Wednesday, February 2, 2011

Google Reaches Deal With Connecticut in Data Probe

From Amir Efrati at the Wall Street Journal,

Connecticut's attorney general said Google Inc. won't have to hand over user data it collected from unsecured wireless networks as part of his office's probe of the Internet giant's privacy snafu.

Attorney General George Jepsen said Friday his office reached a deal with the Internet company that allows him to begin settlement negotiations over whether Google violated state law. Last month Google rejected a subpoena issued by Mr. Jepsen's predecessor, Richard Blumenthal, to hand over data the company collected when its Street View cars were within range of unsecured wireless Internet hotspots.

Google's world-wide fleet of Street View cars for years collected images of streets that are used in the company's online mapping service. But they also scanned for wireless networks in order to beef up certain mobile-device applications that help pinpoint the location of users. In some cases the cars inadvertently collected personal information such as email addresses and passwords, Google said last year.

As part of the deal with Connecticut, Google said it wouldn't contest the fact that its Street View cars had collected private user information including URLs of requested Web pages, partial or complete email communications or other information in 2008 and 2009, according to Mr. Jepsen.

A Google spokeswoman reiterated the company's statements that it is "profoundly sorry" for having mistakenly collected payload data from unencrypted wireless networks.

"As soon as we realized what had happened, we stopped collecting all Wi-Fi data from our Street View cars and immediately informed the authorities," she said. "We did not want and have never used the payload data in any of our products and services. We want to delete this data as soon as possible and will continue to work with the authorities to determine the best way forward, as well as to answer their further questions and concerns."

Mr. Jepsen said he is leading a 40-state coalition that is examining the issue, and that he is prepared to file a lawsuit if settlement talks break down.

The Federal Communications Commission said in November it was probing whether Google broke federal law in collecting consumer data via Wi-Fi networks. Another agency, the Federal Trade Commission, previously ended its probe and said Google had taken sufficient steps to prevent a recurrence.

When the mistakes became known earlier this year, Google initially said a review of the data it collected showed it captured fragments of data but later said it also had more-complete pieces of information about Internet users.

Google has said it doesn't believe it broke U.S. law, and the matter has been a bigger problem for the company outside the U.S., where it is facing probes in countries such as Germany, South Korea, and France. It has shown to regulators some of the data it collected.

1 comment:

Margot Annie Dale said...

I think one issue with this article could be overlooked. If Google Street Cars were able to collect information such as email addresses and passwords, it seems that this information was not very well protected. The users, presumably using unprotected household WiFi networks, put themselves in compromising positions by letting their information be open for taking. I don't know if in fact these users were using private, protected networks, but if not, then by using the not-so-secure websites they are putting themselves at severe risk for hacking. They were lucky that it was only Google that accidentally picked up their information. I presume that if Google was able to accidentally collect the information from the streets, then it should not be hard for people looking to do bad things with this information to collect it as well. Furthermore, from this information (email, passwords, etc.) an individual can probably gain access to other, more harmful things such as credit card numbers, etc. Wether or not Google technically broke Connecticut state law or not, these users should take this as a warning that their information is so easily accessed that it can be accessed on accident.