Consumer Watchdog: Google Should Increase Privacy Efforts

Consumer Watchdog wants Google Inc. to implement more privacy protections in its e-mail and search systems as it may be looking at e-mails coming and going from GMail accounts.

Google has inked e-mail and search-engine agreements with a number of private companies and public employers, including Arizona State University and the state of Arizona. The Mountain View, Calif-based Internet company also recently agreed to share search information with federal agencies to help the track influenza outbreaks.

The California-based consumer group says Google can scan or examine e-mails from systems other than GMail as long as one of the senders has a GMail account.

Google, which is closing an engineering center in Tempe, said e-mail scanning is par for the course within in the industry and that it offers privacy options for users.

“Virtually all e-mail services scan your e-mail to provide such popular features as spam filtering, virus detection, search, spell checking, and the automatic saving and sorting into folders. Google also uses this scanning technology to deliver targeted text ads and other related information. This is completely automated and involves no humans,” said a Google spokesman in an e-mail to the Phoenix Business Journal.

“We build strong privacy and security protections into all Google products, and users can control their privacy settings, such as turning on encryption in GMail or going off the record in Google Talk, or even using some services anonymously. Our team has spoken with Consumer Watchdog, and we welcome feedback from users and consumer advocates on potential new features and privacy controls,” said the spokesman.

Google CEO Eric Schmidt said Tuesday that the company is concerned that implementing more privacy options and safeguards could cut into the speed of its services and search engines.

Congress Warned Of Google Privacy & Security Risks After Google Markets Services To Staffers On Hill

New Video Shows Privacy Problems With G-Mail

Washington, DC — Consumer Watchdog released a new on-line video exposing privacy problems with Google’s Gmail service and other Google applications in the wake of Google’s recent marketing efforts on Capitol Hill.   At a speech in Washington D.C. today, Google CEO Eric Schmidt acknowledged the group’s privacy concerns and expressed an interest in addressing them. He said his concern was balancing performance and speed of the system with privacy and security demands.

The video — which can be viewed at www.consumerwatchdog.org/google — shows that whether you use Google’s GMail or not, Google reads the contents of your emails, if the recipient uses GMail.  Consumer Watchdog also highlighted how the “auto save” function in many Google applications creates an unprotected communication for users even before a message is sent or a document submitted.  Previously Consumer Watchdog had called on Google to adopt Secure Sockets Layer (SSL) protection for transmission of information as a default.

“If Google can find the capacity to stream millions of YouTube videos, then we are confident the company can find the capacity to protect our privacy without sacrificing the speed of information transmission,” said Consumer Watchdog President Jamie Court. “We appreciate Google’s attention to these concerns but must warn about the threat to Google users’ privacy until they are addressed.”

Consumer Watchdog today called upon Google to stop opening emails from non-GMail users and add more security for those who use GMail. The nonprofit group also wrote Congress warning about the security risks for government officials use of Google services.  Click here to read the letter.

“Your staff should be aware that sensitive communications and documents created with Google’s software can be intercepted and read,” Consumer Watchdog’s Jamie Court and John Simpson wrote to 535 members of the House of Representative and the U.S. Senate.  “Google’s software and services are security risks because, often unbeknownst to the user,  information is stored on Google’s servers, not the computer user’s desktop. As our latest video shows, Google intentionally blurs the distinction between secure desktop and un-secure Internet use. Even if you trust Google’s servers to store sensitive government data, any one monitoring the transmission of that data between your staff’s computer and Google can read the contents of their email and their documents.”

After the election, Google went to Capitol Hill with a powerpoint presentation (NOTE: 15MB download) and solicited Hill staffers to use its services.

Schmidt responded to a question from Consumer Watchdog’s John Simpson, who attended a speech by Schmidt in the Ronald Reagan Ampitheater today.

– 30 –

Group Warns of Google Browsing, E-mail

(Click here to watch TV news segment.)

LOS ANGELES, CA — Consumer Watchdog warned Tuesday that Google Web
browsing and e-mail services may not be private and secure. If fact,
the consumer group says national security could be at risk.

All e-mail services, not just Google, can have security issues if the
user doesn’t take the proper precautions. But Tuesday, Consumer
Watchdog pointed out some specific issues with Google.

Consumer Watchdog is a consumer advocacy group that believes Google’s
e-mail service, called Gmail, is not private or secure. And Consumer
Watchdog says the security problem is not only with Gmail users, but
also with those who may not have Gmail but correspond with Gmail users.

