Ethernet Sniffing: A New Privacy Tort?
Massachusetts, like several other states, has ruled that the unwanted receipt of junk fax communications from vendors triggers Coverage B as involving the "publication" of “material” that invades a person’s right of privacy. Now a new law suit filed in the federal district court in Boston presents the related question of whether the unauthorized collection of confidential information by a vendor similarly triggers “personal and advertising injury” coverage.
Galaxy Internet Services filed a putative class action in the U.S. District Court in Boston on May 25 claiming that Google, Inc. violated the privacy rights of Massachusetts citizens by using “ethernet sniffers” that collect WiFi data in the course of trawling the streets, developing local information for its Google Maps and Google Earth products. The plaintiff argues that this “payload data”—which included e-mail, video, audio components, documents and other personal and business information--was confidential in nature and that citizens have a reasonable expectation of privacy that was invaded by Google’s decision to decrypt and collect this material.
So is "ethernet sniffing" something that a CGL policy will cover (willingly)?
Probably not. It's certainly not something that results in bodily injury or property damage. Data is not "tangible property" nor is the right to use something a basis for finding property damage.
As usual, the focus of any coverage dispute here is likely to be Coverage B and, in particular, the policy's coverage for "invasion of privacy." Unlike the TCPA cases, however, the insured is not "publishing" anything that invaded the homeowner's privacy. To the contrary, Google stands accused of collecting private data. While this is certainly closer to the sort of privacy interest that the CGL policy is meant to cover, Google's conduct misses the "publication" requirement unless evidence emerges that it subsequently communicated this private information to third parties.
