Sarvesh Vichare Google Inc.

Wi-Spy, Privacy Rights In 2007, Google deployed cars equipped with digital cameras to capture street view images around the world in 30 different countries. But along with the digital camera, the vehicles were outfitted with off-the-shelf radio equipments and open-source software that enabled them to collect publicly available information on the unsecured Wi-Fi network. As European privacy authorities started investigating, in 2010 Google admitted publicly the capturing of SSID information and MAC addresses, with a reason so-called location aware service. The idea was Wi-Fi networks had limited range, the presence of such network acts as a unique geographical landmark. Knowing the combination of the Wi-Fi network in range of their devices allows individuals to pinpoint their approximate location in situations where satellite-based Global Positioning Service (GPS) is either inconvenient or unavailable(Benjamin Joffe v. Google Inc. 2012). But later it was learned that they have being collecting more than just identifying

information from the Wi-Fi network, so they again acknowledge capturing fragmentary payload data. Canadian officials who examined data samples said it was more than fragmentary. They found complete email messages, cookies, chat sessions and login credentials, according to an FCC report. French officials found data related to online dating and pornographic sites, and an email exchange between a man and a woman seeking an extramarital relationship (Graham 2013). Google has admitted its mistake, but maintained that the collection wasn't illegal because the data was collected from public locations and broadcast by the victims in plain text, even though it agreed to pay $7 million filed by 37 states and District of Columbia, the episode has being embarrassing were in they repeatedly stated implementation of new procedures to prevent such episode by even posting (Securing Wi-Fi Network 2013) on its official Blog.

Its a very serious issue were the privacy rights of an individual are easily violated but also at the same time its a concern about the current U.S. Constitution and its amendment for protecting individuals against government invasion of privacy but not an invasion of privacy by other individuals(Prof Courtney 2013 Slide, 5). Well, this topic of Google Wi-spy is of much importance for the field of Cyberlaw as the story revolves around the Wiretap Act (ECPA Title I). The 1986 Electronic Communication Privacy Act (ECPA), prohibits any one, including government, from wiretapping without search warrant with probable cause (Prof Courtney 2013 Slide, 46). Well, this story interest me a lot, not just because big organization like Google had to pay the price for invading individuals privacy, but at the same time the business they did even for a day with such amount of data captured is expected to be very high. Also as we move further analyzing the stepby-step process of different investigation involving the Google Wi-Spy scandal, we will realize the need for updating the present wiretap law for protecting unencrypted communication. Well, the story starts, when Google initiated the Street View project in multiple countries collecting street images with digital street view cameras mounted on Cars and Bicycles, but at the same time in mid 2007, it started collecting vast amount of data from unencrypted Wi-Fi network which were unknown to the public or kept hidden. As the European Privacy Authorities started investigating for the first time it came to the knowledge of public, about Googles Wi-spy activity, On April 23rd 2010, Germany announces that street view vehicle had being collecting data from Wi-Fi networks(Schaar 2010). Following the same Google deleted all the data collected in Ireland on May 16th 2010 (Eustace, ISEC_letter 2010). Italy, France, Switzerland, UK, Spain, Canada, Hong Kong, Austria and Czech Republic confirmed on carrying out the investigation. Finally on October 22nd 2010, Google ends its illegal collection and admits on having collected private information (Eustace, Creating stronger privacy controls inside Google 2010). On November 10th 2010, The Wall Street Journal reports that the Federal Communication Commission has opened an investigation on Googles Wi-Fi data collection (FCC Investigating Google Data Collection 2010).

Following the same, Googles pending patent application became public on November 29th 2010, which illustrated the use of Wi-Fi location data linked to particular user (Mitchell and Andrew 2010), we discussed this earlier so called as location aware services. France was the first to fine Google 100,000 Euros for violating French privacy laws (CNIL 2011). It says Google has been massively collecting for several years technical data on Wi-Fi networks, in order to provide for location-based services (including the services Google Maps, Street View and Latitude). CNIL conducted a series of on-site inspections to examine the conformity of these processing operations with the French data protection law. These inspections revealed various breaches such as collecting Wi-Fi data without the knowledge of the data subjects and the recording of data relating to content (IDs, passwords, login details, email exchanges). CNIL formally noticed GOOGLE in May 2010, to rectify its situation. Considering that it had not responded to its requests in a timely manner, CNIL sanction committee issued against the company, on 17 March 2011, a fine of 100,000. Alan Butler, of the Electronic Privacy and Information Center filed amicus curiae brief "... a phrase that literally means "friend of the court" -- someone who is not a party to the litigation, but who believes that the court's decision may affect its interest(Rehnquist n.d.) in (Joffe v. Google Inc. 2012), urging the court to affirm legal protection for the users of unencrypted Wi-Fi network. The Electronic Privacy Information Center (EPIC) is a public interest research center in Washington, D.C established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and other Constitutional values (EPIC About US 2005). In the amicus filed by EPIC, its particular interest was in ensuring that the federal privacy law protects the user of new communication services. The Electronic Communication Privacy Act of 1986 established in Federal Wiretap Act of 1968 wasnt updated so as to ensure the confidentiality of digital communication, and believed that the statute must be construed so as to treat the purposeful intercept of private electronic communication as an unlawful act.

