mailing list archives
EPIC Files FTC Complaint Concerning Google Data Breach
From: David Farber <dave () farber net>
Date: Fri, 20 Mar 2009 12:10:45 -0400
From: Lillie Coney <coney () epic org>
Date: March 18, 2009 2:04:48 PM EDT
To: Privacy Coalition <Priv_coal () mailinglists epic org>
Subject: [Priv_coal] FYI EPIC Files FTC Complaint Concerning Google
Dear Privacy Coalition members, EPIC filed a complaint with the FTC
seeking an investigation of Google Docs, in light of the company's data
breach reported on March 7, 2009.
Bob Gellman's recent paper on Cloud Computing and privacy challenges
recently published by the World Privacy Forum speaks eloquently to
these issues. Cloud computing services are promising a great deal to
consumers, when inducing them to sign up for services, but excuse
themselves from liability or obligations should something go wrong.
The Google Docs Data Breach reported earlier this month highlights
the hazards of cloud computing conjoined with inadequate security
practices. The compliant seeks that the FTC's provide a remedies for
consumers that includes greater transparency, security, and privacy
rights for Google Cloud Computing users.
FOR IMMEDIATE RELEASE
March 17, 2009
Marc Rotenberg, Executive Director
John Verdi, Staff Counsel
rotenberg AT epic.org
verdi AT epic.org
EPIC FILES FEDERAL TRADE COMMISSION COMPLAINT CONCERNING GOOGLE DATA
CALLS FOR FEDERAL INVESTIGATION INTO CLOUD COMPUTING SECURITY
WASHINGTON, DC - The Electronic Privacy Information Center (EPIC) has
filed a complaint with the Federal Trade Commission arising from the
recent Google Docs data breach. On March 7, 2009, Google, Inc.
announced that it had inadvertently disclosed user-generated documents
stored on the cloud computing service. EPIC's complaint calls for the
FTC to investigate the adequacy of Google's privacy and security
safeguards. EPIC also asked the Commission to enjoin Google from
offering cloud computing services until safeguards are verifiably
In 2000, an EPIC complaint to the FTC resulted in the Commission's
imposition of a comprehensive information security program for
Microsoft Passport and similar services. In December 2004, EPIC filed
a complaint with the Commission against databroker ChoicePoint, Inc.
The complaint resulted in $15 million in civil penalties and redress -
the largest FTC fine for consumer privacy violations. Recently, EPIC
brought a complaint to the Federal Trade Commission calling for
privacy safeguards as a condition of the Google-Doubleclick merger.
Although the Commission failed to act in that matter, a subsequent
review by the Department of Justice in a similar matter led Google to
back off a proposed deal with Yahoo.
EPIC's complaint describes Google's routine assurances that it will
secure documents on its servers. Google encourages users to "add
personal information to their documents and spreadsheets." Yet
Google's cloud computing services have been increasingly subject to
security vulnerabilities, including high-profile data breaches
involving Gmail and Google Desktop. EPIC's complaint notes that Google
stores and transmits documents in plain text, while some other cloud
computing services encrypt data to safeguard users' privacy.
EPIC Executive Director Marc Rotenberg said, “Given the growing
dependence of US consumers, businesses, and federal agencies on cloud
computing services, providers like Google must ensure the security of
personal information stored on their servers. The Google Docs data
breach highlights the hazards of Google's inadequate security
practices, as well as the risks of cloud computing services generally.
There is ample precedent for the Federal Trade Commission to begin an
EPIC is a public interest research center in Washington, D.C. EPIC was
established in 1994 to focus public attention on emerging civil
liberties issues and to protect privacy, the First Amendment, and
constitutional values. EPIC has a long history of protecting consumer
privacy through advocacy before regulatory commissions.
More information is available at:
“In the Matter of Google and Cloud Computing Services: Complaint and
Request for Injunction, Request for Investigation and for Other
Relief” (filed by EPIC, Mar. 17, 2009)
Priv_coal mailing list
Priv_coal () mailinglists epic org
Director of Public Policy
Association for Computing Machinery
1100 Seventeenth Street, NW
Washington, DC 20036
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
- EPIC Files FTC Complaint Concerning Google Data Breach David Farber (Mar 20)