Google and Privacy: an EPIC Fail…
“I do not think this means what you think it means…”
This isn’t a post specific to Google’s struggles with privacy, specifically, but rather the Electronic Privacy Information Center’s (EPIC) tactics in a complaint/petition filed with the FTC in which EPIC claims that the privacy and security risks associated with Google’s “Cloud Computing Services” are inadequate, injurious to consumers, and that Google has engaged in “unfair and/or deceptive trade policies.”
EPIC is petitioning the FTC to “..enjoin Google from offering such services until safeguards are verifiable established” as well as compel them to “…contribute $5,000,000 to a public fund that will help support, research concerning privacy enhancing technologies.”
In reading the petition which you can find here, you will notice that parallels are drawn and overtly called out that liken Google’s recent issues to that of TJX and ChoicePoint. The report is a rambling mess of hyperbolic references and footnotes which appears is meant to froth the FTC into action, especially by suggesting the overt comparison to the breaches of confidential information from the likes of the aforementioned companies.
EPIC suggests that Google’s indadequate security is both an unfair business practice and a deceptive trade practice and while these two claims make up the meat of the complaint, they represent the smallest amount of text in the report with the most amount of emotive melodrama: “…consumer’s justified privacy expectations were dashed…” “…the Google Docs Data Breach exposed consumers’ personal information…” I can haz evidence of these claims, please?
While I’m not happy with some of Google’s practices as they relate to privacy, nor am I pleased with hiccups they’ve had with services like GMail and the most recent “privacy pollution” issue surrounding Google Docs, here’s an interesting factoid that EPIC seems to have missed:
Google Apps like those mentioned are FREE. We consumers are not engaging in “Trade” when we don’t pay for said services. Further, we as consumers must accept the risk associated with said offerings when we agree to the terms of service. Right, wrong, or indifferent, you get what you pay for and should expect NO privacy despite Google’s best efforts to provide it (or not.)
I could tolerate this pandering to the FTC if it were not for what amounts to the jumping the shark on the part of EPIC by plastering Cloud Computing as the root of all evil (with Google as the ringmaster) and the blatant publicity stunt and fundraising attempt by demanding that the FTC “compel” Google to bleed out $5,000,000 to a fund that would likely feed more of this sort of drivel.
If we want privacy advancements with Google or any Cloud Computing service provider, this isn’t the way to do it.
As my good friend David Mortman said “EPIC apparently thinks its all about publicity. They are turning into the peta of privacy.”
I agree. What’s next? Will we rename personally identifiable information to “information kittens?”
/Hoff
P.S. Again, I am not trying to downplay any concerns with privacy in Cloud Computing because EPIC’s report does do a reasonable job of highlighting issues. My friend Zach Lanier (@quine) did a great job summarizing his reaction to the post here:
It’s almost as though EPIC need to remind everyone that they still exist
and haven’t become entirely decrepit and overshadowed by the EFF. The
document is well assembled, citing examples that most users *don’t*
consider when using Google services (or just about any *aaS, for that
matter). Incidentally, the complaint references a recently published
report from the World Privacy Forum on privacy risks in Cloud
Computing[1]. Both documents raise a few similar points.
For example, how many of us actually read, end-to-end, the TOS and
privacy policy of the Provider? How many of us validate claims like
“your data are safe from unauthorized access when you store it on our
Cumulonimbus Mega Awesome Cloud Storage Platform”?
I, for one, laud EPIC’s past efforts and the heart whence this complaint
emerges. However, like a few others, the request for enjoinment
basically negated my support for the complaint in its entirety.
[1] http://www.worldprivacyforum.org/pdf/WPF_Cloud_Privacy_Report.pdf),
— Zach Lanier | http://n0where.org/ | (617) 606-3451 FP: 7CC5 5DEE E46F 5F41 9913 1577 E320 1D64 A200 AB49
Recent Comments