So, the argument put forward by EPIC was to illustrate the plain language of the Electronic Communication Privacy Act of 1986, and not considering Wi-Fi network as broadcast communication, which eventually would let us in expecting the communication between these devices as readily accessible to general public. Instead Wi-Fi networks enable point-to-point communication between specific devices used in the household and the privacy being held across computer networks. More importantly, the data transferred over unencrypted wireless network doesnt change the fact that its still private, the intercepted data included messages, passwords, email and other files that are considered extremely private. The Wiretap Act provides right of action against any person who intentionally intercepts any wire, oral, or electronic communication 18 U.S.C. 2511(1)(a). However, Section 2511(2) provides exception to this private right of action where the electronic communication system [is] configured so that such electronic communication is readily accessible to the general public. 18 U.S.C 2511(2)(g)(i). So, in December 2010, Google filed a motion to dismiss plaintiffs complaint. It also added saying Wi-Fi transmission is carried on radio waves, so they constitute as a radio communication under the Wiretap Act. As a result they are governed by a section 2510(16) of the statute, which expressly defines a radio communication as readily accessible to general public unless it falls within one of the five specific exceptions 18 U.S.C 2510(16). Plaintiffs unencrypted Wi-Fi transmission did not fall within any of those so it didnt violate the Wiretap Act. So, after the oral argument District Court considered three issues and asked parties to provide supplementary briefs addressing 3 questions: 1. What the term radio communication mean under the Wiretap Act; 2. Whether Wi-Fi communications are radio communications; and 3. Whether cellular telephone calls constitute radio communication and, if so, whether such communications fall within any of the section 2510(16) exceptions.

To this Google responded with the following explanation, 1. Radio communication carries its ordinary meaning of any communication made over radio waves 2. Wi-Fi transmission, which are indisputably transmitted over radio waves, therefore readily come under the meaning of the term 3. Cellular telephone transmission (which has never being at issue in this case) both constitute radio communication under the Wiretap Act and fall within at least one of the section 2510(16)s exception. (BRIEF OF APPELLANT GOOGLE INC 2012) Also, Google showed that the statutes legislative history makes clear that Congress intended to protect cellular communications from interception through the Common-Carrier Exception in section 2510(16), which applies to a radio communication that is transmitted over a communication system provided by a common carrier (18 U.S.C. 2510(16) In light of this statutory protection, Google reassured the district court that it had no reason to be concerned that giving radio communication its ordinary meaning would leave cellular transmissions open to interception under the Wiretap Act(BRIEF OF APPELLANT GOOGLE INC 2012). So, the District Court declined to dismiss the Wiretap Act, saying Wi-Fi transmission is not a radio transmission - carrying an ordinary meaning of all communication transmission over the radio waves. Instead, the court came up with a specialized definition with no explanation but excluding radio transmission made by cellular phones and Wi-Fi networks. On that basis, the court allowed Plaintiffs Wiretap Act claim to survive. But, dismissed the plaintiffs claims under state wiretapping law, finding that the federal Wiretap Act preempts the state wiretap statutory schemes. On an Appeal from the United States District Court for the Northern District of California, Google represented a brief in the United States Court of Appeal for the Ninth Circuit, on February 8, 2012. The question presented in the appeal was whether Wi-Fi transmissions are radio communications under the federal Wiretap Act (18 U.S.C. 2510 et seq.).

