Why-spy? An analysis of privacy and geolocation in the wake of the 2010 Google 'Wi-Spy' controversy.

• Author: Chow, Raymond

INTRODUCTION I. GEOLOCATION METHODOLOGIES A. INTERNET PROTOCOL ADDRESS MAPPING. B. CELLULAR PHONE SIGNAL TRIANGULATION C. WI-FI MAC ADDRESS MAPPING II. PRIVACY IMPLICATIONS. A. ON THE NATURE OF MAC ADDRESSES B. CELL PHONES AS HOTSPOTS III. THE 2010 GOOGLE SCANDAL. A. OVERVIEW B. GOOGLE'S RESPONSE. 1. SHIFT TO SMARTPHONE DATA COLLECTION. 2. OPTING OUT OF THE GEOLOCATION D AT ABAS C. DOMESTIC RESPONSE. 1. FEDERAL TRADE COMMISSION ACTION 2. FEDERAL COMMUNICATIONS COMMISSION ACTION 3. DEPARTMENT OF JUSTICE ACTION. 4. PROPOSED LEGISLATION. 5. STATE ACTIONS 6. CIVIL ACTIONS. VI. DOMESTIC STATUTORY ANALYSIS SCANDAL A. 18 U.S.C.A. [section] 2511 - FEDERAL WIRETAP ACT. 1. INTENTIONAL INTERCEPT 2. PUBLIC BROADCAST EXCEPTION 3. INTENTIONAL USE /DISCLOSURE V. INTERNATIONAL RESPONSE A.FRANCE. 1. DECLARATION 2. TRANSFER TO FOREIGN COUNTRIES. 3. DATA COLLECTION PRO VISIONS. 4. APPLICATION OF THE FDP ACT TO GOOGLE. VI. ADVOCACY A. FEDERAL PRIVACY LEGISLATION B. FEDERAL SUPERVISING BODY WITH SANCTION POWERS. C. MANDATORY DECLARATION & REVIEW. CONCLUSION INTRODUCTION

Google's reputation was marred in 2010 when it found itself in the middle of what has been called the "Wi-Spy" incident. Google's Street View service gathered street-level imagery visible to the general public on Google Maps by roaming the streets with omni-directional cameras mounted on their cars. (1) Sometime after the service was launched, Google upgraded the cars to include a wireless signal detector, which would record the Media Access Control Address (MAC address) (2) along with other data, make a note of the car's current global positioning system (GPS) location, and correlate the two in a massive database. (3) This geolocation database was then made available to the public; an individual's cell phone or other mobile device would query the database with a list of visible nearby networks, and Google's system would return a fairly accurate geolocation. (4) This system was brought to public attention upon discovery that the data collection was more extensive than first thought: Google had inadvertently captured significant amounts of payload data, including passwords and sensitive personal data. (5)

Most geolocation-related legal commentary focuses on the relationship between client and third party, e.g., the developer of an application using a user's geolocation to target advertising, or otherwise track that user. (6) Instead, this Note focuses on the legality of the relationship between location provider, client, and source data. In other words, this Note focuses on how a device gets its location from a private location provider and how that provider obtained its database, not what applications do with the location information once a device obtains it.

This Note will examine domestic and international responses to the 2010 Google incident, as an entry point into analyzing respective legislative treatments of privacy, as applied to emergent geolocation technologies. The purpose of this Note is to identify portions of international laws that are more effective than our domestic counterparts at balancing the privacy interests of individuals with the value of those technologies, and advocate for their adoption.

Part I will introduce the various types of geolocation methodologies currently in use and explain how Wi-Fi MAC address mapping (the method used by Google) works. Part II will hypothesize on the theoretical privacy implications that can arise with Wi-Fi MAC address mapping and apply common-law notions of invasion of privacy to demonstrate their inapplicability. Part III will describe the 2010 Google scandal, outline Google's response, and examine domestic reactions. Part IV will analyze the relevant domestic federal statutory provisions that could provide protections for citizens within the context of the Google scandal. Part V will examine the international reaction to the incident and analyze selected portions of French legislation that provide superior privacy protections for its citizens. Part VI will advocate for the selective adoption of parts of those international statutes in order to strike a better balance between individual privacy rights, the public's desire for information, and corporate rights to innovate future technologies (such as geolocation).

1. GEOLOCATION METHODOLOGIES

   Wi-Fi MAC address mapping uniquely touches upon both stationary and mobile considerations, and is best conceptualized as a hybrid between traditional Internet protocol (IP) address mapping and cellular phone signal triangulation.

   1. INTERNET PROTOCOL ADDRESS MAPPING

      Each Internet service provider (ISP) services a specifically assigned range of IP addresses. (7) Therefore, it is easy to narrow any given IP address to a localized geographic area by comparing the IP address to a database. (8) While it is possible to trace an IP address to an exact address, (9) most of these databases function only approximately, typically being accurate only to the user's zip code. (10) This type of geolocation is particularly useful for website owners who need geographic statistics from their visitors, and a regional analysis will suffice. Its application to individual consumers is limited, (11) Further, IP-mapping is most useful for desktop or laptop computers, as IP addresses assigned to mobile devices are often pooled among the cellular provider and ignored in most databases. (12)

   2. CELLULAR PHONE SIGNAL TRIANGULATION

      There are multiple methods (13) for locating a mobile phone's position in conjunction with cell towers, but this Note will focus on Subscriber Identity Module (S1M) and network-based cell phone triangulation (14) because these systems analogize directly to Wi-Fi MAC address mapping. The further away a cell phone is from any given tower, the weaker its signal strength and longer the latency (the time between sending a request and receiving a response). (15) Comparing the signal strengths of multiple towers triangulates the phone's position; accuracy increases with more towers in range. (16) These methods are used by E911 where a phone's GPS is disabled or unavailable. (17)

   3. WI-FI MAC ADDRESS MAPPING

      Wi-Fi MAC address mapping is a technique that geolocates a user by submitting the MAC addresses of visible wireless routers to a centralized database, which returns the user's triangulated location, (18) To propagate the database, a location provider (19) roams the streets with a GPS-equipped device that detects the publicly broadcasted MAC addresses of individually owned wireless routers. (20) As a router comes within range, the device measures both the signal strength and the GPS coordinates of the device. (21) The device continuously captures data as it moves, and these multiple points are used to triangulate the exact position of that router. The router's triangulated location is stored, along with the router's MAC address (as is the Service Set Identifier (SSID)22 as well, though because it can change at any time, the provider's use of the SSID is limited). (23)

      When a device requests geolocation, it generally undergoes a multi-step process, starting with the most accurate. (24) If available, it will query for an exact location via GPS. Should that fail, or while waiting for a GPS response, it will attempt Wi-Fi MAC address mapping if a device has wireless access. (25) Using one of these methods, the device sends the location provider a request that includes the MAC address, signal strength, SSID, and age of all detected wireless networks. (26) The location provider then uses that data to triangulate a position, and sends back a response that is converted to a usable geolocation for the device. Finally, if a device does not have wireless access, it may fall back to the least accurate method of geolocation, IP address mapping.

2. PRIVACY IMPLICATIONS

   The rapid development of geolocation technologies has undoubtedly outpaced both our common-law notions of privacy (27) as well as domestic statutory protections. (28) Modern torts invoking invasion of privacy (intrusion upon seclusion, publicity given to private life, publicity placing person in false light, or appropriation of name or likeness) (29) are applicable, but it is inefficient and complicated to delegate protections of privacy to civil actions alone. Furthermore, some civil actions are rife with challenges. For example, courts have been hesitant to establish that broad statements of company policy will give rise to contractual claims (30) and thus alleged violations of the privacy policy are not actionable. This section will hypothesize theoretical privacy issues and demonstrate the inefficacy of common-law invasion of privacy torts to sufficiently protect citizens.

   1. ON THE NATURE OF MAC ADDRESSES

      Media Access Control addresses are 48-bit (e.g., 0A-1B-2C-3D4E-5F) or 64-bit (e.g., 0A-1B-2C-3D-4E-5F-6A-7B) addresses assigned to a network adapter, expressed in a hexadecimal format. (31) There are two types of MAC addresses, but this Note will refer only to the more common (and more useful) type, Universally Administered Addresses (UAA). (32) UAAs are unique; every network device in existence has its own MAC address that is never re-used nor shared. (33) The first three octets in a MAC address, the Organizationally Unique Identifier (OUI), are assigned to a given manufacturer (for example, all devices with a MAC address beginning with 00-14-22 are manufactured by Dell), which then assigns the remaining octets in that MAC address. Large manufacturers have multiple blocks of OUIs available to them. (34)

      One can make a colorable argument that MAC addresses are personally identifiable information. Once assigned to a network adapter, it is unique, and generally unchangeable. (35) As long as a person owns a device, the MAC address is presumably associated with that person. Conceptually, this is similar to how a vehicle identification number (VIN) (36) may identify its owner. Completing the analogy, however...