Google Calls Out EFF Over Claims That It Snoops On Students With Chromebooks

MojoKid writes: The Electronic Frontier Foundation (EFF) caused quite a stir this week when it alleged that Google is using its Chromebook platform, which has made a significant impact in education markets, to snoop on students. The charges were damning, with the EFF claiming that Google was violating its own corporate policies and using students' personally identifiable browsing data/habits to refine its services, in addition to sharing that data with partners. Obviously, Google would take such allegations seriously, and has thus responded to every claim brought forth by the EFF. "While we appreciate the EFF's focus on student data privacy, we are confident that our tools comply with both the law and our promises, including the Student Privacy Pledge..." said Jonathan Rochelle, the Director of Google Apps for Education. With respect to Google Apps for Education Core Services (GAFE), Rochelle asserts that all student data stored is "only used to provide the services themselves" and that student data isn't used for advertising purposes, nor are ads served to students. Rochelle also explains that personally identifiable data of students is removed, and only aggregated data of its millions of users is utilized to help improve its services.

Re:c'mon, man

[Meshach]

nobody believes that. if you HAVE it, you have COLLECTED it and the RETENTION of such data fits YOUR purposes.

When I send an email my ISP will will scan the email for viruses and to make sure it is not spam. How is this any different.

Who you gonna believe?

[PopeRatzo]

Google, or your own lying eyes?

Tell you what, the EFF has credibility in the bank with me. Google on the other hand...

Re:Who you gonna believe?

[sexconker]

Wrong.
What the FCC proposal actually says gives the FCC the power to require the locking down that the EFF was upset about.
The FCC simply issued a statement after the fact saying "We won't use to to do that, honest.".
Further, the truth of the matter is that the vast majority of commodity hardware is built as a SoC, and the manufacturers involved would sooner lock it all down than lock down only certain parts based on a current interpretation of the rules while leaving other parts open.

Re:Who you gonna believe?

[slimjim8094]

The EFF has credibility with me as well (less than they used to, for similar reasons as PETA), but how can they possibly know what Google is using the data for internally? They don't have enough information to know anything beyond "it's being synced" - which for a feature called "Chrome Sync" seems pretty obvious. The reason it's being synced is also obvious and the blog post states it plainly - most schools don't buy a chromebook per student, they have a cart that's brought where required, and the sync is so that when the student signs in they have their personalization.

Google has always said "we use aggregate data to make our services better". They say it everywhere. It's how Google works. But they also say "we're not looking at individuals or less-than-anonymized groups of people". And there's no evidence they're doing the latter in addition to the former. I can't figure out on what basis - and with what information - the EFF is making that claim other than "we don't like Google". It sounds like a PR stunt for their new initiative. Really if the EFF *did* know that the data was being used for nefarious purposes, it would mean there was some sort of external leak of user data - which would be much more damaging than the supposed activity they are concerned with.

As a disclaimer, I do work at Google. I do in fact know what Google does with user data. It's pretty much what it says on the tin, and they are extremely serious about it. Nefarious use of user data is one of the few outright firing offenses, and they will find you.

So you don't believe me. That's fine, and I'm not surprised. But why do you believe the EFF, which is the party with the less information, in absence of evidence beyond their say-so? That's firmly conspiracy theory territory. Even if they did have a better track record (hard to say, they're not without mistakes), and didn't have any agendas (not true) they simply can't back up their assertions here with any evidence. You're left with an unverifiable claim from someone who can't know, vs unverifiable claim from someone who does know.

Which is more likely - the EFF made a bullshit accusation with no evidence that they suffer no penalty for and might even help them anyways, or Google making a bald-faced, PR-damaging lie that can be discovered with a simple subpoena?

Re:Who you gonna believe?

[slimjim8094]

My argument isn't predicated on me being right about how the data's being used, it's solely that the EFF can only be talking out their nether regions when they say that they do know how it's being used. Indeed, if there is some huge conspiracy that's so secret that not even the engineers working on the systems in question know about it, then it's even less likely that the EFF knows, right?

