Google Intercepted E-Mail Content and Passwords

October 22, 2010. Google disclosed in a release that the data that its Street View vehicles collected as part of its WiFi surveillance project included "entire emails and URLs ... as well as passwords".

Google did not disclose this information to Congressional investigators earlier this year. See, story titled "Rep. Markey and Rep. Barton Write FTC Regarding Google Data Collection Activities" in TLJ Daily E-Mail Alert No. 2,085, May 20, 2010; story titled "House Commerce Committee Leaders Write Google Regarding Wi-Fi Data" in TLJ Daily E-Mail Alert No. 2,090, June 2, 2010; and story titled "Google Responds to Congressional Inquiry Regarding Its Collection of Data from WiFi Networks" in TLJ Daily E-Mail Alert No. 2,094, June 15, 2010.

See also, story titled "Canada Finds Google Violated Its Privacy Law" in TLJ Daily E-Mail Alert No. 2,145, October 22, 2010.

Google also stated on October 22 that it would strengthen its internal privacy policies and security practices.

The Google Street View project supplements the Google Maps project by providing 360 degree street level imagery. That is, one can use Google Maps to enter a street address, and locate it on a map. Google Street View then enables users to see images taken at that location. Google obtains images for this by driving Street View vehicles on public streets for the taking of pictures.

Since May of this year, under investigation by governmental entities, Google has been disclosing information about other functions of its Street View vehicles.

Google wrote in a letter [7 pages in PDF] to Congressional investigators dated June 9, 2010, that its Street View cars were outfitted with WiFi antennas to detect and collect "WiFi network data, including SSID, MAC address, signal strength, data rate, channel of the broadcast, and type of encryption method."

SSID is service set identifier. See, Wikipedia. MAC is media access control. See, Wikipedia.

While the Department of Justice (DOJ) has not yet charged Google or any Google employee or agent with a violation of federal law, there is an argument to be made that there have been illegal intercepts of electronic communications.

18 U.S.C. § 2511 provides in part that "any person who ... intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication ... shall be punished".

However, Subsection 2511(2)(g)(i) provides an exception that may be pertinent. "It shall not be unlawful ... for any person ... to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public".

That is, Google might argue that its interception of SSID and MAC address data is "readily accessible to the general public".

Moreover, Google might make the more tenuous argument that even the content of e-mail communications that were unencrypted or otherwise unprotected from interception by WiFi antennae such as Google's were also "readily accessible to the general public".

There is perhaps an analogy to be drawn to the DOJ's actions in the 1990s involving interception of voice communications by users of cell phones that employed first generation wireless technology. These conversations were easy to intercept by someone in the vicinity.

TLJ spoke with Joshua Gruenspecht of the Center for Democracy and Technology (CDT), a group that is active in current debates regarding reforming and updating the Electronic Communications Privacy Act (ECPA). See, story titled "Digital Due Process Coalition Proposes Changes to Federal Surveillance Law" in TLJ Daily E-Mail Alert No. 2,068, March 31, 2010.

He said that "the scope of the (g) exception in 2511 is kind of murky, but there is a solid analogy to be drawn to the cell phone cases." However, he added that "whether or not a court would draw that analogy is uncertain".

Finally, it should be noted that 18 U.S.C. § 2520 provides a private right of action.