Consumer Watchdog said Tuesday that members of Congress have been
solicited by Google to use their Gmail service and Google’s browser,
called Chrome, but that could put the nation’s security at risk.

But in talking to Google, the company said it is comfortable with its
security but it is willing to make some changes. Here is a statement
from a Google spokesperson:

"We build strong privacy and security protections into all Google
products, and users can control their privacy settings, such as turning
on encryption in Gmail or going ‘off the record’ in Google Talk, or
even using some services anonymously. Our team has spoken with Consumer
Watchdog, and we welcome feedback from users and consumer advocates on
potential new features and privacy controls."

According to Google, users can add security to their Gmail accounts by
simply going into "settings" and turning on the "secure sockets layer,"
also known as SSL. And when using their browser called Chrome, users
can open the Incognito window to hide their activity on the Internet.

 

Consumer Watchdog: Google Made First Political Contributions

California campaign disclosures show that Google, which has had issues from privacy advocates and government regulators, made what appears to be the first political contributions to elected officials in the company’s history.

The $77,800 in contributions includes $25,000 to Governor Arnold Schwarzenegger and $3,400, near the maximum contribution allowed, to both the Republican and Democratic leaders of the California Assembly. A search of state records in California and federal reporting by the Center for Responsive Politics shows no prior Google political contributions.

The nonpartisan group Consumer Watchdog said Google’s engagement with political contributions signals a troubling shift in the company’s direction.

"Google’s purpose has clearly grown beyond creating the best search engine to protecting and expanding a highly profitable business model," said Consumer Watchdog president Jamie Court. "It’s hard for a company to maintain its motto ‘Do No Evil’ when the currency it brings to politics is not just information and analysis, but also the root of all evil, cash for politicians."

Records show the contributions were made in late October after Consumer Watchdog had written Google about serious privacy concerns with the company’s products and intervened at the Justice Department to stop Google’s proposed advertising alliance with Yahoo.

Consumer Watchdog created a YouTube video showing how your computer could be having an unnoticed conversation about you with Google’s servers. Read the letter and watch the video at consumerwatchdog.org/google.

Is Google using its purchasing power in politics?

As Google grows into the behemoth of personal computing that it apparently wants to become, the firm has apparently decided to get bigger in another realm: political influence.  As we recently noted, Google made its first donations directly to politicians in its home state of California in October, just as public scrutiny of the company has increased.

As Dan Morain points out in the LA Times, these contributions are made as more and more issues of concern to Google are appearing in the California Legislature:

In September, California lawmakers approved a measure that granted
the computer industry an exemption from paying overtime to workers
earning not less than $75,000.

Google’s lobbyists worked on the bill, and Gov. Arnold Schwarzenegger signed
it later in September. A month later, Google donated $25,000 to him.
That was the largest single donation Google has given to a California
politician.

And it’s not just California, the company has increased its role in federal lobbying, too. Joelle Tessler of the Associated Press reports that Microsoft still spends more than Google on lobbying:

But Google is catching up. The company spent $2.1 million on
federal lobbying during the first nine months of this year, compared
with $1.5 million for all of 2007. And while not all big technology
companies have chosen to play active roles in the nation’s capital,
Google wants to be a key participant.

It’s not surprising that a company the size of Google is diving deeper into the muck of campaign contributions and political influence, but it is a shame.  The innovators from Mountain View seem to be saying that the old game of special interest influence is the best way to go.

Another huge medical data breach is mishandled

Both president-elect Barack Obama and Sen. John McCain backed electronic medical records during their campaign. Computerizing patient data, which could increase efficiency and cut costs, is part of every major federal health reform proposal. But what are the rules for this data? An extortion threat reported today, and involving up to 50 million patients’ prescription drug records, shows the huge risks in letting unregulated for-profit companies take charge of Americans’ medical records.

The company, called Express Scripts, not only had a serious hole in its data security, it also isn’t doing nearly enough to help its clients.

Express Scripts is a pharmacy benefit manager, handling prescription drug plans for clients including insurance companies, employers and union health plans. It covers about 50 million people. Yes, 50 million. It’s a very profitable middleman job in the health industry.

Here’s what happened, according to the NY Times story:

The company said Thursday that it had been investigating the threat since early October, when it received a letter that contained personal information on about 75 of its members including names, dates of birth, Social Security numbers and, in some cases, prescription information.

