Compliance Management, Privacy, Vulnerability Management

Connecticut leads probe into Google Wi-Fi data collection

After already being hit with at least three lawsuits over its admitted collection of information from unprotected Wi-Fi networks, Google will now be subject to a multistate investigation into the privacy blunder. 

The probe, headed by the Connecticut attorney general's office, will seek to determine whether Google broke any laws and if changes to state and federal laws are necessary, Richard Blumenthal, the state's attorney general, said in a statement released Monday. As many as 30 states have shown interest in participating in the investigation.

“My office will lead a multistate investigation – expected to involve a significant number of states – into Google's deeply disturbing invasion of personal privacy,” Blumenthal said. “Street View cannot mean Complete View – invading home and business computer networks and vacuuming up personal information and communications.”

Blumenthal added that consumers have a right to know what personal information, including emails, web browsing information and passwords, that Google collected.

Google earlier this month admitted that its Street View cars, which capture photos for Google Maps and Google Earth, have since 2006 mistakenly collected "payload data," such as email, video, audio components, documents and other personal and business data sent over the internet, from Wi-Fi networks that were not password protected.

Google said the error was a simple mistake – a piece of code written for an experimental Wi-Fi project inadvertently wound up in its Street View code, causing the inadvertent data collection and storage.

"It was a mistake for us to include code in our software that collected payload data, but we believe we didn't break any U.S. laws,” a Google spokesman told SCMagazineUS.com in an email Tuesday. “We're working with the relevant authorities to answer their questions and concerns."

Blumenthal said that so far, Google's explanation for how and why it intercepted and saved private information from personal and business wireless networks “raises as many questions as it answers.”

The Connecticut attorney general's office has requested that Google provide a more complete explanation of how the unauthorized code wound up in its Street View program, why the collected data was stored, and what actions the search giant has taken to prevent a similar incident in the future. In addition, the investigation is seeking to learn which Connecticut towns, cities and state networks were affected and when the data collection occurred.

“We want to know who did this, why and how and when Google discovered it,” Blumenthal said. “Another concern is whether the data was accessed in any way by Google, and if so, when and why.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.