google defended by arguing that the data collected from open Wi-Fi networks was “readily accessible to the general public,” thus meeting an exemption from liability under the Act. The plaintiffs countered that this exemption applies only to “radio communications,” under the Act, as the statute defines “readily accessible to the general public” solely in terms of radio technology, including an exemption for radio communications that are not “scrambled or encrypted.” The plaintiffs distinguished this exemption from a separate exemption under the Act for the broader category of “electronic communications.” The case presented an issue of first impression for the court, namely whether the Act imposes liability upon a defendant for intentionally intercepting data packets streamed across a Wi-Fi network.

In its statutory interpretation of the Federal Wiretap Act, the court undertook the challenge of adapting a statute to address technology that did not exist at the time of enactment. While recognizing that the Act could be read to encompass later-developed technology in its exemptions for “readily accessible” technology, the court ultimately determined that Congress intended the exemption to apply narrowly to “traditional radio services.” Analyzing the legislative history of the Act, the court noted that Congress drafted the exemptions to ease the concerns of radio hobbyists, who feared liability for innocently accessing private communications shared on the same broadcast frequencies as public communications. Furthermore, the court stated that the exemptions did not address other radio-based communications in existence at the time, such as cellular phones. Thus, the court reasoned that exempting Google’s Wi-Fi interception from liability under the Act would contravene Congress’ intent. Moreover, in rejecting Google’s argument that the plaintiffs’ lack of password protection rendered their Wi-Fi networks “readily accessible to the general public,” the court found that communications sent over even unencrypted networks were designed to be unreadable without the kind of “sniffing” technology incorporated into Google’s Street View vehicles.

While this class action suit highlights the vulnerability of personal data sent over open Wi-Fi networks, like those accessed every day in coffee shops, the court’s ruling also underscores the need for legislative revision of statutes like the Federal Wiretap Act so that courts will be better equipped to adapt statutory language to myriad new technologies.

—Kathryn Brown

Image Source

Tagged with:
 

Comments are closed.