Wouldn’t you want to know if your information may have been stolen? Don’t look to Express Scripts for much help. The company has called in the FBI, but it hasn’t personally notified any of its patients, except for the 75 people named in the extortion letter. So the company waited a month before going public. Its stated reason, according the Wall Street Journal, is that it wanted to "get the investigation up and running" first.

Pardon my suspicion, but I think Express Scripts was waiting to see if it got reports of identity theft. It says it hasn’t, but how would most of us even know that a credit problem was linked to a huge but nearly anonymous "pharmacy benefits manager?"

Even people who order their drugs online don’t see the company mailing back their Lipitor as a brand like MasterCard or Visa (and credit card companies at least have to follow strict rules about disclosing data breaches). Patients who get their prescriptions at a drugstore wouldn’t have almost no direct contact with Express Scripts.

Here are other ways that Express Scripts is failing its duty:

•    Instead of notifying all patients, it is depending on the news media to get the word out and guide patients (if they even know they’re "clients" of Express Scripts) to a special "support" website about the extortion threat.
•    People who hear about Express Scripts in passing, for instance on radio news, won’t find a word about possible theft of their data on Express Script’s main corporate website. As of today, it has a small-type link for people with "questions about safeguarding your personal privacy." Most of us would take this to be something about the corporate privacy policy.
•    I put "support" in quotes in discussing the client web site because it offers precious little support. It links to credit bureaus like Experian, and some government agencies. It just tells folks to go check their credit reports for themselves.. No advice is offered regarding possible release or misuse of their private medical information, except to be "alert" to any irregularities in their pharmacy benefit statements
•    The support site suggests that individuals "consider placing a security/fraud alert or extended security/fraud alert through the credit bureaus," which, depending on whether you opt for a "security freeze," can cost money and freeze up individual’s ability to get credit unless they pay for a temporary lifting of the alert. In any case, it’s a thrash to contact all three major credit bureaus.
•    In similar data theft instances involving financial companies and the Veterans Administration, possible victims were offered free credit monitoring for a year or more, even if no instances of fraud were detected. In the case of a stolen laptop at the VA, it was recovered two months later with the files unopened.

Express Scripts says it was able to identify the location on their system from which the data was lifted, and says it has plug whatever security loophole might have been found. Unfortunately, there is no regulation of how secure such data must be, no impetus in the for-profit world to put top-notch data security at the top of the corporate list.

Drug companies increasingly seek to use pharmacy databases for commercial purposes, including direct advertising of their own drugs for a patient’s condition. This offers another opportunity for hacking or theft, as well as inappropriate interference in doctor-patient relationships. Read here and here about how Consumer Watchdog fought off an attempt to make this use legal in California.

Google, the search giant, is offering Google Health," where consumers can store their own health data. Google, however, keeps the data. It says it will only use your data in aggregated ways, without personal information. But it does allow third parties to ask you for access, even for advertising and promotional uses. Google reserves the right to change its policies in the future, and theft is always a threat.  

President-elect Obama has signaled that broad health care reform may have to be delayed because of the financial meltdown, but that he is open to faster partial reforms. Here’s one that he can take on at no cost to taxpayers:

•    Oversee and regulate all of these huge patient databases held by for-profit companies.
•    Make sure that intense security comes before, not after, profit. Ban any third-party commercial use of patient information.
•    Put simply, ensure that patient privacy is the first thing that a CEO thinks about in the morning–or else.

Google Makes First California Candidate Contributions As Criticism Mounts – Updated 11/11/08

UPDATE (November 11, 2008)

Santa Monica, CA — California campaign disclosures show that Google, Inc [GOOG] – which is under fire from privacy advocates and government regulators – made what appears to be the company’s first-ever political contributions to state politicians in its home state of California.

UPDATE: Google has pointed out that it’s employees contribute to a federally organized Political Action Committee — "Google, Inc. Google NetPAC" — which has donated several hundred thousand dollars to federal candidates, according to documents filed with the Federal Election Commission.  Neither Google, nor any affiliated employee PAC, had ever made contributions to California candidates, according to disclosures with the California Secretary of State.

The $77,800 in contributions includes $25,000 to Governor Arnold Schwarzenegger and $3,400, near the maximum contribution allowed, to both the Republican and Democratic leaders of the California Assembly.  A search of state records in California shows no prior Google Inc. contributions to elected state officials or candidates.
 
