Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Electronic Frontier Foundation Google Privacy Your Rights Online Hardware

Google Calls Out EFF Over Claims That It Snoops On Students With Chromebooks (hothardware.com) 100

MojoKid writes: The Electronic Frontier Foundation (EFF) caused quite a stir this week when it alleged that Google is using its Chromebook platform, which has made a significant impact in education markets, to snoop on students. The charges were damning, with the EFF claiming that Google was violating its own corporate policies and using students' personally identifiable browsing data/habits to refine its services, in addition to sharing that data with partners. Obviously, Google would take such allegations seriously, and has thus responded to every claim brought forth by the EFF. "While we appreciate the EFF's focus on student data privacy, we are confident that our tools comply with both the law and our promises, including the Student Privacy Pledge..." said Jonathan Rochelle, the Director of Google Apps for Education. With respect to Google Apps for Education Core Services (GAFE), Rochelle asserts that all student data stored is "only used to provide the services themselves" and that student data isn't used for advertising purposes, nor are ads served to students. Rochelle also explains that personally identifiable data of students is removed, and only aggregated data of its millions of users is utilized to help improve its services.
This discussion has been archived. No new comments can be posted.

Google Calls Out EFF Over Claims That It Snoops On Students With Chromebooks

Comments Filter:
  • Obviously (Score:2, Informative)

    All your data are belong to us.

  • nobody believes that. if you HAVE it, you have COLLECTED it and the RETENTION of such data fits YOUR purposes.
    • Re:c'mon, man (Score:5, Insightful)

      by Meshach ( 578918 ) on Thursday December 03, 2015 @05:16PM (#51053153)

      nobody believes that. if you HAVE it, you have COLLECTED it and the RETENTION of such data fits YOUR purposes.

      When I send an email my ISP will will scan the email for viruses and to make sure it is not spam. How is this any different.

      • Re:c'mon, man (Score:5, Insightful)

        by Zero__Kelvin ( 151819 ) on Thursday December 03, 2015 @06:43PM (#51053687) Homepage

        "When I send an email my ISP will will scan the email for viruses and to make sure it is not spam. How is this any different."

        People, at least here on Slashdot at the present moment, don't have an irrational hatred for your ISP.

      • nobody believes that. if you HAVE it, you have COLLECTED it and the RETENTION of such data fits YOUR purposes.

        When I send an email my ISP will will scan the email for viruses and to make sure it is not spam. How is this any different.

        Your ISP presumably doesn't collect data from your emails and sell that on, or use it to advertise to your.

    • you're confusing data - which they say they don't collect - with metadata, which has the meaning of the data they collect, stored.

      It's easy to say you're not collecting data, when you're actually storing the metadata after you process the data.

      The end result is the same.

  • Google, or your own lying eyes?

    Tell you what, the EFF has credibility in the bank with me. Google on the other hand...

    • by lgw ( 121541 )

      Tell you what, the EFF has credibility in the bank with me. Google on the other hand...

      Well fuck me running, I agree with Ratzo on something. Google is an advertizing company, and weasel words and outright lying convincingly are core competencies for them. The EFF has never steered me wrong.

      Plus, the weasel words here are pretty obvious: Google admits to collecting students personal information, but tries to hide behind "we only use it in aggregate".

      • Plus, the weasel words here are pretty obvious: Google admits to collecting students personal information, but tries to hide behind "we only use it in aggregate".

        Not to mention, the people at Google should know in more exquisite detail than just about everybody else (except maybe Facebook and the NSA) exactly how incredibly easy it is to dis-aggregate aggregate data.

      • the weasel words here are pretty obvious: Google admits to collecting students personal information, but tries to hide behind "we only use it in aggregate".

        What is the minimum size of an aggregate, one might fairly ask.

    • by slimjim8094 ( 941042 ) on Thursday December 03, 2015 @08:13PM (#51054239)

      The EFF has credibility with me as well (less than they used to, for similar reasons as PETA), but how can they possibly know what Google is using the data for internally? They don't have enough information to know anything beyond "it's being synced" - which for a feature called "Chrome Sync" seems pretty obvious. The reason it's being synced is also obvious and the blog post states it plainly - most schools don't buy a chromebook per student, they have a cart that's brought where required, and the sync is so that when the student signs in they have their personalization.

