Facing intensifying scrutiny from American and foreign regulators, Google has named the prominent Internet security firm Stroz Friedberg to review the software code that triggered the collection of more than 600 gigabytes of data through unsecured WiFi networks in more than 30 countries.
Stroz Friedberg, which has offices in New York, Washington, San Francisco, London and other cities, could produce a report by the end of the week on its investigation into how the code was included in the software for Google’s fleet of “Street View” cars, a Google representative said. James M. Aquilina, executive managing director of Stroz Friedberg, confirmed the firm had been hired but declined further comment.
Google acknowleged in its official company blog on May 14 that its Street View cars, which collect geographic data for Google Map products as well as the identifying codes and locations of private WiFi networks, had also reached into unsecured networks and collected snippets of data traveling through them, such as e-mail, photos, Internet searches or other other private information.
Google said the collection of so-called “payload data” was inadvertent and that the data had never been used in any Google products. But the disclosure has angered politicians and privacy advocates in Washington and around the world, triggering three separate requests from Congress — and now, at least two states — for a detailed explanation.
Monday, the attorney general of Connecticut, Richard Blumenthal, announced he had delivered more than a dozen detailed questions to Google lawyers, including the number of personal and business WiFi networks from which Street View cars collected data in Connecticut. Also on Monday, Australia’s attorney general said he would investigate whether Google broke that country’s wiretapping and privacy laws.
On Friday, the attorney general of Missouri, Chris Koster, wrote to Google lawyers in Mountain View asking the company to retain any documents, data, e-mail or other information Street View cars collected from WiFi networks in that state.
“It is unclear whether Google’s conduct violated federal or state law when it intercepted this data,” Koster wrote to Google on Friday. “But there can be no doubt that the company’s conduct implicates the privacy concerns of Missouri residents.”
At the request of data collection authorities from other countries, Google has now deleted all payload data its Street View cars collected in Denmark, Ireland and Austria, a Google representative said Monday.
In the U.S. and other countries, however, authorities and members of Congress including U.S. Rep. John Conyers, D-Michigan, chairman of the House Judiciary Committee, and Rep. Henry Waxman, D-Los Angeles, chairman of House Committee on Energy and Commerce, have asked Google to retain the data pending their inquiries. Many experts expect Congress to hold hearings on the matter later this summer.
“We are concerned that Google did not disclose until long after the fact that consumer’s Internet use was being recorded, analyzed and perhaps profiled,” Waxman wrote Google, in a letter co-signed by two other Congressmen.