Inside EPIC's privacy claim against Google: What's the evidence?
By now, the matter of Google's multiple small disasters with its early round of cloud-based applications -- troubles which led to the unauthorized sharing ability of some files -- is one of public record, and certainly the company has made plenty of public apologies. But was it criminally deceptive in promising to users a safe system, only to then be hit with safety issues? The Electronic Privacy Information Center advocacy group says yes, and it has taken its case to the US Federal Trade Commission.
In a formal complaint issued this morning (PDF available here), EPIC uses citations from Google's online marketing promotions for its cloud-based applications, along with links to news articles about the company's recent headaches, to build the case that the company makes promises to users that it can't keep.
"Google encourages users to 'add personal information to their documents and spreadsheets,' and represents to consumers that 'this information is safely stored on Google's secure servers,'" reads the complaint co-authored by EPIC President Marc Rotenberg. "Google states that 'your data is private, unless you grant access to others and/or publish your information.'"
Last month's Gmail service outage, which only affected a minority of Google's customers, still managed to point to a serious problem with respect to the centralization of the company's online resources. Then two weeks ago, the inadvertent availability of unauthorized documents in some users' online storage gave a clear signal that identity and authentication in the Google system were still very much in "beta."
But Google admitted as much -- in fact, it's through its admissions that many in the press discovered the existence of these troubles in the first place. EPIC cited the FTC's regulations regarding deceptive advertising, which state, "There must be a representation, omission or practice that is likely to mislead the consumer. This includes the 'use of bait and switch techniques.'"
With that, EPIC went on to contend the evidence, in its view, speaks for itself: "Google made material representations that misled consumers regarding its security practices, and users reasonably relied on Google's promises. As demonstrated by the Google Docs Data Breach, Google's material representations were deceptive."
EPIC is requesting that the FTC enjoin Google from providing any kind of cloud computing service "until safeguards are verifiably established," as well as to contribute $5 million to a public research fund for developing encryption, anonymization, and mobile privacy techniques.