Ninth Circuit Rejects Google Defense in Wi-Fi Sniffing Suit
In what could be a painfully expensive rebuke to Google, the U.S. Court of Appeals for the Ninth Circuit ruled Tuesday that the company can be sued under the Wiretap Act for sniffing out data from home Wi-Fi networks.
The ruling potentially exposes Google to many millions, if not billions, in statutory damages and attorney fees, though the litigation is still in early stages.
"It's a great day for privacy," said Lieff Cabraser Heimann & Bernstein partner Kathryn Barnett, one of the lead lawyers on the case. "We're excited to go back and prepare our claims and have a trial."
Google and its attorneys at Wilson Sonsini Goodrich & Rosati had argued that unencrypted Wi-Fi transmissions are "radio communication" easily accessible to the public, making them exempt from the Wiretap Act and the Electronic Communications Privacy Act of 1986. But a Ninth Circuit panel led by Judge Jay Bybee said Google's definition "does not conform with the common understanding held contemporaneous with the enacting Congress."
"Google's proposed definition is in tension with how Congress — and virtually everyone else — uses the phrase" radio communication, Bybee wrote. Television is technically broadcast via radio wave, but "in common parlance, watching a television show does not entail 'radio communication,'" he wrote. "Nor does sending an email or viewing a bank statement while connected to a Wi-Fi network."
The decision means a potentially massive class of home computer users can move forward against Google in multidistrict litigation in San Francisco federal court. The case was recently reassigned from retired Judge James Ware to Judge Charles Breyer.
Google set out six years ago to map street-level views of cities and neighborhoods around the world. The company's Street View vehicles also carried Wi-Fi sniffing technology that captured data from commercial and residential wireless networks, unless they were encrypted.
Google says the goal was to map wireless access points, thereby helping mobile device users better pinpoint their locations. The company has blamed a rogue engineer for developing a program that also captured payload content — including user names, passwords, email addresses and other sensitive data — as it streamed across those wireless networks.
Google has publicly apologized, insisting the company never has used nor intends to use the 600 gigabytes of uploaded data. The engineer Google blamed invoked the Fifth Amendment before the Federal Communications Commission. Now Lieff Cabraser and co-counsel at Cohen Milstein Sellers & Toll and Spector Roseman Kodroff & Wills are likely to pursue discovery from the engineer and other Google executives.
At the Ninth Circuit, Google argued it was not illegal to intercept "radio communications" that are "readily accessible to the general public."
In addition to rejecting Google's definition of radio communication, Bybee held that Wi-Fi transmissions on home computer networks are not "readily accessible to the general public," regardless of whether they're encrypted.
Google's formulation is untenable, Bybee wrote, because a computer user who took great care to encrypt sensitive information in email to a doctor, lawyer, accountant, priest or spouse could lose that privacy if the recipient did not take the same care.
"Google, or anyone else, could park outside of the recipient's home or office with a packet sniffer while she downloaded the attachment and intercept its contents because the sender's 'radio communication' is 'readily accessible to the general public,'" Bybee explained, rejecting the notion.
Ninth Circuit Judge A. Wallace Tashima and U.S. District Judge William Stafford, visiting from Florida, concurred.
Elizabeth Cabraser of Lieff Cabraser argued the case for the plaintiffs. Wilson Sonsini partner Michael Rubin argued for Google.
The Wiretap Act provides statutory damages of $100 per day, and the potential class would appear to cover all U.S. computer owners surveyed by Google Street View who use wireless routers without encrypting their data. Lieff's Barnett said plaintiffs would also seek declaratory and injunctive relief.
"It's important for companies to understand that just because they can come up with a technological method to see people's private communications, that doesn't mean it's acceptable," she said.