The nonpartisan group Consumer Watchdog said Google’s engagement with political contributions signals a troubling shift in the company’s direction.
 
“Google’s purpose has clearly grown beyond creating the best search engine to protecting and expanding a highly profitable business model,” said Consumer Watchdog president Jamie Court.  “It’s hard for a company to maintain its motto ‘Do No Evil’ when the currency it brings to politics is not just information and analysis, but also the root of all evil, cash for politicians.”
 
Records show the contributions were made in late October after Consumer Watchdog had written Google about serious privacy concerns with the company’s products and intervened at the Justice Department to stop Google’s proposed advertising alliance with Yahoo.  Also Consumer Watchdog created a popular YouTube video showing how your computer could be having an unnoticed conversation about you with Google’s servers. Read the letter and watch the video here. Citizens have sent more than 23,000 e-mails and faxes to Google’s Board of Directors, from the Consumer Watchdog action page, calling on the company to improve its privacy standards.
 
For a detailed list of Google’s recent donations visit the California Secretary of State’s website.
 

– 30 –

Consumer Watchdog, formerly known as The Foundation for Taxpayer and Consumer Rights, is non-profit and non-partisan consumer advocacy group.

Consumer Watchdog Group Accuses Google Of Spying

Consumer activists are criticizing internet goliath Google for spying on its customers. News 8 investigates and gets Google’s side of the story.

News 8 received a video news release from ConsumerWatchdog.org that asks Google to stop the spying. The video shows a typical Google search, where as you type, an intuitive drop-down window tries to figure out what you’re searching for. In one case, a person spells only half of the word "marijuana". In another example, the searcher types "I want to kill the president". Once again, without pressing the enter key on the keyboard, the data in the drop-down box is logged by Google.

Dallas Thornton from the San Diego Super Computer Center says other websites like Yahoo and Amazon use the same search suggest system.

"I think it’s important that users realize that what they do online is being monitored whether it’s Google or anyone else. The days of being private on the internet are no more," Thornton said.

Beth Givens, director of the Privacy Rights Clearinghouse, says Google is taking a lot of heat for putting data collection before privacy.

"It was a surprise to me that your tentative keystrokes are actually being transmitted to Google before you hit the ‘enter’," Givens said.

When News 8 contacted Google, they told us they’re simply trying to make online searching faster and easier, and that in only two percent of the time do they log data, such as your IP address, in order to monitor and improve the system. But because of recent privacy concerns, Google admits they’re trying to change their system to make that information anonymous within 24 hours.

A spokesperson from Google called News 8 and told us Google customers can always turn off the Google suggest mode by going to ‘Preferences’ right next to the search box.

Consumer Watchdog Asks Google for More Privacy, While Firefox Adds ‘Porn Mode’

With Google adding a browser to its search engine, cloud applications, ad tracking and toolbar, it already knows more about you than even your mother could. But Consumer Watchdog thinks the Lords of the Web should still make it easier for people to have a bit more privacy…

Consumer Watchdog has "called on Google’s founders and directors to adopt new privacy safeguards that allow for anonymous internet and software use". In a video, the organization criticizes Google Suggest, and the Incognito mode in Google’s Chrome browser. It says:

    Chrome’s Incognito mode lulls consumers into a false sense of security that their actions are completely private and free from prying eyes when in fact they are not.

    "Chrome provides Google unprecedented dominance over the transmission of computer data and warrants higher privacy standards," wrote Consumer Watchdog President Jamie Court and Policy Advocate John Simpson.

The site provides a form letter you can send "to ask Google’s board of directors to agree to basic privacy rights for all Web users".

You can, of course, turn Google Suggest off. However, its combination of search logs, Google applications such as Gmail, advertising tracking across the web, the Google Toolbar and Chrome browser enable Google to harvest vast amounts of information about the things users do.

Microsoft’s Internet Explorer 8 Beta 2 has an InPrivate mode, and Apple’s Safari has a Private Browsing mode. Yesterday, Private Browsing was also added to the pre-release (developer) versions of Firefox 3.1, according to a blog post by Ehsan Akhgari: Don’t leave a trace: Private Browsing in Firefox. He also explains how to start Firefox in Private Browsing mode. However, as he says:

    Private Browsing aims to help you make sure that your web browsing activities don’t leave any trace on your own computer. It is very important to note that Private Browsing is not a tool to keep you anonymous from websites or your ISP, or for example protect you from all kinds of spyware applications which use sophisticated techniques to intercept your online traffic. Private Browsing is only about making sure that Firefox doesn’t store any data which can be used to trace your online activities, no more, no less.