Don't bother replying, I'm not trying to convince you and I know I won't succeed. But other people read these comments.

Re:Who you gonna believe?

[AmiMoJo]

The EFF's point is that the data shouldn't be collected because even if Google is being responsible with it today, tomorrow they might change their policies or sell the data to someone else who then abuses it. We have seen this happen in the past with companies that go bankrupt and then sell off their databases to cover the CEO's golden parachute.

Sounds Familiar

[konohitowa]

I seem to recall a similar response when accused of collecting WiFi data.

Re:Sounds Familiar

[Solandri]

Google self-reported their excessive wifi data collection. Basically a government agency accused them of collecting more wifi data than just SSIDs. Google said, "No, we're only collecting SSIDs. Here, we'll prove it." Then they audited their own records, came back, and said, "Oops, you were right, we accidentally recorded more info than just the SSID."

Contrast this with, say, Microsoft who still won't say what data Windows 10 is collecting. Or Apple, who commandeered people's iPhones to report location and SSIDs back to them (to accomplish what Google did by paying people to drive company cars around), and still haven't admitted it, brushing it off as an oversight instead of prep for their own mapping program. I'm not sure why Google keeps getting brought up as the quintessential example of a bad guy in these privacy issues, when they've been pretty open about what they do and admit when they make mistakes. Other companies are far worse. The way the EU handled the Google case vs. the Apple case basically tells companies: if you accidentally break the law, it is better to obfuscate and deny it, than the be honest and admit it.

Re:Tinfoil hats.

[FatdogHaiku]

I love that every response so far on slashdot is by a conspiracy theorist.

That, sir, is stereotyping!
Some of us are just nuts...

Just for balance

Since the awful TFA didn't include a link to Google's post defending itself from EFF's accusations even though it quoted from that source, here's the link to it:
http://googleforeducation.blogspot.com/2015/12/the-facts-about-student-data-privacy-in.html

Also here a link to the Student Privacy Pledge that EFF has accused Google of violating:
http://studentprivacypledge.org/

The Student Privacy Pledge will hold school service providers accountable to:

        Not sell student information
        Not behaviorally target advertising
        Use data for authorized education purposes only
        Not change privacy policies without notice and choice
        Enforce strict limits on data retention
        Support parental access to, and correction of errors in, their children’s information
        Provide comprehensive security standards
        Be transparent about collection and use of data.

Here are links to the co-authors of the Student Privacy Pledge stating their objections to the EFF's complaint:
https://fpf.org/2015/12/01/future-of-privacy-forum-statement-regarding-electronic-frontier-foundation-student-privacy-complaint/

In response to the allegations made today that Google has violated commitments of the Student Privacy Pledge (SPP), FPF Executive Director Jules Polonetsky issued the following statement:

“We have reviewed the EFF complaint but do not believe it has merit.

http://blog.siia.net/index.php/2015/12/some-misunderstandings-of-the-student-privacy-pledge/

The Electronic Frontier Foundation has filed a complaint with the Federal Trade Commission against Google for violation of the K-12 School Service Provider Pledge to Safeguard Student Privacy. The FTC will assess the complaint on its merits and make a judgment one way or the other. But, it is important to point out that the complaint contains some important misunderstandings about the student privacy pledge.

Re:c'mon, man

[taustin]

My ISP hasn't built their entire business on collecting as much information as possible and selling it to advertisers.

Re:c'mon, man

[Zero__Kelvin]

"When I send an email my ISP will will scan the email for viruses and to make sure it is not spam. How is this any different."

People, at least here on Slashdot at the present moment, don't have an irrational hatred for your ISP.

Re:c'mon, man

[farble1670]

more Google FUD. please link to the evidence that google has sold your personal data, or has lost it in a breach.

google doesn't sell your data. they collect it and use it to serve you ads. it's google that decides which ads to point at you, not the advertiser. and i don't need an auditor to prove that to me since it's common sense. data is google's most (only?) valuable asset. they aren't going to sell it off, and they will darn sure safeguard it for the same reason. they like money. they want to keep getting money. pretty simple.