US Reps Call In FTC Over Google Wi-Fi Fiasco

The trouble over Google’s accidental Wi-Fi snooping continues to build. Two members of the US House of Representatives have written to the regulator, the Federal Trade Commission about the search giant’s behaviour, while investigations have beun in Germany, Spain and Italy.

Google admitted last week that it accidentally collected more than 600Gbyte of data from unsecured WiFi networks while photographing streets around the world for its Street View application. The data could potentially consist of anything from e-mails to passwords to images.

Did Google break US law?

Two members of the House of Representatives (the lower chamber of the US government) have written to the FTC asking whether Google broke the law. In the letter (PDF), Joe Barton, Republican representative for Texas, and Edward Markey, Democratic representative for Massachussetts, asked the FTC chairman if the agency was “investigating this matter.” They also wanted the FTC to update them on the data’s collection and storage, and if doing so violated citizens’ privacy.

“Do Google’s data protection practices with respect to Wi-Fi networks violate the public’s reasonable expectation of privacy? Did Google collect passwords associated with Internet usage by customers?” asks one of the letter’s five multi-part questions.

The lawmakers apparently want a response from the FTC by 2 June.

As well as the FTC, the Department of Justice is also apparently interested in the matter. Google first confessed on 14 May 14 that its Street View cars had inadvertently obtained more than 600GB of “payload data” from unsecured Wi-Fi networks, in the course of driving around and photographing local terrain around the world. That data could consist of anything from e-mails to passwords to more personal information.

And what about European rules?

Google’s issues continued on the other side of the Atlantic, with European regulators loudly protesting the inadvertent collection.

Viviane Reding, justice commissioner for the European Union in Brussels, wrote in a statement sent to eWEEK that it “is not acceptable that a company operating in the EU does not respect EU rules.” Reding also said that the processing of personal data by Google Street View apparently falls under the umbrella of the EU’s Data Protection Directive 95/46/EC and is therefore subject to its provisions.

Google has taken steps to extinguish this particular public-relations fire, although it declined to break down for eWEEK how exactly it intends to counter the most recent threats of regulatory action.

“We don’t have anything to add beyond what we’ve said in our blog post [of 14 May],” a company spokesperson said. “We’re continuing to have discussions with the relevant authorities.”

In Ireland, at least, four hard drives hosting payload data were apparently destroyed.

“We can confirm that all data identified as being from Ireland was deleted over the weekend in the presence of an independent third party,” Alan Eustace, senior vice president of engineering and research at Google, wrote on 17 May in an update to the original posting on the Official Google Blog. “We are reaching out to Data Protection Authorities in the other relevant countries about how to dispose of the remaining data as quickly as possible.”

Whether those steps will be enough to cool those relevant countries’ ire is another question entirely. According to  the Wall Street Journal, agencies in Germany, Span and Italy announced that they would begin investigating Google and the Street View service.