Google Faces Privacy Audits For Next 20 Years 112
Hugh Pickens writes "The San Francisco Chronicle reports that Google has reached a settlement with the Federal Trade Commission over Buzz, a social blogging service the company introduced through Gmail last year. The deal will require that Google have regular, independent privacy audits for the next 20 years. Buzz drew heavy criticism at launch in February 2010 for a glaring privacy flaw. When users turned it on, it suggested people to follow based on their Gmail contacts list and their most frequent email partners. 'Although Google led Gmail users to believe that they could choose whether or not they wanted to join the network, the options for declining or leaving the social network were ineffective,' says the FTC. Along with the 20 year oversight, the settlement also says that Google is barred from misrepresenting privacy or confidentiality of the user information it collects, Google must obtain user consent before sharing their information with third parties if it changes its privacy policy, and Google must establish and maintain a comprehensive privacy program."
Um... (Score:3, Insightful)
Facebook? Hello?
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
facebook (Score:5, Interesting)
Re: (Score:3, Informative)
I'd suggest the same with facebook too. I'm not too sure the legality of presenting 12 year old with changes to user agreements, misleading games that collect your info, etc.
That would not be a big problem for facebook because you have to be 13 to use facebook [facebook.com].
Re: (Score:1)
There are three things I've never done on the internet.
Re: (Score:2)
Re: (Score:3)
There are three things I've never done on the internet.
...and nobody knows you're a dog.
Re:facebook (Score:4, Insightful)
These term that Google has to meet should be standard terms that ALL companies who collect information have to meet - especially the one about having to obtain user consent before sharing a user's private information with third parties.
Re: (Score:3)
Google is barred from misrepresenting privacy or confidentiality of the user information it collects,
So does that mean it's normally ok for companies to misrepresent privacy or confidentiality of the user information they collects.
Re: (Score:1)
These term that Google has to meet should be standard terms that ALL companies who collect information have to meet - especially the one about having to obtain user consent before sharing a user's private information with third parties.
You can always read a company's privacy policy before submitting personal information to them, and you can always simply not submit data to them if you disagree with it. Companies have to follow their privacy policy, because it is a legal contract. They have every right to include the possibility of distributing your information to third parties. Google just fucked up and rushed Buzz without thinking it through, so now they're getting boned by the privacy police.
Re:facebook (Score:5, Informative)
This is stupid in light of the fact that Facebook is openly hostile to idea of user privacy and Google actually seems to care, at least a little bit.
Re: (Score:1)
Re: (Score:2)
Re: (Score:3)
You seem to misunderstand what 'privacy' actually means here. It's nothing to do with what information they may or may not collect about you - it's what they DO with that information. That means not letting other people have access to it without your explicit permission or a court order.
Re:Facebook vs Google (Score:3)
This is almost a false dichotomy like the current US political party situation.
Trying to stay even handed, I absolutely agree that Google is *one of* the companies that needs privacy oversight.
But then one of the Google SuperLawyers needs to turn this around into a precedent, so that the other 10 (more?) companies that need oversight get it.
Re: (Score:2)
You're fucking JOKING, right? Google may wave hands and publicly pretend to care about privacy, etc - but if you actually check what info they have about you on file via the never expiring cookie and your account (if signed in) its pretty damn invasive.
Google also provides an extensive set of privacy controls. Check out the Google privacy tools [google.com]. You can opt out of ads tracking, personalized ads, etc. You can install a Google-provided plugin that ensures your opt-outs don't get lost and are always honored even if you're not logged in. You can look at the dashboard which shows you all of the information Google is tracking about you, and you can opt out of it.
Google's not perfect. Occasional significant mistakes are made, and there is a lot more that
Re: (Score:1)
Re: (Score:3)
This is stupid in light of the fact that Facebook is openly hostile to idea of user privacy and Google actually seems to care, at least a little bit.
It's not stupid. It's a feature! And this time it's a good one. And it's one that Google can use: Privacy guaranteed by FTC approval!
Re: (Score:1)
You should Google Eric Schmidt.
Re: (Score:2)
For example, while Google did it once, Facebook tricked users into sharing more data than they expected several times!
Smack their knuckles with a ruler for good measure (Score:1)
The illusion that we care (Score:3)
Smack their knuckles with a ruler for good measure
Why? Overpunishment is just as unproductive when applied to businesses as it is to poor, desperate saps. And "now don't you do that again, Google!" is a reasonable response when you have, as in this case, a reasonable expectation that Google indeed won't do it again.
Re: (Score:2)
Good (Score:5, Insightful)
Now let's just get these things applied everywhere else like Google. Facebook, for one, deserves even more oversight.
Forget Facebook... (Score:1)
...how about getting our own GOVERNMENT to follow these guidelines? I'd have a hard time following an edict by someone who won't follow it themselves.
