A federal judge has declined to dismiss charges against Google that it allegedly violated the Federal Wiretap Act when it collected personal data from Wi-Fi networks.
U.S. District Court Judge James Ware on Wednesday tossed accusations that Google's Street View vehicles broke several states' laws when they harvested usernames, passwords and emails from consumers' and businesses' wireless networks, but allowed the claim that the company violated federal law to continue.
Google's Street View vehicles began cruising American roads in 2007 as part of the company's mapping program. Along with snapping photographs of each street and collecting GPS data, the vehicles also mapped the location of Wi-Fi networks to build a database that could be accessed by mobile devices to determine users' whereabouts.
Google acknowledged the privacy problem in May 2010, but said collection of personal data from Wi-Fi hotspots had been inadvertent. The company blamed an unnamed engineer for adding code to the Wi-Fi location detection software.
Although Google initially said that the packet sniffer grabbed only data fragments, it later acknowledged that the vehicles had harvested complete usernames and passwords from unprotected wireless networks, as well as emails.
To arrive at his ruling, Ware threaded his way though years of legislative history of federal privacy laws related to over-the-air communications, and even went to the Oxford English Dictionary in an attempt to define "radio communications."
He concluded that the exemptions built into the Federal Wiretap Act did not apply to Google's snooping.
"The Court finds that Plaintiffs plead facts sufficient to state a claim for violation of the Wiretap Act," Ware wrote in his ruling. "Defendant's contention that Plaintiffs fail to state a claim for violation of the Wiretap Act, as Plaintiffs plead that their networks were 'open' and 'unencrypted,' is misplaced."
Jim Dempsey, the vice president for public policy at the Center for Democracy and Technology (CDT), a Washington D.C.-based advocacy organization, said that intercepting data communications from a Wi-Fi network, even one unsecured with a password, "should certainly be illegal."
But he also argued that Congress needed to clarify the law. "It's certainly far preferably to clarify the statute legislatively," Dempsey told Computerworld on Friday, rather than require judges like Ware to parse the ambiguous and outdated language of the 25-year-old Electronic Communications Privacy Act (ECPA). "But whichever way this case comes out, clarifying the statute on this particular point is not going to be easy."
Google said it was considering its next move.
Sign up for CIO Asia eNewsletters.