Google screwed up.
Between 2008 and 2010, the company's Street View cars, which take photos for a street-level view of locations on Google's maps, were sniffing data packets from wireless networks. Many companies do this, cataloging the location and name of the networks to assist the company's location services for smartphones -- when a user's GPS signal is faint, nearby wireless networks help pinpoint the user's location.
That was all fine. In addition to mapping networks, however, Google was collecting data, such as usernames, passwords, emails, and documents, from unsecured wireless networks. The intricacies of the collection and decoding process are a bit complicated, but the company has admitted that they did collect the data. However, they claim it was inadvertent, and more importantly, perfectly legal, reports the Associated Press.
Though Google settled its lawsuit with 38 states, plus the District of Columbia, earlier this year for $7 million, it still faced a class-action suit brought by consumers with unsecured wireless networks. The relevant statute, a part of the out-of-date and oft-criticized Electronic Communications Privacy Act, states, in part, that:
It shall not be unlawful under this chapter ... to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.
The statute also states that it shall not be unlawful to intercept radio communications which are unencrypted. Based on that, Google moved to dismiss. After all, unencrypted wireless data are "radio communications" that are "readily accessible." The district court didn't buy it, leading Google to appeal to the Ninth Circuit.
Contorting a Dated Law
The Ninth Circuit, doing its best to make the law fit the act, stated, "Surely Congress did not intend to condone such an intrusive and unwarranted invasion of privacy when it enacted the Wiretap Act to protect against the unauthorized interception of electronic communications."
And surely, Congress could foresee, when the ECPA was passed in the mid-1980s, that wireless Internet, or any widely-available Internet at all, would become a reality.
We'll be taking a closer look at the Ninth Circuit's logic, however contorted it may be, and the relevant laws, on our Ninth Circuit blog later this week. For now, just know this: unencrypted wifi networks, including those at your local coffee shops, are basically broadcasting your data to everyone within range.
- No Expectation of Privacy If You Use Gmail, Google Says (FindLaw's Technologist Blog)
- Hearst Changes Online TOS Because CFAA is a Terrible Law (FindLaw's Technologist Blog)
- Google Fights For Users' Privacy; Still Playing by 80s Rules (FindLaw's Technologist)