Home page logo

interesting-people logo Interesting People mailing list archives

EPIC Files FTC Complaint Concerning Google Data Breach
From: David Farber <dave () farber net>
Date: Fri, 20 Mar 2009 12:10:45 -0400

From: Lillie Coney <coney () epic org>
Date: March 18, 2009 2:04:48 PM EDT
To: Privacy Coalition <Priv_coal () mailinglists epic org>
Subject: [Priv_coal] FYI EPIC Files FTC Complaint Concerning Google Data Breach

Dear Privacy Coalition members, EPIC filed a complaint with the FTC
seeking an investigation of Google Docs, in light of the company's data
breach reported on March 7, 2009.

Bob Gellman's recent paper on Cloud Computing and privacy challenges
recently published by the World Privacy Forum speaks eloquently to
these issues. Cloud computing services are promising a great deal to
consumers, when inducing them to sign up for services, but excuse
themselves from liability or obligations should something go wrong.

The Google Docs Data Breach reported earlier this month highlights
the hazards of cloud computing conjoined with inadequate security
practices. The compliant seeks that the FTC's provide a remedies for
consumers that includes greater transparency, security, and privacy
rights for Google Cloud Computing users.

Thank you,

March 17, 2009

Marc Rotenberg, Executive Director
John Verdi, Staff Counsel
(202) 483-1140
rotenberg AT epic.org
verdi AT epic.org


WASHINGTON, DC - The Electronic Privacy Information Center (EPIC) has filed a complaint with the Federal Trade Commission arising from the recent Google Docs data breach. On March 7, 2009, Google, Inc. announced that it had inadvertently disclosed user-generated documents stored on the cloud computing service. EPIC's complaint calls for the FTC to investigate the adequacy of Google's privacy and security safeguards. EPIC also asked the Commission to enjoin Google from offering cloud computing services until safeguards are verifiably established.

In 2000, an EPIC complaint to the FTC resulted in the Commission's imposition of a comprehensive information security program for Microsoft Passport and similar services. In December 2004, EPIC filed a complaint with the Commission against databroker ChoicePoint, Inc. The complaint resulted in $15 million in civil penalties and redress - the largest FTC fine for consumer privacy violations. Recently, EPIC brought a complaint to the Federal Trade Commission calling for privacy safeguards as a condition of the Google-Doubleclick merger. Although the Commission failed to act in that matter, a subsequent review by the Department of Justice in a similar matter led Google to back off a proposed deal with Yahoo.

EPIC's complaint describes Google's routine assurances that it will secure documents on its servers. Google encourages users to "add personal information to their documents and spreadsheets." Yet Google's cloud computing services have been increasingly subject to security vulnerabilities, including high-profile data breaches involving Gmail and Google Desktop. EPIC's complaint notes that Google stores and transmits documents in plain text, while some other cloud computing services encrypt data to safeguard users' privacy.

EPIC Executive Director Marc Rotenberg said, “Given the growing dependence of US consumers, businesses, and federal agencies on cloud computing services, providers like Google must ensure the security of personal information stored on their servers. The Google Docs data breach highlights the hazards of Google's inadequate security practices, as well as the risks of cloud computing services generally. There is ample precedent for the Federal Trade Commission to begin an investigation.”

EPIC is a public interest research center in Washington, D.C. EPIC was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. EPIC has a long history of protecting consumer privacy through advocacy before regulatory commissions.

More information is available at:

“In the Matter of Google and Cloud Computing Services: Complaint and Request for Injunction, Request for Investigation and for Other Relief” (filed by EPIC, Mar. 17, 2009)

Priv_coal mailing list
Priv_coal () mailinglists epic org

Cameron Wilson
Director of Public Policy
Association for Computing Machinery
1100 Seventeenth Street, NW
Suite 507
Washington, DC 20036
202 659-9712

Website http://www.acm.org/public-policy
Weblog http://usacm.acm.org/usacm/weblog

Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

  By Date           By Thread  

Current thread:
  • EPIC Files FTC Complaint Concerning Google Data Breach David Farber (Mar 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]