Google loses appeal in 'landmark' Street View ruling

U.S. appeals court throws out Google's bid to dismiss a lawsuit stating it violated wiretap laws when it accidentally gathered personal data for its Street View application, in what a privacy advocate calls a "landmark decision".
Written by Eileen Yu, Senior Contributing Editor

A U.S. appeals court has thrown out Google's attempt to dismiss a lawsuit stating it violated federal wiretap laws when it unintentionally collected personal user data for its Street View mapping tool. 

In its decision, the 9th US Circuit Court of Appeals ruled Google should be held liable under the U.S. federal Wiretap Act for accidentally collecting fragments of personal and sensitive data, including user passwords and entire e-mail, from home wireless broadband networks in the U.S. and Europe. The data had been gathered while its Street View vehicles, equipped with Wi-Fi-sniffing tools, roamed the streets capturing data for the location-based service. 

"It's a landmark decision that affirms the privacy of electronic communications for wireless networks," Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, said in a report by Reuters. "Many Internet users depend on wireless networks to connect devices in their homes, such as printers and laptops, and companies should not be snooping on their communications or collecting private data."

In its ruling, Circuit Judge Jay Bybee wrote that Wi-Fi communications could not be deemed "radio communication" that was publicly accessible, which Google had argued should exempt it from the Wiretap Act. "Even if it is commonplace for members of the general public to connect to a neighbor's unencrypted Wi-Fi network, members of the general public do not typically mistakenly intercept, store, and decode data transmitted by other devices on the network," Bybee stated. 

He dismissed Google's "expansive" definition of radio communication would produce "absurd results". For instance, it could in theory make it legal for someone to park outside the home or office that used an unsecured network, deploy a device that captures data transmitted over the network, and intercept an e-mail intended for the homeowner.

"Consider an e-mail attachment containing sensitive personal information sent from a secure Wi-Fi network to a doctor, lawyer, accountant, priest, or spouse. A company like Google that intercepts the contents of that e-mail from the encrypted home network has, quite understandably, violated the Wiretap Act," Bybee said. "Surely Congress did not intend to condone such an intrusive and unwarranted invasion of privacy when it enacted the Wiretap Act 'to protect against the unauthorized interception of electronic communications'."

Google said it was "disappointed" with the decision and mulling its next steps.

The Internet giant in March had agreed to pay US$7 million to settle a case involving 38 U.S. states as well as delete data collected in the United States. Germany's privacy regulator in April also ordered Google to pay a fine of 140,000 euros (US$189,000), the highest the country could have enforced on any company under German laws. 

A San Francisco-based district judge in June 2011 permitted plaintiffs in several private lawsuits to file damages against Google based on the Wiretap Act.

Editorial standards