Thursday, September 19, 2013, by Gabriel Kussin
The Ninth Circuit Court of Appeals has held that Google, the largest search tool on the internet, can be sued for violations of the U.S. Wiretap Act after inadvertently collecting information from unencrypted wireless networks from its Street View camera cars. In affirming the Northern District Court of California’s ruling, the three judge appellate panel rejected Google’s argument that the data was not restricted under federal wiretap restrictions and overruled Google’s motion to dismiss a class action lawsuit filed by residents across the country. The decision represents a significant victory for electronic privacy advocates, but symbolizes the continuing struggle to redefine electronic communications in American laws.
Between 2007 and 2010, Google equipped its highly recognizable Street View cars, which capture “panoramic, street-level photographs for its Google Maps service,” with antennas and software that were capable of automatically accessing Wi-Fi networks to increase accuracy of their GPS services. Instead, these additions ended up accumulating 600 gigabytes of “payload data,” which included passwords, emails, personal files, and private documents. When Google discovered the error, it immediately shut down the cars and apologized, yet it was not enough to avoid a consolidated, class action lawsuit that alleged violations of the U.S. Wiretap Act as well as a variety of state and local communications laws.
With recent revelations of government surveillance of personal and corporate internet accounts, the Ninth Circuit seemed cognizant of individual rights to web privacy.
Google’s dual argument hinged on an exceptions clause in the U.S. Wiretap Act stating that the data collected was either “through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public” or resembled “an open radio collection.” While the Ninth Circuit acknowledged that Google’s argument had “some force,” they stated that a Wi-Fi network, that is intended for consumption solely in a private home or business can’t be considered under either of these exemptions, since the car had to be in the immediate area of the network and the software had to take a more significant step of connecting to the network. This goes beyond simply tuning into a radio station available over the airwaves.
The decision actually closely mirrors a district court in Georgia’s decision that did not permit collection of information from over unencrypted, cordless telephone calls. Focusing not just on the intent of the lawmakers, the Georgia court used the intent of the cordless phone makers, who clearly did not want calls from their products to be “incidentally broadcast.”
While a seemingly innocuous mistake by a company whose informal motto is “Don’t Be Evil,” the lawsuit could cost Google billions of dollars. With recent revelations of government surveillance of personal and corporate internet accounts, the Ninth Circuit seemed cognizant of individual rights to web privacy. The court clearly delineated a difference between individuals who access their neighbors’ non-password protected networks to get online themselves, and a multinational corporation accessing, storing, and perhaps even using data collected from those networks, or even an individual attempting to gather information for their own personal benefit.
In March, Google agreed to pay $7 million to settle a probe into the matter involving thirty-eight states and the District of Columbia. As part of that settlement, Google agreed to destroy data collected in the United States. Unfortunately, the damage may be just beginning for Google.