Microsoft Subnet An independent Microsoft community View more

Sniffing open WiFi may be wiretapping judge tells Google

A federal judge ruled that Google can be sued for wiretapping after sniffing open Wi-Fi in Wi-Spy privacy lawsuit about wardriving Street View vehicles.

Looks like Google Street View cars may have been "officially" riding dirty and Google may get slapped hard for its Wi-Spy fiasco. A federal judge did not dismiss the case against Google; instead in the first such decision of its kind, the judge ruled that sniffing open Wi-Fi packets might violate the Federal Wiretap Act.

Remember when intelligence gathering ability was allegedly "going dark" due to the masses moving to VoIP like Skype and the feds had wanted CALEA to require a backdoor so law enforcement can intercept online encrypted communication? Microsoft's "Legal Intercept" patent to monitor VoIP may be the easy-access eavesdropping the feds were hoping for, but it also wasn't too long ago when the FBI was seeking Google's help in wiretapping. It's doubtful the kind of wiretapping help the FBI wanted would have included when the Internet search giant intercepted packets on non-password-protected Wi-Fi networks. But now Google may be legally liable for wiretapping in regards to the 600GB "payload" of MAC addresses, usernames, emails, passwords and other "private" data gobbled up by Street View mapping vehicles.

U.S. District Judge James Ware ruled, [PDF] "The court finds that plaintiffs plead facts sufficient to state a claim for violation of the Wiretap Act. In particular, plaintiffs plead that defendant intentionally created, approved of, and installed specially-designed software and technology into its Google Street View vehicles and used this technology to intercept plaintiffs' data packets, arguably electronic communications, from plaintiffs' personal Wi-Fi networks. Further, plaintiffs plead that the data packets were transmitted over Wi-Fi networks that were configured such that the packets were not readable by the general public without the use of sophisticated packet-sniffer technology."

Although Google argued the data was "readily accessible to the general public," because the networks "were 'open' and 'unencrypted'" and should not then qualify as a wiretapping violation, Judge Ware called that claim "misplaced." This case is important on many levels as it may determine if sniffing open Wi-Fi packets constitutes wiretapping. Sniffing open, unencrypted Wi-Fi is hardly rocket science these days; even the truly clueless can master automated tools like Firesheep and FaceNiff. Whether you leave your wireless network open and unencrypted, or sometimes use such a wireless network at a coffee shop, we should all be paying attention to this to find out if we could be sued for wiretapping.

Google had first claimed it didn't realize it was wardriving, sniffing and snarfing up data on unsecured Wi-Fi networks in about a dozen countries. Then it claimed the Street View car debacle was a mistake and apologized. Now Google claims the lawsuit is "without merit" as it argued that open Wi-Fi networks were like "radio communications." Since the judge is not letting Google wiggle off the wiretapping hook that easily, now the company is considering appealing and is "still evaluating our options at this preliminary stage." I wonder if we'll see Street View cars rollin' or if there are too many people hatin' now?

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies