A U.S. appeals court has once again rejected Google’s argument that it did not break federal wiretap laws when collecting user data from unencrypted wireless networks for its Street View program.
In a ruling this week, the U.S. Court of Appeals for the Ninth Circuit held that payload data transmitted over a Wi-Fi network is not “radio communications” as defined under the federal Wiretap Act and as claimed by Google. That means the company cannot claim an exemption for its Wi-Fi data collection under the Wiretap Act.
The appellate court also rejected Google’s petition for an en banc, or full court, review of the case. The opinion clears the way for a lawsuit filed against Google over its Street View data collection to proceed in District Court.
”The Ninth Circuit’s ruling in the Google Street View case is significant because the court affirmed its previous holding that Wi-Fi communications are protected under the Wiretap Act,” said Alan Butler appellate advocacy counsel with the Electronic Privacy Information Center (EPIC).
”Google has been subject to investigation in the U.S. and Europe for its collection of private Wi-Fi communications, and the court’s refusal to dismiss this case shows that this collection might have violated federal law,” Butler said.
Google admits collection
In 2010, Google admitted that its Street View cars had inadvertently captured data transmitted over open Wi-Fi networks when shooting photos. The company apologized for its actions and said it would destroy or render inaccessible close to 650GB of data it had collected from Wi-Fi networks.
Several individuals later sued, claiming Google had violated the Wiretap Act, which prohibits the intentional interception of electronic data. In the lawsuit, the plaintiffs noted that Google’s Street View cars had recorded a considerable amount of data from open Wi-Fi networks including SSIDs, MAC addresses, and even “payload” data such as personal emails, passwords, videos, and documents.
Google claimed that its actions were legal because the only data it collected was data that was unencrypted and freely available to the general public over unsecured wireless networks. The company claimed that people who did not take affirmative action to protect their data on wireless network should no expectations of privacy over the data.
It likened unsecured wireless data to open radio communications and claimed that the Wiretap Act did not offer any privacy protections to the data.
A District Court judge who heard the case rejected Google’s argument and held that wireless data is very different from radio communications and therefore enjoys specific privacy protections.
Sign up for CIO Asia eNewsletters.
Download the most popular cybersecurity articles from CIO Asia to help you on your cybersecurity journey.
Discover why more and more organisations are choosing SaaS solutions.
Learn how enterprises will leverage cloud and digital transformation over the next 12 months, along with best practices to accelerate cloud adoption and growth.