Connecticut AG Will Lead Probe Over Google's WiFi-Spy Breach
Google has said the collection was a mistake, and co-founder Sergey Brin admitted that his company had "screwed up," but that wasn't enough to satisfy officials. Google said it had collected the WiFi location data merely in order to improve its map products. But the company said an errant engineer had programmed the Street View cars to pick up "payload data" -- or actual browsing history for individual users.
"My office will lead a multistate investigation -- expected to involve a significant number of states -- into Google's deeply disturbing invasion of personal privacy," Blumenthal said in a statement Monday. "Street View cannot mean Complete View -- invading home and business computer networks and vacuuming up personal information and communications."
Up to 30 states could participate in the probe, Blumenthal said, which is the latest official inquiry into the breach. The U.S. Federal Trade Commission and several foreign governments are also investigating the incident.
The breach has alarmed officials and privacy advocates from Europe to Australia to the U.S -- and prompted calls for Google to not destroy the improperly collected data, which had been its original plan once the breach came to light. After an outcry, Google said it would preserve the data while it continues to discuss the matter with law enforcement agencies.
In an indication of how sensitive the collected data may have been, French officials said they had found email messages and account passwords among the digital information Google scooped up.
Google said it's been collecting the data since 2007, but only discovered it after inquiries from German authorities this year. In early May, the German data protection authority asked Google for more information about the Street View cars that collect data for use in location-based products like Google Maps.
"His request prompted us to re-examine everything we have been collecting, and during our review we discovered that a statement made in a blog post on April 27 was incorrect," Google said. In that blog post, Google had said, "Google does not collect or store payload data." Google later determined that the statement was false.
Did Google Break the Law?
"Consumers have a right and a need to know what personal information -- which could include emails, Web browsing and passwords -- Google may have collected, how and why," Blumenthal said. "Google must come clean, explaining how and why it intercepted and saved private information broadcast over personal and business wireless networks."
Blumenthal said the investigation would determine whether Google broke any U.S. laws and which, if any, statutes needed to be changed to prevent similar breaches in the future.
In a statement, Google defended itself and continued to suggest that it had made an innocent error. "It was a mistake for us to include code in our software that collected payload data, but we believe we did nothing illegal," a company spokesperson said. "We're working with the relevant authorities to answer their questions and concerns."