A ruling this week in a heated court battle between Google and those accusing the tech giant of illegally collecting Wi-Fi data, could mean stringent legal recourse for users intercepting unsecure Wi-Fi communications, experts say.
A US federal appeals court ruled on Tuesday that Google's data-collecting practices while using its Street View mapping service, between 2008 and 2010, was not exempt from federal wiretap law.
For the past few years, Google has battled a lawsuit accusing it of violating the WireTap Act for its use of Street View.
The service offered users' panoramic, street-level views of geographical locations, but, in order to provide the images, Google dispatched cars around the world that were capable of collecting unencrypted Wi-Fi data transmitted in surrounding areas, including in homes and businesses, court documents said.
After Google admitted in June 2010 that it “mistakenly” siphoned users' Wi-Fi communications in its quest for Street View photographs, the company was hit with several lawsuits, which were eventually consolidated in November of that year.
According to the court documents filed on Tuesday, Google's Street View cars collected about 600 gigabytes of data transmitted over Wi-Fi networks in more than 30 countries.
The payload data collected included “everything transmitted by a device connected to a Wi-Fi network, such as personal emails, usernames, passwords, videos and documents,” the filing said.
On Tuesday, a panel of judges ruled to uphold a lower court's decision in California that Google couldn't dismiss the case. The tech giant argued that the case should be dismissed on the grounds that the unencrypted Wi-Fi data it collected was categorized as a “radio communication,” a type of transmission exempt from Wiretap Act protections.
The case against Google can now move forward in court, but privacy advocates are also speaking out about how the recent decision impacts anyone that captures unsecured Wi-Fi data – whether deliberately or otherwise.
In a Friday interview with SCMagazine.com, Hanni Fakhoury,a staff attorney at the Electronic Frontier Foundation (EFF), a digital rights advocacy group, called the ruling a “landmark” decision.
“It's landmark in the sense that it's the first appellate court to look at the issue and decide on the issue [that an unencrypted Wi-Fi signal is not a radio communication],” Fakhoury said.
He later added that the move may require a higher degree of discretion by security analysts who are more likely to intercept these kinds of communications while researching.
“What it ultimately means is, if you are a security researcher who may intercept unencrypted Wi-Fi data, [you] may be violating the Wiretap Act,” Fakhoury said.
While some privacy groups, like the Electronic Privacy Information Center (EPIC), support the court's decision on Google – EPIC has taken several steps over the years to call Google to task on its Street View data collection practices – others stand divided on the issue.
Lance Cottrell, a security and privacy expert, blogged about the ruling on Wednesday and wrote that, while the decision was “good news” from a privacy perspective, it could also spell trouble for anyone who inadvertently taps into open Wi-Fi networks – which isn't hard to do.
“The hacker/ tinkerer/ libertarian in me has a real problem with this ruling,” Cottrell wrote. “It is really trivial to intercept open Wi-Fi. Anyone can join any open Wi-Fi network. Once joined, all the the data on that network is available to every connected device.”
He later added that the ruling was likely to “create accidental outlaws of researchers, and the generally technical and curious.”
The lawsuit, Joffe v. Google, isn't the only legal dispute to arise from the company's use of Street View.
In March, Google reached a $7 million settlement with attorneys general for 38 states and the District of Columbia. Connecticut, which led the probe into Google's practices, received a half a million dollar share of the settlement as the lead state in the case.