Risk
6/21/2010
01:49 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Connecticut AG Investigating Google WiFi Incident

The inquiry into Google's Street View WiFi data gathering involves a significant number of states.

Connecticut Attorney General Richard Blumenthal said on Monday that his office will helm an investigation into the unauthorized collection of wireless network traffic by Google's Street View cars on behalf of an undisclosed number of states.

"My office will lead a multistate investigation -- expected to involve a significant number of states -- into Google's deeply disturbing invasion of personal privacy," Blumenthal said in a statement. "Street View cannot mean Complete View -- invading home and business computer networks and vacuuming up personal information and communications."

Over 30 states participated in a conference call about the status of Connecticut's investigation, but it's not immediately clear how many of those will participate in Blumenthal's inquiry.

Last month, Google revealed that it had inadvertently included experimental code that gathered unprotected WiFi network traffic in the software it used to capture images for its Street View service. The disclosure, which Google executives have apologized for and acknowledged as a screw-up, has prompted multiple lawsuits and Congressional scrutiny in the U.S. and widespread indignation in Europe.

Google has gathered Street View images in over 30 countries. Some countries have asked Google to delete the WiFi data it gathered while taking pictures; other countries have asked Google to retain the WiFi data to facilitate investigations.

Acknowledging its error, Google nonetheless maintains that it broke no U.S. laws. "It was a mistake for us to include code in our software that collected payload data, but we believe we didn't break any U.S. laws," said a company spokesperson in an e-mailed statement. "We’re working with the relevant authorities to answer their questions and concerns."

The statement by Blumenthal appears to anticipate the possibility that Google may not have violated any laws. "Our investigation will consider whether laws may have been broken and whether changes to state and federal statutes may be necessary," he said.

Last week, the French National Commission on Computing and Liberty (CNIL) released the findings of its Google Street View investigation in France. The group found that Google had captured e-mail account passwords as it grabbed data from unprotected WiFi networks.

A Google-translated version of CNIL's statement about its finding claims that Google "posted excerpts of content of electronic messages," but a Google spokesperson said this appears to be a bad translation because Google has not posted any captured e-mail content.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0914
Published: 2014-07-30
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management f...

CVE-2014-0915
Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

CVE-2014-0947
Published: 2014-07-30
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

CVE-2014-0948
Published: 2014-07-30
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

CVE-2014-3025
Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

Best of the Web
Dark Reading Radio