In 2007, Google launched its Street View project to capture street-level images from various cities in the US and around the world. Privacy advocates raised numerous objections to the program, but they focused primarily on the collection of images by the Google Street View digital cameras. However, as Google ultimately disclosed, the Street View vehicles also intercepted and stored a vast amount of Wi-Fi data from nearby home networks. Following independent investigations, Google conceded that it gathered MAC addresses (the unique device ID for Wi-Fi hotposts) and network SSIDs (the user-assigned network ID name) tied to location information for private wireless networks. Google also admits that it has intercepted and stored Wi-Fi transmission data, which included email passwords and email content.
As a result of the interception of private wireless network communications, plaintiffs in many states filed suit against Google. Plaintiffs alleged violations of the federal Wiretap Act, 18 U.S.C. §§2511, et seq., the California Business and Professional Code, and various state wiretap statutes. In re Google Inc. St. View Elec. Communications Litig., 794 F. Supp. 2d 1067, 1072 (N.D. Cal. 2011). On August 17, 2010, the United States Judicial Panel on Multidistrict Litigation transferred eight cases to the Northern District of California. The Wiretap Act provides a private right of action against any person who “intentionally intercepts … any wire, oral, or electronic communication…” 18 U.S.C. § 2511(1)(a). However, Section 2511(2) provides exceptions to this private right of action where the “electronic communications system [is] configured so that such electronic communication is readily accessible to the general public.” 18 U.S.C. § 2511(2)(g)(i).
The District Court considered three issues: “(1) what ‘radio communication’ means within the purview of the Wiretap Act; (2) whether wireless home internet networks are ‘radio communications’ within the purview of the Wiretap Act’s usage of that term; and (3) whether cellular telephone calls constitute ‘radio communications’ as intended by Congress when drafting the Wiretap Act and, if so, whether such technology properly fits within any of the five enumerated exceptions to the definition of ‘readily accessible to the general public’ as outlined in Section 2510(16).” Id. at 1072.
The District Court dismissed the plaintiffs’ claims under state wiretapping law, finding that the federal Wiretap Act preempts the state wiretap statutory schemes. Id. at 1085. However, the District Court did not dismiss the plaintiffs claims under the Wiretap Act. The court did not accept Google’s argument that the Wiretap Act’s prohibitions were inapplicable to communications sent over an “open” Wi-Fi network. Id. at 1079. Specifically, the court found that Congress did not intend for “electronic communications” such as Wi-Fi to be included in the narrow exception [2511(2)(g)(i)] for radio services “readily accessible to the general public.” Id.
EPIC’s Interest in Ben Joffe v. Google
EPIC has an interest in the privacy and security of communications that are transmitted over home wireless networks. In fact, EPIC has taken several legal actions regarding Google’s specific interception of wireless network communications. EPIC also submitted an amicus brief to the district court in the instant case in response to the District Judge’s request for supplemental briefing.
In February 2011, EPIC filed a Freedom of Information Act lawsuit against the Federal Trade Commission over the agency’s failure to disclose to EPIC information about the FTC’s decision to end the Google Spy-Fi investigation. See EPIC v. FTC, No. 11-cv-00881 (D.D.C. May 12, 2011). EPIC sought documents that the FTC widely circulated to members of Congress and their staff that provide the basis for the agency’s decision. Documents obtained earlier by EPIC under the FOIA suggest that the FTC did not even examine the data Google gathered from private residential Wi-Fi routers in the United States. Ultimately, EPIC settled the case after the FTC turned over to EPIC agency records which suggested that the agency believed it lacked enforcement authority. However, the closing letter in the case also indicated that the Commission never undertook an independent investigation to determine whether other violations of law may have occurred.
EPIC’s Amicus Brief
In its amicus curiae brief filed with the Ninth Circuit, EPIC argued that Wi-Fi communications are not exempt from protection under the Wiretap Act. Specifically, EPIC argued that “Residential Wi-Fi networks enable point-to-point communications between specific devices, such as computers, printers, and Internet routers. These communications are not ‘broadcast’ like traditional radio communications; they are sent from one device to another directly and there is nothing about the typical configuration of a Wi-Fi device to suggest that users expect that their communications between these devices would be ‘readily accessible to the general public.'” EPIC also argued that “Wi-fi networks are typically private, allowing users to wirelessly connect devices within a home and transfer personal information to the Internet.”
EPIC also argued that “because Wi-Fi standards are subject to constant change,” the Wiretap Act “protects both encrypted and unencrypted Wi-Fi communications against unlawful interception.” Many older devices do not support strong encryption standards, but communications over those devices are still protected under the Wiretap Act. And most of the public Internet is distributed through unencrypted packet routing, but that does not mean the communications are “readily accessible to the general public.” EPIC argued that “the legal protections should depend on the private nature of the communications.”
Ninth Circuit Opinion and Reconsideration
On September 10, 2013, the Ninth Circuit issued its opinion in Joffe v. Google, affirming the lower court’s holding that the Wiretap Act covers the interception of unencrypted Wi-Fi communications. Joffe v. Google, 729 F.3d 1262, 1267-68 (9th Cir. 2013). The court reasoned that such communications did not fall under the ordinary definition of “radio communication” because they were not primarily auditory. Id. at 1270. The court rejected Google’s arguments as contrary to the plain meaning and legislative intent of the statute, as well as likely to produce absurd results such as leaving Wi-Fi communications subject to legal interception simply because the recipient failed to use encryption. Furthermore, the court concluded that such communications did not fall under the “readily accessible to the general public” exception because unencrypted Wi-Fi communications are (1) geographically limited and thus not “readily” available, and (2) accessible only with “some difficulty” because “most of the general public lacks the expertise to intercept and decode payload data transmitted over a Wi-Fi network.”Id. at 1277-78.
Google subsequently filed a petition for rehearing and rehearing en banc. The court granted Google’s petition in part and issued an amended opinion limiting the court’s holding solely to the conclusion that data transmitted over a Wi-Fi network is not a “radio communication” and thus not exempt from Wiretap Act protection. Joffe v. Google, 746 F.3d 920, 926 (9th Cir. 2013). The court further denied Google’s petition for rehearing en banc.Id. at 922.
United States Court of Appeals for the Ninth Circuit