US States to up ante against Google over wireless data

22 Jun 2010

Google’s gathering of Wi-Fi data while its Street View team roamed the streets of various countries is cutting no mustard in the US, where a number of States are understood to be combining their efforts in bringing the internet giant to task.

Connecticut attorney general Richard Blumenthal said his office will lead a multistate investigation into Google Street View cars’ unauthorised collection of personal data from wireless computer networks and that he is seeking additional information about the practice in Connecticut.

Google’s Street View cars are alleged to have intercepted data activity on unguarded Wi-Fi networks in the US and in many European countries, including Ireland, raising a myriad of data privacy issues.

State expectations

Future Human

Blumenthal said he expects a significant number of states to participate in the investigation. More than 30 states participated in a recent conference call regarding his investigation.

“My office will lead a multistate investigation – expected to involve a significant number of states – into Google’s deeply disturbing invasion of personal privacy,” Blumenthal said.

“Street View cannot mean Complete View – invading home and business computer networks and vacuuming up personal information and communications. Consumers have a right and a need to know what personal information – which could include emails, web browsing and passwords – Google may have collected, how and why. Google must come clean, explaining how and why it intercepted and saved private information broadcast over personal and business wireless networks.

“While we hope Google will continue to co-operate, its response so far raises as many questions as it answers. The company must provide a complete and comprehensive explanation of how this unauthorised data collection happened, why the information was kept, if collection was inadvertent and what action will prevent a recurrence.

“Our investigation will consider whether laws may have been broken and whether changes to state and federal statutes may be necessary.”

European nations request data by Google

In Europe, large nations like France, Germany and Spain have asked Google to hand over the data it collected. A French enquiry last week found that some of the data collected by Google included passwords and other sensitive material.

In Ireland, a spokesman for the Data Protection Commissioner told that it told Google to destroy the data intercepted by its Street View team.

Blumenthal also announced his office has asked Google for additional information and explanation in the wake of the company’s response to his office earlier this month. His questions include:

– Was data collected by Google ever extracted and if so, when and why?

– How did purportedly unauthorised code – which captured data broadcast over unencrypted Wi-Fi networks – become part of a Street View computer program?

– Who inserted what Google calls unauthorised code into the program and why?

– Have there been other instances of engineers writing unauthorised code into Google products to capture consumer data, and if so provide all instances and full details.

– Why did Google save data it says was accidentally collected?

In addition, Blumenthal’s office is awaiting information from Google in response to his original 27 May letter, including Connecticut towns and cities in which it collected unauthorised data, when it did so and how many state networks it pulled information from.

“Google needs to describe how code that intercepted and collected unencrypted data transmitted over Wi-Fi networks was inserted into its software,” Blumenthal said.

“We want to know who did this, why and how and when Google discovered it. Another concern is whether the data was accessed in any way by Google and if so when and why.”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years