A ruling this week in a heated court battle between Google and those accusing the technology giant of illegally collecting WiFi data, could mean stringent legal recourse for users intercepting unsecure WiFi communications, experts say.
A federal appeals court ruled on Tuesday that Google's data-collecting practices while using its Street View mapping service, between 2008 and 2010, was not exempt from federal wiretap law.
For the past few years, Google has battled a lawsuit accusing it of violating the WireTap Act for its use of Street View. The service offered users' panoramic, street-level views of geographical locations, but, in order to provide the images, Google dispatched cars around the world that were capable of collecting unencrypted WiFi data transmitted in surrounding areas, including in homes and businesses, court documents said.
After Google admitted in June 2010 that it “mistakenly” siphoned users' WiFi communications in its quest for Street View photographs, the company was hit with several lawsuits, which were eventually consolidated in November of that year.
According to the court documents filed on Tuesday, Google's Street View cars collected about 600 gigabytes of data transmitted over WiFi networks in more than 30 countries. The payload data collected included “everything transmitted by a device connected to a WiFi network, such as personal emails, usernames, passwords, videos and documents”, the filing said.
On Tuesday, a panel of judges ruled to uphold a lower court's decision in California that Google couldn't dismiss the case. The technology giant argued that the case should be dismissed on the grounds that the unencrypted WiFi data it collected was categorised as a 'radio communication', a type of transmission exempt from Wiretap Act protections.
The case against Google can now move forward in court, but privacy advocates are also speaking out about how the recent decision impacts anyone that captures unsecured WiFi data – whether deliberately or otherwise.
In an interview with SCMagazine.com on Friday, Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation (EFF), a digital rights advocacy group, called the ruling a “landmark” decision.
“It's landmark in the sense that it's the first appellate court to look at the issue and decide on the issue [that an unencrypted WiFi signal is not a radio communication],” Fakhoury said.
He later added that the move may require a higher degree of discretion by security analysts who are more likely to intercept these kinds of communications while researching.
“What it ultimately means is, if you are a security researcher who may intercept unencrypted WiFi data, [you] may be violating the Wiretap Act,” Fakhoury said.
While some privacy groups, such as the Electronic Privacy Information Center (EPIC), support the court's decision on Google – EPIC has taken several steps over the years to call Google to task on its Street View data collection practices – others stand divided on the issue.
Lance Cottrell, a security and privacy expert, blogged about the ruling on Wednesday and wrote that, while the decision was “good news” from a privacy perspective, it could also spell trouble for anyone who inadvertently taps into open WiFi networks – which isn't hard to do.
“The hacker/ tinkerer/ libertarian in me has a real problem with this ruling,” Cottrell wrote. “It is really trivial to intercept open WiFi. Anyone can join any open WiFi network. Once joined, all the the data on that network is available to every connected device.”
He later added that the ruling was likely to “create accidental outlaws of researchers, and the generally technical and curious”.
The lawsuit, Joffe v. Google, isn't the only legal dispute to arise from the company's use of Street View.
In March, Google reached a $7 million settlement with attorneys general for 38 states and the District of Columbia. Connecticut, which led the probe into Google's practices, received a half a million dollar share of the settlement as the lead state in the case.