The class-action suit by two Northwest US residents relies on assertion of privacy of publicly broadcast information: This isn't going to fly. The suit states, "As data streams flow across the wireless network, the sniffer secretly captures each packet (or discreet package) of information, then decrypts / decodes and analyzes its content according to the appropriate specifications."
First, it's not secret. You're broadcasting data in an unlicensed band. You have no reasonable expectation of privacy over openly broadcast data. Perhaps secret means unknown to the transmitter; in which case, the transmitter shouldn't be using an unencrypted broadcast network standards.
Second, and related to the first, Google says (and governments will now confirm) that it was sniffing only open networks, which means it only received data that wasn't locked behind a form of Wi-Fi encryption.
I suspect the attorneys are using this language to make it sounds as though normal decoding of data from an open network is breaking the packets, when, in fact, simple operation of a Wi-Fi adapter allows this data to be received.
The suit also states, "To view data secretly captured by a wireless sniffer in readable or viewable form, after being captured and stored on digital media, it must then be decoded using crypto-analysis or similar programming or technology. Because the data "as captured" by the wireless sniffer is typically not readable by the public absent sophisticated decoding or processing, it is reasonably considered and understood to be private, protected information by users and operators of home- based WiFi systems."
This is patently inaccurate.
Then we come to this. One of the plaintiffs apparently is engaged in risky data behavior:
"In connection with her work and home life, [Vicki] Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless internet connection ("wireless data"). A significant amount of the wireless data is also subject to her employer's non-disclosure and security regulations."
In which case, Van Valin was probably in violation of the terms of her employment and data handling if she had an unsecured, "open" Wi-Fi network. It is more likely, and would be found in discovery if the case goes to court, that Van Valin was either engaged in activity unlikely to be protected by an expectation of privacy, or, in fact, was using a VPN or other methods of encryption required by her employer, thus rendering the captured "open" packets unreadable by Google.
I'm sure there are 1,000 Wi-Fi experts that Google could call upon for this case for testimony to explain the clear difference.
Since 2006, most routers have included software that explains the risks of unsecured networks and makes it easy to secure networks. Further, the FCC's Part 15 rules don't impose any expectations of privacy, and various state laws about network sniffing typically require some effort being made to break into a network in order to claim a violation.
This is an opportunistic lawsuit that I suspect will not reach class-action status, nor will Google settle to dispose of.
Well, the "it was unencrypted, so it's legal to snoop" isn't so clear.
There are plenty of in the clear radio communications around the globe. Ship-to-shore telephone service on HF and VHF, police, ambulances, firemen, etc, all in the clear on VHF...
And there are laws protecting the secrecy of radio communications. Those laws are much older than the Internet, and the blame is not put on the victim who sends information in the clear, but on the person who makes a use of the information obtained in that way.
An example: Imagine that, listening on the HF bands, I learn that certain ship has some problem and needs to stay somewhere for repairs. And I make a profit of it exploiting that information. If it was known, I could get into trouble.
There are plenty of amateur radio listeners combing through HF transmissions, for instance. And as long as the information goes nowhere, I mean, it's just heard, it's ok. But using it is illegal. I guess the same laws will apply to an unciphered data transmission on an unlicensed band.
I know it sounds funny, a law based on a fair use doctrine, (in this case on a non-use actually).
And in this particular case Google's activities have collided with European data protection laws. Imagine that a hospital just dumps its archives at the street, full of confidential medical records. If I find them, collect them and store their information for my own usage/profit, I will be in trouble, not just the hospital. You could compare it to buying stolen property.
It's going to be interesting. Really, I don't understand how Google could be so dumb in this case. And I wonder how much dumbness is hiding in their procedures, after seeing such an obvious failure.