June 23, 2010 6:15 AM
- Text
Google's Big Wi-Fi Problem May Be Wiretapping, Not Privacy
(MoneyWatch) 
Google's (GOOG) ham-handed program to record data from Wi-Fi networks has turned into an international rump kick for the company. Attorneys general in 30 states are talking about taking action in the U.S., and privacy regulatory bodies throughout Europe have the company in their sites. However, domestically at least, it could turn out that privacy issues are the least of Google's problems, because the company may have run afoul of criminal wiretapping laws.
Virtually all public focus has been on how badly Google might have violated privacy statutes. However, I remembered that a security expert once told me that Wi-Fi presented a special legal problem. The networking system uses radio, which means picking up the signals is easy. However, the technology brings it within the scope of U.S. telecommunication laws that prevent people from recording private data.
I spoke with Jonathan Gordon, a partner with the law firm Alston & Bird, who is familiar with the laws. He thought that Google's exposure in the U.S. under privacy laws, is not necessarily so high. "If you look at most of those laws, they're mostly intended to make sure that the breach, even if there is one, isn't a situation where the personal information is going to be compromised," he says. "Most of the laws start off with the proposition that the person or company is a collector of the personal data."
The privacy laws were not written to cover cases in which the original owner of the data failed to take adequate steps to protect it. Given that there is no suggestion that Google, in turn, lost the data to another party, the privacy issue ultimately may be a dead end in terms of trouble for the company.
However, the eavesdropping and wiretapping laws focus on intercepting communications. Recording the conversations could be interpreted as exactly that, given two conditions:
That's not an air-tight argument because it does depend on the expectation of the consumer. "To the extent that any owner or user of a Wi-Fi network believes that they took steps to secure, protect, encrypt, they have a much stronger argument of an expectation of privacy and confidentiality that would potentially trigger the eavesdropping laws," says Gordon. That could mean that people who thought they had correctly set up a Wi-Fi connection could have had a reasonable expectation of confidentiality.
Another question that arises is whether data that came over an encrypted secure network would also trigger the law. Most examinations of the situation have focused on unencrypted Wi-Fi networks, because the presumption was an issue of privacy. However, a secure network would indicate a reasonably high expectation of confidentiality. Recording the encrypted data, especially when encryption can be cracked using statistical methods and enough data, might be as damning as recording unencrypted data.
The part about intent is interesting. Google has been loudly proclaiming its lack of intent in recording the data. Interestingly, at least in the U.S., intent doesn't generally play a part in privacy laws, but it does in wiretapping. Google would still face a difficulty with that assertion, because the company wrote code to collect the data, installed hardware to record the data in the Street View cars that did the collection, and then stored the data. That is quite the chain of activity to explain as a series of accidents. And, unfortunately for Google, Attorneys General Martha Coakley of Massachusetts and Lisa Madigan of Illinois are now looking into potential violations of not only privacy laws, but federal wiretapping statutes.
Related:
Google's (GOOG) ham-handed program to record data from Wi-Fi networks has turned into an international rump kick for the company. Attorneys general in 30 states are talking about taking action in the U.S., and privacy regulatory bodies throughout Europe have the company in their sites. However, domestically at least, it could turn out that privacy issues are the least of Google's problems, because the company may have run afoul of criminal wiretapping laws.Virtually all public focus has been on how badly Google might have violated privacy statutes. However, I remembered that a security expert once told me that Wi-Fi presented a special legal problem. The networking system uses radio, which means picking up the signals is easy. However, the technology brings it within the scope of U.S. telecommunication laws that prevent people from recording private data.
I spoke with Jonathan Gordon, a partner with the law firm Alston & Bird, who is familiar with the laws. He thought that Google's exposure in the U.S. under privacy laws, is not necessarily so high. "If you look at most of those laws, they're mostly intended to make sure that the breach, even if there is one, isn't a situation where the personal information is going to be compromised," he says. "Most of the laws start off with the proposition that the person or company is a collector of the personal data."
The privacy laws were not written to cover cases in which the original owner of the data failed to take adequate steps to protect it. Given that there is no suggestion that Google, in turn, lost the data to another party, the privacy issue ultimately may be a dead end in terms of trouble for the company.
However, the eavesdropping and wiretapping laws focus on intercepting communications. Recording the conversations could be interpreted as exactly that, given two conditions:
- The person had a reasonable expectation of confidentiality.
- The eavesdropper intentionally recorded the communications.
That's not an air-tight argument because it does depend on the expectation of the consumer. "To the extent that any owner or user of a Wi-Fi network believes that they took steps to secure, protect, encrypt, they have a much stronger argument of an expectation of privacy and confidentiality that would potentially trigger the eavesdropping laws," says Gordon. That could mean that people who thought they had correctly set up a Wi-Fi connection could have had a reasonable expectation of confidentiality.
Another question that arises is whether data that came over an encrypted secure network would also trigger the law. Most examinations of the situation have focused on unencrypted Wi-Fi networks, because the presumption was an issue of privacy. However, a secure network would indicate a reasonably high expectation of confidentiality. Recording the encrypted data, especially when encryption can be cracked using statistical methods and enough data, might be as damning as recording unencrypted data.
The part about intent is interesting. Google has been loudly proclaiming its lack of intent in recording the data. Interestingly, at least in the U.S., intent doesn't generally play a part in privacy laws, but it does in wiretapping. Google would still face a difficulty with that assertion, because the company wrote code to collect the data, installed hardware to record the data in the Street View cars that did the collection, and then stored the data. That is quite the chain of activity to explain as a series of accidents. And, unfortunately for Google, Attorneys General Martha Coakley of Massachusetts and Lisa Madigan of Illinois are now looking into potential violations of not only privacy laws, but federal wiretapping statutes.
Related:
- Google Learns That When No One Trusts You, Even Crap Charges May Stick
- Google and the Seven Stages of Astoundingly Bad Crisis PR
- Google's Privacy Mess Gets Worse: It Collected Wi-Fi Data in the U.S., Not Just Europe
- Google's Management Arrogance: Wi-Fi Data Slurp-Up Shows No One's Running the Store
-
Erik Sherman Erik Sherman is a widely published writer and editor who also does select ghosting and corporate work. Follow him on Twitter at @ErikSherman or on Facebook.
Follow on Twitter »
Latest Now in MoneyWatch
- Big banks, gov't officials strike $25B deal
- LinkedIn swings back to profit
- LinkedIn doubles revenue, beats growth estimates
- Kodak to stop making digital cameras, frames
- Market cap, schmarket cap, Apple still gets no respect
- Philip Morris Int'l income up nearly 8 percent
- Survey: Small biz plans big hires in 2012
- Freddie Mac: Mortgages inch higher but stay low
- Will the European debt crisis sink Obama's re-election?
- Banks in $25B deal to settle foreclosure abuses
- Joe Coffee: Scaling up without selling your soul
- Greek agreement accomplishes nothing
- 401K plans: New rules make costs clearer
- Are women leaders selling themselves short?
- Ask the Experts: New 401(k) rules
- Mortgage lenders strike a deal
- $25B foreclosure-abuse settlement reached
Latest CBS News Headlines
on Facebook
on CBS News
- Romney "glitter bomb" suspect loses his job
- APNewsBreak: Judge upholds Hyperion permit in SD
- NY Fashion Week: Wearable, sellable style for fall
- Summary Box: LinkedIn impresses with 4Q results
on Facebook
- Adele opens up about vocal cord surgery
- Tenn. father charged with murdering couple who"unfriended" daughter on Facebook
- Mo. teen gets life in prison for murder of 9-year-old girl
on CBS News
