Google has asked the U.S. Supreme Court to decide whether its photosnapping Street View program is legal after a federal appeals court ruled that it violates privacy laws. If it takes the case, the high court’s ruling could have far-reaching implications on whether private companies can freely collect personal data that most government agencies typically can’t without the court’s permission.
From 2007 to 2010, Google’s Street View program used cars equipped with cameras and antennae to roll through neighborhoods snapping pictures collected. The cars tapped into unencrypted Wi-Fi connections nearby to gather geolocation data — including local weather and restaurant listings — to help verify where the pictures were taken.
But Google’s Street View cars were also collecting “names, addresses, telephone numbers, URL’s, passwords, e-mail, text messages, medical records, video and audio files, and other information from internet users in the United States,” according to the Federal Communications Commission. Google said it purged the data it gathered in about 30 countries once the practice was uncovered in 2010.
The Internet giant has staunchly maintained that sniffing out data with its software isn’t wiretapping, but more like using a radio to catch AM/FM broadcasts anyone can access. Google was even cleared of direct responsibility by three federal agencies — the Justice Department, FCC and the Federal Trade Commission. But in September, the U.S. Court of Appeals for the 9th Circuit ruled that the program violated the Wiretap Act, which protects public electronic communications, such as Internet traffic, from being intercepted or stored.
Google’s defense of its actions now, however, raises questions about the company’s commitment to privacy. In the wake of the Edward Snowden leaks that revealed how the National Security Agency relied on Google for its PRISM metadata program, Google has been very outspoken about how such surveillance infringes on privacy rights. The company has even met with President Obama several times alongside fellow tech giants including Facebook and Yahoo. “It’s really outrageous that the National Security Agency was looking between the Google data centers, if that’s true,” Google Executive Chairman Eric Schmidt told The Wall Street Journal. “The steps that the organization was willing to do without good judgment to pursue its mission and potentially violate people’s privacy, it’s not OK.”
Google’s data collection practices frequently raise privacy concerns. The company collects user data through its search engine, social network, Google Plus, GMail, and Android software for mobile devices. Google was recently outed with Apple and Microsoft for a loophole in its privacy policies that allow the company to read and share email contents without any legal ramifications. Moreover, Google is currently fighting class-action lawsuits claiming it reads emails from its more than 400 million GMail customers. Google said its Wi-Fi tapping is legal because it doesn’t collect “auditory broadcasts,” or radio transmissions, and only uses publicly accessible connections. Because they’re not password-protected, Google said “the information transmitted across the network may be acquired by the public,” according to court documents.
The appeals court said that’s only partly true, in its decision. Getting private data like emails and documents over an open Wi-Fi connection has some degree of difficulty and “requires sophisticated hardware and software.” On the other hand, security researchers can also mine and analyze data to look for vulnerabilities collected through unencrypted Wi-Fi connections — even if they don’t read it.
Government agencies have used similar technology to listen to Wi-Fi traffic and collect payload data just to get a person’s location, sometimes without a warrant, according to the Electronic Frontier Foundation. Law enforcement use devices such as a “moocherhunter,” which can pinpoint a Wi-Fi user’s physical location, and a “stingray,” which can snag data off cell phones.