By Seth Weintraub
June 22, 2010

Did Google break any U.S. laws with its unauthorized collection of Wifi data and will state and federal statutes need to be changed?

Connecticut Attorney General Richard Blumenthal announced yesterday through his press office that he’d be leading the multi-state investigation into Google’s Streetview camera cars’ collection of Wifi data.

“My office will lead a multistate investigation — expected to involve a significant number of states — into Google’s deeply disturbing invasion of personal privacy,” Blumenthal said. “Street View cannot mean Complete View — invading home and business computer networks and vacuuming up personal information and communications. Consumers have a right and a need to know what personal information which could include emails, web browsing and passwordsGoogle may have collected, how and why. Google must come clean, explaining how and why it intercepted and saved private information broadcast over personal and business wireless networks.”

The questions revolve around whether Google (GOOG) knew it was collecting personal data and if so, what did it do with that data?

French investigators recently concluded that Google’s Streetview cars did intercept email logins and passwords as part of the data payload it collected. While this will likely excite users, it was inevitable that this data was pulled in along with the broad swaths of data coming through open Wifi nodes.

Google says that it collects data with its Streetview cars to establish GPS coordinates of Wifi nodes around the planet so it can determine the location of its users as they browse the web and use mobile applications. The Wifi nodes can supplement GPS in determining the location of Google users and can feed data into its Adsense advertising engine. Other companies collect similar data for products like GPS on Apple (aapl) iPod touch, and EyeFi SD Cards.

Apple also yesterday changed the terms of its privacy policy to allow iAds to collect information about its iPhone, iPad, and iPod users’ location as they carry around their products.

The extra data collection beyond what is needed to match GPS data and a Wifi Node was blamed on one rogue employee who had slipped some extra code into the Streetview cars’ data collection devices.

Blumenthal has also asked Google for additional information and explanation as a follow up from the company’s response to his office earlier this month.

  • Was data collected by Google ever extracted and if so, when and why?
  • How did purportedly unauthorized code — which captured data broadcast over unencrypted WiFi networks — become part of a Street View computer program?
  • Who inserted what Google calls unauthorized code into the program and why?
  • Have there been other instances of engineers writing unauthorized code into Google products to capture consumer data, and if so provide all instances and full details?
  • Why did Google save data it says was accidently collected.

Blumenthal’s letter seeks and asks also

  • For copies of the company’s internal procedures and protocols for Street View cars and data collected by them
  • What steps Google has taken to keep unauthorized code out of its products in the future
  • Whether Google conducted internal or external audits, analysis or performance reviews of its Street View program and data collected
  • How and when Google learned that its Street View cars were capturing data sent over unencrypted networks
  • Why Google Street View cars recorded the signal strength and quality of personal and business wireless networks.

Google is facing similar investigations around the globe for its Streetview practices but especially strong in Europe where fear of privacy from Google is especially strong..

You May Like