By Shane Huang
In the last installment, I discussed the background of what the Wiretap Act says about interception of signals. Last month, the Court of Appeals for the 9th Circuit (which includes most of the American west) ruled that Google’s Street View program — specifically, Google’s large-scale interception of unencrypted Wi-Fi signals — violated the Wiretap Act.
Although Google Street View is primarily known for its photographs taken from public streets, the litigation focused on Google Street View’s mapping of Wi-Fi access points to specific geographical locations. Although originally configured to only intercept Wi-Fi frame “headers,” and not “payloads,” a Google engineer had reconfigured the street view cars to intercept and store payload data as well — which turned out to contain sensitive information ordinarily considered to be private, including entire emails and even passwords.
The court rejected both of Google’s arguments for why the Wiretap Act should not apply to Wi-Fi signals. Google had argued that Wi-Fi signals fell under the Wiretap Act’s exception of “radio communications” so that any unencrypted signal should be considered “readily accessible to the general public.” As a fallback, Google also argued that at the very least, Wi-Fi signals were “electronic communications” that were “readily accessible to the general public.”
The court first considered whether the Wi-Fi signals qualified as “radio communications,” and ruled that Wi-Fi signals did not qualify because they were not a “traditional radio service.” Specifically, the court ruled that, for the purpose of the Wiretap Act, “radio communications” did not include all radio frequency signals of all types on any part of the radio spectrum, because the statute treats television broadcasts and satellite broadcasts differently, so the broad technical definition appears not to be what Congress intended to use. The court then ruled that in the Wiretap Act, “radio communications” includes only “primarily auditory broadcasts,” such as CB radio, push-to-talk, or police bands.
This portion of the opinion came in under harsh criticism by the network security community. The official blog for Kismet — the software actually used in the Google Street View cars — opened its response post with an incredulous “Wi-Fi isn't radio!?” Similarly, a commenter at a popular legal blog characterized the court opinion that Wi-Fi signals are not “radio communications” as an “entirely result-oriented piece of verbal gymnastics.”
However, the court was probably correct in declining to expand the Wiretap Act’s definition of “radio communication” to new technologies not in common usage in 1986. Under the Wiretap Act, nearly any unencrypted “radio communication” is “readily accessible to the general public.” Also, the 1986 law also purported to protect cordless phone conversations, which were indisputably “communications” that used radio waves. With no textual basis for treating cordless or cellular phone calls differently from Wi-Fi, the court had little choice but to define “radio communications” narrowly. For new technologies not available in 1986, the analysis would have to turn instead on whether a communication is “readily accessible to the general public.”
Next, the court concluded that Wi-Fi could not qualify as an “electronic communication” that is “readily accessible to the general public.” The court lists several reasons for arriving at this conclusion: (1) Wi-Fi signals are geographically limited to small areas, and (2) Wi-Fi payload data is “only accessible with some difficulty.” Both rationales are factually mistaken.
While Wi-Fi signals are usually geographically limited in practice, geographic footprint is an arbitrary factor for drawing a line between “readily accessible” and “not readily accessible.” The range of a wireless signal increases with greater signal power level and receiver sensitivity, and decreases with greater background noise. None of these factors are unique to Wi-Fi signals, and cannot be used to distinguish Wi-Fi signals from other types of radio frequency waves.
Because background noise has a negative effect on range, the court’s methodology would have the absurd result where crowded public spectrum bands are considered “not readily accessible to the general public,” simply because so many other people are using the same frequencies. This rationale defies common sense, which would assume that certain bands are less private when used heavily by the general public.
In addition, receiver sensitivity is simply irrelevant to the “accessibility” analysis, because the Wiretap Act only applies when signals have actually been intercepted. Receiver sensitivity is within the control of the signal interceptor — and by using a sufficiently sensitive receiver, the interceptor would be able to argue that the geographical footprint of a signal is large. As with the noise level factor, this receiver sensitivity factor cuts in the opposite direction that common sense would expect.
In addition, the court’s finding that Wi-Fi signals are only “accessible with some difficulty” is unsupported by facts. As discussed in my first post in this series, ordinary use of Wi-Fi necessarily involves the interception and processing of all Wi-Fi signals within range, including signals intended for other recipients. Kismet, the software used by Google to monitor Wi-Fi signals, is freely available and commonly used by security professionals. In fact, Kismet works with “any wireless card which supports raw monitoring (rfmon) mode” and with any major operating system. Instead, “interception” of Wi-Fi breaks social expectations not at the moment of interception, but rather at the moment the Wi-Fi client chooses not to discard data intended for another recipient.
As a result, the court was wrong to rule that Wi-Fi signals are not “readily accessible to the general public,” and its conclusions rest on a poor factual understanding of how Wi-Fi works. This court opinion has serious implications for security professionals who commonly use network security tools for legitimate pen testing or security auditing. The next part of this series will investigate these troubling implications for security professionals and technology companies.
 Joffe v. Google, 729 F.3d 1262 (9th Cir. 2013).
 See Part 1 of this series for a brief explanation of Wi-Fi frame “headers” and “payloads.”
 18 U.S.C. § 2510(16) (2012).
 Id. § 2511(g)(i).
 Id. § 2510(16).
 See In re Google Inc. St. View Elec. Commc’ns Litig., 794 F. Supp. 2d 1067, 1076 (N.D. Cal. 2011) aff’d sub nom. Joffe v. Google, Inc., 729 F.3d 1262 (9th Cir. 2013).
 See Lars Poulsen, How Far and How Fast, AFAR Commc’ns Inc., http://www.afar.net/tutorials/how-far/ (last visited Nov. 1, 2013).
 See Kismet, http://kismetwireless.net (last visited Nov. 1, 2013).