I saw this story linked over on Facebook and thought it was time to revist question. Preston Gralla over on ComputerWorld reports that Google, although fined $25,000 dollars a few days ago over an issue related to this question, is maintaining that it did nothing illegal when it “snooped” though multitudes of WiFi networks.
The fallout from Google collecting private information such as email from people’s Wi-Fi networks several years ago just got worse. Google claims that it did nothing illegal by snooping on people’s private unencrypted Wi-Fi networks, including gathering emails, private passwords, and more.
The issue dates back to 2010, when it was discovered that the cars Google used to photograph streets for its Street Maps service were also gathering private data from people’s personal Wi-Fi networks — all communications sent over the network, including private email messages. Google uses the innocuous term “payload data” to describe those communications.
Question: if I put something I feel is private on a notecard and tape it to the bottom of street sign in busy northwest DC, do I have an argument to make when I say people shouldn’t be reading what I wrote? Would reasonable people not contend that if it was truly “private” I shouldn’t put it up for public viewing?
The WiFi networks Google executed the Mother of All Wardrives on were pretty much all privately-owned networks but they were also networks broadcasting unencrypted on public airwaves. I wrote about this kind of thing clear back in 2005 and again in 2007. In all this time, I’ve never once heard a compelling rebuttal to my point:
The owner of this network knew full well that his wireless access point was operating “openly”, knew what he needed to do to fix it, and made a conscious decision to not do it. So, there he is, broadcasting a radio signal on a publicly-available frequency at a power and direction guaranteed to extend beyond his property lines, having done nothing whatsoever to secure access to it, and he’s calling the cops on someone for making use of it. Perhaps a more familiar metaphor would help clarify this issue. Imagine for a moment that Mr. Dinon has cable television. He likes to watch his TV outside because the weather is so lovely in Florida and sets up a televison in his driveway with the screen facing the street. He turns the TV on and sets it to a local station. For some reason, when he decides to go back inside, he leaves the TV running. All day, every day. Now imagine someone else – we don’t know who – pulls up in his car and parks on the street in front of Mr. Dinon’s house in such a position that he can see the TV. He starts watching. Mr. Dinon and Special Agent Breeden want you to accept their assertion that this imaginary situation represents a man stealing something.
The network broadcasts are sent on public spectrum and they extend past the property line into public spaces. They are not secured in any way, leaving one unable to reasonably infer that they were intended to be restricted access. Gralla cites a NY Times article that posits the notion that Communications Act and the Wiretap Act might – maybe – govern this activity. But the Times reporters themselves note a serious problem. They found that the Wiretap Act:
…says it is “not unlawful to” intercept unencrypted communication, but it does not give specific permission for the interception of unencrypted communications.
There’s a word for things that laws don’t call “illegal.” That’s “legal.” As in, you can do it. It may have been a PR blunder to beat the band but it’s not illegal. I know people have this tendency to think that unless someone’s written down that they’re permitted to do this or that then they can’t but that’s not how it works for a free people. You can do anything you like so long as the law says you can’t. And it has to be fairly explicit. I’m sorry there are people upset about this but the fact of the matter is it’s not illegal to receive a broadcast on a public radio frequency. And anyone that would like to keep their network and information private should take the 5 minutes needed to secure their own network.