Consider, the company is facing a potential class-action lawsuit, an investigation by the Federal Communications Commission, potential questioning by Congress, and a multi-state probe led by Connecticut Attorney General Richard Blumenthal. The incident also is in the running for most important privacy development of the year in a poll by the Center for Democracy & Technology.
Of all of the various probes, Blumenthal's seems to have created the biggest headache. That's because the outgoing Attorney General is asking Google to turn over the data it intercepted -- including, potentially, data that users would prefer to keep private, like the URLs they visited or their email transmissions.
So far, Google has refused to comply with Blumenthal's request. The company hasn't said why, but one possibility is that Google is afraid that cooperating with law enforcement here could further violate the privacy of WiFi users by turning over their emails and other communications to the government.
And there's no real question that disclosing people's emails to a state attorney general would compromise users' privacy. Consider, just last week the 6th Circuit Court of Appeals ruled in another context that law enforcement authorities aren't allowed to obtain people's emails without a search warrant.
Blumenthal told Politico that he wasn't requesting "names or addresses." Nonetheless, people can be identified even based on anonymized data.
Yes, maybe there's a chance that Google can provide enough information to Blumenthal for him to investigate while also protecting the privacy of users whose data was intercepted. But if there's even a possibility that complying with the subpoena will result in revelations about the contents of private emails, or of the URLs people visited, Google is right to refuse.