Connecticut Attorney General Richard Blumenthal [official profile] announced Monday that he will lead a multistate investigation [press release] into whether Google [corporate website; JURIST news archive] violated privacy laws while collecting information over Wi-Fi networks for its Street View maps [website]. Blumenthal said he sent a letter [text, PDF] to the corporation last week requesting additional detailed information on its data harvesting procedures. The request was in response to a statement from Google [text, PDF] earlier this month claiming that the collection of payload data was inadvertent. In commencing the investigation, Blumenthal stated:
Street View cannot mean Complete View - invading home and business computer networks and vacuuming up personal information and communications. Consumers have a right and a need to know what personal information - which could include emails, web browsing and passwords - Google may have collected, how and why. Google must come clean, explaining how and why it intercepted and saved private information broadcast over personal and business wireless networks. ... The company must provide a complete and comprehensive explanation of how this unauthorized data collection happened, why the information was kept if collection was inadvertent and what action will prevent a recurrence. Our investigation will consider whether laws may have been broken and whether changes to state and federal statutes may be necessary.More than 30 states took part in a recent conference call on the issue, and Blumenthal expects a significant number of states to participate in the investigation. Illinois Attorney General Lisa Madigan and Michigan Attorney General Mike Cox [official profiles] have also opened investigations against Google's data collection practices and requested information [press releases] about the personal data the company has obtained from its Street View vehicles.
In a letter [text, PDF] sent last week to the US House of Representatives Energy and Commerce Committee [official website], Google claimed that its collection of private information was inadvertent and did not violate any laws [JURIST report]. Several countries have recently launched investigations into Google's unencrypted data collections to determine whether the company's practices have violated privacy laws. Earlier this month, Australia commenced an investigation [JURIST report] into whether Google breached the nation's Telecommunications Interception Act [text], which prevents people from accessing electronic communications other than for authorized purposes. Additionally, Canada launched an investigation [JURIST report] into Google's unsecured Wi-Fi data collection to determine whether Google has violated the country's Personal Information Protection and Electronic Documents Act [text, PDF], which applies to private organizations that collect, use, or disclose personal information in the course of commercial activities. Belgium, the UK, the Czech Republic, France, Germany, Italy, Spain and Switzerland have also asked Google to retain data collected in those respective nations. Earlier this month, Google was accused by advocacy group Privacy International (PI) [advocacy website] of criminal intent [JURIST report] for the company's private data collection. PI released its statement in response an independent audit [text, PDF] published by Google on the company's official blog [website]. PI claims that information gathered in the audit proves that Google's interception of unencrypted data was not inadvertent and should lead to prosecution.