I am often asked if viewing another person’s Internet communications is illegal.
You would think it would be, right? It seems like a no-brainer.
The surprising answer is actually no. In the United States, at least, it is perfectly legal.
Legally, if you do not encrypt your Internet communications, including your email, IMs and any websites you visit, you have no expectation of privacy. So in the U.S., anyone can listen to your unencrypted communications with impunity. Privacy laws in Europe are a bit tighter.
This applies to both wifi hotspots and also your home network. If you don’t encrypt your data, you are considered to be broadcasting it. Anyone who wants to can legally listen in, and there’s nothing you can do about it.
At Private WiFi, we actually asked our lawyers to look into the legality of wifi hacking last year.
They found that “courts have found that unencrypted, publicly broadcast data, such as via wifi, does not carry ‘a reasonable expectation of privacy’ for the data transmitted.” If the transmission is “readily accessible to the general public,” meaning it is not encrypted, it is fair game.
The situation in Europe is a bit more ambiguous. It appears that there is nothing to prevent hackers from intercepting the transmission per se, but the European Union’s privacy laws would prohibit use of any personal data without “unambiguous consent.” But that applies to what you do with the information, not whether you can listen to it.
This issue came up recently when the Federal Communications Commission concluded their investigation into an incident a few years ago when Google’s Street View project scanned for wifi signals and stored everything they found.
The New York Times writes that Google collected “complete e-mail messages, instant messages, chat sessions, conversations between lovers, and Web addresses revealing sexual orientation, information that could be linked to specific street addresses.”
Yet this data collection, which occurred over three years, was determined to be entirely legal by the FCC because “the data was not encrypted.”
In fact, before the FCC started its probe, the Federal Trade Commission had also started a probe after Google’s Street View collected “searchable panoramic views of streets” in certain cities. That’s because, in the process of capturing those images, it also captured an extensive amount of personal, unencrypted online data, passwords, and emails.
The FTC dropped the case in 2010, just as the FCC began its own investigation.
The moral of this story? There is no law — from either the FTC or FCC — that protects you if anyone views your Internet communications on a wifi network.
To fully protect your personal data, be sure your home network uses WPA or WPA2 encryption, and make sure you use a personal VPN like PRIVATE WiFi whenever you log into a wifi hotspot.
After all, FCC Enforcement Bureau Chief Michele Ellison said in a statement that the agency’s investigation “is an important opportunity to educate the public about the vulnerabilities and risks of unencrypted wifi networks.”