Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Google Your Rights Online

Google Faces Privacy Audits For Next 20 Years 112

Hugh Pickens writes "The San Francisco Chronicle reports that Google has reached a settlement with the Federal Trade Commission over Buzz, a social blogging service the company introduced through Gmail last year. The deal will require that Google have regular, independent privacy audits for the next 20 years. Buzz drew heavy criticism at launch in February 2010 for a glaring privacy flaw. When users turned it on, it suggested people to follow based on their Gmail contacts list and their most frequent email partners. 'Although Google led Gmail users to believe that they could choose whether or not they wanted to join the network, the options for declining or leaving the social network were ineffective,' says the FTC. Along with the 20 year oversight, the settlement also says that Google is barred from misrepresenting privacy or confidentiality of the user information it collects, Google must obtain user consent before sharing their information with third parties if it changes its privacy policy, and Google must establish and maintain a comprehensive privacy program."
This discussion has been archived. No new comments can be posted.

Google Faces Privacy Audits For Next 20 Years

Comments Filter:
  • Um... (Score:3, Insightful)

    by Anonymous Coward on Wednesday March 30, 2011 @06:03PM (#35672422)

    Facebook? Hello?

    • by smash ( 1351 )
      At least Facebook is opt in - basically you need to become a member for a start. Google search does all sorts of tracking via non-expiring cookie, and realistically trying to avoid google in your usage of the internet is pretty difficult due to them having about 90% of the search market.
      • The summary says it was over Google Buzz, which I'm pretty sure you have to have sign up for Google first to use, like you have to sign up for Facebook first to use that.
    • by Idbar ( 1034346 )
      AT&T, Comcast... hello?
  • facebook (Score:5, Interesting)

    by SpiralSpirit ( 874918 ) on Wednesday March 30, 2011 @06:03PM (#35672430)
    I'd suggest the same with facebook too. I'm not too sure the legality of presenting 12 year old with changes to user agreements, misleading games that collect your info, etc.
    • Re: (Score:3, Informative)

      by inpher ( 1788434 )

      I'd suggest the same with facebook too. I'm not too sure the legality of presenting 12 year old with changes to user agreements, misleading games that collect your info, etc.

      That would not be a big problem for facebook because you have to be 13 to use facebook [facebook.com].

      • by Anonymous Coward

        There are three things I've never done on the internet.

        • Used my real name
        • Used my real date of birth
        • Read terms and conditions
        • I tried that for awhile but the people whose credit cards I "borrowed" for shopping got angry.
        • There are three things I've never done on the internet.

          • Used my real name
          • Used my real date of birth
          • Read terms and conditions

          ...and nobody knows you're a dog.

      • Re:facebook (Score:4, Insightful)

        by vivian ( 156520 ) on Wednesday March 30, 2011 @08:22PM (#35673582)

        These term that Google has to meet should be standard terms that ALL companies who collect information have to meet - especially the one about having to obtain user consent before sharing a user's private information with third parties.

        • I like this from the summary...

          Google is barred from misrepresenting privacy or confidentiality of the user information it collects,

          So does that mean it's normally ok for companies to misrepresent privacy or confidentiality of the user information they collects.

        • These term that Google has to meet should be standard terms that ALL companies who collect information have to meet - especially the one about having to obtain user consent before sharing a user's private information with third parties.

          You can always read a company's privacy policy before submitting personal information to them, and you can always simply not submit data to them if you disagree with it. Companies have to follow their privacy policy, because it is a legal contract. They have every right to include the possibility of distributing your information to third parties. Google just fucked up and rushed Buzz without thinking it through, so now they're getting boned by the privacy police.

    • Re:facebook (Score:5, Informative)

      by MickyTheIdiot ( 1032226 ) on Wednesday March 30, 2011 @06:23PM (#35672642) Homepage Journal

      This is stupid in light of the fact that Facebook is openly hostile to idea of user privacy and Google actually seems to care, at least a little bit.

      • Who do you think paid for this circus? Apparently one of Google 's competitors with a strong lobby group, and they don't happen to compete with Facebook. So what potential perpetrators do we have here..... ...-awkward silence-... ..... Microsoft?
      • by smash ( 1351 )
        You're fucking JOKING, right? Google may wave hands and publicly pretend to care about privacy, etc - but if you actually check what info they have about you on file via the never expiring cookie and your account (if signed in) its pretty damn invasive.
        • by pelrun ( 25021 )

          You seem to misunderstand what 'privacy' actually means here. It's nothing to do with what information they may or may not collect about you - it's what they DO with that information. That means not letting other people have access to it without your explicit permission or a court order.

