Sign in with
Sign up | Sign in

Wi-Fi Sniffing Like Wiretapping, Court Tells Google

By - Source: Wired | B 13 comments

Despite promising to shell out up to $7 million USD and disposing a ton of data it wasn't allowed to obtain, Google is still haunted by the whole Street view fiasco. The latest entry in the ongoing saga arrives by way of the U.S. Court of Appeals for the Ninth Circuit that denied Google's attempt to dismiss wiretapping claims.

Let's back up for just a moment. In Google's attempt to map every single street on the big blue globe, the company not only collected street names and the location of public wireless networks, the Street View cars also scooped up 600 GB of information related to private networks in residential homes. This wealth of illegally obtained knowledge included MAC addresses, network SSIDs tied to location information for private wireless networks, and Wi-Fi "payload" data, which included emails, passwords, usernames and website URLs.

MORE: The Private NSA: See What Acxiom Knows About You

In 2010 the FCC began an investigation regarding the complaints, and in April 2012 slapped Google with a $25K fine for impeding the investigation by "delaying its search for and production of responsive emails and other communications, by failing to identify employees, and by withholding verification of the completeness and accuracy of its submissions." The FCC determined that Google didn't break any wiretapping laws, but did acknowledge that Google's acquisition of private data wasn't accidental.

Not content with the FCC's "inadequate" investigation and the slap on the wrist, the Electronic Privacy Information Center (EPIC) called on the Department of Justice to get involved (pdf). Eventually, 38 states and the District of Columbia sued Google over the Street View data collection. The company settled, shelling out $7 million and promising to dump all that juicy data it held on to for two years (3/08 to 3/10). Google also supposedly disabled or removed both the equipment and software used to collect such data from its Street View vehicles, and agreed not to collect any additional information without notice and consent.

"We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue," Google said in a statement. "The project leaders never wanted this data, and didn't use it or even look at it. We're pleased to have worked with Connecticut Attorney General George Jepsen and the other state attorneys general to reach this agreement."

But that's not the end of the story. A Silicon Valley federal judge presiding over nearly a dozen combined lawsuits filed against Google ruled that the search engine giant actually did violate the Wiretap Act because data transmitted over Wi-Fi is not a "radio communication," thus acquiring encrypted Wi-Fi signals is a form of wiretapping. Google disagreed, stating that open Wi-Fi networks are indeed "radio communications," and appealed the judge's decision.

But alas, Google was rejected by the U.S. Court of Appeals for the Ninth Circuit. "Surely Congress did not intend to condone such an intrusive and unwarranted invasion of privacy when it enacted the Wiretap Act to protect against the unauthorized interception of electronic communications," the Appeals Court ruled (pdf).

Google said that it was disappointed with the ruling, and is currently weighing its next steps.

Discuss
Display all 13 comments.
This thread is closed for comments
Top Comments
  • 15 Hide
    curiosul , September 13, 2013 9:08 AM
    Government hates competition, huh?
Other Comments
  • 15 Hide
    curiosul , September 13, 2013 9:08 AM
    Government hates competition, huh?
  • 7 Hide
    infamouswoodster , September 13, 2013 9:54 AM
    This is bad joke to say the least. The same Government that spend millions to intentionally break / circumvent security, is saying collecting open network traffic is wiretapping.

    In that case, every person with cell phone that automaticly connects to open networks is now guilty of wiretapping.

    The basic lack of knowledge about wireless networks, wireless radios of these judges should invalidate any ruling on the matter.

    Don't rule on laws that
    A: you dont understand
    B: You are (most likely) currently breaking
    C: The government you represent is Actively breaking
  • 0 Hide
    sykozis , September 13, 2013 3:03 PM
    You guys are misunderstanding this. There's no issue in regards to open public networks. The issue is with collecting data from private networks and doing so without the consent of the network owners. This is where it becomes illegal. Whether the network is open or not, if it's a private network you're still required to gain consent from the network owner before connecting to it. Google had to connect to those networks to collect data from them and did so without the consent or knowledge of the network owners.
  • 2 Hide
    invlem , September 13, 2013 3:33 PM
    Right, so basically the government doesn't understand the difference between encrypted and un-encrypted traffic.

    As for private/public networks... If a network is open, how do I know if its intent is for private or public use?

    Having an open wi-fi network is no different than me going outside, cranking my stereo to maximum volume, and blaring my music across the neighborhood! If my neighbors choose to listen to the music am I going to sue them because they didn't ask my permission first? Of course not.
  • 2 Hide
    thor220 , September 13, 2013 9:33 PM
    @Invlem
    Actually your analogy is incorrect. In order to connect to an unsecured network, one must still make a conscious decision to do so (ala clicking on the network and then connect). Put against your analogy, a stereo forces listeners in the vicinity to hear it. The difference is major in a court of law. In one case(your analogy) you can't do anything to prevent it and in another case you are consciously violating the law.

