icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm

Google’s wide net of data-fishing could land it whopping fines

Google’s wide net of data-fishing could land it whopping fines
Google may be facing its toughest fight yet, as a series of court cases involving the company’s casual wiretapping of the world’s e-mails and Wi-Fi networks could result in astronomical fines, and drastically reshape the notion of online privacy.

The collected accusations resulted into two major legal attacks on the company – one involving its groundbreaking Street View mapping service, the other its Gmail service.

Although Google protested the allegations and asked for them to be withdrawn, two federal judges, in July and in September, gave the go-ahead for both cases, to prosecute the company over how its Gmail and Street View technologies gathered private data on users, simply because no mechanism was in place to prevent them doing so.
The Street View case involved the company’s use of unencrypted, open Wi-Fi networks. Google Maps’ cars would whizz by any connected building and use the networks and their locations to assist and enforce its GPS mapping technology, and in so doing, (unwittingly or otherwise) picked up whole swaths of private user data it did not need – including web surfing preferences and communications.

The practice was going on in about 30 countries over a period of three years, until 2010, when one country – Germany – began questioning why Google needed all that information. The problem was that Street View’s activities did not come with any privacy policies or prior information for the families whose households were included. They simply collected any data that was not encrypted. Germany’s enquiry led Google to apologize and claim that the information was collected inadvertently. Over 600GB of data from unprotected Wi-Fi networks was collected.

Fast-forward to 2013 and back at home, Google went to an appeals court to dissuade it from pressing wiretapping charges for the Street View technology.

The company argued that any openly accessible radio signals the cars picked up exempted them from the Wiretap Act. Otherwise, Google believes, intercepting a television broadcast may also be considered wiretapping.

Mountain View, California (AFP Photo / Justin Sullivan)

Google wrote to the court that the “error is exceptionally important. It promises to have a substantial, long-lasting effect on the application of the Wiretap Act in an environment of rapid technological change. If allowed to stand, the panel’s ruling will create confusion about the Wiretap Act’s prohibitions, threaten the development of new radio-based technologies, and raise questions about whether activities that Congress intended to protect may now be deemed unlawful.”

On September 10, however, the Ninth US Circuit Court of Appeals refused to exempt Google from liability under the federal Wiretap Act saying that “members of the general public do not typically mistakenly intercept, store, and decode data transmitted by other devices on the network.”

Google was “disappointed” with the ruling. Alan Butler, a lawyer at the Electronic Privacy Information Center, outlined the seriousness of the allegations to New York Times: “What’s at stake is a core digital privacy issue for consumers right now, which is the extent to which their digital communications are protected from use by third parties,” he said in a piece published on Tuesday.

Interestingly, only last year Google was cleared of similar charges involving secret eavesdropping on millions of Americans via open Wi-Fi routers. The Federal Communications Commission, as cited by Wired Magazine, said that between 2008 and 2010, “Google’s Street View cars collected names, addresses, telephone numbers, URL’s, passwords, e-mail, text messages, medical records, video and audio files, and other information from internet users in the United States.”

But the commission let Google off with a $25,000 fine for trying to slow down the investigation.

However, considering the second case, the situation appears markedly different, because the broad implications from a class action lawsuit with half a billion of users worldwide behind it could mean court fines that will defy imagination.

‘No thanks for the ad’

The Gmail case involves a whole gamut of users – both Google and outsiders. The company stands accused of scanning incoming and outgoing mail for words and clues to build a personalized user profile, one that would allow the company to target the user with specific advertisements and services.

The matter reached Lucy H. Koh, a respected judge with a reputation for fearlessly handling Silicon Valley cases, who made headlines for asking an Apple lawyer if he was “smoking crack” during a major patent battle against Samsung recently.

On September 26, Koh decided to grant Google’s request to dismiss the state’s claims regarding the allegedly unlawful wiretapping, but allowed the plaintiffs to refile their cases. More importantly, however, the federal claims remained. Koh rejected Google’s explanation that by becoming subscribers its users had somehow agreed to being spied on in such fashion.

“The court finds that it cannot conclude that any party – Gmail users or non-Gmail users – has consented to Google’s reading of e-mail for the purposes of creating user profiles or providing targeted advertising,” the Judge said in the ruling, as cited by Bloomberg.

Koh attacked almost every argument Google has made in the case: “Accepting Google’s theory of implied consent — that by merely sending e-mails to or receiving e-mails from a Gmail user, a non-Gmail user has consented to Google’s interception of such e-mails for any purposes — would eviscerate the rule against interception.” 

Reuters / Mark Blinch

The Judge explained that sending and receiving e-mails and creating targeted advertising profiles in the process have nothing to do with each other.

In the case involving alleged Gmail wiretapping, Google tried to push through a motion to dismiss in June. But the lawyers for the plaintiffs mounted a counter-argument. They accused Google of using Gmail as “its own secret data-mining machine, which intercepts, warehouses, and uses, without consent, the private thoughts and ideas of millions of unsuspecting Americans who transmit e-mail messages through Gmail.”

Google, for its part, said in July that their activities were being criminalized, adding that its data-gathering was automated and not overseen by a human being, much as anti-virus software catches viruses. They added that even non-Gmail users had no grounds on which to complain, as any correspondence received by the company’s servers from outside is managed according to the natural order of things.

The giant’s lawyers are disappointed with both court rulings, but offered no comment apart from a statement about considering a further course of action.