        • This is almost a false dichotomy like the current US political party situation.

          Trying to stay even handed, I absolutely agree that Google is *one of* the companies that needs privacy oversight.

          But then one of the Google SuperLawyers needs to turn this around into a precedent, so that the other 10 (more?) companies that need oversight get it.

        • You're fucking JOKING, right? Google may wave hands and publicly pretend to care about privacy, etc - but if you actually check what info they have about you on file via the never expiring cookie and your account (if signed in) its pretty damn invasive.

          Google also provides an extensive set of privacy controls. Check out the Google privacy tools [google.com]. You can opt out of ads tracking, personalized ads, etc. You can install a Google-provided plugin that ensures your opt-outs don't get lost and are always honored even if you're not logged in. You can look at the dashboard which shows you all of the information Google is tracking about you, and you can opt out of it.

          Google's not perfect. Occasional significant mistakes are made, and there is a lot more that

      • You're missing the point. Google REFUSED to share the information it gathered, that's why audits are required for the government to legally obtain all that juicy data.
      • by rvw ( 755107 )

        This is stupid in light of the fact that Facebook is openly hostile to idea of user privacy and Google actually seems to care, at least a little bit.

        It's not stupid. It's a feature! And this time it's a good one. And it's one that Google can use: Privacy guaranteed by FTC approval!

      • by Anonymous Coward

        You should Google Eric Schmidt.

      • by yuhong ( 1378501 )

        For example, while Google did it once, Facebook tricked users into sharing more data than they expected several times!

  • This basically amounts to "now don't you do that again, Google!" I don't know why I'm constantly surprised by how infective our corporate oversite is.
    • Smack their knuckles with a ruler for good measure

      Why? Overpunishment is just as unproductive when applied to businesses as it is to poor, desperate saps. And "now don't you do that again, Google!" is a reasonable response when you have, as in this case, a reasonable expectation that Google indeed won't do it again.

  • Good (Score:5, Insightful)

    by gman003 ( 1693318 ) on Wednesday March 30, 2011 @06:07PM (#35672464)
    Honestly, these kinds of things should be mandatory for any large company with that much personal information. Regular independent audits? Sounds like the kind of oversight we need. Can't lie about how private your info is? Sounds like something that should be a law. Need to get consent again after changing the terms? Again, I'm surprised you could get away with it before.

    Now let's just get these things applied everywhere else like Google. Facebook, for one, deserves even more oversight.
    • by Anonymous Coward

      ...how about getting our own GOVERNMENT to follow these guidelines? I'd have a hard time following an edict by someone who won't follow it themselves.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        ...how about getting our own GOVERNMENT to follow these guidelines? I'd have a hard time following an edict by someone who won't follow it themselves.

        What are you talking about, government transparency is fine [wikileaks.org].

      • I'd have a hard time following an edict by someone who won't follow it themselves.

        You look thirsty, here, have some more kool-aid. I'll have mine later.

    • I've said it before, and I'll say it again (even though it's not popular), but no one is holding a gun to anyone's head and telling them to use facebook "or else." They can only use the personal info you give them- and rightly so. They make it glaringly obvious that is how they make their money. Government oversight in this case will only lead to more laws. More laws will lead to less internet(personal) freedom. After all, the Internet is a privilege not a right (and should remain as such).
      • Re:Good (Score:4, Insightful)

        by martin-boundary ( 547041 ) on Wednesday March 30, 2011 @07:44PM (#35673338)

        They make it glaringly obvious that is how they make their money.

        Actually, they don't. They don't tell anyone just what exactly will be done with their information, and just exactly who will get to see/copy it. That's something we don't know, only Zuck and his minions knows that. And without knowing exactly that information, there's no true basis for consent.

        • Actually, they don't. They don't tell anyone just what exactly will be done with their information, and just exactly who will get to see/copy it

          They're selling it to advertisers and marketing firms. They're cross referencing it with everybody elses information to create 'may like/dislike' lists/ads and more complicated demographic sets. There could be other things but what exactly do you think they could be doing with it that would be different than any other company that gets your information?

          • Re:Good (Score:4, Informative)

            by martin-boundary ( 547041 ) on Wednesday March 30, 2011 @08:57PM (#35673820)
            Reread my comment. Which advertisers? Which marketing firms? What factors are cross referenced with what other factors using what models?

