By Shane Huang
Last month, the 9th Circuit Court of Appeals ruled that Google had violated the Wiretap Act by collecting Wi-Fi signals through its Street View program. Google had not challenged the factual findings that it had collected Wi-Fi signals, but argued instead that the Wiretap Act does not apply to Wi-Fi signals. The network security community reacted harshly to this opinion, with one prominent blog post arguing that the 9th Circuit’s logic effectively “makes standard modes of Wi-Fi operation illegal.” While most users may be reassured that, practically speaking, nobody is in danger of criminal prosecution for the ordinary use of Wi-Fi, the security community is rightly concerned that this opinion could be use to target edge cases, and to chill legitimate activities such as pen testing and network monitoring.
To understand this case, and why I think the court ultimately got it wrong, it’s necessary to first understand the legal background of the Wiretap Act and the history of Wi-Fi.
The Wiretap Act
Congress passed the Wiretap Act in response to public concerns about police eavesdropping on private conversations. In 1986, the Electronic Communications Privacy Act expanded the Wiretap Act to prohibit interception — even private third-party interception — of a broad range of wired and wireless signals. A Wiretap Act violation occurs at the moment of interception, regardless of whether the intercepted information is later processed or analyzed. The Wiretap Act also requires intentional interception of third-party communications, so inadvertent interception is not a crime.
However, Congress carved out a several exceptions to this general prohibition. Some exceptions are unremarkable — for example, 18 U.S.C. § 2511(2)(a) exempts telecommunications providers for doing ordinary switching/monitoring, and § 2511(2)(b) allows parties to a communication to consent to monitoring. For the purposes of Wi-Fi interception, the most contentious exception is § 2511(2)(g)(i), which allows the interception of any electronic communication made through a system “configured so that such electronic communication is readily accessible to the general public.” In addition, § 2511(2)(g)(ii) allows the interception of any “radio communication” transmitted on services that have traditionally been understood to be public — for example, distress signals, public safety messages, amateur radio, and marine/aeronautical communications.
The Wi-Fi Regulatory Framework
The Federal Communication Commission (FCC) regulates wireless radio communications in the U.S. Traditionally, wireless radio communications had to be licensed by the FCC, where anyone who wanted to broadcast signals had to apply for (and usually pay for) an FCC license before starting to broadcast.
However, in the 1980’s, the FCC began allowing a more “commons”-based approach for certain frequency bands. The FCC regulated some services on a “license by rule” basis, where anyone who met particular rules were deemed to be licensed users of that frequency. In 1989, the FCC reworked its Part 15 rules to allow for unlicensed use on certain “garbage band” frequencies. These “garbage bands” were unsuitable for licensed use, in large part because they were subject to interference. The FCC then essentially told the public that they may freely use these Part 15 bands for any purpose, so long as they did not cause interference to licensed uses of the spectrum, and with the expectation that they had to accept any interference on those bands.
Out of this regulatory framework, the consumer device industry found many marketable uses for this unlicensed spectrum. Baby monitors, garage door openers, cordless phones, remote control toys, and eventually Wi-Fi devices ended up occupying these unlicensed frequencies. Importantly, the rise of consumer wireless devices occurred after the Wiretap Act was amended to apply to wireless signals, so Congress did not explicitly categorize these signals in unlicensed bands as being either excepted or not excepted from the Wiretap Act.
Because users of Part 15 frequencies cannot exclude third-party interference, the protocols for these frequencies anticipate and work around existing interference. Wi-Fi, in particular, is designed to intercept any Wi-Fi signal within range. Each Wi-Fi signal consists of individual “frames.” Each frame contains three parts:
Header: addressing information about the frame, with information about the sender and intended recipient. This is always unencrypted, so that all users within range will know who the intended recipient is.
Payload: the contents of the communication. The payload may be encrypted, and contains the actual data for the recipient to decipher and use.
Frame check sequence: a checksum that ensures message integrity. Because the signals occupy crowded frequencies, the checksum allows the recipient to ensure that no data has been corrupted in transit.
Notably, the proper processing of a Wi-Fi frame requires the interception of the entire frame. The frame check sequence will not work unless the entire header and payload were properly received. In other words, a recipient of Wi-Fi data must first intercept the entirety of all frames it can see, then process the frame check sequences to make sure the data was properly received — all before finally reading the frame header just to see if the recipient actually is the intended recipient of the data.
Naturally, this technical reality means that any legitimate users of Wi-Fi must necessarily intercept nearly every Wi-Fi frame within range before determining which frames are actually intended for themselves. In a mixed-use environment, such as in coffee shops or crowded apartment complexes, dozens of intercepting Wi-Fi clients are within range of each Wi-Fi frame. Ordinarily, normal users will process each frame just enough to determine who the intended recipient is and simply discard any frames that are intended for another recipient. Put another way, a malicious Wi-Fi eavesdropper actually breaks social expectations not at the moment of interception, but rather at the moment the eavesdropper decides not to discard the frame.
The Wiretap Act Could Not Anticipate Future Developments in Consumer Electronics
Simply put, the 1986 amendments to the Wiretap Act could not anticipate the ubiquity and importance of wireless data transmission over unlicensed bands. In addition, the Wiretap Act only forbids acts at the moment of interception, but the social norms regarding Wi-Fi use depend on acts that happen after interception.
The next installment of this series will be an analysis of last month’s 9th Circuit’s decision in Joffe v. Google, where the 9th Circuit determined that Wi-Fi interception is a Wiretap Act violation. The court was right about a few things, but was also wrong about a few important points, and ultimately came to the wrong conclusion.
 18 U.S.C. § 2510–22 (2006).
 See Electronic Communications Privacy Act of 1986, Pub. L. 99-508 § 101(b)(1), (2), 100 Stat. 1848, 1850.
 18 U.S.C. § 2511.
 Federal Communications Commission, Part 15 First Report & Order, 4 F.C.C. Rec. 3493 (1989), available at http://digital.library.unt.edu/ark:/67531/metadc1680/m1/137/.
 Id. at 3515.