      Google has always said "we use aggregate data to make our services better". They say it everywhere. It's how Google works. But they also say "we're not looking at individuals or less-than-anonymized groups of people". And there's no evidence they're doing the latter in addition to the former. I can't figure out on what basis - and with what information - the EFF is making that claim other than "we don't like Google". It sounds like a PR stunt for their new initiative. Really if the EFF *did* know that the data was being used for nefarious purposes, it would mean there was some sort of external leak of user data - which would be much more damaging than the supposed activity they are concerned with.

      As a disclaimer, I do work at Google. I do in fact know what Google does with user data. It's pretty much what it says on the tin, and they are extremely serious about it. Nefarious use of user data is one of the few outright firing offenses, and they will find you.

      So you don't believe me. That's fine, and I'm not surprised. But why do you believe the EFF, which is the party with the less information, in absence of evidence beyond their say-so? That's firmly conspiracy theory territory. Even if they did have a better track record (hard to say, they're not without mistakes), and didn't have any agendas (not true) they simply can't back up their assertions here with any evidence. You're left with an unverifiable claim from someone who can't know, vs unverifiable claim from someone who does know.

      Which is more likely - the EFF made a bullshit accusation with no evidence that they suffer no penalty for and might even help them anyways, or Google making a bald-faced, PR-damaging lie that can be discovered with a simple subpoena?

      • Which is more likely - the EFF made a bullshit accusation with no evidence that they suffer no penalty for and might even help them anyways, or Google making a bald-faced, PR-damaging lie that can be discovered with a simple subpoena?

        Because Google has a history of making bald-faced lies and don't give a goddamn about PR damage, because they don't have to.

      • you may work at google, but I doubt you are privvy to all the uses of data that google engages in. what you see is what you are ALLOWED to see. unless you are in the chosen elite, you'll never know what is really going on (this applies to all large corps; there is a duality in them all and the ones who really know what is going on are the suits and ties, NEVER the engineers. they are fed shit and kept in the dark, as usual)

        they may tell you a nice little fib that isn't 100% a lie, but that's not the same

        • My argument isn't predicated on me being right about how the data's being used, it's solely that the EFF can only be talking out their nether regions when they say that they do know how it's being used. Indeed, if there is some huge conspiracy that's so secret that not even the engineers working on the systems in question know about it, then it's even less likely that the EFF knows, right?

          Don't bother replying, I'm not trying to convince you and I know I won't succeed. But other people read these comments.

      • by AmiMoJo ( 196126 )

        The EFF's point is that the data shouldn't be collected because even if Google is being responsible with it today, tomorrow they might change their policies or sell the data to someone else who then abuses it. We have seen this happen in the past with companies that go bankrupt and then sell off their databases to cover the CEO's golden parachute.

  • Sounds Familiar (Score:3, Informative)

    by konohitowa ( 220547 ) on Thursday December 03, 2015 @05:26PM (#51053213) Journal
    I seem to recall a similar response when accused of collecting WiFi data.
    • Re:Sounds Familiar (Score:5, Informative)

      by Solandri ( 704621 ) on Thursday December 03, 2015 @06:53PM (#51053771)
      Google self-reported their excessive wifi data collection. Basically a government agency accused them of collecting more wifi data than just SSIDs. Google said, "No, we're only collecting SSIDs. Here, we'll prove it." Then they audited their own records, came back, and said, "Oops, you were right, we accidentally recorded more info than just the SSID."

