Data from two hard drives locked up in the San Francisco federal courthouse may make or break an effort to hold Google Inc. to account for what privacy advocates call an unprecedented corporate wiretapping case.
If 22 people who sued the company can pinpoint their personal data in a massive cache of communications that Google’s Street View cars captured from private Wi-Fi networks, their lawyers may be able to seek billions of dollars of damages from the the world’s largest search engine owner.
If they come up empty-handed, an outcome the company that pioneered search optimization is betting on, the case will join a stack of failed privacy lawsuits accusing Google, Apple Inc., Facebook Inc. and other technology companies of tracking, capturing or sharing personal information.
“You have to show that you were the victim,” said Susan Freiwald, a law professor at University of San Francisco School of Law. “If they don’t, then why should they get money?”
The battle for damages against Google gets simpler if the plaintiffs find their communications on the drives, she said. Victims of wiretapping don’t have to show they suffered any harm or that the perpetrator profited from the data collection, said Freiwald, who isn’t involved in the case.
“There’s a good reason Google is bringing every potential defense,” said Alan Butler, senior counsel at Washington-based Electronic Privacy Information Center, which has weighed in against Google in court. “It has to be the biggest wiretap case in U.S. history.”
Google fought unsuccessfully all the way to the U.S. Supreme Court to block the lawsuit, arguing that the federal Wiretap Act barring unauthorized interception of electronic communications didn’t apply to its Street View data gathering.
Last week, a federal judge ruled that the Mountain View, California-based company has to work with opposing lawyers to determine what’s on the hard drives.
The lawsuit was brought after Google said its cars, which photographed neighborhoods for Street View and identified Wi-Fi networks as part of its mapping, mistakenly vacuumed up e-mail messages, user passwords and other communications from 2008 to 2010. As much as $10,000 is being sought for each affected Wi-Fi user, possibly millions of Americans whose data was captured by Google, according to plaintiffs’ lawyers. Class-action status for the case hasn’t been addressed yet.
Google says there’s little chance the plaintiffs will find records of their Wi-Fi communications, even though their homes appear on Google Maps and Street View, because only snippets of communications were captured.
Aaron Stein, a Google spokesman, declined to comment on the lawsuit, filed in 2010, and the search of the hard drives.
Google has acknowledged that it included code in software on Street View cars that collected and stored data transmissions from unencrypted Wi-Fi networks. Only fragments of data were captured because data collection occurred five times a second, Google has said.
The company said it never used the data in any products or services and apologized. The U.S. Justice Department and the Federal Trade Commission examined the conduct and declined to take action against Google. The Federal Communications Commission fined the company $25,000 in 2012 for delaying an inquiry into the data collection.
A multistate probe of the data collection ended last year with Google agreeing to pay $7 million and eventually destroy the collected data. Germany fined Google 145,000 euros ($186,000), while France imposed a penalty of 100,000 euros. Italy fined Google 1 million euros in April.
Street View lawsuits filed in California, Illinois, Massachusetts and Oregon were ultimately consolidated into one case in federal court in San Francisco, where the hard drives containing encrypted copies of the data are stored in a locked room for confidential trial documents.
Google failed to convince a trial judge and a panel of the U.S. Court of Appeals in San Francisco that it was legal to intercept the Wi-Fi networks. The company had argued that open Wi-Fi networks are like AM/FM and citizen-band radio transmissions and that lawsuits over such communications aren’t allowed under the Wiretap Act.
The appeals court ruled last year that Wi-Fi communications aren’t readily accessible to the general public, and the exemption in the law doesn’t apply to Google’s data collection.
The U.S. Supreme Court declined to review Google’s claim that it didn’t violate the law. That put the consolidated lawsuit back on track after being on hold for almost two years.
Google is now challenging the damages it may face in the case. The Wi-Fi users who made a choice not to secure their home networks shouldn’t be entitled to a “windfall” after broadcasting data to public streets where the company’s trucks picked up the signals, the company said in a court filing.
The search engine company also argued that punishing its behavior under the Wiretap Act amounts to an unconstitutional, excessive fine by imposing “liability that would be grossly disproportionate to any actual harm caused by the activity in question.”
Google’s lawyers opposed turning over the hard drives and other records, calling a plaintiffs’ request for access a fishing expedition and claiming it would expose private information. The drives contain at least 200 gigabytes of data, according to plaintiffs’ lawyers.
The company proposed that it choose a neutral technical expert, who would formulate a search process agreed to by both sides, to comb the data for signs that the plaintiffs’ routers and outbound network communications were picked up. Google later recommended that each side nominate an expert.
Lawyers for the Wi-Fi users still objected, saying the proposed process would give Google the ability to influence and derail the search and would miss instances in which their clients’ information was intercepted on the receiving end of communications.
“It’s unprecedented,” Michael Sobol, an attorney at Lieff Cabraser Heimann & Bernstein LLP representing the plaintiffs, said in an interview. “We have a defendant saying we want to control how you look at the relevant evidence.”
U.S. District Judge Charles Breyer, who’s presiding over the case, concluded Sept. 19 that some of the plaintiffs’ objections were well-founded. He decided that networks that may have received their messages must be searched and that their lawyers can see search results and provide feedback for additional searching. If Google’s input interferes with the searches, the lawyers can seek help from the magistrate judge, he said.
The two sides were given 28 days to propose and agree on a technical expert or let the magistrate choose one. The drives and other records would then be handed over within two weeks to the expert, who will submit a report on the search results to both sides. No deadline was given to complete the work.
The plaintiffs’ assumption that their Wi-Fi activity was intercepted by Street View cars “may be nothing but guesses,” said Eric Goldman, a law professor at Santa Clara University and director of the school’s technology law institute in California. “It’s a good cautionary tale for thinking about how we want to protect privacy.”
The case is In Re Google Street View Electronic Communications Litigation, 10-cv-02184, U.S. District Court, Northern District of California (San Francisco).