US legislators have sent an open letter to Google CEO Sundar Pichai asking for details about Sensorvault, an internal Google database that keeps track of users' historical geo-location details.

Members of the US House Energy and Commerce Committee want Google to reveal what exact user information the company has been collecting inside this database, and who else has access to this data.

Legislators are sending this formal inquiry after a New York Times report published earlier this month revealed that US law enforcement had been regularly accessing Sensorvault user data in a dragnet-like fashion to obtain location details for hundreds or thousands of users at a time in order to identify crime suspects.

The report not only highlighted the dangers of law enforcement misidentifying crime suspects based on Google data, but also the fact that Google had been tracking the location of almost every Android device owner for over a decade, since the company added the Location History feature to user accounts.

The feature, which is turned off by default but is very easily turned on by checking various location tracking options in a plethora of apps, sends location data to Google's Sensorvault database, which according to the Times, also stores "information on anyone who has opted in, allowing regular collection of data from GPS signals, cellphone towers, nearby Wi-Fi devices and Bluetooth beacons."

Now, US legislators want to know how this data is being used, and if more entities --outside of law enforcement-- are benefiting from this extensive database, if the company runs similar location-tracking databases, and the number of employees who have access to such a wealth of personal data.

The House committee wants answers to a series of questions by May 7, and a briefing with Pichai by May 10. The questions are listed below. The open letter's full text is available here.

What information does Google store in the Sensorvault database and for what purposes does Google use this information?

Does Google maintain other databases of precise location information?

Who is able to access the information in the Sensorvault database?

How accurate is the precise location information stored in the Sensorvault database?

What controls, if any, does Google provide to consumers to limit or revoke Google's access to the information stored in the Sensorvault database?

What is Google's retention policy with respect to precise location information stored in the Sensorvault database? Does Google share, sell, license or otherwise disclose precise location information (including deidentified data) from the Sensorvault database with any third parties other than law enforcement?

Does Google share, sell, license, or otherwise disclose precise location information (including deidentified data) from the Sensorvault database with any third parties other than law enforcement?

Related government coverage:

