Attorney General Richard Blumenthal announced today that his office will lead a multistate investigation into Google Street View cars’ unauthorized collection of personal data from wireless computer networks and that he is seeking additional information about the practice in Connecticut.
Blumenthal said he expects a significant number of states to participate in the investigation. More than 30 states participated in a recent conference call regarding our investigation.
“My office will lead a multistate investigation -- expected to involve a significant number of states -- into Google’s deeply disturbing invasion of personal privacy,” Blumenthal said. “Street View cannot mean Complete View -- invading home and business computer networks and vacuuming up personal information and communications. Consumers have a right and a need to know what personal information -- which could include emails, web browsing and passwords -- Google may have collected, how and why. Google must come clean, explaining how and why it intercepted and saved private information broadcast over personal and business wireless networks.
“While we hope Google will continue to cooperate, its response so far raises as many questions as it answers. The company must provide a complete and comprehensive explanation of how this unauthorized data collection happened, why the information was kept if collection was inadvertent and what action will prevent a recurrence.
“Our investigation will consider whether laws may have been broken and whether changes to state and federal statutes may be necessary.”
Blumenthal also announced that his office has asked Google for additional information and explanation in the wake of the company’s response to his office earlier this month. His questions include:
· Was data collected by Google ever extracted and if so, when and why;
· How did purportedly unauthorized code -- which captured data broadcast over unencrypted WiFi networks -- become part of a Street View computer program;
· Who inserted what Google calls unauthorized code into the program and why;
· Have there been other instances of engineers writing unauthorized code into Google products to capture consumer data, and if so provide all instances and full details;
· Why did Google save data it says was accidently collected.
In addition, Blumenthal’s office is awaiting information from Google in response to his original May 27 letter, including Connecticut towns and cities in which it collected unauthorized data, when it did so and how many state networks it pulled information from.
“Google needs to describe how code that intercepted and collected unencrypted data transmitted over WiFi networks was inserted into its software,” Blumenthal said. “We want to know who did this, why and how and when Google discovered it. Another concern is whether the data was accessed in any way by Google and if so when and why.”
Blumenthal’s letter seeks and asks also:
· For copies of the company’s internal procedures and protocols for Street View cars and data collected by them;
· What steps Google has taken to keep unauthorized code out of its products in the future;
· Whether Google conducted internal or external audits, analysis or performance reviews of its Street View program and data collected;
· How and when Google learned that its Street View cars were capturing data sent over unencrypted networks;
· Why Google Street View cars recorded the signal strength and quality of personal and business wireless networks.