Re: (Score:2, Insightful)
...how about getting our own GOVERNMENT to follow these guidelines? I'd have a hard time following an edict by someone who won't follow it themselves.
What are you talking about, government transparency is fine [wikileaks.org].
Re: (Score:3)
I'd have a hard time following an edict by someone who won't follow it themselves.
You look thirsty, here, have some more kool-aid. I'll have mine later.
Re: (Score:2)
Re:Good (Score:4, Insightful)
Actually, they don't. They don't tell anyone just what exactly will be done with their information, and just exactly who will get to see/copy it. That's something we don't know, only Zuck and his minions knows that. And without knowing exactly that information, there's no true basis for consent.
Re: (Score:2)
Actually, they don't. They don't tell anyone just what exactly will be done with their information, and just exactly who will get to see/copy it
They're selling it to advertisers and marketing firms. They're cross referencing it with everybody elses information to create 'may like/dislike' lists/ads and more complicated demographic sets. There could be other things but what exactly do you think they could be doing with it that would be different than any other company that gets your information?
Re:Good (Score:4, Informative)
Unless Facebook answers those questions, there's no transparency, and certainly the claim that it's pretty obvious what they do with people's data is just handwaving and waffling.
Re: (Score:3)
Re:Good (Score:4, Insightful)
There are several reasons why it matters what will be learned from the data, and who gets it.
Suppose there's a (deliberate or otherwise) mistake in your data, it will be replicated everywhere the data is copied. If you don't know who has access to your data, then you can't tell them to fix it, and it may travel widely causing you damage. In fact, there's no way to prevent some unknown company from changing your data fraudulently, or mixing your data with someone else's data who has the same name. Moreover, what if you (don't) find out that some company you wish to do business with has bought information about you from some random source that's not reliable. You could be penalized without ever knowing why (eg credit records, insurance premiums).
Now besides knowing who gets your data, it's also important to know how data is combined and learned. When data travels and gets learned, it always loses context and is transmogrified. You could have a juvenile shoplifting record, and by the time it ends in some company's database, it has been transformed into "criminal offense" which could be anything. The same is true with medical conditions. You might have some harmless recurring problem, but the computer simplifies that into a generic category, and in that category you are lumped with much more serious diseases, and penalized.
Data never stays 100% the same when it moves from one computer to another. It's important for people to be able to know what data a company has about them, and be able to do something about it. Companies should be held accountable about this.
Re: (Score:2)
Which advertisers?
All of them
Which marketing firms?
All of them
What factors are cross referenced with what other factors using what models?
All of them
Does that make it any clearer?
Re: (Score:1)
Sharing Your Content and Information
You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. In addition:
For content that is covered by intellectual property rights, like photos and videos ("IP content"), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-fre
Re: (Score:3)
I am finding it increasingly hard to buy this argument. Now that I see billboards telling me not to visit myproduct.com, but facebook.com/myproduct. Bars and cafes offering discounts if I like them on Facebook. Invites to parties coming exclusively through Facebook, no longer by email. This is just the beginning. We are quickly moving into a world where you need to be on Facebook to stay in touch (you are a social outcas
Re: (Score:3)
sounds like every telecom ever.
i like it when they fabricate bills, ring you at work asking if you are [some person] and not telling you what it's about because you're not [some person].
but you still get harassed by collection agencies...
and no matter how often you chew their ears off, they don't get the hint.
Re: (Score:2)
Right. This makes me wonder why this was imposed on Google but not other companies that do the same thing. Like the first post noted, Facebook does all sorts of shit with people's details. How come no one is throwing the book at Facebook? I'm no fanboy of Google, but they're not all evil. On my scorecard, they're far less evil than Facebook.
Re: (Score:1)
Oversight, over computer data.. hilarious!
Re: (Score:3)
FTFY. If M$ already do all this, they'll be able to innovate while Google wastes time catching up.
Re: (Score:2)
Google got hit before Facebook? (Score:5, Insightful)
Not fair. Google's been a lot better at protecting info than Zuckerberg's famous pig.
Re: (Score:2)
Not fair. Google's been a lot better at protecting info than Zuckerberg's famous pig.
Google's a lot better than most companies -- but their success has made them some powerful enemies, who do a lot of lobbying...
Re: (Score:2)
Re: (Score:3)
Did it not occur to you that Google may have WANTED a relatively "harsh" punishment to set precedent specifically so that it might be applied to Facebook as well?
It's a wild idea, but I like wild ideas.
But yea, Buzz was a serious fuck-up and it's a good thing the dude who directed that disaster ain't working at Google any more.
Re: (Score:2)
Did it not occur to you that Google may have WANTED a relatively "harsh" punishment to set precedent specifically so that it might be applied to Facebook as well?
