Privacy Claims Proceed Against Google for “Street View” Data Interception

This posting was written by Cheryl Beise, Editor of CCH Guide to Computer Law.

Putative class action plaintiffs could pursue federal wiretapping claims against Google, Inc. for allegedly intercepting data from their wireless home networks during the course of its “Street View” mapping project, the federal district court in San Francisco has held.

The court, however, dismissed claims under various state wiretapping statues as preempted and under the California Unfair Competition Law for lack of standing.

Capture of Streamed Data

Google Street View featured panoramic views of various positions along streets using photos taken by vehicles equipped with nine directional cameras to capture 360 degree views of the streets and 3G/GSM/Wi-Fi antennas with custom-designed software for the capture and storage of wireless signals and data, commonly known as “wireless sniffers.”

Google’s wireless sniffers secretly captured data packets as they streamed across Wi-Fi connections, stored them on digital media, and later decoded them using crypto-analysis or a similarly complicated technology. The content of the captured data packets (payload data) included SSID information (Wi-Fi network names), MAC addressed (Wi-Fi network hardware ID numbers), usernames, passwords, and personal e-mails.

Federal Wiretapping Claim

The Wiretap Act, enacted as Title I of the Electronic Communications Privacy Act (ECPA) of 1986, establishes a private right of action against interceptors of an “electronic communication,” but creates an exception for interceptions of communications that are “readily accessible to the general public.” It also exempts an enumerated list of “radio communications,” none of which applied in the instant case.

While the statute does not define the term “radio communication,” an unrelated provision of statute stated that “readily accessible to the general public” with regard to a “radio communication” included a communication that was not “scrambled or encrypted.”

Google argued that its conduct was an exempt radio transmission because the plaintiffs did not plead that their Wi-Fi networks were scrambled or encrypted, and therefore their transmissions were “readily accessible to the general public.” The court disagreed. Both the various provisions within the ECPA, when read together, and the statute’s legislative history evidencing Congressional intent in passing the statute in 1986 supported the conclusion that the exemption for “radio communications” did not include wireless Internet networks.

Unlike traditional radio services transmissions, communications sent via Wi-Fi technology were not designed or intended to be accessible to the general public. Wi-Fi transmissions were more akin to private cellular telephone communications, a radio communication technology that existed in 1986 and purposely was left out of the ECPA’s radio communications exemption, according to the court.

State Wiretapping Claims

The court also held that the federal Wiretap Act preempted various state wiretapping statutes. While the ECPA contained no express preemptive statement, the statute was intended to comprehensively regulate the interception of electronic communications such that the scheme left no room for further regulation by the states, in the court’s view. The statute struck a balance between the right to the privacy of one’s electronic communications against the ability of radio technology users to inadvertently intercept communications.

Additional state regulation could upset that balance and could obscure the legislative scheme surrounding innovative communications technologies that Congress intended to clarify through the Act, the court reasoned. Further, the ECPA’s civil and criminal penalties provided broad protections for unlawful interceptions.

California Unfair Competition Law

The plaintiffs’ Unfair Competition Law claims were dismissed for failure to allege cognizable injury. The plaintiffs' allegations that they “suffered injury in fact and lost property as a result of the unfair and unlawful business practices” failed to meet minimal standing requirements.

Allegations of loss of personal information and invasion of privacy were insufficient to establish standing, according to the court. Intercepted data packets did not qualify as “lost property” for purposes of UCL standing. Attorneys’ fees and expenses incurred in litigation also could not be used to invoke standing.

Stay Pending Appeal

In a separate order, the court granted Google’s motion to stay the case pending immediate interlocutory appeal of the court’s interpretation of the term “radio communication” in the Wiretap Act; specifically, whether the term encompasses data packets transmitted from a wireless home network.

Certification was justified because the issue presented a novel question of statutory interpretation, involved a controlling question of law as to which there is a credible basis for a difference of opinion, and its resolution would materially advance the ultimate outcome of the litigation.

Two recent decisions in the case—In re Google, Inc. Street View Electronic Communications Litigation—are reported at CCH Guide to Computer Law ¶50,215 and ¶50,221. The decisions also will appear in CCH Privacy Law in Marketing.