Google Inc. wants the world to know the company doesn’t spy. In the U.S. Supreme Court, Google is fighting a ruling in a class action that alleges violations of federal wiretap law.
In its petition to the high court, Google contested the ruling of the U.S. Court of Appeals for the Ninth Circuit that denied a motion to dismiss a class action. The suit alleges Google’s collection of data for its Street View feature—a key feature of Google Maps—violated the federal Wiretap Act.
“I think this case is kind of flying under the radar,” said Bruce Boyden, an associate professor at Marquette University Law School and privacy expert. Although the case may not have far-reaching implications for the industry, a denial of certiorari by the Supreme Court could potentially expose Google to millions of dollars in damage payouts. The case is on the justices’ Thursday conference.
From 2007 to 2010, while developing Street View for its popular Google Maps application, the tech company deployed an army of cars to collect ground images and network data the world over.
Google soon ran into trouble when German authorities discovered the cars’ data collection didn’t merely pick up images of streets. Google acquired a torrent of private emails, URLs, and passwords known as “payload data.”
Google reacted quickly to the discovery, writing in a 2010 blog post, “it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. nonpassword-protected) Wi-Fi networks, even though we never used that data in any Google products.”
The Federal Communications Commission soon put to bed the notion that this “mistake” was indeed unintentional.
A report summarizing the agency’s investigation into Google mentions email correspondence between an unidentified engineer and a senior project manager of Street View in which they “openly discussed [the engineer’s] review of payload data.” The agency fined Google $25,000 for failing to comply fully with the investigation.
A year later, Google settled for $7 million a flurry of civil claims with 38 state attorneys general and the District of Columbia. But the settlement did not shield Google from civil claims in federal court—now manifest in Joffe v. Google, the case that Google hopes will be heard by the Supreme Court.
The maximum damages for violating the Wiretap Act is $10,000 per aggrieved party. With thousands of potential claimants, the stakes are high.
Under the Wiretap Act, people are not allowed to intentionally intercept electronic communications unless those communications are radio broadcasts “readily accessible to the general public.”
Google argues that because Wi-Fi networks use radio frequencies to transmit payload data, the data itself is a form of radio communication. And because the Wi-Fi networks are unencrypted, they can also be considered “readily accessible to the general public,” thus exempt from the Wiretap Act.
Alan Butler is unconvinced. As appellate counsel for the Electronic Privacy Information Center, Butler was on an amicus brief in the Ninth Circuit in support of the plaintiffs fighting to hold Google liable.
“To say that my home network is ‘readily available to the general public’ because it is unencrypted does not pass the smell test,” Butler said.
Both of the lower courts agreed. With the absence of a definition of “radio communication” in the statute, Circuit Judge James Ware held that the court was to take the original or common meaning of the term, namely auditory radio broadcasts, not payload data.
Google’s appellate counsel, led by former solicitor general and veteran high court litigator Seth Waxman, accused the court of an outdated reading of the law. Google’s lawyers argued that text files can be transmitted over radio in the same way that sound files can be, and to limit the definition of “radio communication” to the latter is “illusory.” (Waxman declined to comment.)
In their response, the plaintiffs, represented by Lieff Cabraser Heimann & Bernstein, Cohen Milstein Sellers & Toll and Spector Roseman Kodroff & Willis, stepped back from the minutiae and cast a cynical glow.
“The conduct Google wishes Congress had condoned,” read the respondent’s brief, “is simply the modern version of a voyeur who lurks, unobserved, within view of the window of a home hoping to steal a glimpse of a private moment.”
Outside of potential monetary damages, the implications for denying the certiorari petition are unclear. Some observers have voiced concern that the case could potentially hinder security researchers who use payload data to diagnose connection problems and find out who is using a network. But as Marquette’s Boyden notes, a key provision for that is consent.
Boyden said the reasons for Google’s Supreme Court petition are more clear. “The most obvious thing that they’re fighting against is the potential liability in this lawsuit,” he said.
But in order to fight that the potential, the justices have to not only agree to take the case but they also must rule in Google’s favor. “Those are two very big if’s,” Butler said.
Contact Jimmy Hoover at firstname.lastname@example.org.