Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Faces Privacy Audits For Next 20 Years

Posted by samzenpus on from the blink-of-an-eye dept.

Hugh Pickens writes "The San Francisco Chronicle reports that Google has reached a settlement with the Federal Trade Commission over Buzz, a social blogging service the company introduced through Gmail last year. The deal will require that Google have regular, independent privacy audits for the next 20 years. Buzz drew heavy criticism at launch in February 2010 for a glaring privacy flaw. When users turned it on, it suggested people to follow based on their Gmail contacts list and their most frequent email partners. 'Although Google led Gmail users to believe that they could choose whether or not they wanted to join the network, the options for declining or leaving the social network were ineffective,' says the FTC. Along with the 20 year oversight, the settlement also says that Google is barred from misrepresenting privacy or confidentiality of the user information it collects, Google must obtain user consent before sharing their information with third parties if it changes its privacy policy, and Google must establish and maintain a comprehensive privacy program."

33 of 112 comments (clear)

  1. Um... by Anonymous Coward · · Score: 3, Insightful

    Facebook? Hello?

    1. Re:Um... by smash · · Score: 2

      At least Facebook is opt in - basically you need to become a member for a start. Google search does all sorts of tracking via non-expiring cookie, and realistically trying to avoid google in your usage of the internet is pretty difficult due to them having about 90% of the search market.

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
  2. facebook by SpiralSpirit · · Score: 5, Interesting

    I'd suggest the same with facebook too. I'm not too sure the legality of presenting 12 year old with changes to user agreements, misleading games that collect your info, etc.

    1. Re:facebook by inpher · · Score: 2, Informative

      I'd suggest the same with facebook too. I'm not too sure the legality of presenting 12 year old with changes to user agreements, misleading games that collect your info, etc.

      That would not be a big problem for facebook because you have to be 13 to use facebook.

    2. Re:facebook by MickyTheIdiot · · Score: 4, Informative

      This is stupid in light of the fact that Facebook is openly hostile to idea of user privacy and Google actually seems to care, at least a little bit.

    3. Re:facebook by vivian · · Score: 3, Insightful

      These term that Google has to meet should be standard terms that ALL companies who collect information have to meet - especially the one about having to obtain user consent before sharing a user's private information with third parties.

    4. Re:facebook by similar_name · · Score: 2
      I like this from the summary...

      Google is barred from misrepresenting privacy or confidentiality of the user information it collects,

      So does that mean it's normally ok for companies to misrepresent privacy or confidentiality of the user information they collects.

    5. Re:facebook by Daniel+Phillips · · Score: 2

      There are three things I've never done on the internet.

      • Used my real name
      • Used my real date of birth
      • Read terms and conditions

      ...and nobody knows you're a dog.

      --
      Have you got your LWN subscription yet?
    6. Re:facebook by pelrun · · Score: 2

      You seem to misunderstand what 'privacy' actually means here. It's nothing to do with what information they may or may not collect about you - it's what they DO with that information. That means not letting other people have access to it without your explicit permission or a court order.

    7. Re:facebook by rvw · · Score: 2

      This is stupid in light of the fact that Facebook is openly hostile to idea of user privacy and Google actually seems to care, at least a little bit.

      It's not stupid. It's a feature! And this time it's a good one. And it's one that Google can use: Privacy guaranteed by FTC approval!

  3. Good by gman003 · · Score: 5, Insightful

    Honestly, these kinds of things should be mandatory for any large company with that much personal information. Regular independent audits? Sounds like the kind of oversight we need. Can't lie about how private your info is? Sounds like something that should be a law. Need to get consent again after changing the terms? Again, I'm surprised you could get away with it before.

    Now let's just get these things applied everywhere else like Google. Facebook, for one, deserves even more oversight.

    1. Re:Good by binaryseraph · · Score: 2

      I've said it before, and I'll say it again (even though it's not popular), but no one is holding a gun to anyone's head and telling them to use facebook "or else." They can only use the personal info you give them- and rightly so. They make it glaringly obvious that is how they make their money. Government oversight in this case will only lead to more laws. More laws will lead to less internet(personal) freedom. After all, the Internet is a privilege not a right (and should remain as such).

    2. Re:Good by mug+funky · · Score: 2

      sounds like every telecom ever.

      i like it when they fabricate bills, ring you at work asking if you are [some person] and not telling you what it's about because you're not [some person].

      but you still get harassed by collection agencies...

      and no matter how often you chew their ears off, they don't get the hint.

    3. Re:Good by martin-boundary · · Score: 3, Insightful

      They make it glaringly obvious that is how they make their money.

      Actually, they don't. They don't tell anyone just what exactly will be done with their information, and just exactly who will get to see/copy it. That's something we don't know, only Zuck and his minions knows that. And without knowing exactly that information, there's no true basis for consent.

    4. Re:Good by martin-boundary · · Score: 2

      The problem with making it mandatory is that it advantages companies like Microsoft, where Bing was built from the ground up to treat user's privacy as the number one priority.

      FTFY. If M$ already do all this, they'll be able to innovate while Google wastes time catching up.

    5. Re:Good by martin-boundary · · Score: 3, Informative
      Reread my comment. Which advertisers? Which marketing firms? What factors are cross referenced with what other factors using what models?

      Unless Facebook answers those questions, there's no transparency, and certainly the claim that it's pretty obvious what they do with people's data is just handwaving and waffling.

    6. Re:Good by similar_name · · Score: 2

      I'm just wondering what makes that differentfrom any other company. In general who they sell your information to is a moving target. It might be one company today and another tomorrow so if you want to use Facebook you agree that anyone might be able to buy your information and use it however they can. What factors they use are also going to change depending on what they're trying to learn. I guess I don't understand why it matters who they sell it to or how they use it as long as you know they are going to sell it and they are going to use it. I know you're wanting more transparency but could you give me an example of a company that sells your information and tells you exactly who they are selling it to? I'm curious to see how they present it.

    7. Re:Good by martin-boundary · · Score: 3, Insightful
      First, I think it's wrong to equate privacy protection with simply doing the same as other companies are doing. What's to ensure that those other companies are actually protecting their customers' data any better? This IMHO is a major problem with the US lack of standards similar to the EU data protection principles.

      There are several reasons why it matters what will be learned from the data, and who gets it.

      Suppose there's a (deliberate or otherwise) mistake in your data, it will be replicated everywhere the data is copied. If you don't know who has access to your data, then you can't tell them to fix it, and it may travel widely causing you damage. In fact, there's no way to prevent some unknown company from changing your data fraudulently, or mixing your data with someone else's data who has the same name. Moreover, what if you (don't) find out that some company you wish to do business with has bought information about you from some random source that's not reliable. You could be penalized without ever knowing why (eg credit records, insurance premiums).

      Now besides knowing who gets your data, it's also important to know how data is combined and learned. When data travels and gets learned, it always loses context and is transmogrified. You could have a juvenile shoplifting record, and by the time it ends in some company's database, it has been transformed into "criminal offense" which could be anything. The same is true with medical conditions. You might have some harmless recurring problem, but the computer simplifies that into a generic category, and in that category you are lumped with much more serious diseases, and penalized.

      Data never stays 100% the same when it moves from one computer to another. It's important for people to be able to know what data a company has about them, and be able to do something about it. Companies should be held accountable about this.

    8. Re:Good by mgiuca · · Score: 2

      but no one is holding a gun to anyone's head and telling them to use facebook "or else."

      I am finding it increasingly hard to buy this argument. Now that I see billboards telling me not to visit myproduct.com, but facebook.com/myproduct. Bars and cafes offering discounts if I like them on Facebook. Invites to parties coming exclusively through Facebook, no longer by email. This is just the beginning. We are quickly moving into a world where you need to be on Facebook to stay in touch (you are a social outcast) and to access information (businesses prefer to be on Facebook than the open web).

      Nobody is holding a gun to anyone's head, but then again nobody ever holds guns to peoples heads any more. There are plenty of other ways to effectively force people to use a product.

      Note that Google never had this power. Nobody was ever forced to use a Google product: we just did because they were useful. Every Google product has viable competitors, they just aren't as good. Don't want to use Google search? Use Bing or Yahoo. Don't want to use Gmail? Use Hotmail or Yahoo Mail. Unlike Facebook, Gmail is compatible with other email providers. So I can function perfectly well in society without Google (I just choose to use them). But the same cannot be said about Facebook.

      the Internet is a privilege not a right (and should remain as such)

      That line of thinking is also quickly dying out. These days, I am expected to do my banking and my taxes on the Internet. I search for houses online. I apply for jobs online. If I don't have email, I can't function in nearly any job. I sure as hell wouldn't want that "privilege" taken away from me. You might have said in the 1900s that electricity was a privilege, not a right, yet these days you complain if the power goes out for an hour, and see third-world countries with villages that "don't even have basic electricity." As offline services like analog telephone get switched off, you'll wish the Internet was a basic right and not a "privilege".

  4. Google got hit before Facebook? by KlomDark · · Score: 4, Insightful

    Not fair. Google's been a lot better at protecting info than Zuckerberg's famous pig.

    1. Re:Google got hit before Facebook? by lanner · · Score: 2

      Did it not occur to you that Google may have WANTED a relatively "harsh" punishment to set precedent specifically so that it might be applied to Facebook as well?

      It's a wild idea, but I like wild ideas.

      But yea, Buzz was a serious fuck-up and it's a good thing the dude who directed that disaster ain't working at Google any more.

  5. This does seem a bit excessive. by Rifter13 · · Score: 2

    This seems a little excessive to me. They recognized the problem, and took care of it, fairly quick. They didn't realize they had a problem on launch. It seems to MY eyes, that Google TRIES to do the right thing. Unlike Facebook, that does the wrong thing, until OVERWHELMING complaints roll things back. The privacy issues caused by the Buzz launch seemed to not big a big deal, except for a few outliers.

  6. Re:Google, meet Samsung by larry+bagina · · Score: 3, Interesting

    Obvious to you, obvious to me, apparently not obvious to google.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  7. Re:20 years seems excessive by shutdown+-p+now · · Score: 2

    What's wrong with permanent long term oversight like that? Privacy is a sensitive thing, and even if Google only makes honest mistakes, such audits would flush them out earlier, minimizing damage.

    Only this needs to be applied consistently to all companies dealing wit significant amount of private data - Facebook, MS, Amazon etc.

  8. Re:Google, meet Samsung by lgw · · Score: 4, Interesting

    Evil or not, it's pretty cool to see the US Government siding with consumer privacy against a major corporation. Is this a sign of an attitude change, or merely a sign that Google is (relatively) new and hasn't figured out who they need to bribe yet?

    --
    Socialism: a lie told by totalitarians and believed by fools.
  9. Re:Thank you Schmidt. by slimjim8094 · · Score: 2, Insightful

    Jesus are people still talking about "wireless sniffing" like it's a terrible thing? That's like calling it my fault that I'm forced to smell it when you rip ass.

    In fact, that's a more apt analogy than I intended. The recipient has no control, in each case, of whether it gets to them. Can they be faulted for collecting? Sure, it would make them a little creepy if they delibrately inhaled, but there's absolutely no evidence than they intended to. In any case, it's not their fault for having it be there in the first place.

    I'm so sick of this WiFi shit. IT'S FUCKING RADIO WAVES! THEY ARE **BROADCASTED**. BROAD ... CAST.... If you don't want it to get out there, then DON'T SPEND MONEY AND ELECTRICITY TO PUT IT OUT THERE! Or at least encrypt it!

    --
    I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
  10. Re:Forget Facebook... by Anonymous Coward · · Score: 2, Insightful

    ...how about getting our own GOVERNMENT to follow these guidelines? I'd have a hard time following an edict by someone who won't follow it themselves.

    What are you talking about, government transparency is fine.

  11. The illusion that we care by khallow · · Score: 2

    Smack their knuckles with a ruler for good measure

    Why? Overpunishment is just as unproductive when applied to businesses as it is to poor, desperate saps. And "now don't you do that again, Google!" is a reasonable response when you have, as in this case, a reasonable expectation that Google indeed won't do it again.

  12. Re:Thank you Schmidt. by auLucifer · · Score: 2

    Not only were google inhaling, they were jaring it otherwise how could someone prove google sniffed it to start with? If they had no intention to further inhale from the source then why were they storing what they sniffed? If they never had any intention to retrieve the "ass ripping" output then why even walk around sniffing for it?

    I don't care if google has an affinity for a bit of sniffing and the bystanders were caught with their pants down but to say google didn't intend to inhale just seems a bit naive to me.

    --
    If I was witty I'd put something funny here but, as it stands, I am not and have just wasted seconds of your life
  13. Re:Thank you Schmidt. by slimjim8094 · · Score: 2

    They didn't, or at least there's absolutely no evidence that they did. On the contrary, actually, the software they were using (Kismet) saves unencrypted packets by default. You have to go and turn it off. So it sounds to me like they forgot to do that, which is something that I've done myself so I can relate.

    Add to that the fact that *nobody knew about this* until Google said "yeah, we did this by accident and we're deleting it". If they were trying to be sneaky and collect people's information, why would they come and reveal something that had been a secret? That's not how I hush something up, that's how I try to stave off potential misunderstandings. But apparently it didn't work.

    I guess the lesson here is that when corporations screw something up, they should never come clean and instead just hush it up. At least that way they stand a chance of not being ripped apart for it. Frankly, I thought we wanted to discourage that behavior as a society, but maybe that's just me.

    I think Google makes a good search engine and good products, and I am happy to "pay" my eyeballs and habits for that. But I am *very* wary of the amount of power they have, so I watch their actions very closely. I have seen no evidence for more than 5 years that they are anything other than upstanding - and like I said the bar has been set higher for them. In fact, when stuff like the WiFi thing above, and the Buzz thing in the OP is the worst anybody can come up with, I'm pretty confident that they're not a "bad guy".

    --
    I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
  14. Do no evil, do some evil? by BunkAsInBed · · Score: 2

    My conclusion after reading this. They didn't pay enough on lobbyists. This of course is scary once you see how much they already pay for lobbying and how fast its grown. Here's the question I pose to you. Is Google, the company of do no evil, doing evil by putting this many resources towards these efforts or is that just par for the course when you get that big?

  15. Re:Forget Facebook... by ArundelCastle · · Score: 2

    I'd have a hard time following an edict by someone who won't follow it themselves.

    You look thirsty, here, have some more kool-aid. I'll have mine later.

  16. Re:Facebook vs Google by TaoPhoenix · · Score: 2

    This is almost a false dichotomy like the current US political party situation.

    Trying to stay even handed, I absolutely agree that Google is *one of* the companies that needs privacy oversight.

    But then one of the Google SuperLawyers needs to turn this around into a precedent, so that the other 10 (more?) companies that need oversight get it.

    --
    My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine