FCC: Google's Collection of Unencrypted Data Does Not Violate Communications Act

By David M. Silverman

In a Notice of Apparent Liability (NAL) released Monday by the Federal Communications Commission (FCC) against Google, the FCC found that Google’s collection of unencrypted data obtained from Wi-Fi networks in its Street View project did not violate the Communications Act provision that prohibits the unauthorized interception and either use or publication of radio communications. However, the FCC has proposed a $25,000 forfeiture penalty for Google’s initial failure to cooperate with the agency’s investigation of this matter.

Google’s Street View project uses cameras on cars to capture 360 degree images of structures and land bordering roads and highways throughout the world, viewable by users of Google Maps and Google Earth. Between 2007 and 2010, the cars also employed equipment that captured Wi-Fi data which, when combined with global positioning system (GPS) information, can be used to map businesses or other landmarks near a user’s location. In 2010, in response to investigations conducted by various European authorities, Google admitted that its capture of Wi-Fi data included contents of email and text messages, passwords, Internet usage history and other personal information. At first, Google insisted the collected content or “payload data” consisted of fragmented data only, but in October 2010, Google admitted that the payload data included entire emails, passwords and other information.
     
Following that admission, the FCC sent Google a Letter of Inquiry (LOI) in November 2010 requesting information about the Wi-Fi data collections, to determine whether they violated Section 705(a) of the Communications Act, which prohibits unauthorized interception and use or publication of radio communications. Although the FCC’s investigation was hampered somewhat by a key employee’s refusal to provide information to the FCC pursuant to his Fifth Amendment right against self-incrimination, it appears that the payload data collected by Google was limited to information sent over unencrypted or open networks only, although the captured information may have included encrypted data sent over those networks (e.g., a user may have accessed encrypted bank account information while utilizing an unencrypted Wi-Fi network.)

Given that Google’s collected payload data consisted of data sent over unencrypted Wi-Fi networks only, the FCC found Google’s activities did not violate Section 705(a) of the Communications Act.  In this regard, the FCC noted that Section 705 is specifically limited by the federal Wiretap Act, which exempts as lawful the unauthorized interception of any “electronic communication [that] is readily accessible to the general public,” defined in the Wiretap Act as one that is not “scrambled or encrypted.”  In the FCC’s words, “[a]lthough Google recognized that the collection of payload data as part of its Street View project should not have happened, that does not necessarily mean that the collection was unlawful.”
 
As for the encrypted data sent over those unencrypted networks, the FCC “found no evidence that Google accessed or did anything with such encrypted communications,” admitting that its inability to interview Google’s key employee (referred to pseudonymously as “Engineer Doe”) made it “impossible” for the FCC to determine whether any use was made of those encrypted communications.
 
Nonetheless, the FCC proposed a $25,000 forfeiture for Google’s failure to cooperate with the FCC’s investigation of this matter, noting that Google delayed for months before providing responsive emails, individual names and compliant declarations in response to the FCC’s LOI. While the FCC justified increasing the $4000 base forfeiture set forth in the FCC’s rules on both Google’s “deliberate” refusal to comply with the LOI and on its ability to pay (citing Google’s $38 billion annual gross revenues), members of Congress have criticized the FCC’s forfeiture as a mere “slap on the hand.”

Google now has an opportunity to respond to the NAL in an attempt to persuade the FCC to either reduce or cancel the proposed forfeiture.  Unless additional facts come to light regarding Google’s access and/or use of encrypted communications, however, the FCC is unlikely to revisit Google’s substantive liability under the Communications Act.

Trackbacks (0) Links to blogs that reference this article Trackback URL
http://www.privsecblog.com/admin/trackback/276224
Comments (0) Read through and enter the discussion with the form at the end
Post A Comment / Question Use this form to add a comment to this entry.







Remember personal info?
Send To A Friend Use this form to send this entry to a friend via email.