Today’s article deals with two rather complicated items: the federal Wiretap Act and Google’s Street View program. For those unfamiliar with Street View, Street View is a service Google provides as part of their Google Maps program. Basically, Google sends out a fleet of special cars with cameras to take pictures of the streets. Google then compiles these pictures into complete images of the road at street level, which the user can then access. Street View recently got a rather hilarious mention in the show Arrested Development.
The case in question (Joffe v. Google) deals with the information these cars gathered while taking these street level pictures. Specifically, the plaintiffs alleged that Google’s cars collected a vast amount of data from nearby Wi-Fi networks. Google later revealed that their cars collected MAC addresses and SSIDs (which serve to identify Wi-Fi networks), as well as transmission data sent over the Wi-Fi networks (such as emails, passwords, and payment information). Google argued that Wi-Fi represented an electronic communication (which do not receive protection under the Wiretap Act) and that the case should be dismissed. The Ninth Circuit Court of Appeals disagreed, and sent the case back to the District Court for trial.
The importance of this case lays in the ruling placing Wi-Fi under the protection of the federal Wiretap Act (18 U.S.C. 2511). The Wiretap Act is a little convoluted in terms of what it does and does not protect, with a large subsection ((2)(g) specifically) detailing transmissions the Act does not cover. Google, in particular, argued that Wi-Fi (particularly unencrypted Wi-Fi) represents an electronic communication that is “readily accessible to the public” and thus not subject to protection under the Wiretap Act. The Wiretap Act also has a broad exemption for radio transmissions, generally barring liability in regard to radio. The lower level court, referencing an earlier ruling (In re Google Inc. St. View Elec. Commc’n Litig., 794 F. Supp. 2d at 1076–81), held that “radio communications” only applies to traditional radio services and not to newer technologies (such s Wi-Fi and cell networks) that also use radio waves. The case itself goes into great detail as to why Wi-Fi does not constitute a radio communication under the Wiretap Act. This argument mostly boils down to the colloquial definition of radio communication (basically, listening to audio transmissions on a radio) being the legal definition instead of the technical one (any device that uses radio waves to transmit information). Google could thus not claim the broader radio communications exemption, which would only grant protection to encrypted networks.
The next step for the court was to decide whether information transmitted on unencrypted Wi-Fi is “readily available to the public.” This is the area where I would expect a court to rule in a way that is both obvious and (in my opinion) incorrect. Most judges would see the word “unencrypted” and assume that the data is available to the public without doing a deeper investigation into how Wi-Fi operates. In this case, the court gave two reasons for why they felt that unencrypted Wi-Fi is not readily accessible to the public. First, the transmission of a Wi-Fi network is geographically limited (rarely transmitting beyond the walls of the house in which they are located…usually no more than 330 feet). The opinion compares the relative power and transmission distances of Wi-Fi and AM radio, noting that AM radio stretches for around 100 miles. The court reasons that such a severe limitation in transmission range limits the intended purpose to private usage. The second reason given is that Wi-Fi networks still require some device authentication in order to share payload data. Decoding this data requires special equipment and expertise, both of which the general public lacks. As a result, collecting data from an unencrypted Wi-Fi network represents a violation of the Wiretap Act in the Ninth Circuit’s view.
This is a very important ruling for data privacy purposes. First, it clears up an important unanswered question regarding what protections the Wiretap Act offered Wi-Fi networks. Since most people have Wi-Fi networks as their home network, obtaining transmitted information (such as passwords and credit card numbers) any Wi-Fi network is illegal. Given the prestige of the Ninth Circuit when it comes to technology issues (their proximity to Silicon Valley means that they handle a lot of internet and tech derived cases), this ruling could potentially provide a very influential piece of precedent (even if Google still has to undergo the actual trial).