U.S. Senator Amy Klobuchar sent a letter to Google Chairman and CEO Eric Schmidt Thursday seeking clarification after the company acknowledged storing private data from unsecured home networks. Last week Google disclosed that it had inadvertently collected information on individuals and families that could include Web pages, e-mail message content, passwords, and other personal information as part of its Street View mapping campaign. "Google's collection of personal information raises numerous privacy questions," Klobuchar said. "Privacy is a founding American principle. To maintain its trust with the public, Google needs to be clear about how it plans to protect the privacy of individuals whose data has been collected and stored." Google had collected the data over the past three years while compiling photos for the Street View map feature. When the Google system came across an unencrypted network, it was programmed to collect any information travelling over the network. Klobuchar, a member of the Senate Commerce Subcommittee on Communications, Technology, and the Internet, released the text of her letter: Dear Mr. Schmidt: Last week, Google revealed that it had inadvertently captured and archived private data from unsecured home wireless networks while compiling photos for its Street View map feature. It is my understanding that Google Street View has been conducting a photographic mapping campaign of streets and neighborhoods across America for the past three years. In addition to cameras, Google equipped these vehicles to scan the airwaves for wireless networks in homes and businesses. When Google's scanning programs found a network, Google recorded the network's name and numerical address, and associated the network with a given location on the map. And when the Google system came across an unsecured network, Google collected snippets of information traveling over the network, which may have included Web sites, e-mail messages, passwords, and other personal information. This data-gathering raises serious privacy concerns. While your company publicly apologized and explained that the data collection was a result of an unintentional coding error, many questions remain. In particular, what specific data did Google collect, how was it stored, and who had access to this information? Did any software engineers or other Google employees notice this excess information in the database in the three years since the program began? To what degree are privacy and data security considered in the software development process? And most importantly, what steps are being taken to ensure this type of intrusion does not happen again? As you have long recognized, Google must make privacy and data security issues a top priority. Thus, data privacy should be considered at every stage of the product development, when it is just an idea, during testing, and through each new update. Even though these were publicly available networks, the American people value their privacy and preserving public trust is paramount.
I look forward to working with you to address these concerns. Sincerely,