Google "likely" breached a U.S. federal criminal statute in connection with its accidental Wi-Fi sniffing, but not for siphoning private data from internet surfers using unsecured networks, a former federal prosecutor said Tuesday.
Ironically, says former prosecutor Paul Ohm, it's likely Google did not violate wiretap regulations, but instead might have breached the Pen Register and Trap and Traces Device Act for intercepting the wrappings alongside the content.
"I think it's likely they committed a criminal misdemeanor of the Pen Register and Trap and Traces Device Act," said Ohm, a prosecutor from 2001 to 2005 in the Justice Department's Computer Crime and Intellectual Property Section. "For every packet they intercepted, not only did they get the content, they also have your IP address and destination IP address that they intercepted. The e-mail message from you to somebody else, the ‘to' and ‘from' line is also intercepted."
"This is a huge irony, that this might come down to the non content they acquired," (.pdf) said Ohm, a professor at the University of Colorado School of Law.
Google said it was a coding error that led it to sniff as much as 600 gigabytes of data across dozens of countries as it was snapping photos for its Street View program. The data likely included webpages users visited and pieces of e-mail, video and document files.
While several countries have said they have opened inquiries, the U.S. Federal Trade Commission Chairman Jon Leibowitz told Congress that "We're going to take a very, very close look at this." Attorneys general in Missouri and Connecticut are also probing the matter. The Justice Department declined comment.
The pen register act described by Ohm, which he said is rarely prosecuted, is usually thought of in terms of preventing unauthorized monitoring of outbound and inbound telephone numbers.
Violations are a misdemeanor and cannot be prosecuted by private lawyers in civil court, Ohm said. He said the act requires that Google "knew, or should have known" of the activity in question.
Google denies any wrongdoing.
"As we said before, this was a mistake. But we believe we did nothing illegal. We're continuing to work with the relevant authorities to answer their questions and concerns," Google spokeswoman Christine Chen said.
Ohm and other privacy scholars suggest that loopholes would make it difficult for the government to bring a wiretapping case. Wiretap Act violations are felonies, and the act can be invoked in civil court.
As far as a criminal court goes, it is not considered wiretapping "to intercept or access an electronic communication made through an electronic communication system that is configured to that such electronic communication is readily accessible to the general public."
It is not know how many non-password-protected WiFi networks reside in the United States.
"If this isn't illegal to do this, then it could be OK for the government," said Kevin Bankston, an Electronic Frontier Foundation attorney.
The U.S. courts have not clearly addressed the issue involved in the Google flap.
The closest they have come was in January, when an Oregon federal judge ruled evidence of child pornography found on a local man's computer through his open Wi-Fi network could be used against him in court, absent a warrant. In arguing to uphold the warrantless computer search, the government argued privacy interests were nullified with unsecured Wi-Fi networks.
"Defendant's unsecured wireless access point was open to anyone with a wireless modem, whether or not they were law enforcement. Because defendant made no effort to keep or maintain his computer network private but maintained an access point open to all, no search occurred," (.pdf) the government argued.
U.S. District Judge Garr King agreed. (.pdf) The defendant, John Ahrndt, is expected to plead guilty to child pornography charges next week.
Street View is part of Google Maps and Google Earth, and provides panoramic pictures of streets and their surroundings across the globe.
The internet giant has maintained the collection of data while taking photos for Street View was inadvertent –- the result of a programming error with code written for an early experimental project that wound up on the Street View code. Google said it didn't realize it was sniffing packets of data on unsecured Wi-Fi networks in dozens of countries for the last three years, until German privacy authorities began questioning what data Google's Street View cameras were collecting.
Google is also facing at least three civil lawsuits across the United States. Another one is expected to be lodged in California in the coming days, according to Scott Kamber, a leading privacy attorney who just settled a case with Facebook.
He said the government rarely prosecutes privacy flaps.
"I can't think of any cases we brought in which there was a parallel criminal action," Kamber said.
In March, a California federal judge approved a $9.5 million settlement challenging Facebook's "Beacon" program that monitored and published what users of the social networking site were buying or renting from Blockbuster, Overstock and other locations.
"The federal government," Kamber said, "did not fine Facebook for those activities, civilly or criminally."