            Unless Facebook answers those questions, there's no transparency, and certainly the claim that it's pretty obvious what they do with people's data is just handwaving and waffling.

            • I'm just wondering what makes that differentfrom any other company. In general who they sell your information to is a moving target. It might be one company today and another tomorrow so if you want to use Facebook you agree that anyone might be able to buy your information and use it however they can. What factors they use are also going to change depending on what they're trying to learn. I guess I don't understand why it matters who they sell it to or how they use it as long as you know they are goin
              • Re:Good (Score:4, Insightful)

                by martin-boundary ( 547041 ) on Wednesday March 30, 2011 @10:22PM (#35674442)
                First, I think it's wrong to equate privacy protection with simply doing the same as other companies are doing. What's to ensure that those other companies are actually protecting their customers' data any better? This IMHO is a major problem with the US lack of standards similar to the EU data protection principles [wikipedia.org].

                There are several reasons why it matters what will be learned from the data, and who gets it.

                Suppose there's a (deliberate or otherwise) mistake in your data, it will be replicated everywhere the data is copied. If you don't know who has access to your data, then you can't tell them to fix it, and it may travel widely causing you damage. In fact, there's no way to prevent some unknown company from changing your data fraudulently, or mixing your data with someone else's data who has the same name. Moreover, what if you (don't) find out that some company you wish to do business with has bought information about you from some random source that's not reliable. You could be penalized without ever knowing why (eg credit records, insurance premiums).

                Now besides knowing who gets your data, it's also important to know how data is combined and learned. When data travels and gets learned, it always loses context and is transmogrified. You could have a juvenile shoplifting record, and by the time it ends in some company's database, it has been transformed into "criminal offense" which could be anything. The same is true with medical conditions. You might have some harmless recurring problem, but the computer simplifies that into a generic category, and in that category you are lumped with much more serious diseases, and penalized.

                Data never stays 100% the same when it moves from one computer to another. It's important for people to be able to know what data a company has about them, and be able to do something about it. Companies should be held accountable about this.

            • Which advertisers?

              All of them

              Which marketing firms?

              All of them

              What factors are cross referenced with what other factors using what models?

              All of them

              Does that make it any clearer?

          • From Facebooks Terms of service:
            Sharing Your Content and Information

            You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. In addition:

            For content that is covered by intellectual property rights, like photos and videos ("IP content"), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-fre
      • by mgiuca ( 1040724 )

        but no one is holding a gun to anyone's head and telling them to use facebook "or else."

        I am finding it increasingly hard to buy this argument. Now that I see billboards telling me not to visit myproduct.com, but facebook.com/myproduct. Bars and cafes offering discounts if I like them on Facebook. Invites to parties coming exclusively through Facebook, no longer by email. This is just the beginning. We are quickly moving into a world where you need to be on Facebook to stay in touch (you are a social outcas

    • Oversight, over computer data.. hilarious!

  • by KlomDark ( 6370 ) on Wednesday March 30, 2011 @06:12PM (#35672520) Homepage Journal

    Not fair. Google's been a lot better at protecting info than Zuckerberg's famous pig.

    • by macshit ( 157376 )

      Not fair. Google's been a lot better at protecting info than Zuckerberg's famous pig.

      Google's a lot better than most companies -- but their success has made them some powerful enemies, who do a lot of lobbying...

    • Don't worry. Just as soon as the next "pro business" administration gets into office Google won't have to worry about these left wing communist job killing audits anymore.
    • by lanner ( 107308 )

      Did it not occur to you that Google may have WANTED a relatively "harsh" punishment to set precedent specifically so that it might be applied to Facebook as well?

      It's a wild idea, but I like wild ideas.

      But yea, Buzz was a serious fuck-up and it's a good thing the dude who directed that disaster ain't working at Google any more.

      • by mldi ( 1598123 )

        Did it not occur to you that Google may have WANTED a relatively "harsh" punishment to set precedent specifically so that it might be applied to Facebook as well?

        That's a very high possibility, considering other things they wanted to push through. Google's baby is advertising, obviously. They do some location guessing (or, not guessing if you consented and are using a mobile device with GPS) for advertising purposes but I don't believe they use anything else. Facebook's advertising methods are a bit more liberal with your personal info. It'd be beneficial to Google to set a precedent to knock Facebook's advertising revenue back a few paces.

        But of course, that's o

    • by cbope ( 130292 )

      Very fair I'd say. Especially when Google has been caught re-handed in multiple countries with data sniffed from unsecured access points collected without any user consent.

