Google Wi-Fi Data Capture Unethical, But Not Illegal
By Tony Bradley, PCWorldJun 12, 2010 9:30 am PDT
Google is under global scrutiny for its “accidental” gathering of wi-fi data while driving about photographing the world with its Street View camera cars. In the court of public opinion Google’s actions cross ethical boundaries, but whether or not the activities were illegal depends on the laws in place for the given jurisdiction. Businesses in the United States should understand that the interception of publicly available data traversing the airwaves is probably not illegal.
Granted, “probably” is not a very legally precise term, but the reality is that publicly-available wireless networks fall into a legal gray area that isn’t defined very well. Google didn’t “steal” anything, or even violate any expectation of privacy per se. All Google did was intercept airwaves that were trespassing in its vehicles.
The lesson for businesses and IT administrators is that you have to put forth some effort to at least give the appearance that you intend for the information to be private in order for there to be any inherent expectation of privacy. The burden should not be on Google, or the general public to have to determine whether the data you let freely fly about unencrypted is meant to be shared or is intended for a specific audience.
Some will equate Google’s actions to someone taking property from a business with an unlocked door. The comparison is not apples to apples, though. If a business has an unlocked, or even a wide open door, passersby still know that entering it would be trespassing, and that taking property from inside would be stealing.
However, in Google’s case, it is more like the business took its property and set it out in the middle of the street. In fact, it might not even be in front of the business, or even on the same street–since the wi-fi signal from the wireless router is broadcast for a respectable distance in all directions. If someone were walking down the street and found a laptop, or a copy machine in the middle of the street, taking it would be neither trespassing, nor stealing–just serendipitous.
There have been cases where individuals have been fined or prosecuted for accessing open wireless networks. A Michigan man was fined and forced to perform community service for accessing a local café’s wireless network without being a customer. An Illinois man plead guilty and received a fine after being caught riding on the wireless network of a non-profit agency from his parked car.
I would argue that even those actions were not technically illegal. If I am out in public with my laptop or iPad, and it detects an available, unencrypted network to connect to, there is no way for me to know whether the owner meant for that network to be private, or if it is intended as a public hotspot. A wireless network is a wireless network, and some devices are configured to connect to any available wireless signal.
Google, however, did not “access” the open networks. It simply intercepted the unencrypted data that businesses and individuals beamed through the air willy-nilly. The data was left in the middle of the street so to speak, and Google gathered it as it drove through collecting photograps.
In Google’s case, the legal issues may just be beginning, though. Some countries, like Germany, have a much different opinion of privacy and different laws in place. Even in the United States, there may still be legal avenues for pursuing Google. But, if Google simply collected data that was publicly available, and never even accessed or used the data in any way as they claim, I fail to see where it did anything wrong.
If you want to stay out of the legal gray area, and protect your data you must turn on encryption for your wireless network. WEP encryption is pathetically simple to crack–trivial for anyone interested, but even WEP at least implies that you intended the data to be private. For better protection, you should employ WPA, or better yet WPA-2 encryption.
If you have a business–like a coffee shop or book store–where you want to share a public wireless network, but only with patrons and only under certain conditions, then you should implement some sort of initial notice or login screen that explains the policy for acceptable use of the wi-fi connection.
I am not a lawyer, and I don’t play one on TV–or even on the Internet, but the bottom line is that if someone walking or driving by can intercept your unencrypted data as it trespasses into their airspace, it’s not your data any more.