Google's secret Wi-Fi sniffing has prompted a class-action lawsuit that could force the company to pay up to $10,000 for each time it snatched data from unprotected hotspots, court documents show.
The lawsuit, which was filed by an Oregon woman and a Washington man in a Portland, Ore., federal court on Monday, accused Google of violating federal privacy and data acquisition laws.
[ Also on InfoWorld: A consumer group has asked the FTC to investigate Google's Wi-Fi data collection practices | Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
"When Google created its data collection systems on its GSV [Google Street View] vehicles, it included wireless packet sniffers that, in addition to collecting the user's unique or chosen Wi-Fi network name (SSID information), the unique number given to the user's hardware used to broadcast a user's Wi-Fi signal (MAC address, the GSV data collection systems also collected data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being sent over the network by the user [payload data]," the lawsuit stated.
On Tuesday, the same plaintiffs filed a motion for a temporary restraining order to prevent Google from deleting the data, a move the company has said it would make "as soon possible." Oral arguments on the restraining order are scheduled for Monday before U.S. District Court Judge Janice Stewart.
Google acknowledged the privacy problem last Friday, but said it had not known it was collecting data from unprotected wireless networks until recently. "In 2006, an engineer working on an experimental Wi-Fi project wrote a piece of code that sampled all categories of publicly broadcast Wi-Fi data," said Alan Eustace, the head of Google's engineering and research, in a blog post last week.
"A year later, when our mobile team started a project to collect basic Wi-Fi network data like SSID information and MAC addresses using Google's Street View cars, they included that code in their software -- although the project leaders did not want, and had no intention of using, payload data," Eustace wrote.
The blunder was discovered when Google audited the Street View Wi-Fi data after a request by Hamburg, Germany, data protection authorities.
Google has since stopped the Street View Wi-Fi sniffing and wants to delete the data.
The two plaintiffs, Vicki Van Valin of Oregon and Neil Mertz of Washington, said that their homes' wireless networks were not password protected, and that Street View vehicles had cruised by their residences at least once.
"Van Valin works in a high technology field, and works from her home over her Internet-connected computer a substantial amount of time," the complaint read. "In connection with her work and home life, Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless network. A significant amount of the wireless data is also subject to her employer's non-disclosure and security regulations."