It will be interesting to see if it makes any difference. Not many people actually go in for anonymous browsing. Is that because they don’t know, or because they just don’t care?

Is Chrome Spying on You?

The nonprofit Consumer Watchdog
has called on Google to amend several features in its new browser that,
they claim, seriously compromise your privacy on the Web. You may have
noticed that whenever you start typing into Google’s search field, the
site starts suggesting topics for you. Google is, in fact, recording
and storing every keystroke you type, regardless of whether you hit the
search button or not. The company also stores your IP address, which
can narrow your physical location down to within a block or two. In
short, Google has compiled a profile of who you are and what you’re
like, along with a damn good idea of where you live. If the government
would like to know as well, and can get their hands on a subpoena,
there’s not much you can do about it.

This isn’t exactly news; Google’s been doing this for quite some
time. But everyone knows Google is doing this, so if you’re planning to
surf the Web with Google, you’re at least forewarned that your Internet
privacy is a joke. With Chrome, it’s a different story. Chrome has an
"incognito mode," which theoretically preserves your anonymity. But as
Consumer Watchdog points out, the mode often switches off automatically
without your knowledge. You may think you’re surfing the Web without
someone looking over your shoulder, but the reality is considerably
different.

Consumer Watchdog has called on Google to display the incognito
button prominently and remove any chance of hiding it behind pages of
irrelevant text. It has also demanded that the incognito become a
toggle switch, staying on until users explicitly choose to discontinue
it. In fact, Consumer Watchdog wants an incognito button for all of the
company’s applications, including Gmail. At a minimum, they insist,
Google must more prominently warn users that their keystrokes are being
stored somewhere.

Needless to say, Google hasn’t exactly agreed. Consumer Watchdog has
now launched a campaign to pressure the company into complying, and
they have created an online form letter for
users to send to the company. They’ve also produced a short film on how
Google is keep tabs on what you do—which, of course, they’ve posted on
YouTube
.

Google Chrome Privacy Issues Prompts Plea To Google Execs

Chief among the group’s complaints is Google Suggest, a
feature found in Chrome and other Google applications like Google
Toolbar.

In an effort to publicize what it claims are the privacy failings of Google’s new Chrome browser, Consumer Watchdog is airing its grievances through Google’s YouTube
and urging viewers to use its e-mail form to submit a message to
Google’s board of directors demanding better privacy protection.

Google’s new Chrome browser presents a privacy risk for
consumers, the consumer advocacy group contends, because it sends
information about users’ searches "without users’ full understanding,
consent or control."

Google launched its open source Chrome browser, now in its third beta iteration (version 0.3.154.9), in early September to provide a better experience and better security for browser-based applications.

Chrome’s Incognito mode, like Microsoft Internet Explorer 8 Beta
2’s InPrivate mode and Apple Safari’s Private Browsing mode, creates a
window in which, as Google puts it, nothing "is ever logged on your computer."

Consumer Watchdog argues that Chrome’s Incognito mode does not confer
the privacy that the mode’s name suggests and that Chrome’s blurring of
local and remote computing "creates confusion in the consumer’s mind
about the privacy and security of confidential information."

Chief among the group’s complaints is Google Suggest, a feature
found in Chrome and other Google applications like Google Toolbar. It
is effectively a keystroke logger than sends every character typed to
Google. Google uses this information to provide search suggestions that
it refines with every subsequent letter.

Google doesn’t see the harm in this. "Just as E.T. needs to
phone home in order to get a spaceship to pick him up, Google Suggest
needs to talk to Google while you type in order to offer suggestions to
you," the company explains on its Web site. "Everything you type, though, is protected by Google’s privacy policy."

Earlier this month, Consumer Watchdog in a letter urged the U.S.
Department of Justice to reject Google’s proposed advertising deal with
Yahoo. The group cited the lack of user control over Google’s data
collection, particularly through Chrome, as the impetus for its
opposition to the deal.

Now the organization wants the various State Attorneys General
to force Google to let consumers choose to use its services
anonymously.

