How Secure is Your Connection?

Lawmakers and technology experts agree that better laws are needed regarding the online availability and use of personal information. There always has been, and probably will continue to be, a great tension between legislation that is too restrictive to innovation or is too vague to have significant legal impact.

Many challenges exist when creating such laws; chiefly, around the constant advancement of technology. Passing a law is a lengthy process that involves stakeholder meetings, compromise between many parties, and ultimately enactment and enforcement. Technological progression greatly outpaces legislative oversight. This dilemma is clearly illustrated in the issue of whether unencrypted wireless networks are protected from interception under the federal Wiretap Act (18 U.S.C. § 2511).

Currently, private wireless networks that are password protected, like the one you may have in your home, are protected from gathering information. However, when you use a non-password protected, unencrypted wireless network, that information might not be protected. These unprotected networks can be accessed in public places, such as coffee shops and airport terminals, or in homes that have a non-password protected wireless network.

The federal Wiretap Act prohibits “sniffing” or gathering of contents of communications by a device unless the contents are readily accessible to the general public. Initially, it only covered certain communication frequencies but over the years Congress has amended it to keep up with advancements in technology. For example, it was updated to include protection for cordless phone use in reaction to the expectation of privacy of most cordless phone users.

This issue has recently been discussed in a class action suit against Google, Inc. When Google was completing its Street View project, part of the project was to detect where the wireless access points were, but it also collected a large amount of data from unprotected wireless networks, such as individuals’ emails, passwords, and browser history. The plaintiffs argue that this collection of sensitive data was illegally intercepted because the users had an expectation of privacy. Google argues that it was legally obtained because the data was not secured. The court found in the plaintiffs’ favor stating, “[T]he wireless networks were not readily accessible to the general public as defined by the particular communication system at issue.” (In re Google Inc. St. View Elec. Communs. Litig., 794 F. Supp. 2d 1067, 2011 U.S. Dist. LEXIS 71572 (N.D. Cal. 2011).

This case clearly illustrates the problem of ineffective legislation attempting to solve technological problems. If the legislation is too strict, the fear is that it will stifle progress and innovation. Conversely, without clear, current laws, individuals’ privacy may be compromised. Whether it may be the Do Not Track proposed legislation, the President’s Privacy Bill of Rights, or something yet to come, the issue remains how to create laws that provide adequate safeguards while incorporating a flexible standard to adapt with the changes in technology.

If legislation continues to be ill equipped at dealing with these issues, high technological industry standards could enforce an atmosphere that would place a premium on individuals’ privacy.