IE 11 is not supported. For an optimal experience visit our site on another browser.

Connecticut AG probes Google over data breach

Turns out "our bad!" isn’t good enough for the government when it comes to last month’s revelation that Google Street View cars "mistakenly" captured content flowing over wireless networks.

Today, Connecticut Attorney General Richard Blumenthal announced that his office will lead a multistate investigation into Google Street View cars' unauthorized collection of personal data, and seeks additional information about the practice in Connecticut.

On Friday, Massachusetts Attorney General Martha Coakley announced her office will be seeking information from Google to ensure that Street View is not acquiring personal information. And the House Judiciary Committee has already asked Google and Facebook to cooperate with any government inquiries into privacy practices at both companies.

The Connecticut investigation is "expected to involve a significant number of states — into Google's deeply disturbing invasion of personal privacy," Blumenthal said. "Our investigation will consider whether laws may have been broken and whether changes to state and federal statutes may be necessary."

According to Google, company engineers discovered the giant cache of personal information after a data protection authority in Hamburg, Germany requested an audit of the Wi-Fi data collected by Street View cars. While preparing for the audit, engineers discovered a piece of code left over from an experimental Wi-Fi project in 2006.

"A year later, when our mobile team started a project to collect basic Wi-Fi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software — although the project leaders did not want, and had no intention of using, payload data," Google stated last month.                                        

Following that admission, the Electronic Frontier Foundation, a digital civil liberties group, said in a blog post, "There's no reason to doubt Google's claim of mistake, but at this point in their growth and sophistication, Google should not be making these kinds of privacy errors."

The foundation pointed out that, "someone at the company should also have ensured that the code, both as written and in practice was (1) collecting only the data necessary for the project, (2) collecting only the data that Google represented that it was collecting, and (3) otherwise in compliance with the law."

These concerns are echoed by the Attorney General Blumenthal's  investigation plans.

"While we hope Google will continue to cooperate, its response so far raises as many questions as it answers,"l Blumenthal said. "The company must provide a complete and comprehensive explanation of how this unauthorized data collection happened, why the information was kept if collection was inadvertent and what action will prevent a recurrence."