Monday, September 10, 2012

Where the Wiretap Act and WiFi Collide :: #ECPA :: IN RE INNOVATIO IP VENTURES, LLC PATENT LITIGATION

Is it a violation of the Wiretap Act to intercept data transmitted over a WiFi network? Good question. Recently Google got snared by this question when its Street View Car was reportedly going around mapping all the roads while intercepting data from WiFi networks. A court considering the Google Street View situation was not persuaded that WiFi fit within the definition of a "radio communications." Um, okay. Recently another court considered the question in a patent litigation case, and had no trouble concluding that WiFi is radio communications, the interception of which does not violate the Wiretap Act.

But first, let's take it from the top. WiFi is a networking protocol that utilizes FCC Part 15 Unlicensed Spectrum. The FCC decided to engage in an experiment with Part 15, shifting the paradigm from licensing users to licensing devices. If your Part 15 device has been approved for operation in this spectrum, you dont need a license. But there are a few rules. First, nobody owns the spectrum and nobody has superior rights to the spectrum. Nobody can cause interference and everyone much accept interference. Part 15 Spectrum is a commons, available for everyone to use, like a public park. Part 15 devices include, of course, WiFi enabled computers, but also family radio walk talkies, baby monitors, and garage door openers.

In IN RE INNOVATIO IP VENTURES, LLC PATENT LITIGATION, Dist. Court, ND Illinois 2012, plaintiff is involved in a patent lawsuit against hotels and coffee shops and restaurants, claiming that their offering of WiFi violates plaintiff's patents - this patent infringement allegation itself was not explored by the court in this order. At this point in the litigation, Plaintiff wants to gather evidence. Plaintiff had been reportedly using packet sniffers to intercept transmissions from defendant's networks, and plaintiff wanted to make sure that if it continued this would be admissible in court. In other words, Plaintiff wanted to make sure its actions did not violate the Wiretap Act.

According to the Wiretap Act, it is not a violation of the Wiretap Act
(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;

The court makes easy work of the question, dividing it into two parts: First, is it a violation to access the network; section, is it a violation to receive other people's WiFi transmissions. In the opinion of the court, "Most of the Wireless Network Users' Wi-Fi networks are open and available to the general public, allowing any customer who so desires to access the internet through them." WiFi networks are readily accessible to the public for access to the Internet.

But what about intercepting other people's communications? Here the court notes that the equipment necessary to intercept WiFi communications is cheap, easy to use, and ubiquitous. In other words, because it is affordable and easy to sniff WiFi, that makes those WiFi communications "readily accessible to the general public."
[Plaintiff's] intercepting Wi-Fi communications with a Riverbed AirPcap Nx packet capture adapter, which is available to the public for purchase for $698.00. See Riverbed Technology Product Catalog, http://www.cacetech.com/products/catalog/ (last visited Aug. 21, 2012). A more basic packet capture adapter is available for only $198.00. Id. The software necessary to analyze the data that the packet capture adapters collect is available for down load for free. See Wireshark Frequently Asked Questions, http://www.wireshark.org/faq.html#sec1 (last visited Aug. 21, 2012) ("Wireshark® is a network protocol analyzer. . . . It is freely available as open source. . . ."). With a packet capture adapter and the software, along with a basic laptop computer, any member of the general public within range of an unencrypted Wi-Fi network can begin intercepting communications sent on that network. Many Wi-Fi networks provided by commercial establishments (such as coffee shops and restaurants) are unencrypted, and open to such interference from anyone with the right equipment. In light of the ease of "sniffing" Wi-Fi networks, the court concludes that the communications sent on an unencrypted Wi-Fi network are readily available to the general public.
To be sure, the majority of the public is likely unaware that communications on an unencrypted Wi-Fi network are so easily intercepted by a third party. See Predrag Klasnja et al., "When I Am on Wi-Fi, I am Fearless:" Privacy Concerns & Practices in Everyday Wi-Fi Use, in CHI '09 PROC. 27TH INT'L CONF. (2009), available at http://appanalysis.org/jjung/jaeyeon-pub/ FormativeUserStudy4CHI.pdf (reporting the results of a study involving eleven participants and concluding that "users from the general public . . . were largely unaware of . . . the visibility of unencrypted communications," which "led them to a false sense of security that reduced how much they thought about privacy and security while using Wi-Fi"); see also Press Release, Wi-Fi Alliance, Wi-Fi Security Barometer Reveals Large Gap Between What Users Know and What They Do (Oct. 5, 2011) (reporting that only 18% of users take steps to protect their communications when accessing a commercial Wi-Fi hotspot). The public still has a strong expectation of privacy in its communications on an unencrypted Wi-Fi network, even if reality does not match that expectation.
The public's lack of awareness of the ease with which unencrypted Wi-Fi communications can be intercepted by a third party is, however, irrelevant to a determination of whether those communications are "readily available to the general public." 18 U.S.C. § 2511(g)(i). The language of the exception does not, after all, refer to "communications that the general public knows are readily available to the general public." Therefore, the public's expectation of privacy in a particular communication is irrelevant to the application of the Wiretap Act as currently written. Because data packets sent over unencrypted Wi-Fi networks are readily available using the basic equipment described above, the Wiretap Act does not apply here. Accordingly, to the extent that Innovatio's proposed sniffing protocol accesses only communications sent over unencrypted Wi-Fi networks available to the general public, it is permissible under § 2511(g)(i)'s exception to the Wiretap Act.[6]
Any tension between that conclusion and the public's expectation of privacy is the product of the law's constant struggle to keep up with changing technology. Five or ten years ago, sniffing technology might have been more difficult to obtain, and the court's conclusion might have been different. But it is not the court's job to update the law to provide protection for consumers against ever changing technology. Only Congress, after balancing any competing policy interests, can play that role. Indeed, one United States Senator has already called for changes to the Wiretap Act in light of the threat that unencrypted communications may be easily intercepted. See Elec. Privacy Info. Ctr., On Google Spy-Fi, Senator Durbin Calls for Update to Wiretap Law, FCC Chair Agrees Law Should Protect Unencrypted Communications (May 11, 2012), http://epic.org/2012/05/on-google-spy-fi-senator-durbi.html. Unless and until Congress chooses to amend the Wiretap Act, the interception of communications sent over unencrypted Wi-Fi networks is permissible.
According to the Court, in a public park, everyone gets to hear you scream.

No comments: