Interesting People mailing list archives
EPIC Files FTC Complaint Concerning Google Data Breach
From: David Farber <dave () farber net>
Date: Fri, 20 Mar 2009 12:10:45 -0400
From: Lillie Coney <coney () epic org> Date: March 18, 2009 2:04:48 PM EDT To: Privacy Coalition <Priv_coal () mailinglists epic org>Subject: [Priv_coal] FYI EPIC Files FTC Complaint Concerning Google Data Breach
Dear Privacy Coalition members, EPIC filed a complaint with the FTC seeking an investigation of Google Docs, in light of the company's data breach reported on March 7, 2009. Bob Gellman's recent paper on Cloud Computing and privacy challenges recently published by the World Privacy Forum speaks eloquently to these issues. Cloud computing services are promising a great deal to consumers, when inducing them to sign up for services, but excuse themselves from liability or obligations should something go wrong. The Google Docs Data Breach reported earlier this month highlights the hazards of cloud computing conjoined with inadequate security practices. The compliant seeks that the FTC's provide a remedies for consumers that includes greater transparency, security, and privacy rights for Google Cloud Computing users. Thank you, Lillie FOR IMMEDIATE RELEASE March 17, 2009 Contact: Marc Rotenberg, Executive Director John Verdi, Staff Counsel (202) 483-1140 rotenberg AT epic.org verdi AT epic.orgEPIC FILES FEDERAL TRADE COMMISSION COMPLAINT CONCERNING GOOGLE DATA BREACH,
CALLS FOR FEDERAL INVESTIGATION INTO CLOUD COMPUTING SECURITYWASHINGTON, DC - The Electronic Privacy Information Center (EPIC) has filed a complaint with the Federal Trade Commission arising from the recent Google Docs data breach. On March 7, 2009, Google, Inc. announced that it had inadvertently disclosed user-generated documents stored on the cloud computing service. EPIC's complaint calls for the FTC to investigate the adequacy of Google's privacy and security safeguards. EPIC also asked the Commission to enjoin Google from offering cloud computing services until safeguards are verifiably established.
In 2000, an EPIC complaint to the FTC resulted in the Commission's imposition of a comprehensive information security program for Microsoft Passport and similar services. In December 2004, EPIC filed a complaint with the Commission against databroker ChoicePoint, Inc. The complaint resulted in $15 million in civil penalties and redress - the largest FTC fine for consumer privacy violations. Recently, EPIC brought a complaint to the Federal Trade Commission calling for privacy safeguards as a condition of the Google-Doubleclick merger. Although the Commission failed to act in that matter, a subsequent review by the Department of Justice in a similar matter led Google to back off a proposed deal with Yahoo.
EPIC's complaint describes Google's routine assurances that it will secure documents on its servers. Google encourages users to "add personal information to their documents and spreadsheets." Yet Google's cloud computing services have been increasingly subject to security vulnerabilities, including high-profile data breaches involving Gmail and Google Desktop. EPIC's complaint notes that Google stores and transmits documents in plain text, while some other cloud computing services encrypt data to safeguard users' privacy.
EPIC Executive Director Marc Rotenberg said, “Given the growing dependence of US consumers, businesses, and federal agencies on cloud computing services, providers like Google must ensure the security of personal information stored on their servers. The Google Docs data breach highlights the hazards of Google's inadequate security practices, as well as the risks of cloud computing services generally. There is ample precedent for the Federal Trade Commission to begin an investigation.”
EPIC is a public interest research center in Washington, D.C. EPIC was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. EPIC has a long history of protecting consumer privacy through advocacy before regulatory commissions.
More information is available at:“In the Matter of Google and Cloud Computing Services: Complaint and Request for Injunction, Request for Investigation and for Other Relief” (filed by EPIC, Mar. 17, 2009)
http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf _______________________________________________ Priv_coal mailing list Priv_coal () mailinglists epic org http://mailinglists.epic.org/mailman/listinfo/priv_coal ----------------------------------- Cameron Wilson Director of Public Policy Association for Computing Machinery 1100 Seventeenth Street, NW Suite 507 Washington, DC 20036 202 659-9712 Website http://www.acm.org/public-policy Weblog http://usacm.acm.org/usacm/weblog ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- EPIC Files FTC Complaint Concerning Google Data Breach David Farber (Mar 20)