Following what appears to be a pretty well-established pattern by now, Maine’s Supreme Court has dealt victims of the Hannaford Bros. breach what will likely be the final blow, telling them that they cannot sue unless they have suffered unreimbursed financial losses, physical harm or identity theft. In their opinion, they state:
We, therefore, are asked to determine whether time and effort alone, spent in a reasonable effort to avoid reasonably foreseeable harm, is a cognizable injury under Maine law of negligence or implied contract. We conclude that it is not.
You can read the full opinion and their reasoning on the Maine Supreme Court web site, here (pdf).
I would hope that this precedent applies to the Google wifi class-action lawsuit. Google did nothing with the data, and therefore there was no uncompensated financial losses or some other tangible injury, and, just to send the lawyers into fits of apoplexy, no MONEY.
None of the people who had their data sniffed took action to protect it. They could have just activated WEP. Sure, it’s easily broken, but it takes positive action on the part of the sniffer to decrypt it. Starbucks could have printed a wireless key on the bottom of customer receipts, and changed it daily.
I hope the court makes the right decision and finds in favor of Google.