Surprisingly, the District Courts ruling that a Wi-Fi transmission is not a radio communication was refuted by the history of Wiretap Act. In 1994, Congress enacted an amendment that extended the Wiretap Act to cover transmissions made over what Congress described as wireless data networks. It brought the Wi-Fi transmission within Wiretap Act protection for the first time but was repealed just two years later, recognizing that it swept too broadly. Thus, Congresss action established two things that Wi-Fi transmission is radio communication and moreover acquiring transmission from unencrypted Wi-Fi network doesnt violate the statute. Thus, the brief was concluded with the reasons asking to reverse the district courts decision. Also there is another story of Federal Communication Commission (FCC), who held an investigation in Googles Wi-spy activity, by repeatedly sending Letter of Inquiry (LOT)s, but Google was completely uncooperative. Earlier for months they refused to identify their employer responsible for developing the software by saying that would serve no useful purpose (FCC 2012 report 2012), later identified a rogue engineer, who invoked his Fifth Amendment right as not to testify. This let FCC with nothing to verify Googles Wi-spy scandal, eventually FCC fined Google $25,000 for obstructing FCCs investigation. On March 12, 2013, Attorney General George Jepsen announced the most recent multistate settlement of $ 7Million, with Google Inc, over its unauthorized nationwide collection of data from unsecured wireless networks (Jepsen 2013). Connecticut led the eight-state executive committee that worked for two years to investigate the matter and negotiate the assurance of voluntary compliance with Google. Including the executive committee, attorneys general for 38 states and the District of Columbia signed the agreement with Google to resolve their consumer protection and privacy claims. It was surprising for Alan butler of the Electronic Privacy and Information Center, who filed amicus curiae brief in Joffe v. Google, that there was not much energy behind it. He suggest the claim asserted in the case may cut against the Silicon Valley culture of experimentation and tinkering (Graham 2013)

Well, at least what I can reason out from all the discussion laid above was that, too much of attention was paid on the proving whether Wi-Fi transmission was radio communication, rather than concentrating on the private nature of the data in the first place. Its true that Wiretap Act could have being beneficial for wrapping up the story, but it refuted its own theory resulting WI-Fi transmission to have an ordinary meaning of transmission over radio network. We can now see significant consumer education campaigns by Google educating people about securing their wireless network, but does it take into account various unencrypted Wi-FI networks at coffee shops and shopping malls into consideration, because I dont think anyone wants these communication be readily accessible to general public as stated in the Wiretap Act. Moreover, talking about the History of Wiretap Act were the inclusion of radio communication was repealed just after two years as it was intended to protect some radio hobbyist who listened to police scanner, ships in distress, CB radio and other signals. But, this let the unencrypted Wi-Fi network under the same readily accessible to general public domain, now even to this, Senator Durbin called for update to Wiretap law which was supported by FCC chair to protect the unencrypted communication (Durbin 2012). I dont know whether Google has being honest for the whole time but if there were actually trying to collect MAC and SSID information, why was its software collecting other information, again for which they blamed the whole operation on a rogue engineer, but as far as my knowledge goes, implementation of any such technology goes through an accepted methodology which Google engineers did follow, its called pushing were in its not just a single persons involvement but an affirmation from the group leader to go ahead with the add-on feature. Also, a worldwide implementation of such software would require multiple teams assessment understanding its actual working. Well, it came out to be true in the FCCs complete report it revealed multiple engineers had knowledge of Wi-Fi payload data collection ( Full FCC report on Google Street View reveals new details 2012).

I dont want to jump to a conclusion about Googles behavior over the Wi-Fi scandal but stating that its not illegal to look into individuals private data doesnt seem to be reasonable. It can be related as saying, if my door is open its perfectly legal to break in because I forgot to lock my door. Well now they are stressing on implementing safety issue and asking everyone to encrypt Wi-Fi network, but my question still remains open about protecting communication over unencrypted Wi-Fi network at public place. So, I guess there is a concern for privacy rights, firstly updating the Wiretap Act to protect unencrypted Wi-Fi network along with encrypted ones, which might help it state that access to open networks or unencrypted Wi-Fi transmission as illegal. Its being seen that Elizabeth Cabraser, will go before the U.S. Court of Appeals for the Ninth Circuit, personally seeking what government regulators failed to obtain: meaningful sanctions against Google Inc for surreptitiously uploading personal data from home Wi-Fi networks (Graham 2013). We started with the discussion of Google involved in various cases all around the world in 9 different countries by having a brief of all the instances, and also discussed about earlier refusing to the fact, about its involvement in data collection, but after European Privacy Authority investigation, it did admit its mistake for the first time, at the same time various different investigation carried out in United States were discussed starting with amicus curiae brief filed by Electronic Privacy Information Center (EPIC) in United States District Court for the Northern District of California. So, the argument put forward by EPIC was to illustrate the plain language of the Electronic Communication Privacy Act of 1986, and not considering Wi-Fi network as broadcast communication, which eventually would let us in expecting the communication between these devices as readily accessible to general public. But as we know it refuted its own theory as in the history of Wiretap Act, Wi-Fi transmission was protected letting it be readily accessible to general public. Also, at the same time FCCs investigation was involved but as the rogue engineer invoked his Fifth Amendment, it became impossible for them to investigate further. Also, they were told that, Department of Justice long ago completed its thorough