"Google’s role is now unprecedented because the Internet goliath is no
longer merely collecting some data about how we search and surf the
Web," said Consumer Watchdog president Jamie Court in a statement. "Its
new browser and software are actually sending information from inside
our computers to its servers. If Google won’t solve its own privacy
problems, the company must be prepared for regulators to put the brakes
on its unprecedented growth. State Attorneys General need to take
action to protect consumers’ privacy and make sure that computer users
have the ability to opt-out of Google’s web and browse anonymously."
The group wants Google to affix a single prominent button on the main
Chrome page that allows the user to enter Incognito mode instantly and
to maintain Incognito mode through subsequent sessions until the user
chooses to revert to unprotected browsing.

It wants Google users to have a way to extend the Incognito
mode to avoid sending information to Google when searching or invoking
another action that transmits data.

And it wants Incognito mode to actually hide the user’s
identity with a default SSL connection, automatic IP anonymization,
invisibility to all Google servers including Google Analytics, and the
termination of auto-saving, of search suggestions and of external calls
to desktop apps and plug-ins related to browsing.

"You should provide the privacy the name implies or stop calling it Incognito mode," the group said in its letter to Google’s board.

In response to Consumer Watchdog’s complaint, Google said in an e-mailed statement that the organization has misunderstood its products and practices.
Google said it only stores 2% of requests received through Google
Suggest, that it anonymizes the IP address of received Suggest data
within 24 hours, and that users can turn Suggest off by visiting the
Chrome Options menu and clicking the Manage button.

Incognito, according to Google’s statement, is intended to
prevent information from being left on the user’s computer. It is not,
in other words, an anonymization service. Google also said that
Incognito does not default to SSL (Secure Sockets Layer) "because these
connections are provided by Web sites, not browsers, so it is
technologically impossible for Google Chrome to behave this way."

The company said that while it disagreed with Consumer
Watchdog’s video and letter, it remains open to user feedback,
particularly with regard to Chrome as it progresses through beta
testing.

If you haven’t seen Chrome in action yet, take a spin through our Google Chrome image gallery and have a look at the browser that’s being touted as a game-changer.

Consumer Watchdog Exposes Google Privacy Problems & Calls For Attorneys General Investigation

Online Video Targets Google’s  New “Chrome” Browser, Websites And Software Revealed

SANTA MONICA, CA — Consumer Watchdog has created a You Tube video showing how your computer could be having an unnoticed conversation about you with Google. The nonprofit group has called on Google’s founders and directors to adopt new privacy safeguards that allow for anonymous internet and software use.  Watch the video here and read the letter to Google’s founders here.

Earlier this month Consumer Watchdog wrote the Justice Department to block Google’s proposed advertising alliance with Yahoo based on these privacy concerns; an announcment about the deal is expected later this week.  The letter notes that the introduction of Google’s new browser, known as “Chrome,” without new privacy protections, poses an unprecedented threat to consumers. (Read it by clicking here.)

“Google’s role is now unprecedented because the Internet goliath is no longer merely collecting some data about how we search and surf the web,” said Consumer Watchdog president Jamie Court. “Its new browser and software are actually sending information from inside our computers to its servers. If Google won’t solve its own privacy problems, the company must be prepared for regulators to put the brakes on its unprecedented growth.  State Attorneys General need to take action to protect consumers’ privacy and make sure that computer users have the ability to opt-out of Google’s web and browse anonymously.”
 
Consumer Watchdog spoke with Google’s team last month about its concerns, but the company agreed to address only one of the smaller privacy problems uncovered in the video. Google claims users do not expect to be able to navigate the web anonymously, only to have anonymous moments, which is why Google does not have an easy to use privacy mode for its products. The consumer group’s concerns center on creating a simple anonymizing button across Google’s products and websites so that there is transparency and easy opt-out for those who did not wish to share their private data. (Google users can join the campaign and send a free message to the company by clicking here.)

Most computer users do not focus on the huge amounts of data sent to Google’s servers, Consumer Watchdog said. The introduction of Chrome, unless the privacy concerns are addressed seriously and quickly, could mark the end of real user control and choice online because: 

(1) New asynchronous communications are occurring without users’ full understanding, consent or control;
 
(2) Many Chrome features blur the distinction between the desktop and cloud computing, where a computer user’s software, documents, data and personal information exist not on the consumer’s hard drive but on Google’s servers on the Internet. This creates confusion in the consumer’s mind about the privacy and security of confidential information;
 
(3) Chrome’s Incognito mode lulls consumers into a false sense of security that their actions are completely private and free from prying eyes when in fact they are not.
 
