State Rep. William M. Straus wants Google to hit the delete button on private data the company scooped up from Wi-Fi networks over the past three years.
The Mattapoisett Democrat wrote state Attorney General Martha Coakley, asking her to investigate whether the search engine giant violated any state laws by capturing information sent over wireless networks. While the company said it was unintentional, the data grab is stirring concerns about privacy across the country and in Europe.
"I think ultimately it would be appropriate to ask Google that this information that they say they inadvertently collected on people be deleted from their systems," Straus told The Standard-Times. "There is no business use and there is no practical benefit to the public from Google retaining the Wi-Fi information they scooped up."
In a letter dated May 20, Straus asked Coakley to determine if Google violated statutes related to privacy, identity theft, wiretapping or any other law by gathering information that may include e-mail messages and online banking data. Her office said it received the letter Monday afternoon and is reviewing it.
After German regulators asked to audit the data, Google acknowledged earlier this month that it picked up samples of information sent over non-password-protected Wi-Fi networks. But the company said it was a mistake, and the data was never used in any products.
Google said in a blog post that its Street View cars, which collect images and data for services such as Google Maps, were meant to gather basic information on Wi-Fi networks during their travels, not the data sent over the networks. When it became aware that data transmitted by unsecured networks was getting caught in the dragnet, the company said it grounded its cars and segregated the data.
The cars would have only picked up fragments, Google added, since they were on the move, people would have had to be using the network when they passed by, and the equipment changed channels roughly five times a second. Data on secured networks also would be safe.
"This was a mistake, but we don’t believe we did anything illegal," a Google spokesperson wrote in an e-mail response to The Standard-Times. "We are working with the relevant authorities to answer their questions and concerns."
Google deleted data from Ireland, Denmark and Austria following requests from authorities in those countries, but it has retained the information elsewhere as it works with regulators on how to handle deletion, according to the company official.
The data collection could extend to about 30 countries, said John M. Simpson, a consumer advocate with Consumer Watchdog, a nonprofit group that has called on the Federal Trade Commission to probe Google’s actions.
Simpson said he has not heard of any state attorneys general taking up the matter yet, but a response by states is likely as people become more aware of the implications. He said there is mounting outrage against the company.
"I think this is growing to such a point that it clearly will have some repercussions for them," he said. "It really is a surprising overreach for a company that wants us to believe it is responsible with the data gathered on all of us."
U.S. Reps. Edward Markey, D-Mass., and Joe Barton, R-Texas, have also written the FTC asking if Google’s data collection was illegal.
Straus, who has been involved in crafting identity theft legislation, said he would like Google to delete all of the data it collected on the networks, not just personal information it said it mistakenly took. He said this incident is part of a larger challenge in protecting people’s identity online.
"The more information that gets into someone else’s hand, the more vulnerable an individual is to having their identity grabbed by people with criminal intent," he said.