SAN FRANCISCO (CN) – A federal judge refused to dismiss claims that Google used so-called “wireless sniffers” to ferret out personal emails, passwords and other personal data from unsuspecting WiFi users in more than 30 countries.
A plaintiff class claimed that the defendant multinational Internet search, cloud computing and advertising technologies company used hyper-outfitted vehicles to collect and store about 600 gigabytes of personal information beginning in 2007.
The amassing, the class argued, violated the Federal Wiretap Act, California Business and Professions Code and state wiretap statutes.
Google, they said, issued only a press release announcing its intent to use Google Street View vehicles, outfitted with specialized data collection and photography equipment, to capture photo, not WiFi, data.
Google then quietly intercepted “data packets,” comprising users’ personal information, using its “packet sniffer” software.
Street View vehicles were equipped with directional cameras meant to capture 360-degree street-level images, to be used with Google Maps, and featured 3G/GSM/Wi-Fi antennas paired to the data acquisition software.
The company also used smaller vehicles, known as Google Trikes, to capture data from areas inaccessible to cars.
In 2006, prior to the launch of the vehicles, Google-employed engineers created the data collection system – commonly known as a packet analyzer, wireless sniffer, network analyzer, packet sniffer or protocol analyzer.
When exposed, the ruling states, Google admitted to storing the data on its servers and issued an apology on its blog in Australia. The content of the packets included whole emails, usernames, passwords and other private data.
According the the ruling, in 2010, “in response to an inquiry from an European privacy authority,” Google admitted to collecting “‘fragmentary’ samples of ‘publicly broadcast’ payload data from non-password-protected Wi-Fi networks and that, through this conduct, it had collected about 600 gigabytes of data from more than 30 countries.”
Google also “admitted that it had been collecting Wi-Fi data in the United States via Google Street View vehicles since 2007.”
In a motion to dismiss the wiretapping charges, Google claimed that the plaintiffs failed to plead that their WiFi broadcasts were not “readily accessible,” exempting the company from wiretapping charges.
The class countered that “readily accessible to the general public” applied solely to “radio communications,” not WiFi data.
Ruling on the motion, Chief U.S. District Judge James Ware said: “The matter before the court presents a case of first impression as to whether the Wiretap Act imposes liability upon a defendant who allegedly intentionally intercepts data packets from a wireless home network.”
“The court finds that the wireless networks were not readily accessible to the general public as defined by the particular communication system at issue, wireless internet networks, which are not ‘radio communications,'” Ware added.
The classs had claimed that, “unlike in the traditional radio services context, communications sent via Wi-Fi technology … are not designed or intended to be public,” the ruling states.
“Rather, as alleged, Wi-Fi technology shares a common design with cellular phone technology, in that they both use radio waves to transmit communications, however they are both designed to send communications privately, as in solely to select recipients, and both types of technology are architected in order to make intentional monitoring by third parties difficult,” Ware added.
Google’s contention that the class failed to state a valid claim for violation of the Wiretap Act, as the plaintiffs’ networks were open and unencrypted, “was misplaced,” Ware added.
“Thus, the court finds that, without more, merely pleading that a network is unencrypted does not render that network readily accessible to the general public and serve to remove the intentional interception of electronic communications from that network from liability under the ECPA.”
The Omnibus Crime Control and Safe Streets Act of 1968, or Federal Wiretap Act, was last amended in 1986 and titled the Electronic Communications Privacy Act.
At that time, Sen. Patrick Leahy, D-Vt., called the regulations “hopelessly out of date,” and the amendment was passed to “update and clarify Federal privacy protections and standards in light of dramatic changes in new computer and telecommunications technologies.”
Ware granted Google’s motions to dismiss the California Business and Professions Code and state wiretap statutes violations, but upheld the Wiretap Act charges, and ordered the plaintiffs to file an amended complaint consistent with his order by Aug. 1.