“Chrome provides Google unprecedented dominance over the transmission of computer data and warrants higher privacy standards,” wrote Consumer Watchdog President Jamie Court and Policy Advocate John Simpson. “Chrome represents a once-in-a decade opportunity to raise the consumer privacy bar to new heights that will benefit consumers, content providers, and ultimately Google itself.”
 
To protect user privacy Consumer Watchdog said Google should:

* Place a single prominent button on the main Chrome interface that can’t be hidden or removed and that allows a user to enter Incognito mode instantly without interrupting the user experience.  Once in Incognito mode, the application should assume we want to stay incognito, essentially treating Incognito as a default preference once a user has selected it.  
 
* Provide clear disclosure on the Google search engine home pages so that users can easily prevent communication with Google before pressing the search button or affirmatively requesting an action.  This could be an extension of an omni-present “Incognito mode” button.  This disclosure needs to be made clear throughout all the Google applications including GMail, Google Talk, and the Google Toolbar.  This disclosure needs to be more than a confusing warning a few clicks away. It should be a convenient, actionable feature so that the user can exercise informed choice.
 
* Ensure that Incognito mode has the full meaning the word implies when users opt for it.   Incognito mode should default to SSL  (Secure Sockets Layer) connections, provide an automatic IP anonymizing service, enforce a no-log policy on all Google servers including Google Analytics, as well as disable auto-saving, suggestions, and all other feature that use asynchronous event handlers other than button and link click.  Incognito should disable all external calls to desktop applications and plug-ins whose applications fail to meet equivalent standards

“We look forward to your response and to working with Google to make the company the standard bearer for privacy on the Internet,” Consumer Watchdog’s letter concluded.
 
 – 30 –

Consumer Watchdog, formerly known as The Foundation for Taxpayer and Consumer Rights, is non-profit and non-partisan consumer advocacy group.  For more information visit  http://www.ConsumerWatchdog.org.

Google’s Growth Makes Privacy Advocates Wary

NEW YORK (NY) — Perhaps the biggest threat to Google Inc.’s increasing dominance of Internet search and advertising is the rising fear, justified or not, that Google’s broadening reach is giving it unchecked power.

This scrutiny goes deeper than the skeptical eye that lawmakers and the Justice Department have given to Google’s proposed ad partnership with Yahoo Inc. Many objections to that deal are financial, and surround whether Google and Yahoo could unfairly drive up online ad prices.

A bigger long-term concern for Google could be criticisms over something less tangible – privacy. Increasingly, as Google burrows deeper into everyday computing, its product announcements are prompting questions about its ability to gather more potentially sensitive personal information from users.

Why does Google log the details of search queries for so long? What does it do with the information? Does it combine data from the search engine with information it collects through other avenues – such as its recently released Web browser, Chrome?

Data gathered through most of the company’s services "disappears into a black hole once it hits the Googleplex," said Simon Davies, director of London-based Privacy International, referring to Google’s headquarters. "It’s impossible to track that information."

Google – whose corporate motto is "Don’t Be Evil" – generally sees such concerns as misinformed. For instance, the company says it stores the queries made through its popular search engine primarily so it can improve the service.
But whether the criticisms are valid or not, they are likely indicative of the battles Google will face as it, like Microsoft Corp. in the 1990s, moves from world-wowing startup to the heart of the technology establishment.

The September release of Chrome illuminated the budding conflicts.

To Google, the new browser is a platform on which future Web-based software applications might run most efficiently. It also is a sign that Google understands its growing power, since launching a browser is a direct challenge to Microsoft.

In other circles, Chrome provoked suspicion. One group, Santa Monica, Calif.-based Consumer Watchdog, argues that the browser crosses a new line.

In a mid-October letter to Google directors, Consumer Watchdog said it had "serious privacy concerns" about the browser and the transfer of users’ data through Google’s services without giving people what it sees as "appropriate transparency and control."

One of Consumer Watchdog’s complaints surrounds Chrome’s navigation bar, which can be used to enter a Web site address or a search query. The group points out that as users type in the navigation bar, Chrome relays their keystrokes to Google even before they click "Enter" to finalize the command.

"The company is literally having this unnoticed conversation with itself about you and your information," Consumer Watchdog President Jamie Court said.

This "conversation" stems from the "Google Suggest" feature, which is built into the browser and other Google products, including its basic Internet search engine.