That's a very high possibility, considering other things they wanted to push through. Google's baby is advertising, obviously. They do some location guessing (or, not guessing if you consented and are using a mobile device with GPS) for advertising purposes but I don't believe they use anything else. Facebook's advertising methods are a bit more liberal with your personal info. It'd be beneficial to Google to set a precedent to knock Facebook's advertising revenue back a few paces.
But of course, that's o
Re: (Score:2)
Very fair I'd say. Especially when Google has been caught re-handed in multiple countries with data sniffed from unsecured access points collected without any user consent.
Sure, you can argue all you want that unsecured connections are bad, but that does not justify widespread data collection like Google was doing via their street view cars. They were doing something they should not be and got caught. The worst part is their defense, at least in the beginning... that they did not know they were collecting d
Dupe! (Score:1)
http://tech.slashdot.org/story/11/03/30/1517238/Google-Agrees-To-Biennial-Privacy-Reviews [slashdot.org]
20 years seems excessive (Score:1)
Five years and then a checkup now and again, sure, but 20 years is /forever/, even in the non-technical space.
Re: (Score:3)
What's wrong with permanent long term oversight like that? Privacy is a sensitive thing, and even if Google only makes honest mistakes, such audits would flush them out earlier, minimizing damage.
Only this needs to be applied consistently to all companies dealing wit significant amount of private data - Facebook, MS, Amazon etc.
Re: (Score:1)
Well, that's precisely it: it's unfair to single out Google for such an unbelievably long time.
Then, too, who watches the watchers?
Re: (Score:2)
"Googles privacy practices are scrutinized by the US Government and we are the only online service provider who can offer that assurance"
This does seem a bit excessive. (Score:3)
This seems a little excessive to me. They recognized the problem, and took care of it, fairly quick. They didn't realize they had a problem on launch. It seems to MY eyes, that Google TRIES to do the right thing. Unlike Facebook, that does the wrong thing, until OVERWHELMING complaints roll things back. The privacy issues caused by the Buzz launch seemed to not big a big deal, except for a few outliers.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So what, they can get away with placing clearly-marked advertisements on their own pages? The horror...
I notice the top organic results point straight to MS
Re: (Score:2)
Re: (Score:2)
The one I see doesn't mention "Download" at all.
Re: (Score:2)
No, it's not marked "Download Internet Explorer 9". It's marked "Internet Explorer 9", which is the search term that the ad is targeted at. And it explicitly shows the true destination of the ad link - which is pretty much the polar opposite of 'deceptive'.
Re: (Score:2)
OK. My original search had the word download in it, so a slightly different ad was shown. But calling that "the polar opposite of deceptive" shows your bias. Why is this ad only showing up for localised google sites for countries with weak consumer protection laws? European and US law would not see this as the polar opposite of deceptive.
They are not simply displaying the search terms as the link either, they have deliberately crafted the ads to have those deceptive [google.com.my] links [google.com.my] in a way which would cause other
Re: (Score:2)
Unlike Facebook, that does the wrong thing, until OVERWHELMING complaints roll things back.
Actually, if you look, they never roll things back to how they were. They always take two steps past the line of acceptability, then take one back when the complaints come in, but they never go back completely. They've been using this strategy for the last couple of years, as many folks on Slashdot have noticed with the last few major violations of ethics/privacy/decency.
20 years of reviews for a12.5 year old company (Score:2)
What's amazing to me is that google, being not quite 13 years old, is being slapped with requirements that will extend for 20 years. Who knows, by then they could be a completely different company.
Re: (Score:2)
Slashdot needs a duplicate post audit (Score:2)
The soldier who saw everything twice nodded weakly and sank
back on his bed. Yossarian nodded weakly too, eyeing his talented
roomate with great humility and admiration. He knew he was in the
presence of a master. His talented roomate was obviously a person to
be studied and emulated. During the night, his talented roomate died,
and Yossarian decided that he had followed him far enough.
'I see everything once!' he cried quickly.
-- Joseph Heller, Catch-22
Re: (Score:2)
It amazes me that in 2011, anyone is still willingly giving their personal data over to internet data miners. In 2000 I might have understood it for general lack of awareness about the extent of it. But it's been the lead story on bloody CNN on many occasions. It isn't a mystery now to anyone who hasn't been living in a cave for the last decade.
Exactly. I know how much of my data companies like Google and Facebook have -- a fuckton. And you know how much that concerns me? Very little. What's the big deal? Why are people so hellbent on keeping things private? Newsflash: GOOGLE DOES NOT CARE ABOUT YOUR DATA, ONLY DATA. Nobody at Google is reading through your emails or browsing habits. It's all automated. Nobody knows anything about you because nobody cares about you.
Re: (Score:2)
Thank you Schmidt. (Score:1)
Thank you for screwing up the ethics of a company that had maintained acceptable ethics for a long time and having it obliged to something that no other company is put through.
