Earlier this week, the FTC notified Verizon by letter that it has closed its investigation into whether Verizon violated Section 5 of the FTC Act by failing to secure certain routers supplied to the company’s broadband subscribers.  The FTC’s investigation centered on Verizon’s practice of supplying routers that incorporated an outdated default security setting, an encryption standard known as Wired Equivalent Privacy (“WEP”).  According to the FTC, flaws in WEP were identified by researchers in 2004, but Verizon continued until recently to ship some WEP router models.  According to the FTC, this left some Verizon subscribers vulnerable to hackers.

In its letter, the FTC explained that the following factors led it to close its investigation:

  • Verizon’s overall data-security practices related to its routers.
  • Verizon’s efforts to mitigate the risk that subscribers using WEP-model routers would be vulnerable to hackers, including:
  1. by removing the WEP model routers from distribution centers and setting them to Wi-Fi Protected Access 2 (“WPA2”), ensuring that future distributed routers would be set by default to WPA2;
  2. by implementing an outreach campaign to subscribers currently using WEP or no encryption, and requesting that those subscribers change their security settings to WPA2; and
  3. offering upgrades to WPA2-compatible units for subscribers in possession of older, incompatible routers.
    Continue Reading FTC Closes Investigation After Verizon Fixes Encryption Problems With FiOS and DSL Routers

Late last month — in a decision that seems to have been largely overlooked in the privacy trade press — a federal judge in Illinois held [PDF] that the Wiretap Act did not prohibit the interception of communications sent over unsecured Wi-Fi networks provided by hotels, restaurants, coffee shops and other commercial entities.  The decision came in a case, In re Innovatio Ventures, LLC Patent Litigation, that does not involve an alleged violation of the Wiretap Act.  Rather (as its name suggests), In re Innovatio is an infringement suit in which Innovatio has accused various commercial entities that provide Wi-Fi to their customers of violating its patents in Wi-Fi technology.  To gather evidence about the defendants’ alleged infringing uses, Innovatio has used “commercially available Wi-Fi network analyzers” to “intercept data packets that are travelling . . . between the Wi-Fi router[s] provided by [the Defendants] and any devices that may be communicating with [the routers].”  Innovatio apparently grew concerned that its activities violated the Wiretap Act and sought a preliminary ruling on the admissibility of the evidence it obtains through its “proposed sniffing protocol.”


Continue Reading Court Holds Interception of Unsecured Wi-Fi Communications Does Not Violate the Wiretap Act

The Northern District of California issued two key rulings last week in denying in part a motion to dismiss in In re Google Inc. Street View Electronic Communications Litigation, a consolidated action arising out of Google’s acknowledged interception of “payload data,” including emails, usernames, password, and other private data, from unencrypted home wireless networks using technology installed on Google’s Street View vehicles.    

First, in a matter of first impression Judge Ware rejected Google’s argument that its interception of Wi-Fi communications content was not restricted by the Wiretap Act (Title 1 of the Electronic Communications Privacy Act or ECPA), due to a “readily accessible to the general public” exception contained in the statute.  Instead, the court held that this exception applies only to communications using traditional radio broadcast technology.  Significantly, Judge Ware distinguished Wi-Fi technology from traditional radio services, which presumptively are intended to be public, instead likening Wi-Fi to cellular technology, in that both are designed to send communications privately.  The court also held that plaintiffs’ Wiretap Act claim was plausibly pleaded, meaning that the litigation will continue beyond Google’s motion to dismiss. 


Continue Reading Key Holdings in Google Street View Litigation: WiFi Not “Readily Accessible to the General Public” and ECPA Preempts State Wiretap Laws

Google has moved to dismiss a conslidated class action complaint alleging that it violated the federal Wiretap Act, among other laws, by allowing its Street View cars to collect the contents of communications transmitted over unsecured WiFi networks.  The motion was filed in the Northern District of California, where more than a dozen suits arising out of the Street View activity were