SAN JOSE, Calif. – A federal appeals court said Google wrongly collected people's personal correspondence and online activities through their Wi-Fi systems as it drove down their streets with car cameras shooting photos for its Street View mapping project.
The ruling that the practice violates wiretap laws sends a warning to other companies seeking to suck up vast amounts of data from unencrypted Wi-Fi signals.
"The payload data transmitted over unencrypted Wi-Fi networks that was captured by Google included emails, usernames, passwords, images, and documents," wrote the U.S. Court of Appeals in San Francisco in a report released Tuesday
Google had argued that their activities were exempt from the wiretap law because data transmitted over a Wi-Fi network is a "radio communication" and is "readily accessible to the public."
TechCrunch stirs outrage with misogynistic presentations
Microsoft launches Xbox Music on Web for free
Here's why Apple once fired Steve Jobs
Drool-worthy new tech gear from IFA 2013
Apple on the sideline while Google and Samsung duke it out over watches and goggles
Introducing Apple's new iPhone 5C and 5S
Not so, wrote the judges, agreeing with an earlier federal judge's ruling.
"Even if it is commonplace for members of the general public to connect to a neighbor's unencrypted Wi-Fi network, members of the general public do not typically mistakenly intercept, store, and decode data transmitted by other devices on the network," they said.
Google's Street View cars can be spotted with pole mounted cameras on their roofs, photographing along roadways the world over. The photos then show up on Google's popular Street View map option, where viewers can virtually scroll along a street past homes, cars and shops, all captured in photographs.
But unbeknownst to passers-by, those cameras weren't just making photos. They were also collecting detailed information transmitted over Wi-Fi networks they passed through.
Privacy experts and industry watchers said this was the first time an appeals court has ruled that it's illegal for a company to sniff out and collect private information from the Wi-Fi networks that provide Internet service to people at home. Google is also the first publically known company to try.
"This appeals court decision is a tremendous victory for privacy rights. It means Google can't suck up private communications from people's Wi-Fi networks and claim their Wi-Spying was exempt from federal wiretap laws," said John M. Simpson, Consumer Watchdog's privacy project director. "Because Google's Wi-Spy activity was so extensive, the potential damages could amount to billions of dollars."
Marc Rotenberg, executive director of Electronic Privacy Information Center, called it "a landmark decision for Internet privacy."
"The court made clear that the federal privacy law applies to residential Wi-Fi networks," he said. "Users should be protected when a company tries to capture data that travels between their laptop and their printer in their home."
A Google spokesperson said Tuesday that attorneys for the Internet giant are "disappointed in the 9th Circuit's decision and are considering our next steps."
Attorney Elizabeth Cabraser, representing a class action of plaintiffs who say their privacy was invaded by Google said Tuesday they look forward to resuming their case now that a federal appeals court has ruled in their favor.
Google has apologized for the snooping, which it says took place between 2008 and March 2010. It promised to stop collecting the data and said the practice, conducted in more than 30 countries, was inadvertent but not illegal.
Earlier this year Google settled a 37-state lawsuit for $7 million after attorney generals sued over what they said was an invasion of privacy for the data collection.
The practice was discovered by a German data protection commissioner in 2010. A few months later, Google co-founder Sergey Brin told conference goers the firm had made a mistake.
"In short, let me just say that we screwed up," he said at the time.
Google says it has disabled the equipment that was collecting the data, and agreed to destroy the information as soon as possible. The company is currently obliged to hold it, unused, because of ongoing litigation.