And about you, good riddance.
sun, apple, oracle
Re: (Score:3, Insightful)
Jesus are people still talking about "wireless sniffing" like it's a terrible thing? That's like calling it my fault that I'm forced to smell it when you rip ass.
In fact, that's a more apt analogy than I intended. The recipient has no control, in each case, of whether it gets to them. Can they be faulted for collecting? Sure, it would make them a little creepy if they delibrately inhaled, but there's absolutely no evidence than they intended to. In any case, it's not their fault for having it be there in th
Re: (Score:2)
Re: (Score:3)
I don't care if google has an affinity for a bit of sniffing and the bystanders were caught with their pants down but to say google didn't intend to inhale just seems a bit nai
Re: (Score:3)
They didn't, or at least there's absolutely no evidence that they did. On the contrary, actually, the software they were using (Kismet) saves unencrypted packets by default. You have to go and turn it off. So it sounds to me like they forgot to do that, which is something that I've done myself so I can relate.
Add to that the fact that *nobody knew about this* until Google said "yeah, we did this by accident and we're deleting it". If they were trying to be sneaky and collect people's information, why would
Re: (Score:2)
I think Google makes a good search engine and good products, and I am happy to "pay" my eyeballs and habits for that.
I wish they would offer a simple option to pay with money instead and gave a binding guarantee of absolutely no advertising, data mining, sharing or storage of log info beyond the barest minimum required for technical (troubleshooting, et al) reasons, like 7 days or so.
I'd gladly pay 50+ bucks/year for something like that with
Re: (Score:2)
Perhaps you and your data are already worth more than "50+ bucks/year."
Re: (Score:2)
Perhaps you and your data are already worth more than "50+ bucks/year."
Not with adblock installed and me only using their generic services - google sells eyeballs but they aren't selling mine. At best I'm worth a few bucks to them as part of trend analysis.
Re: (Score:2)
Troll? Come on, it was more like a flamebait (though I'd argue it was just flame...:p ). Troll means something, people.
Re: (Score:2)
hrm (Score:2)
Can we hold the federal govt to the same standard? (Score:2)
The Settlement Bars Misrepresentation? (Score:2)
From the article:
"The proposed settlement bars Google from misrepresenting the privacy or confidentiality of individualsâ(TM) information or misrepresenting compliance with the U.S.-E.U Safe Harbor or other privacy, security, or compliance programs."
I am confused. The article is from the FTC itself, so it seems unlikely that they got this part wrong.
Is this really saying that companies are not, by default, barred from misrepresenting their handling of individuals' information?
That seems so strikingly w
Do no evil, do some evil? (Score:2)
Re: (Score:2)
failing to do enough good != doing evil.
Clearly there are times when inaction can be evil, but I can't see where this is one. And as you point out, they are trying (though I'm a bit skeptical that what Google's lobbying for and what I would want are the same, at least they're closer than e.g. Facebook), so even if this were one of those situations, they would still not be doing evil. At least in regard to your question.
New Google Mission Statement (Score:2)
Do less evil....
(meant to poke fun - I actually like Google)
Why stop at Google? (Score:2)
I am not sure its a sound expansion of FTC powers to start conducting privacy audits of companies. If they are going to do it though Google is really the least of my concerns. I'd like to see Financials, Insurers, Cellular Carriers, and Utilities audited more so than Google. Google is going to use the information they have on me to try and market stuff to me and of course there is a risk it could get leaker. Those other guys are all in a position to do things of much greater consequence to my life with
This could be a selling point (Score:1)
Re: (Score:1, Redundant)
Re: (Score:3, Interesting)
Re:Google, meet Samsung (Score:5, Interesting)
Evil or not, it's pretty cool to see the US Government siding with consumer privacy against a major corporation. Is this a sign of an attitude change, or merely a sign that Google is (relatively) new and hasn't figured out who they need to bribe yet?
Re: (Score:1)
Yes, and it will be so easy enforce and verify.. What they got caught with so far amounts maybe to one one thousandth of what they have. This is a silly distraction. You will not have privacy on a networked computer.. never...
Re: (Score:2)
Evil or not, it's pretty cool to see the US Government siding with consumer privacy against a major corporation. Is this a sign of an attitude change, or merely a sign that Google is (relatively) new and hasn't figured out who they need to bribe yet?
Or its just a cover for a secret agreement to feed everything they collect to a bunch of three letter agencies bypassing all judicial oversight.
Re: (Score:2)
The US Government isn't exactly a huge privacy advocate. Oh, unless it pertains to their own bullshit.
Re: (Score:2)
You mean meet the moronic researcher whose "deep investigation" couldn't notice that the false positive given by his antivirus hit a windows localization folder and just test the file in question on a different scanner?