Header graphic for print
TMT Law Watch Business, legal, and policy developments affecting the telecom, media, and technology sector.

Google Loses Skirmish in “Wardriving” Class Actions [UPDATED 7/15/11]

Posted in Other Topics

By Dan Royalty

 Update (7/21/11):

U.S. District Judge James Ware on Monday granted Google’s request to certify his decision for appeal to the Ninth Circuit. The court noted that it had earlier found that the dispute “presents a case of first impression as to whether the Wiretap Act imposes liability upon a defendant who allegedly intentionally intercepts data packets from a wireless home network” and a “novel question of statutory interpretation.” Given the novelty of the issues presented, the court concluded that its earlier decision “involves a controlling question of law as to which there is a credible basis for a difference of opinion” and certified the decision for immediate interlocutory appeal. In granting Google’s motion, the court also stayed the case pending resolution of the matter on appeal.

——-

The Northern District of California issued an interesting, and at first blush, surprising, decision in the consolidated Google Street View privacy class actions last week, exploring some rarely trod real estate within the federal Wiretap Act, 18 U.S.C. § 2510 et seq., and denying Google’s attempt to dismiss the federal wiretap claims against it.  The court held that WiFi transmissions—which are carried by radio waves—are not “radio communications” under the Wiretap Act.  It also rejected Google’s argument that transmissions across unencrypted WiFi networks are “readily accessible to the general public,” because plaintiffs claimed that the packet sniffing software needed to intercept those transmissions are not readily available.  These rulings may be surprising to technophiles who know that WiFi is transmitted via radio waves, and who know at least three locations where free packet sniffing software can be downloaded. After the jump we explain the background of these cases and why, properly framed, the court’s decision is not so surprising after all.

 

Update (7/21/11)

The practice of driving around with a laptop to detect and record WiFi access points is known as “wardriving.” Google’s wardriving troubles began in spring 2010 when German data authorities questioned Google’s practice of collecting WiFi network information along with pictures from its roving Street View vehicles. 

Google acknowledged that its Street View cars collected WiFi network information such as network name and MAC address, but initially denied that its cars collected any payload data—i.e., the cars had not collected the content of any communications transmitted across WiFi networks. However, after the data protection authority of Hamburg, Germany asked Google to audit the Street View WiFi data it had retained, Google retained a forensic firm to do so and released its report. That report confirmed that the Google software stored payload data transmitted from unencrypted wireless networks, and Google began the mea culpas.

Unsurprisingly, several class action lawsuits were soon filed against Google around the United States, alleging that its collection of WiFi data violated the federal Wiretap Act, state wiretap laws, and other state statutory and common laws. These lawsuits were transferred and consolidated before Judge James S. Ware of the Northern District of California.

The federal Wiretap Act makes it unlawful to intentionally intercept any electronic communication. 18 U.S.C. § 2511(a). “Electronic communication” is broadly defined under the law to include any transfer of data by, among other things, radio, easily reaching Google’s collection of data collected from WiFi access points. 

In its motion to dismiss, Google sought the shelter of one of several exceptions to the Wiretap Act. That exception carves out from liability any interception of an electronic communication “made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.” 18 U.S.C. § 2511(g)(i) (emphasis added). Section 2510(16) defines communications that have been scrambled or encrypted, among other things, as not readily accessible to the general public. However, the statute defines “readily accessible to the general public” only “with respect to a radio communication.” 18 U.S.C. § 2510(16). 

The question, then, was whether the WiFi signals intercepted by Google could be considered “radio communications” under the law. WiFi signals are transmitted by radio waves using the IEEE 802.11 radio standards, and thus, Google argued, they should be considered radio communications. Because plaintiffs had not pleaded that their WiFi signals were scrambled or encrypted, their networks should be considered readily accessible to the general public, and Google could not be held liable for intercepting their broadcasts. Plaintiffs argued that Congress meant something narrower than all communications transmitted by radio waves when it used the phrase “radio communications,” and that electronic communications transmitted by WiFi networks fell outside Congress’s intended definition. 

Finding the statutory text ambiguous, Judge Ware took a deep dive into legislative history. He sussed out that Congress’s definitions of “electronic communication” and “radio communication” were largely written to bring the Wiretap Act in line with new standards of electronic communications, and to quell the concerns of radio scanning enthusiasts, respectively. After examining the legislative history and parsing other parts of the law that address “radio communications,” Judge Ware concluded that “radio communications” should be limited to “traditional radio services.” Because WiFi was not a traditional radio service, it did not qualify as a radio communication. Thus, for electronic communications, “readily accessible to the general public” was undefined under the Wiretap Act, and plaintiffs did not need to plead around the Section 2510(16) exception to liability.

Finally, the court rejected Google’s argument that, even under an ordinary meaning of the phrase, plaintiffs’ WiFi networks were “readily accessible to the general public.” Google had seized on plaintiffs’ claim that their networks were open and unencrypted, and argued that this meant that they were readily accessible to the general public. But plaintiffs claimed that only by using “rare packet sniffing software,” not widely available, was Google able to intercept the WiFi packets. The Court found that plaintiff had properly made out a claim under the Wiretap Act, and allowed the case to proceed.

To those familiar with the ubiquity and ease-of-use of packet sniffing software, this last ruling stands out. But at the motion to dismiss stage, the court was required to accept as true plaintiffs’ claims that the means by which Google intercepted payload data was not generally available to the public. Google will almost certainly mount a strong factual challenge on that point. But now the putative class representatives have stated a claim under the Wiretap Act, and will be able to move their cases towards class certification.