      Sure, you can argue all you want that unsecured connections are bad, but that does not justify widespread data collection like Google was doing via their street view cars. They were doing something they should not be and got caught. The worst part is their defense, at least in the beginning... that they did not know they were collecting d

  • I know, it's slashdot, but don't dupes usually wait a day or a week before getting posted?
    http://tech.slashdot.org/story/11/03/30/1517238/Google-Agrees-To-Biennial-Privacy-Reviews [slashdot.org]
  • Five years and then a checkup now and again, sure, but 20 years is /forever/, even in the non-technical space.

    • What's wrong with permanent long term oversight like that? Privacy is a sensitive thing, and even if Google only makes honest mistakes, such audits would flush them out earlier, minimizing damage.

      Only this needs to be applied consistently to all companies dealing wit significant amount of private data - Facebook, MS, Amazon etc.

      • by Nimey ( 114278 )

        Well, that's precisely it: it's unfair to single out Google for such an unbelievably long time.

        Then, too, who watches the watchers?

    • I'm not sure it's excessive & I can even see it being used as a selling point; not too much different than seeing on a meat package "Packed under constant supervision of the USDA".

      "Googles privacy practices are scrutinized by the US Government and we are the only online service provider who can offer that assurance"
  • by Rifter13 ( 773076 ) on Wednesday March 30, 2011 @06:16PM (#35672566) Homepage

    This seems a little excessive to me. They recognized the problem, and took care of it, fairly quick. They didn't realize they had a problem on launch. It seems to MY eyes, that Google TRIES to do the right thing. Unlike Facebook, that does the wrong thing, until OVERWHELMING complaints roll things back. The privacy issues caused by the Buzz launch seemed to not big a big deal, except for a few outliers.

    • On the plus side, they probably won't have a big problem with it, and if they're very smart (which much of the time, they are) they can use this privacy review as a feature if they want to push any of their own social services over some of their competitors. Worst case, it may push some other to volunteer for the same sort of reviews.
    • by jrumney ( 197329 )
      Google tries to do what they can get away with [google.com.my]. Don't be fooled by the "don't be evil" motto.
      • So what, they can get away with placing clearly-marked advertisements on their own pages? The horror...

        I notice the top organic results point straight to MS

        • by jrumney ( 197329 )
          The advertisement may be clearly marked as "Ad", but it is also clearly marked "Download Internet Explorer 9", clicking on which will take you to the Chrome download page. This kind of deceptive advertising is unethical, and in most countries illegal. The European and US sites do not have this Ad at the top, so Google are clearly aware of that.
          • The one I see doesn't mention "Download" at all.

          • by pelrun ( 25021 )

            No, it's not marked "Download Internet Explorer 9". It's marked "Internet Explorer 9", which is the search term that the ad is targeted at. And it explicitly shows the true destination of the ad link - which is pretty much the polar opposite of 'deceptive'.

            • by jrumney ( 197329 )

              OK. My original search had the word download in it, so a slightly different ad was shown. But calling that "the polar opposite of deceptive" shows your bias. Why is this ad only showing up for localised google sites for countries with weak consumer protection laws? European and US law would not see this as the polar opposite of deceptive.

              They are not simply displaying the search terms as the link either, they have deliberately crafted the ads to have those deceptive [google.com.my] links [google.com.my] in a way which would cause other

    • Unlike Facebook, that does the wrong thing, until OVERWHELMING complaints roll things back.

      Actually, if you look, they never roll things back to how they were. They always take two steps past the line of acceptability, then take one back when the complaints come in, but they never go back completely. They've been using this strategy for the last couple of years, as many folks on Slashdot have noticed with the last few major violations of ethics/privacy/decency.

  • What's amazing to me is that google, being not quite 13 years old, is being slapped with requirements that will extend for 20 years. Who knows, by then they could be a completely different company.

  • The soldier who saw everything twice nodded weakly and sank
    back on his bed. Yossarian nodded weakly too, eyeing his talented
    roomate with great humility and admiration. He knew he was in the
    presence of a master. His talented roomate was obviously a person to
    be studied and emulated. During the night, his talented roomate died,
    and Yossarian decided that he had followed him far enough.
    'I see everything once!' he cried quickly.

    -- Joseph Heller, Catch-22

  • For screwing up so bad. There's yet the wireless sniffing incident to deal with.

    Thank you for screwing up the ethics of a company that had maintained acceptable ethics for a long time and having it obliged to something that no other company is put through.