"Google Suggest" sends Google searches as you type, in hopes of anticipating your desires. So if you’re keying in "Electoral College 2008 election," Google will offer multiple search queries along the way. First you’d be given results related to the term "electoral," then ones on the Electoral College in general, and finally you’d get links pertaining to Tuesday’s presidential vote.

This is what worries Consumer Watchdog: Say you key in something that could be embarrassing or deeply personal, but reconsider before you press "Enter." The autosuggest feature still sends this phrase to Google’s servers, tied to your computer’s numeric Internet Protocol (IP) address.

Brian Rakowski, the product manager for Chrome, said Consumer Watchdog’s fears stemmed from confusion about the role a Google Web browser plays.

"There was some concern that, given a very naive way of how browsers work, you may think, ‘Now I’m using a Google browser – Google must know everything on their servers about me,’" he said.

Rakowski said queries sent to Google through the autosuggest feature do include data like a user’s IP address and the time at which the queries were made. But Google logs just 2 percent of the information brought in through "Google Suggest," in order to improve the feature, Rakowski said, and anonymizes this data within 24 hours. The anonymization is accomplished by stripping off the last four digits of the IP address associated with the query.

"You’re flying blind without that information, so we have to collect a little bit," he said. "But we’re really (collecting) the bare minimum we can to provide that service."

The autosuggest function can be shut off in the browser or when using Google’s search engine through its home page, but it is not immediately evident how to do so.

One way is through Chrome’s "incognito" tab, which turns off the autosuggest feature and lets users surf the Web without revealing their activities to people who have access to the same computer. However, Consumer Watchdog objects to the design of "incognito." The group claims the feature makes users feel that their Web surfing is totally private, while in fact Google is still sending some information back and forth between users’ PCs and the company’s servers.

Google takes issue with that complaint, too. The "incognito" function lets users surf without leaving a trail of pages visited or "cookie" data-tracking files behind, but can’t entirely cloak someone’s Internet activity from the outside world.

"We try to be very upfront with users when they enter this mode about what it provides and what it doesn’t provide," Rakowski said.

Although Chrome is new, Consumer Watchdog is not waiting to see whether it gets too little use to worry about. In October, Court’s group wrote U.S. Attorney General Michael Mukasey to caution him about Google’s plans to sell ads for Yahoo, saying that its fears about Google’s market power have been exacerbated by Chrome’s release.

"It’s about having a monopoly over our personal information, which, if it falls into the wrong hands, could be used in a very dangerous way against us," Court said.

Google’s senior product counsel, Michael Yang, said the company is not using any data from Chrome to make improvements to its ad services.

But that doesn’t mollify privacy critics, who fear Google might start doing that someday to best capitalize on its vast audience. Some 650 million people use Google’s search engine and panoply of Web services.

"The way Google has fashioned Chrome, it’s a digital Trojan horse to collect even more masses of consumer data for Google’s digital advertising business," said Jeff Chester, executive director for the Center for Digital Democracy, a consumer rights organization.

For now, at least, Google is planning to adopt just one change suggested by Consumer Watchdog. When users spell a Web site’s address incorrectly, Chrome sends a request to Google to help determine the actual site the user is trying to visit. This happens even when users are surfing "incognito," and Rakowski said it was an oversight.

"It’s something we’re prioritizing now that we want to fix," he said.

This is not to say that Google is avoiding other privacy-related changes. In July, the company began linking to its privacy policy on its home page. It also recently began its anonymization of the data it stores through the "Google Suggest" feature.

But one other privacy-related move might say more about how Google is perceived than anything.

In September, to placate European Union data protection officials, Google said it would maintain its search logs – which track search queries and the IP addresses they came from – for nine months instead of 18, as it had been doing.
 
After that time, Google will alter IP addresses to mask their source. (That probably won’t provide true anonymity, since an aggregated list of search queries over time will likely reveal clues about who made them.)

Google hoped the move would win it favor. After all, Microsoft waits 18 months before it anonymizes its search engine logs, and Yahoo does so after 13.

Even so, the EU’s justice and home affairs commissioner said Google should shorten its logs further, to six months. Davies, of Privacy International, says the change from 18 to nine months was "not meaningful."

Court says that with all its products, Google has more opportunities than its peers to capture personal information without users realizing it.

"Google’s founders may say, ‘We’re going to protect that information,’ but no other company," he said, "is positioned to exploit that information in the way Google is."