Google loses appeal in Street View Wi-Fi collection case -- right or wrong?
Google faces claims for damages from people who had personal data collected from their wireless networks as the company gathered information for its Street View service. Google had previously claimed that emails, usernames and passwords had been collected unintentionally, but the appeal ruling means that the company is not exempt from liability under the federal Wiretap Act.
Back in 2010, Google admitted that data such as network SSIDs and MAC addresses were collected along with photos. In this blog post the company denied that it pulled "payload data" (essentially the data that is being sent over the networks) but it was later revealed that "Google did indeed collect (and store) this information from unencrypted Wi-Fi networks". A full report is available to read online. Google was required to delete this data, and indeed did so.
But this did not stop the court cases from groups of people who felt that their privacy had been invaded. Google tried to claim that its collection of data was exempt from the Wiretap Act but this was rejected because "data transmitted over a Wi-Fi network is not an 'electronic communication' that is 'readily accessible to the general public'". The ruling in the Joffe vs Google case can be read in full online -- including the reminder that Google was found to have collected 600GB of data transmitted over wireless networks in 30 countries.
Google has thus far had little to say on the ruling, but a spokesperson told me, "We are disappointed in the Ninth Circuit's decision and are considering our next steps".
The court decision led to some lively debate here at BetaNews. I'll leave things anonymous for now, but it was suggested by one member of the team that there was no problem with Google gathering data from a public place assuming there was no encryption to bypass. Another argument that cropped up was that Google could not be considered to have been wiretapping as it collected the data without meaning to.
The counter argument was that Google should have been fully aware of exactly what data it was collecting whilst travelling the streets of the world. Breaking the law by accident, or unintentionally, is still breaking the law -- and it's only right to expect an appropriate punishment to be handed out.
The appeal ruling says it would be "absurd" to consider emails and other data sent over an unencrypted network to be "readily accessible to the public", so it is fair to assume that software had to be written that was capable of harvesting this specific information.
We'd be interested to hear what you make of it all. Should Google be penalized for the "unintentional" collection of data? Is data transmitted over an unsecured Wi-Fi connection fair game?