    And about you, good riddance.

    sun, apple, oracle .... what would you expect from someone who took on the culture of those companies.
    • Re: (Score:3, Insightful)

      by slimjim8094 ( 941042 )

      Jesus are people still talking about "wireless sniffing" like it's a terrible thing? That's like calling it my fault that I'm forced to smell it when you rip ass.

      In fact, that's a more apt analogy than I intended. The recipient has no control, in each case, of whether it gets to them. Can they be faulted for collecting? Sure, it would make them a little creepy if they delibrately inhaled, but there's absolutely no evidence than they intended to. In any case, it's not their fault for having it be there in th

      • pipe down buster. easy. easy ....
      • Not only were google inhaling, they were jaring it otherwise how could someone prove google sniffed it to start with? If they had no intention to further inhale from the source then why were they storing what they sniffed? If they never had any intention to retrieve the "ass ripping" output then why even walk around sniffing for it?

        I don't care if google has an affinity for a bit of sniffing and the bystanders were caught with their pants down but to say google didn't intend to inhale just seems a bit nai
        • They didn't, or at least there's absolutely no evidence that they did. On the contrary, actually, the software they were using (Kismet) saves unencrypted packets by default. You have to go and turn it off. So it sounds to me like they forgot to do that, which is something that I've done myself so I can relate.

          Add to that the fact that *nobody knew about this* until Google said "yeah, we did this by accident and we're deleting it". If they were trying to be sneaky and collect people's information, why would

          • I think Google makes a good search engine and good products, and I am happy to "pay" my eyeballs and habits for that.

            I wish they would offer a simple option to pay with money instead and gave a binding guarantee of absolutely no advertising, data mining, sharing or storage of log info beyond the barest minimum required for technical (troubleshooting, et al) reasons, like 7 days or so.

            I'd gladly pay 50+ bucks/year for something like that with

            • by adolf ( 21054 )

              I wish they would offer a simple option to pay with money instead and gave a binding guarantee of absolutely no advertising, data mining, sharing or storage of log info beyond the barest minimum required for technical (troubleshooting, et al) reasons, like 7 days or so.

              I'd gladly pay 50+ bucks/year for something like that with

              Perhaps you and your data are already worth more than "50+ bucks/year."

              • Perhaps you and your data are already worth more than "50+ bucks/year."

                Not with adblock installed and me only using their generic services - google sells eyeballs but they aren't selling mine. At best I'm worth a few bucks to them as part of trend analysis.

      • Troll? Come on, it was more like a flamebait (though I'd argue it was just flame...:p ). Troll means something, people.

      • by mldi ( 1598123 )
        Yep, it's "my fault" that when I took photos from a public street for the purposes of collecting data on house exterior colors that I caught photos of you jerking off to animal porn because you had the blinds open and just trusted that nobody would look.
  • I can't see any reason this shouldn't apply to all companies.
  • I have a feeling they're retaining a lot more unnecessary information than google.
  • From the article:

    "The proposed settlement bars Google from misrepresenting the privacy or confidentiality of individualsâ(TM) information or misrepresenting compliance with the U.S.-E.U Safe Harbor or other privacy, security, or compliance programs."

    I am confused. The article is from the FTC itself, so it seems unlikely that they got this part wrong.

    Is this really saying that companies are not, by default, barred from misrepresenting their handling of individuals' information?

    That seems so strikingly w

  • My conclusion after reading this. They didn't pay enough on lobbyists [siliconbeat.com]. This of course is scary once you see how much they already pay for lobbying and how fast its grown. Here's the question I pose to you. Is Google, the company of do no evil, doing evil by putting this many resources towards these efforts or is that just par for the course when you get that big?
    • failing to do enough good != doing evil.

      Clearly there are times when inaction can be evil, but I can't see where this is one. And as you point out, they are trying (though I'm a bit skeptical that what Google's lobbying for and what I would want are the same, at least they're closer than e.g. Facebook), so even if this were one of those situations, they would still not be doing evil. At least in regard to your question.

  • Do less evil....

    (meant to poke fun - I actually like Google)

  • I am not sure its a sound expansion of FTC powers to start conducting privacy audits of companies. If they are going to do it though Google is really the least of my concerns. I'd like to see Financials, Insurers, Cellular Carriers, and Utilities audited more so than Google. Google is going to use the information they have on me to try and market stuff to me and of course there is a risk it could get leaker. Those other guys are all in a position to do things of much greater consequence to my life with

  • "Google has the only government-reviewed privacy and security policy."

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...