    Just because a wifi-network is open does not give you the right to use it. It's use or disruption of another person's service without permission and should carry a stiff penalty. If you happen to find an open network, alert the owner of the risks. That's all a good citizen can do
  • 0 Hide
    pocketdrummer , September 13, 2013 9:34 PM
    "But alas, Google was rejected by the U.S. Court of Appeals for the Ninth Circuit. "Surely Congress did not intend to condone such an intrusive and unwarranted invasion of privacy when it enacted the Wiretap Act to protect against the unauthorized interception of electronic communications," the Appeals Court ruled (pdf)."

    Meanwhile in the NSA...
  • 0 Hide
    levi989 , September 14, 2013 12:37 AM
    @thor220, not entirely so. The main reason that I'm going to atest the fact that you claim it's not wiretapping is that your WiFi card in your computer has to interpret evey packet of data it receives to even be able to interpret that data to "see" what networks are even out in the wild to connect to.

    So bam right there you have "accessed" some data that was sent from the access points radio itself. Essentially tapping into that ping of data that was sent, similar even in nature to sound, in the fact that the radio waves will hit everything near by; a better comparison might be to compare this to light as it hit's everything in it's resonate line of sight.

    @invlem: I agree in whole.
  • 1 Hide
    catswold , September 15, 2013 6:37 AM
    "We work hard to get privacy right at Google . . ."

    Riiiight. /rolleyes

    Google, like all of the others "works hard" to push the envelope. They're not trying "to get privacy right," they're trying to get away with as much as they possibly can.
  • 0 Hide
    catswold , September 15, 2013 6:50 AM
    Some folks around here sound like the burglar who gets caught burgling a house who's owner didn't lock the door . . . "Well if he didn't want his house to be burgled, then why did he leave his front door unlocked?"

    The analogy is exact. Just because someone fails to secure their Wifi network, does not mean that it is a public utility. To intentionally access that network is still an invasion of privacy and theft of service.

    It is the one legitimate claim that has been used to get child pornography charges based on site access dropped, because other people had access to the network and could have downloaded those files.
  • 5 Hide
    Art Faucett , September 15, 2013 10:48 AM
    LOL, 9th circuit "Court". The biggest embarrassment since the last election. Their drug induced decisions are the laughing stock of our legal community, and their "rulings" are overturned at a higher rate than people change their underwear. I can only assume that there has to be a high concentration of paint fumes at their homes to explain what they pass off as their day jobs.
  • 1 Hide
    sewalk , September 15, 2013 9:11 PM
    I'm sorry, but this is horsesh!t. Anything sent in the clear over radio is by definition not private. If your computer/router responds to a plain-text request sent in the clear and then sends that response in the clear, you just consented to making that data public.

    Now, apply even the most rudimentary level of encryption, and you have a legal expectation of privacy. Wiretapping is different because it requires a physical interaction with a wire pair carrying unencrypted data that would not otherwise be receivable. Therein lies the invasion of privacy.

    The real non-computer analogy that applies is not sound or burglary, but rather what level of privacy you can expect in regard to passersby on the street while your curtains are open or closed. If they're open, you really have no basis to complain if someone is standing on the street and watching you. If they're closed, you have a right to expect people not to walk up to the window and try to peek through any gap they can find.
  • 0 Hide
    ira176 , September 15, 2013 9:52 PM
    I believe the U.S. court of appeals wiretap ruling is flawed. I would say that if Google had collected information from open unsecured wireless networks, especially if they captured it from the streetview car while on the street, then they should be exonerated. This is akin to walking down the sidewalk, and viewing your neighbors in compromising situations or their belongings or goods when they have their curtains wide open. There is no expectation of privacy if those acts or your belongings are viewed from the public venue. On the other hand, If you walked up to your neighbors windows, while their shades were drawn, and tried to peek inside, your neighbors not only have the expectation of a right to privacy, but you would also be trespassing.
  • 0 Hide
    shin0bi272 , September 16, 2013 11:31 PM
    @catswold: no its not "exact" because a burglar doesnt break in just to watch tv while the owner is watching it and then leaves when they are done. If I was breaking into their router and changing their password THEN Id be stealing their internet... an open connection is tantamount to putting a welcome mat on your door. It says welcome that means anyone is welcome to enter. My MCSE teacher told me that there had been court cases lost because the MOTD on someone's FTP server said welcome at the beginning which meant that anyone who gained access had the right to download anything they were able to access. Dont confuse stealing something outright (which deprives the owner of that object) and sharing (or in the case of p2p networks making a copy of) something.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter