“Enacting baseline privacy legislation that implements a strong and resonant Consumer Privacy Bill of Rights (CPBR) is the single most effective way to answer the public’s call for basic online privacy rights, ensure trust in the online marketplace, and create a level playing field for online businesses,” the groups wrote in their filing.
There are six key recommendations that a privacy law should include that would strengthen the Consumer Privacy Bill of Rights, the groups said. They are: Make it consequential; Fill in the blanks of the Fair Information Practice Principles (FIPPS); Recognize the real harms and significant risks; Carve out special protections for sensitive categories; and Implement practical solutions.
Read the groups’ joint letter to the the Commerce Department’s National Telecommunications and Information Administration here: http://www.consumerwatchdog.org/resources/ntia_big_data_comments_final.pdf
The groups said that as the White House looks to its legacy, implementing a strong and comprehensive Consumer Privacy Bill of Rights “would be an iconic moment in American consumer protection.”
“The privacy bill should be a benchmark for modern consumer protection that respects Americans’ deep history of personal privacy in a technology context,” the groups said. “We believe that it’s preferable for the Administration to propose nothing, rather than a weak bill that does little to advance privacy protections.”
The letter concluded: “The proposal and enactment of strong consumer privacy legislation in the context of the CPBR is essential toward achieving the complimentary goals of protecting the privacy rights of consumers, maintaining consumer trust online and supporting business innovation.”
In addition to Consumer Watchdog the following organizations joined in the comments: American Civil Liberties Union, Center for Digital Democracy, Consumer Action, Consumer Federation of America, Common Sense Media and Privacy Rights Clearinghouse.
Visit Consumer Watchdog’s website at www.consumerwatchdog.org]]>
Google’s latest planned acquisition will will take the Internet giant’s ability to spy on us and gather informationabout our activities to new heights — literally.
Last week Google said it would buy Skybox Imaging for $500 million, chump change for a company that is sitting on around $61 billion in cash. Skybox is building low cost satellites to orbit 185 miles above the earth’s surface that will provide high resolution satellite images.
Until last week satellite imagery where features less than two feet were visible was banned for commercial use in the United States. The Commerce Department changed that rule, now allowing images with resolution as small as one foot. That’s small enough to show manhole covers and mailboxes. Google’s Skybox satellites will be even more revealing and intrusive than the images now availeable.
Here’s what Christopher Mims of The Wall Street Journal wrote about the deal:
And here’s what Skybox could allow Google to accomplish: Within a couple of years, when you want to know whether you left your porch light on or if your teenager borrowed the car you forbade her to drive, you might check Google Maps.
That’s because by 2016 or so, Skybox will be able to take full images of the Earth twice a day, at a resolution that until last week was illegal to sell commercially—all with just a half-dozen satellites. By the time its entire fleet of 24 satellites has launched in 2018, Skybox will be imaging the entire Earth at a resolution sufficient to capture, for example, real-time video of cars driving down the highway. And it will be doing it three times a day.
In announcing the acquisition June 10 Goggle was low-key about the benefits: “Skybox’s satellites will help keep Google Maps accurate with up-to-date imagery. Over time, we also hope that Skybox’s team and technology will be able to help improve Internet access and disaster relief — areas Google has long been interested in.”
The fact of the matter is that Skybox doesn’t even consider itself an imaging company. They are all about the knowledge that can be gleaned from their images and data. Knowledge that is developed by snooping and spying, I’d say.
“We think we are going to fundamentally change humanity’s understanding of the economic landscape on a daily basis,” co-founder Dan Berkenstock told The Wall Street Journal.
Here is the sort of thing he’s driving at: Back in 2010 an USB stock analyst figured out that by buying even the relatively low resolution satellite photos that were available of Wal-Mart store parking lots, he could predict sales figures before the data was released. Full lots mean lots of shoppers. Lots of shoppers mean more sales.
And there is industrial espionage that will directly benefit Google. Suppose the Internet giant could could figure out when Apple was planning to release the next iPhone. It could plan competitive strategy for its Android devices. With Skybox Google can see what’s going on. The Taiwanese company Foxconn manufactures the iPhone. Measuring the density of trucks around the Foxconn plant reveals when a substantial number of devices are being brought to market.
“We’re looking at Foxconn every week,” Mr. Berkenstock told The Journal’s Mims. Mims offered this assessment of Skybox’s future impact:
“It’s the unpredictable applications that could be the biggest. Like GPS before it, which started out as a military-only system that required laptop-size receivers and now enables driving directions in every smartphone, Skybox’s images will inevitably lead to apps and services no one can envision—with unknowable disruptive potential.”
And he offers this note of caution:
A potential downside to the Skybox acquisition is that it could represent a new level of privacy invasion for everyday people. Google will be able to determine all sorts of things about us that might not have been discernible before. For example, is your home on a block with lots of trees? It turns out that correlates with household income. Or, how many cars do you own?
Google’s satellites won’t be powerful enough to pick out individual people. Yet since Skybox’s satellites get their visual acuity not from their optics—which are relatively primitive—but clever software, it’s possible they’ll become ever more keen-eyed even after they launch.
In a few years, when we look up at the sky, we’ll have to wonder: Am I being watched right now?
Consider the power Google will have when it combines what it knows from the satellite images with what he knows about our online activities and emails. In George Orwell’s 1984 government surveillance was ubiquitous. “Big Brother is watching” citizens were reminded. Orwell was right about surveillance. What he didn’t predict was the extent it would be done by commercial entities.]]>
Rep. Hank Johnson, D-GA, also questioned Google about what it was doing. Google was sending to apps developers the name, email address and address of people who bought apps on Google play. It tried to claim that the the information was necessary for the transaction, but that’s clearly not the case when talking about downloading an app from its app store. Neither Apple nor Microsoft provide such personal information. Google’s response to Rep. Johnson confirmed what Google was doing and actually showed it was unnecessary. Consumer Watchdog sent a second letter to the FTC with a copy to California Attorney General Kamala Harris when Google answered Rep. Johnson’s letter.
On Tuesday WebProNews and DroidLife reported Google was addressing the concerns on a new Wallet Merchant Center it is rolling out and won’t send the personal information to apps developers.
I’m glad the change is coming, but I’ve got questions.
What role did the Federal Trade Commission or the California Attorney General’s office play in this change? Why did Google only act when formal complaints were filed? Will there be fines?
Google has become a serial privacy violator. You’ll remember that no sooner was the ink dry on the “Buzz” consent agreement than it was caught hacking around the privacy settings on the Safari browser used on iPhones, iPads and other Apple devices. It ultimately cost Google a fine of $22.5 million, which is pocket change to a company that has annual revenue of around $50 billion. It’s like giving a $25 parking ticket to a person who makes $50,000 a year.
Google is simply figuring that fines are a cost — and a minor one at that — of doing business. In case you missed it, on Monday Germany hit Google with a $189,225 for the Wi-Spy incident where its Street View Cars sucked up emails, URLs, passwords, account numbers as they snapped photos around the world.
In describing the fine The New Times’ Claire Cain Miller wrote:
Regulators in Germany, one of the most privacy-sensitive countries in the world, unleashed their wrath on Google on Monday for scooping up sensitive personal information in the Street View mapping project, and imposed the largest fine ever assessed by European regulators over a privacy violation.
The penalty? $189,225.
Put another way, that’s how much Google made every two minutes last year, or roughly 0.002 percent of its $10.7 billion in net profit.
It is the latest example of regulators’ meager arsenal of fines and punishments for corporations in the wrong. Academics, activists and even regulators themselves say fines that are pocket change for companies do little to deter them from misbehaving again, and are merely baked into the cost of doing business.
The fact Google is changing Google Wallet’s practices makes it clear Google violated the Buzz Agreement. Google claims that it is taking privacy seriously now that it is operating for 20 years under the Buzz Agreement. It isn’t and the regulators aren’t holding Google’s feet to the fire.
The company’s executives need to be held to account in a meaningful way. I’ve always argued the way to get corporate executives’ attention is to hit them with jail time when they flout the law. It’s not going to happen here, but a meaningful fine for the second Buzz violation sure would be nice.]]>
I mean how many of you actually thought Google even had a privacy chief?
Whitten, an engineer based in London (now that’s a location convenient to its Mountain View Headquarters) took the position in 2010 about six months after the Wi-Spy scandal was uncovered and as Google was reaching a consent agreement with the Federal Trade Commission for invading users’ privacy when it launched the ill-fated Buzz social network.
Well, about all that happened on Whitten’s watch was that Google became a confirmed serial privacy violator. No sooner was the ink dry on the Buzz Consent Decree with the FTC, than Google was caught hacking around privacy settings on Apple’s Safari browser, which is on iPads and iPhones, and lying about its practices on the Google website. Google was fined $22.5 million by the FTC, pocket change to the Internet giant.
Also on Whitten’s watch Google was fined $25,000 for obstructing the Federal Communications Commission’s investigation of Wi-Spy and just settled for a paltry $7 million with 38 states attorney general who were investigating. They’ve also got to make a YouTube video telling people how to improve Wi-Fi network security and have a Privacy Day for employees. That’s like asking the fox teach the chickens about how to make the coop safe.
It was also on Whitten’s watch that Google combined its privacy and data collection policies across its services without asking users’ consent first. European data protection officials led by the French are still investigating and action is likely this spring.
Whitten intends to stay on the job through June — not that it makes much difference to users — until her successor Lawrence You takes over.
I guess it makes sense a certain amount of sense that this got announced on April Fools’ Day. Privacy at Google is a joke. Google’s executives view the taps on the wrist the Internet giant has received for privacy violations as nothing more than the cost of doing business.]]>
Judge Susan Illston approved the Federal Trade Commission’s $22.5 million settlement with the Internet giant for hacking past privacy settings on Apple’s Safari browser in U.S. District Court in San Francisco, in a deal that Consumer Watchdog had argued was insufficient in light of Google’s wanton privacy violations.
“The Court also grants additional deference where the decree has been negotiated by a governmental agency that is an expert in its field,” Judge Illston said in her decision.
I was disappointed with the ruling, but think we made important points that will affect how similar cases are dealt with in the future. Drawing the public’s attention to this case was tremendously important. I’m glad we did it.
Attorney Gary Reback of Carr & Ferrell represented us as an amicus curiae or friend of the court. Frankly, I expected an uphill battle with
Google and the FTC aligned against us. Together the government and Google defended the deal that had been negotiated in secret.
Judge Illston did not surprise when she began the hearing by saying her “preliminary view” was to approve the settlement. We opposed the deal for three basic reasons:
1. The settlement allows Google to deny that it did anything wrong.
2. The $22.5 million fine — a lot for you and me — is insufficient for a company like Google with revenue of $40 billion a year. Really it’s just chump change. Google makes $22.5 million in about five hours. Google was liable for fines totaling $16,0000 per day per violation. If you consider each wrongly placed cookie a violation — and you should — Google quickly reaches a liability in the billions. A fine of that magnitude would have caught Google executives’ attention.
3. The injunctive relief in the settlement is insufficient. Google is allowed to keep the ill-gotten data it obtained by hacking around the Safari privacy settings, which is the browser used on iPhones and iPads.
Reback made the arguments in two excellent briefs before the hearing. Both are well worth reviewing. The first is particularly valuable for the way it lays out Google’s history of privacy invasions. Read the original amicus brief here and our response brief here.
As the hearing began Judge Illston said there was no need to require Google to admit it did anything wrong. She said she had no problem with the amount of the fine. She did, however, have questions questions about allowing the Internet giant to retain the wrongfully acquired data.
The government and Google’s attorneys tried to make the case that the Google wouldn’t use the information, so keeping it was irrelevant. I thought Reback effectively rebutted their position, but then, you’d expect me to think that.
By the end of the day, though, Judge Illston had ruled against us. As Reback told The Associated Press’ Mike Liedtke, after the hearing, a consent decree ‘‘is not a good way to police Google,”
What the decision does is allow Google executives to buy their way out of trouble with what for them is pocket change and then deny doing anything wrong. As our briefs made clear, Google has demonstrated an ability to out maneuver government regulators repeatedly and ride roughshod over the privacy rights of consumers. Google continues to be disingenuous about its practices.
That’s why the decision makes two things clear: First, if consumers are to have any privacy at all and be able to control what data is gathered about them, tough Do Not Track rules must be implemented. Second, as we told the FTC last week, the Commission needs to file an antitrust suit against Google and take it to trial in U.S. District Court. The FTC should seek to force Google to divest its Motorola Mobility subsidiary, separate search from advertising, and undergo the same sort of regulation as a public utility.
The Federal Trade Commission’s role in keeping Google’s abuses in check is essential. The Internet is too important to allow an unregulated monopolist to dominate it.]]>
The estimate came in the FTC’s response to Consumer Watchdog’s amicus curiae brief opposing the proposed $22.5 million settlement with Google for the violation. We argued that the settlement is deficient because: 1. It includes no permanent injunction precluding Google from violating the “Buzz” Consent Decree; 2. The $22.5 million civil penalty is inadequate; and 3. The proposed deal specifically allows Google to deny it did anything wrong.
Booth Google and the FTC filed their responses late Friday. Frankly, they both claimed about what I expected they would say: that the deal was reached after arms-length negotiations; that it was fair, reasonable and in the public interest; and
that decisions by an executive branch agency deserve considerable deference from a court.
We’ll have to wait see what Judge Susan
Illstonthinks of all the arguments. What’s next in the case is up to her.
Meanwhile, the interesting new nugget in the FTC’s filing was the estimate of what Google earned by violating our privacy. Megan Bartley, an attorney in the FTC’s Division of Enforcement in the Bureau of Consumer Protection said in a declaration filed as Exhibit A with the FTC response brief: “Using a variety of sources, the FTC estimated that Google profited no more than $4 million from the alleged violation.”
I’ve maintained that the fine is mere pocket change to Google executives. Indeed, the value of the company’s outstanding stock climbed more than $22.5 million the day the proposed settlement deal was announced. The FTC doesn’t want to us to compare the fine to Google’s $40 billion in annual revenue, but rather what Google derived by playing fast and loose with our privacy.
It’s good to see the FTC cite the $4 million figure if that was a basis for the fine. What’s missing, though, is what sources and methods the agency used to make the estimate.]]>
“Google apologizes for its error,” wrote Peter Fleischer, Google’s Global Privacy Counsel (an oxymoron of a title by the way) in a letter to Steve Eckersley, Head of Enforcement for the Information Commission’s Office.
Why am I not surprised? Whenever Google executives get caught with their fingers in the cookie jar — something that is happening with increasing frequency — they claim it was all a mistake and “apologize.” Frankly it’s getting a little tiresome.
Here is how Fleischer put it:
“In recent months, Google has been reviewing its handling of Street View disks and undertaking a comprehensive manual review of our Street View disk inventory. That review involves the physical inspection and rescanning of thousands of disks. In conducting that review we have determined that we continue to have payload data from the UK and other countries.“
Let’s review what happened with the Wi-Spy scandal. Google deployed its Street View cars to photograph city streets in 30 countries around the world. What it didn’t say was that it was gathering Wi-Fi “payload data” — emails, passwords, health and banking data — from private networks as the cars drove by .
When the Germans asked what was going on back in 2010, Google said its cars were only mapping the location of Wi-Fi networks. Then Google said it was gathering payload data, but it was all by mistake and was only insignificant snippets. Then it said it was the work of one rogue engineer.
Data protection officials investigated and in a number of cases like in the UK and Ireland accepted the corporate apologies and promises that the data would be destroyed. That was supposed to have happened in December 2010 in the UK.
As the result of a recently concluded Federal Communications Commission investigation we now know that gathering the Wi-Fi data was not an accident or mistake. It was described in Street View project design documents as “War Driving” and the engineer responsible discussed the plans with his colleagues and managers.
The FCC fined Google $25,000 for obstructing its Wi-Spy investigation and concluded that it could not determine if the Wi-Spy effort had broken any laws. The Commission said a primary reason that it could not decide was because the engineer who wrote the code exercised his Fifth Amendment right not testify, Google has tried to portray the FCC’s report has finding that no laws were broken. That’s not true at all. The FCC said it could not determine if laws were broken.
The British were disturbed enough by the FCC report that the Information Commission’s Office re-opened its investigation of Wi-Spy. The ICO Friday told Google it wants to see the data before it decides what to do.
“The ICO is clear that this information should never have been collected in the first place and the company’s failure to secure its deletion as promised is cause for concern,” a spokesman said.
Google says it still has data that was supposedly destroyed from France, Belgium, the Netherlands, Norway, Sweden, Finland, Switzerland, Austria and Australia.
Ireland’s deputy commissioner for data protection, Gary Davis, called Google’s failure “clearly unacceptable.” Davis said his organization had conveyed its “deep unhappiness.”
I’d say the time for “concern” and “deep unhappiness” has long passed.
The data protection authorities need to do something that will get the Internet giant’s attention. They should levy the maximum fines possible. In the ICO’s case, for instance, that would be 500,000 pounds or about $780,000.
And, if there were ever any doubt, it’s now clear that you simply can’t trust Google to keep its promises.]]>
It wasn’t a popular view of the Internet giant. I think many people used to see Google as a feisty start-up offering “cool” products. Many accepted the idea that Google was true to its “Don’t Be Evil” motto.
But two articles this week, I think, make it clear people are coming around to Consumer Watchdog’s view of Google.
First, a report in The New York Times — Google Privacy Inquiries Get Little Cooperation — demonstrates how perceptions about the company are rapidly changing to reflect reality. Reporters David Streitfeld and Kevin J. Obrien put it like this:
Google might be one of the coolest and smartest companies of this or any era, but it also upsets a lot of people — competitors who argue it wields its tremendous weight unfairly, officials like Mr. Caspar who says it ignores local laws, privacy advocates who think it takes too much from its users. Just this week, European antitrust regulators gave the company an ultimatum to change its search business or face legal consequences. American regulators may not be far behind.
The article details how Google obstructed and stonewalled regulators worldwide who were attempting to get to the bottom of Google’s Wi-Spy activities. That’s when it sent Street View Cars into 30 countries around the world not only to photograph the roads they traveled, but also to suck up emails, passwords and other data from private Wi-Fi networks in 30 countries.
The Times notes:
The FCC did not see it Google’s way, saying last month the engineer “intended to collect, store and review” the data “for possible use in other Google products.” It also said the engineer shared his software code and a “design document” with other members of the Street View team. The data collection may have been misguided, the agency said, but was not accidental.
Although the agency said it could find no violation of American law, it also said the inquiry was inconclusive, because the engineer cited his Fifth Amendment against self-incrimination. It tagged Google with a $25,000 fine for obstructing the investigation.
Google executives followed their usual playbook and declined to comment for the Times article.
“We don’t have much choice but to trust Google,” Christian Sandvig, a researcher in communications technology and public policy at the University of Illinois, told the Times.
“We rely on them for everything. Google doesn’t seem to think it ever will be held accountable. And to date it hasn’t been.”
The second example of the new view of Google came at the influential Wall Street Journal
number of questions, the elements provided do not give a precise, clear and comprehensive response to our questions.” Paczkowski offered this analysis:
Google not only doesn’t want to answer these questions, it doesn’t even believe it is obligated to do so. Indeed, it essentially said as much back in April, when it specifically questioned the authority of the CNIL and the Article 29 Data Protection Working Party to even investigate it. From Google’s April 5, 2012, response to the CNIL:
1) What is the legal basis for the Working Party to act as a regulatory body, or to mandate the CNIL to conduct a regulatory review on behalf of 26 other independent DPAs?
2) What law is being applied to this review?
3) Could the Working Party explain the process being followed and the ultimate aim of the review?
Questions respectfully asked, certainly. But they clearly reflect an uncooperativeness and, more to the point, an overweening arrogance that’s so prevalent these days that it might as well be one of Google’s hallowed “10 Things We Know To Be True.”
I think these articles reflect a seachange in the popular attitude toward the Internet giant. But it’s not just a change in how Google is perceived that the folks in the Googleplex need to be concerned with. There are active investigations underway by antitrust authorities on both sides of the Atlantic. Privacy breaches are also a focus of regulators’ attention.
And then back to the Wi-Spy scandal. I checked in today with the office of Connecticut Attorney General George Jepsen. He’s leading the multi-state investigation of the incident being conducted by 40 state attorneys general. A spokesperson made it clear; the probe is “active and ongoing.”
People are finally getting Google’s number. I’m betting that despite the Internet giant’s self-righteous arrogance, Google will be held accountable.]]>
That’s already happened to Google, which reached a consent agreement with the FTC, because of its privacy violations. They face 20 years of privacy audits.
Back in January the Internet giant said it would combine more than 60 privacy policies into one statement. Google also said that data that had been kept on separate Google services would be combined. The corporate spin was this would improve user experience across all of Google’s sites. Actually, it’s about even better digital dossiers about you and other people who use Google’s services. The data will enable to the company to increase its ad revenue. Remember, you’re not Google’s customer, you are Google’s product.
After Google made its announcement of what I call the new “spy” policy, European data protection authorities sent a polite letter asking that the company delay implementation until the authorities had an opportunity to study the impact of the planned changes on people’s privacy. They said the French data protection authority, CNIL, would lead the investigation
Google, in its usual we-know-better-than-anybody-else mode, stiffed them.
Then 36 U.S. state attorneys general sent a letter expressing their concerns. Several members of Congress voiced objections and wanted an explanation of what’s going on.
While this was all playing out, Jonathan Mayer, Stanford University researcher, discovered that Google was deliberately circumventing privacy settings on the Safari web browser. Making it worse was the fact that Google provided false information about the effectiveness of the Safari settings it was circumventing.
Tuesday CNIL released a letter it had sent to Google that said, “our preliminary analysis shows that Google’s new policy does not meet the requirements of the European Directive on Data protection.” It also said, “The CNIL and the EU data protection authorities are deeply concerned about the combination of personal data across services: they have strong doubts about the lawfulness and fairness of such processing, and about its compliance with European Data Protection legislation.”
And even though Google has claimed that the new “spy” (my word, not theirs) policy is supposed to be more transparent easier to understand, the CNIL disagreed:
“Moreover, rather than promoting transparency, the terms of the new policy and the fact that Google claims publicly that it will combine data across services raises fears about Google’s actual practices. Our preliminary investigation shows that it is extremely difficult to know exactly which data is combined between which services for which purposes, even for trained privacy professionals.”
In the letter the CNIL repeated the request that the new policies be delayed. Google stiffed them again.
It looks to me like the only way to get the Internet giant’s attention will be some serious fines. We have made that case that Google is violating the consent agreement with the FTC. Their could be penalties of $16,000 per violation, per day. The CNIL can impose fines up to $400,000 for a privacy breach. It can also seek court orders to block action that violates data protection law.
Regulators on both sides of the Atlantic need to take meaningful action to halt Google’s willful flouting of the rules.]]>
We protested that it should be open, but didn’t carry the day. After the session, Rep. Bono Mack told reporters that she wasn’t impressed with Google’s explanations.
We then wrote a letter to her and ranking member G.K. Butterfield (D-NC) urging them to call CEO Larry Page before the subcommittee.
With Google’s latest privy breach, Bono Mack issued news release titled, ” Bono Mack Calls Google Back to Capitol Hill for Explanation of Latest Privacy Flap.” It said:
“Google has some tough new questions to answer in the wake of this latest privacy flap, and that’s why I am asking them to come in for another briefing. Even if unintentional, as the company claims, these types of incidents continue to create consumer concerns about how their personal information is used and shared. Companies need to be open about what they’re collecting, and how that information is used. Just as importantly, this needs to be clearly communicated to consumers. While I am determined to get to the bottom of this, some of it simply may be ‘growing pains.’ That’s why it’s important to sit down and figure out how we can better protect consumer privacy in the future.”
Not clear to me was whether she wants another closed-door meeting, so I called her office and asked. A spokesperson explained that they are still working out the details, who would come, whether it would be open or what. At
this point, the spokesperson said, it could go either way.
it’s no surprise that I made a strong pitch to make sure it’s public and that CEO Page does the explaining.]]>
The Internet giant recently announced it would consolidate more than 60 privacy policies into one and that it would combine a user’s data collected on various sites into one profile. What you did on YouTube would be commingled with data from your search queries and your Gmail account, for example.
Google has spun this as being aimed at “improving the user
experience.” In fact, it’s all about amassing even greater digital dossiers on people so they are better targets for advertising. Remember, our information is Google’s lifeblood. We’re not Google’s customers; we’re the product.
The big problem with Google’s unilateral action is that it appears to violate the terms of the “Buzz” consent settlement with the Federal Trade Commission. I called for the FTC to determine if there’s a violation last week. Rep. Ed Markey (D-MA) and Rep. Joe Barton (R-TX) asked the same question in a letter to FTC Chairman Jon Leibowitz.
Google’s consent agreement with the FTC came as a result of the “Buzz” debacle in which the Internet giant displayed users email addresses without their consent as it tried to launch a social network. Under the terms of the consent
agreement, Google can’t use data it has collected in new ways unless users opt-in to the new use.
Click here to read the consent agreement.
EPIC today filed a complaint and a motion for a temporary restraining order and preliminary injunction in Federal Court in Washington. It wants to compel the FTC to act before the new policies are implemented March 1.
Google’s plan raised concerns in Europe, where the Article 29 Working Party, a group representing European data protection officials, asked Google to “pause” implementation of the new polices until the group could determine how they affect users’ privacy. The French data protection agency is taking the lead in the analysis. So far, Google has rebuffed the European request.
“We believe Google went way over the line in a variety of ways,” Marc Rotenberg, EPIC’s executive director, told USA Today. I couldn’t agree more.
The best thing that could happen now is for the FTC to act immediately and block Google’s arrogant, unilateral action. Then there’d be no need for a hearing on EPIC’s motion.]]>
City Council is expected on Wednesday to approve amendments to its contract with CSC and Google that acknowledge the reality that Google, despite promises two years ago, cannot meet the security requirements of the 13,000 Los Angeles Police Department and other city law enforcement employees.
Cloud computing, by the way, is where the software and much of the data resides on the provider’s servers and not on the user’s computer and is accessed via the Internet. Consumer Watchdog is just one of many who are concerned about the security of data in the cloud. We expressed doubts about Google’s solution for LA when it was announced.
CSC is the contractor implementing the Google “cloud” system. A report to Council from Chief Legislative Analyst Gerry F. Miller and
City Administrative Office Miguel Santana, which recommends the new deal notes:
“Although CSC does not have the technical ability to comply with the City’s security requirements, it should be noted that the DOJ requirements are not currently compatible with cloud computing.”
Well, duh. Wouldn’t you have thought someone would have figured this out before the project started?
I think the problem was that Google’s data-driven computer geek culture got in the way. Google executives choose to see the world as they think it should be, not as it is. To them DOJ security requirements are more than they deem necessary. So Google, in their minds, ought not to have to meet them.
I for one am glad the LAPD stuck by its guns. Here are the key elements of the deal Council is expected to approve:
– Los Angeles pays for the 17,000 users actually on Google’s cloud according to the reduced rate per seat it would qualify for if it had 30,000 users.
– Google pays the city for the Groupwise licenses and expenses required for 13,000 law enforcement employees to use the old system through the term of the contract (November 2012) and any extensions. Google’s obligation is caped at $350,000 annually. Actual payment now is about $250,000 a year.
– CSC had given the city $250,000 as incentive for Los Angeles to encourage other governments to adopt Google. CSC will not seek reimbursement for that.
Frankly, I’d forgotten the city got financial incentives — let’s be accurate, a kickback — to tout Google to other municipalities. Now that city officials know the city won’t lose a quarter of million dollars for candor, perhaps they’ll honestly tell the world about Google’s failure.
At the least they must demand that this misleading video be removed from the Google Apps for Government Website. By no stretch of the imagination was Los Angeles a success for Google. And now, Los Angeles officials have an obligation to make that fact clear to the world.
And folks in other jurisdictions considering Google solutions should pay close attention to the Los Angeles experience. Are you listening Chicago Board of Education?]]>