Illinois Court Concludes “Sniffing” Public Wi-Fi Network is Not a Wiretap Act Violation

The U.S. District Court for the Northern District of Illinois recently ruled on the interception of communications on unencrypted, public Wi-Fi networks, like those used at hotels and coffee shops. According to the court, the interception technique (frequently called "data sniffing") does not violate the federal Wiretap Act, under an exception to that law. This case originally started as a patent infringement case, where in connection with the discovery process, the plaintiff used a laptop and "packet capture adaptors" to collect information about the defendants' allegedly infringing Wi-Fi networks. The plaintiff argued that such a technique was permissible because it used software to overwrite the substance of any communications sent via the Wi-Fi network, while the defendants argued that simply collecting the data constituted a communication interception. The court ruled in favor of the plaintiff; finding the "data sniffing" practice fell under an exception to the Wiretap Act. Namely, that communication interception is permitted on networks that are readily accessible to the public. The court distinguished its opinion from the recent Google Street View opinion which held that Google violated the Wiretap Act by using "sophisticated packet sniffer technology" to intercept data packets that were sent over Wi-Fi networks that are not generally accessible to the public. In the case at hand, the court reasoned, the plaintiff used hardware and software that was inexpensive and easy to obtain to intercept communications on public Wi-Fi networks, concluding such communications were "readily accessible" to the public.

TIP: This case suggests that in some limited circumstances, intercepting communications may be permissible under the Wiretap Act. Companies, should, nevertheless proceed with caution when engaging in activities that involve technologies that look at communications without the sender or recipient's knowledge. Often these types of activities will require clear notice and consent.