examination and were already done with their investigation. Also, we saw that Connecticut led the eight-state executive committee that worked for two years to investigate the matter and negotiate the assurance of voluntary compliance with Google and settled for a fine of $7Million, unfortunately its full detail report wasnt available for discussion but would have being interesting to see what lead Attorney General for 38 states and District of Columbia to settle with an appropriate amount which FCC couldnt achieve. Well, it will be even more interesting to see Ms Elizabeth Cabraser who will go before the U.S Court of Appeals for the Ninth Circuit, against Googles Wi-Spy scandal. Its being called as The case that pits the renowned class action attorney against a pre-eminent technology company and Silicon Valley's most famous law firm. I believe that this might help in protecting the unencrypted Wi-Fi transmission is they happen to update the Wiretap Act.

Works Cited
Benjamin Joffe v. Google Inc. California , 2012. CNIL. "Google Street View : CNIL pronounces a fine of 100,000 Euros." CNIL. March 21, 2011. http://www.cnil.fr/english/news-and-events/news/article/google-street-view-cnil-pronouncesa-fine-of-100000-euros/ (accessed June 25, 2013). Durbin, Senator. "United States Senate Commitee ." EPIC, 2012. EFRATI, AMY SCHATZ and AMIR. FCC Investigating Google Data Collection. November 11, 2010. http://online.wsj.com/article/SB10001424052748704804504575606831614327598.html?mod= WSJ_hp_LEFTWhatsNewsCollection (accessed June 25, 2013). Ellison, Michelle. "FCC 2012 report." Inquiry Report, Federal Communication Commission, Washington D.C, 2012. EPIC About US. March 23, 2005. https://epic.org/epic/about.html. Eustace, Alan. Creating stronger privacy controls inside Google. October 22, 2010. http://googleblog.blogspot.com/2010/10/creating-stronger-privacy-controls.html (accessed June 25, 2013). . "ISEC_letter." Google User content. May 16, 2010. http://static.googleusercontent.com/external_content/untrusted_dlcp/www.google.com/en/us/p ress/pdf/ISEC_Letter.pdf (accessed June 25, 2013). Graham, Scott. "Sniffing or Spying: Court takes up google Street View suit." The American Lawyer . June 9, 2013. http://www.americanlawyer.com/PubArticleTAL.jsp?id=1202603532630&Sniffing_or_Spying_Co urt_Takes_Up_Google_Street_View_Suit&slreturn=20130527183024 (accessed June 25, 2013). Guynn, Jessica. Full FCC report on Google Street View reveals new details. April 29, 2012. http://articles.latimes.com/2012/apr/29/business/la-fi-google-probe-20120429 (accessed June 25, 2013). Jepsen, George. "Attorney General Announces $7 Million Multistate Settlement With Google Over Street View Collection of WiFi Data." Office of Attorney General. March 12, 2013. http://www.ct.gov/ag/cwp/view.asp?Q=520518&A=2341 (accessed June 25, 2013). Joffe v. Google . 11-17483 (United States Court of Appeals, February 8, 2012). Joffe v. Google Inc. 11-17483 (United States Court of Appeals for Ninth Circuit , February 8, 2012). Mitchell, and Andrew. User Challenge Using Information Based on Geography Or User Identity. USA Patent 20100218111. August 26, 2010. Prof Courtney, Kyle K. "Privacy and Cyberspace." IA 5240 Cyberlaw. Boston, MA, June 25, 2013 Slide. Rehnquist, William H. "amicus curiae." Tech Law Journal 89.

Schaar, Peter. "Google-Street-View tours also used for scanning WLAN-networks." Federal Commissioner for Data Protection and Freedom of Information. April 23, 2010. http://www.bfdi.bund.de/cln_134/sid_74A4D9FE1F85492D36F74BB3443C41EA/EN/PublicRela tions/PressReleases/2010/GoogleWLANScan.html (accessed June 25, 2013). Securing Wi-Fi Network, Blog. Securing Wi-Fi Network. June 27, 2013. http://googleblog.blogspot.com/2013/06/securing-your-wifi-network.html (accessed June 27, 2013).