A U.S. appeals court has once again rejected Google's argument that it did not break federal wiretap laws when collecting user data from unencrypted wireless networks for its Street View program.
In a ruling this week, the U.S. Court of Appeals for the Ninth Circuit held that payload data transmitted over a Wi-Fi network is not "radio communications" as defined under the federal Wiretap Act and as claimed by Google. That means the company cannot claim an exemption for its Wi-Fi data collection under the Wiretap Act.
The appellate court also rejected Google's petition for an en banc, or full court, review of the case. The opinion clears the way for a lawsuit filed against Google over its Street View data collection to proceed in District Court.
"The Ninth Circuit's ruling in the Google Street View case is significant because the court affirmed its previous holding that Wi-Fi communications are protected under the Wiretap Act," said Alan Butler appellate advocacy counsel with the Electronic Privacy Information Center (EPIC).
"Google has been subject to investigation in the U.S. and Europe for its collection of private Wi-Fi communications, and the court's refusal to dismiss this case shows that this collection might have violated federal law," Butler said.
In 2010, Google admitted that its Street View cars had inadvertently captured data transmitted over open Wi-Fi networks when shooting photos. The company apologized for its actions and said it would destroy or render inaccessible close to 650GB of data it had collected from Wi-Fi networks.
Several individuals later sued, claiming Google had violated the Wiretap Act, which prohibits the intentional interception of electronic data. In the lawsuit, the plaintiffs noted that Google's Street View cars had recorded a considerable amount of data from open Wi-Fi networks including SSIDs, MAC addresses and even "payload" data such as personal emails, passwords, videos and documents.
Google claimed that its actions were legal because the only data it collected was data that was unencrypted and freely available to the general public over unsecured wireless networks. The company claimed that people who did not take affirmative action to protect their data on wireless network should no expectations of privacy over the data.
It likened unsecured wireless data to open radio communications and claimed that the Wiretap Act did not offer any privacy protections to the data.
A District Court judge who heard the case rejected Google's argument and held that wireless data is very different from radio communications and therefore enjoys specific privacy protections.
Last September, the Ninth Circuit upheld the District Court's ruling after Google filed an appeal. This week's ruling reaffirms that opinion.
However, it also deletes a significant portion of the earlier ruling in which the court held that unencrypted communications sent from or received by an open Wi-Fi network was not generally accessible to the public. The court also granted a Google request for a rehearing of the case.
Daniel Castro, a senior analyst with the Information Technology and Innovation Foundation (ITIF), said the amendment is significant for Google.
"It's fairly rare for a court to significantly modify a previous opinion," Castro said. With the appellate court's first ruling, Google almost did not have a case. This week's opinion "opens the door for them to continue to argue the case."
A Google spokesman expressed muted satisfaction over the developments. ""We're pleased that the Court granted our request for a rehearing and revised its opinion. But we are disappointed that the order was not completely reversed and are considering our next steps."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is email@example.com.
Read more about internet search in Computerworld's Internet Search Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.