

Google could be held liable for civil damages for secretly intercepting data on open Wi-Fi routers, a federal appeals court ruled today in decision that found collection of unencrypted content from wireless routers isn’t exempt from the Wiretap Act.

The decision, by the U.S. 9th Circuit court of Appeals, upholds an earlier ruling by a Silicon Valley federal judge presiding over nearly a dozen combined lawsuits seeking damages from Google for eavesdropping on open Wi-Fi networks from its Street View mapping cars. The vehicles, which rolled through neighborhoods around the world, were equipped with Wi-Fi–sniffing hardware to record the names and MAC addresses of routers to improve Google location-specific services. But the cars also secretly gathered snippets of Americans’ data.

“Surely Congress did not intend to condone such an intrusive and unwarranted invasion of privacy when it enacted the Wiretap Act to protect against the unauthorized interception of electronic communications,'” the San Francisco-based 9th U.S. Circuit Court of Appeals ruled today.

Google, in seeking a dismissal, claimed it is was not illegal to intercept data from unencrypted, or non-password-protected Wi-Fi networks. Google said open Wi-Fi networks are “radio communications” like AM/FM radio, citizens’ band and police and fire bands, and are “readily accessible” to the general public and exempt from the Wiretap Act — a position the appeals court rejected. Today’s decision means that Google’s main defense to wiretapping allegations is out the door. Google has the options of going to trial, settling, asking the court to rehear the case or petitioning the Supreme Court to review today’s decision.

Google said in a statement that it was “disappointed” with the ruling and is weighing its “next steps.”

Google said it didn’t realize it was sniffing packets of data on unsecured Wi-Fi networks in about a dozen countries over a three-year period until German privacy authorities began questioning in 2010 what data Google’s Street View cars were collecting. Google, along with other companies, use databases of Wi-Fi networks and their locations to augment or replace GPS when attempting to figure out the location of a computer or mobile device. Google had claimed the lawsuit was “without merit,” but has abandoned the practice of payload sniffing from open networks.

The flap has wide-ranging implications for the millions who use open, unencrypted Wi-Fi networks at coffee shops, restaurants or any other business that tries to attract customers by providing free Wi-Fi.

Ironically, the Federal Communications Commission last year cleared Google of wrongdoing in connection to it secretly intercepting Americans’ data on unencrypted Wi-Fi routers.

The commission concluded that no wiretapping laws were violated when the search giant’s Street View mapping cars eavesdropped on open Wi-Fi networks across America. The FCC said that, between 2008 and 2010, “Google’s Street View cars collected names, addresses, telephone numbers, URL’s, passwords, e-mail, text messages, medical records, video and audio files, and other information from internet users in the United States.”

The commission, however, fined Google $25,000 for stonewalling the investigation.

Homepage image: Damian Spain/Flickr