Wi-Fi Sniffing Like Wiretapping, Court Tells Google
Despite promising to shell out up to $7 million USD and disposing a ton of data it wasn't allowed to obtain, Google is still haunted by the whole Street view fiasco. The latest entry in the ongoing saga arrives by way of the U.S. Court of Appeals for the Ninth Circuit that denied Google's attempt to dismiss wiretapping claims.
Let's back up for just a moment. In Google's attempt to map every single street on the big blue globe, the company not only collected street names and the location of public wireless networks, the Street View cars also scooped up 600 GB of information related to private networks in residential homes. This wealth of illegally obtained knowledge included MAC addresses, network SSIDs tied to location information for private wireless networks, and Wi-Fi "payload" data, which included emails, passwords, usernames and website URLs.
In 2010 the FCC began an investigation regarding the complaints, and in April 2012 slapped Google with a $25K fine for impeding the investigation by "delaying its search for and production of responsive emails and other communications, by failing to identify employees, and by withholding verification of the completeness and accuracy of its submissions." The FCC determined that Google didn't break any wiretapping laws, but did acknowledge that Google's acquisition of private data wasn't accidental.
Not content with the FCC's "inadequate" investigation and the slap on the wrist, the Electronic Privacy Information Center (EPIC) called on the Department of Justice to get involved (pdf). Eventually, 38 states and the District of Columbia sued Google over the Street View data collection. The company settled, shelling out $7 million and promising to dump all that juicy data it held on to for two years (3/08 to 3/10). Google also supposedly disabled or removed both the equipment and software used to collect such data from its Street View vehicles, and agreed not to collect any additional information without notice and consent.
"We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue," Google said in a statement. "The project leaders never wanted this data, and didn't use it or even look at it. We're pleased to have worked with Connecticut Attorney General George Jepsen and the other state attorneys general to reach this agreement."
But that's not the end of the story. A Silicon Valley federal judge presiding over nearly a dozen combined lawsuits filed against Google ruled that the search engine giant actually did violate the Wiretap Act because data transmitted over Wi-Fi is not a "radio communication," thus acquiring encrypted Wi-Fi signals is a form of wiretapping. Google disagreed, stating that open Wi-Fi networks are indeed "radio communications," and appealed the judge's decision.
But alas, Google was rejected by the U.S. Court of Appeals for the Ninth Circuit. "Surely Congress did not intend to condone such an intrusive and unwarranted invasion of privacy when it enacted the Wiretap Act to protect against the unauthorized interception of electronic communications," the Appeals Court ruled (pdf).
Google said that it was disappointed with the ruling, and is currently weighing its next steps.