United States wiretapping laws are notoriously used in contexts way beyond any possible intent due to the zealotry of law enforcement and the inexorable march of technology. When much of the wiretapping legislation had been put into law, the concept of a “wire” for communication actually had meaning, whereas now not only do we communicate with wires but also radio waves. As a result, Google has run afoul of these laws in numerous countries but now they’re definitely in hot water in the U.S.
A federal judge in California has refused Google’s motion to dismiss a class-action lawsuit against the company over their collection of WiFi data from vehicles taking part in their Street View project.
Due to its strange desire to virtualize the entire universe, Google has been recording information from WiFi hotspots while mapping the streets. As the radio signals from these WiFi networks leak outside of the homes using them and across the street (sometimes for hundreds of meters) a Google Street View car can pick up lots of information out of the air and some of that is unencrypted. Do we compare Google’s recording to a person pressing up against an eve to listen in on a conversation inside the house; or do we compare it to someone walking past while an extremely loud conversation can be heard clearly from the street.
This is the crux of the situation for Google, writes Ars Technica on the subject,
The key question turns on whether open WiFi packets are “readily accessible to the general public,” since US law does provide an exception for monitoring such signals. Because Google’s Street View vehicles allegedly collected WiFi network names (SSIDs), unique hardware addresses (MAC addresses), usernames, passwords, and even “whole e-mails,” Judge Ware concluded that the plaintiffs had stated a proper Wiretap Act claim.
While Google attempted to argue that the data was “readily accessible,” the judge called the request “misplaced.”
While Plaintiffs plead that their networks, or electronic communications systems, were configured such that the general public may join the network and readily transmit electronic communications across that network to the Internet, Plaintiffs [also] plead that the networks were themselves configured to render the data packets, or electronic communications, unreadable and inaccessible without the use of rare packet sniffing software; technology allegedly outside the purview of the general public. Thus, the Court finds that Plaintiffs plead facts sufficient to support a claim that the Wi-Fi networks were not “readily accessible to the general public.”
Hopefully during hearings involving the class-action lawsuit the judge will discover that (1) if the Plaintiffs did encrypt their network and Google didn’t decrypt them then all Google has is a mass of nonsense (like recording noise on a busy street) or (2) the Plaintiffs were wrong and they didn’t make a reasonable attempt to protect their privacy and instead broadcast everything into the street where their neighbors and passing cars could have easily gotten it with common retail equipment.
If people are actually broadcasting without encryption, Google’s slurping it up is the least of their concerns when they put usernames, passwords, and even entire e-mails into the airwaves.
Google recently also found themselves in court while people boiled over location tracking on Android phones (alongside Apple, who had much bigger privacy problems with iPhones) and during that a memo revealed exactly why they collect data about WiFi hotspots. Although, the search giant may not need to collect as much information as they do—but it certainly does look like they record stretches of the broadcasts in order to better fingerprint them as radio landmarks.