A federal court’s decision to let a class action suit move forward against Google for nabbing data transmitted over household Wi-Fi networks adds a new wrinkle to the Internet titan’s perplexing approach to privacy rights. The 9th Circuit yesterday rejected Google’s request to throw out a case that arose after Google admitted in 2010 that its camera-carrying cars, which snap photos for Google Maps’ Street View feature, had done more than just photograph commercial thoroughfares, residential neighborhoods, and the occasional bit of surreal street art. Turns out between 2007-2010, the company’s fleet of roving shutterbugs intercepted about 600 gigabytes of “payload data”—emails, usernames, passwords, personal videos and documents—transmitted over nearby unencrypted Wi-Fi networks in more than 30 countries.
The company immediately apologized, dismantled its vehicles’ snooping software and claimed to have deleted the intercepted data (though we later learned they didn’t actually delete it). Its contrition didn’t stop a government investigations—or a group of plaintiffs from claiming Google violated the federal Wiretap Act, a law Congress enacted in 1986 in part to let people sue in civil court and request money damages when their data have been intercepted improperly. Since Google had already owned up to capturing the data, its defense was that the Wi-Fi snooping wasn’t actually illegal in the first place.
Google claimed data sent and received over an unencrypted Wi-Fi network is “readily accessible to the general public.” Since the Wiretap Act says it’s OK to intercept electronic communication available to the public (like a radio transmission), capturing unencrypted Wi-Fi network chatter was also permissible, Google reasoned, and the case should be tossed. The court roundly rejected this argument. Wi-Fi data are not like radio transmissions, the court said this week, and even if they were, the general public doesn’t have access to the kind of sophisticated intercepting-and-decoding tools Google used. No exemption for Google, said the court, in a decision cheered by privacy right advocates.
How much money is at stake here? Maybe billions in damages, says John M. Simpson, privacy project director at Consumer Watchdog, which is representing plaintiffs in the lawsuit. He told Bloomberg News, “This appeals court decision is a tremendous victory for privacy rights. It means Google can’t suck up private communications from people’s Wi-Fi networks and claim their Wi-Spying was exempt from federal wiretap laws.”
Beyond the ruling, perhaps what’s most striking about the case is how Google’s arguments in recent legal cases sometimes clash with its public position on privacy rights. Here, Google is essentially saying that data transmitted by someone’s at-home Wi-Fi router should be treated with the same level of privacy as a broadcast of The Rush Limbaugh Show. The company also recently told a U.S. District Court in California Gmail users have “no reasonable expectation of privacy” in the emails they send and receive.
But in March, one of Google’s top lawyers testified before the House Judiciary Committee during a hearing on the Electronic Communications Privacy Act, of which the federal Wiretap Act is part. Richard Salgado, Google’s legal director of law enforcement and information security, urged lawmakers to update the 1986 law to reflect Internet-age attitudes about privacy. “The distinctions that ECPA made in 1986 were foresighted in light of technology at the time,” he said. “But in 2013, ECPA frustrates users’ reasonable expectations of privacy.”
Maybe the company figures privacy laws should be updated, but in the meantime it will exploit the lagging-behind-legislation. If that’s the case, the court was especially right to slap them down yesterday.