The 9th U.S. Circuit Court of Appeals in San Francisco issued a unanimous ruling yesterday refusing to throw out a lawsuit accusing Google of violating federal wiretapping laws. The suit alleges Google broke the law when it collected data from unencrypted Wi-Fi networks as part of its Street View project. Street View uses specially equipped vehicles — they carry a tall ungainly 360-degree camera on the roof — to capture on-the-ground images of thoroughfares. Among other things, the images are used to complement views in Google Maps and Google Earth.
But the Street View electronics are also capable of capturing information other than images. The devices also have the capacity to “sniff” data from unsecured wireless routers — information the company can use to augment its location and mapping services. The company has faced complaints in several countries after privacy officials found it was grabbing bits of personal data from unsecured networks. Here’s Wired’s summary:
Google said it didn’t realize it was sniffing packets of data on unsecured Wi-Fi networks in about a dozen countries over a three-year period until German privacy authorities began questioning in 2010 what data Google’s Street View cars were collecting. Google, along with other companies, uses databases of Wi-Fi networks and their locations to augment or replace GPS when attempting to figure out the location of a computer or mobile device. Google had claimed the lawsuit was “without merit,” but has abandoned the practice of payload sniffing from open networks.
The net effect of Tuesday’s ruling: The wiretapping lawsuit can proceed in U.S. District Court in San Jose. Google says it’s “disappointed” with the ruling.
Here’s the Associated Press story on the case and yesterday’s ruling:
AP National Writer
A federal appeals court said Tuesday that Google wrongly collected people’s personal correspondence and online activities through their Wi-Fi systems as it drove down their streets with car cameras shooting photos for its Street View mapping project.
The ruling that the practice violates wiretap laws sends a warning to other companies seeking to suck up vast amounts of data from unencrypted Wi-Fi signals.
“The payload data transmitted over unencrypted Wi-Fi networks that was captured by Google included emails, usernames, passwords, images, and documents,” wrote the U.S. Court of Appeals in San Francisco in a report released Tuesday
Google had argued that its activities were exempt from the wiretap law because data transmitted over a Wi-Fi network is a “radio communication” and is “readily accessible to the public.”
Not so, wrote the judges, agreeing with an earlier federal judge’s ruling.
“Even if it is commonplace for members of the general public to connect to a neighbor’s unencrypted Wi-Fi network, members of the general public do not typically mistakenly intercept, store and decode data transmitted by other devices on the network,” they said.
Google’s Street View cars can be spotted with pole-mounted cameras on their roofs, photographing along roadways the world over. The photos then show up on Google’s popular Street View map option, where viewers can virtually scroll along a street past homes, cars and shops, all captured in photographs.
But unbeknown to passers-by, those cameras weren’t just making photos. They were also collecting detailed information transmitted over Wi-Fi networks they passed through.
Privacy experts and industry watchers said this was the first time an appeals court has ruled that it’s illegal for a company to sniff out and collect private information from the Wi-Fi networks that provide Internet service to people at home. Google is also the first publicly known company to try.
“This appeals court decision is a tremendous victory for privacy rights. It means Google can’t suck up private communications from people’s Wi-Fi networks and claim their Wi-Spying was exempt from federal wiretap laws,” said John M. Simpson, Consumer Watchdog’s privacy project director. “Because Google’s Wi-Spy activity was so extensive, the potential damages could amount to billions of dollars.”
Marc Rotenberg, executive director of Electronic Privacy Information Center, called it “a landmark decision for Internet privacy.”
“The court made clear that the federal privacy law applies to residential Wi-Fi networks,” he said. “Users should be protected when a company tries to capture data that travels between their laptop and their printer in their home.”
A Google spokesperson said Tuesday that attorneys for the Internet giant are “disappointed in the 9th Circuit’s decision and are considering our next steps.”
Attorney Elizabeth Cabraser, representing a class action of plaintiffs who say their privacy was invaded by Google, said Tuesday they look forward to resuming their case now that a federal appeals court has ruled in their favor.
Google has apologized for the snooping, which it says took place between 2008 and March 2010. It promised to stop collecting the data and said the practice, conducted in more than 30 countries, was inadvertent but not illegal.
Earlier this year Google settled a 37-state lawsuit for $7 million after attorneys general sued over what they said was an invasion of privacy for the data collection.
The practice was discovered by a German data protection commissioner in 2010. A few months later, Google co-founder Sergey Brin told conference-goers that the firm had made a mistake.
“In short, let me just say that we screwed up,” he said at the time.
Google says it has disabled the equipment that was collecting the data, and agreed to destroy the information as soon as possible. The company is currently obliged to hold it, unused, because of ongoing litigation.