States Launch Joint Probe of Google Wi-Fi Snooping

Artwork: Chip Taylor
As many as 30 states could join an investigation into Google's collection of personal information from unprotected wireless networks, Connecticut's attorney general said Monday.

According to Richard Blumenthal, who issued a statement Monday, more than 30 states' attorneys general have expressed interest in joining the investigation, which his office will lead.

Google's response today was similar to what it said earlier this month.

"It was a mistake for us to include code in our software that collected payload data, but we believe we didn't break any U.S. laws," a company spokesman said in an e-mail. "We're working with the relevant authorities to answer their questions and concerns."

The joint investigation will ask Google for additional information about its snatching of data from personal and business Wi-Fi networks using the company's Street View vehicles, which have cruised U.S. streets and roads since 2007 as part of an effort to map wireless hotspots for mobile location purposes.

Calling the practice "deeply disturbing," Blumenthal also said the inquiry will look into possible violations of state laws, and whether state and federal privacy laws need to be strengthened.

"Street View cannot mean Complete View -- invading home and business computer networks and vacuuming up personal information and communications," said Blumenthal in his statement. "Google must come clean, explaining how and why it intercepted and saved private information broadcast over personal and business wireless networks."

Last month, Google acknowledged that its Street View vehicles had collected data from unsecured wireless networks around the world, but said that snooping had been inadvertent. Earlier this month, Google CEO Eric Schmidt blamed an unnamed company engineer for adding code to the Wi-Fi detection software that grabbed fragments of data from nearby networks.

The company first disclosed the data gathering when it conducted an audit after complaints by German data privacy authorities.

Google already faces investigations by privacy authorities in several European countries, including the Czech Republic, France, Germany, Spain and Italy. Last week, the French National Commission on Computing and Liberty (CNIL) said its investigation had concluded that Google had snatched passwords and extracts of e-mail messages from the air.

In the U.S., Google faces multiple civil lawsuits , and the company has been asked for more information from several congressmen as a preliminary step to a legislative hearing.

Google has asked that the lawsuits be consolidated and moved to a California federal court's jurisdiction.

Blumenthal did not name the other states that will join the investigation, saying only that he expected "a significant number" to participate.

"[Google's] response so far raises as many questions as it answers," argued Blumenthal. "The company must provide a complete and comprehensive explanation of how this unauthorized data collection happened, why the information was kept if collection was inadvertent and what action will prevent a recurrence."

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about drm and legal issues in Computerworld's DRM and Legal Issues Topic Center.

Subscribe to the Security Watch Newsletter

Comments