      Contrast this with, say, Microsoft who still won't say what data Windows 10 is collecting. Or Apple, who commandeered people's iPhones to report location and SSIDs back to them (to accomplish what Google did by paying people to drive company cars around), and still haven't admitted it, brushing it off as an oversight instead of prep for their own mapping program. I'm not sure why Google keeps getting brought up as the quintessential example of a bad guy in these privacy issues, when they've been pretty open about what they do and admit when they make mistakes. Other companies are far worse. The way the EU handled the Google case vs. the Apple case basically tells companies: if you accidentally break the law, it is better to obfuscate and deny it, than the be honest and admit it.
      • Like I said, it sounds familiar. They were accused and denied it, just like this case. Furthermore, after they claimed to have stopped it they continued to fight in court claiming, as they are right now, that what they were/are doing is perfectly legal. The "no laws were broken" defense.
  • Just for balance (Score:5, Informative)

    by Anonymous Coward on Thursday December 03, 2015 @05:35PM (#51053263)

    Since the awful TFA didn't include a link to Google's post defending itself from EFF's accusations even though it quoted from that source, here's the link to it:
    http://googleforeducation.blogspot.com/2015/12/the-facts-about-student-data-privacy-in.html

    Also here a link to the Student Privacy Pledge that EFF has accused Google of violating:
    http://studentprivacypledge.org/

    The Student Privacy Pledge will hold school service providers accountable to:

            Not sell student information
            Not behaviorally target advertising
            Use data for authorized education purposes only
            Not change privacy policies without notice and choice
            Enforce strict limits on data retention
            Support parental access to, and correction of errors in, their children’s information
            Provide comprehensive security standards
            Be transparent about collection and use of data.

    Here are links to the co-authors of the Student Privacy Pledge stating their objections to the EFF's complaint:
    https://fpf.org/2015/12/01/future-of-privacy-forum-statement-regarding-electronic-frontier-foundation-student-privacy-complaint/

    In response to the allegations made today that Google has violated commitments of the Student Privacy Pledge (SPP), FPF Executive Director Jules Polonetsky issued the following statement:

    We have reviewed the EFF complaint but do not believe it has merit.

    http://blog.siia.net/index.php/2015/12/some-misunderstandings-of-the-student-privacy-pledge/

    The Electronic Frontier Foundation has filed a complaint with the Federal Trade Commission against Google for violation of the K-12 School Service Provider Pledge to Safeguard Student Privacy. The FTC will assess the complaint on its merits and make a judgment one way or the other. But, it is important to point out that the complaint contains some important misunderstandings about the student privacy pledge.

    • The Electronic Frontier Foundation has filed a complaint with the Federal Trade Commission against Google for violation of the K-12 School Service Provider Pledge to Safeguard Student Privacy.

      The EFF and Google -- both nominally good faith actors with regards to privacy -- are in conflict, and they're taking their issue up with ... the government?

  • by Anonymous Coward

    If ads are not served to students, how do I tell google that I'm a student?

    Learn something new every day.

    • by ledow ( 319597 )

      Be part of a verified educational institution that is given unlimited-storage Google Apps for Education (identical to Google Apps for Business - go look at the prices) for free.

      The signup for my schools consisted of proving we were a registered school in the UK, and that our domain belonged to us, and some guy checked that our domain was the official school website.

      Now I have an admin interface that lets me create unlimited accounts or unlimited size to assign to registered students, while tracking their ev

  • Can we actually get original links to the EFF and Google blog posts not some third party regurgitator?

  • The wider network is even more secure from other ad services. Data is more anonymized and everyone is more happy with the free happy services given away for free. Learning is a happy time too, with all the advanced branded products and free services offered for free.
    No other marketing communication brand can see the very secure network.
  • (Google hands bribe to regulators)

    Shocked I tell you!

  • The more de-identified data aggregated the easier to rebuild identity.
    Data mining is all about finding a needle in a haystack,
    extracting coherency from apparent chaos.

  • Comment removed based on user account deletion
  • In a nutshell, they collect personal data but ask us to trust them to never misbehave with it.
  • "Ambiguous pronouns lack a clear antecedent, while vague pronouns lack an antecedent altogether. Remember that antecedent refers to the noun or pronoun that a pronoun refers to (ante meaning âoebeforeâ in Latin). In the following sentence, the pronoun is bolded: Fred visited Bob after *his* graduation.

    Not just being a nazi. I had to read the title 3 times to understand it.

  • Good Guy Google, knows most students hadn't heard about the claims. Draws more attention to them.

If you have a procedure with 10 parameters, you probably missed some.

Working...