Custom Search

Wednesday, February 17, 2010

Google Buzz Violates Wire Tap Laws? EPIC Says Yes





































EPIC: Google May Have Broken Wiretap Law


If Google wanted to create a quick buzz around its new social networking service, it's certainly accomplished that. Last week, when the Web giant automatically signed up millions of Gmail users for its new Buzz social network, much of the Internet was sent into a privacy tizzy.

Google announced serious modifications to the service later in the week, but that wasn’t enough for the Electronic Privacy Information Center (EPIC). On Tuesday, it filed a formal complaint with the Federal Trade Commission, asking the regulator to order more changes. EPIC also accused Google of violating Federal Consumer Protection Law and suggested the firm may have broken wiretap laws, too.

While the details of the Buzz privacy dispute can seem esoteric, the main thrust of EPIC's complaint is simple: Google should never have pushed all 37 million U.S. Gmail users into a social networking service without asking, said EPIC Executive Director Marc Rotenberg.

"E-mail is one area on the Internet where we have a well-understood expectation of privacy," Rotenberg said. "E-mail is for private messages. You sign up for social networking to communicate publicly with people, Google tried to turn e-mail into social networking, and that's where they ran into trouble."

The complaint lays out a series of alleged Google missteps that EPIC says constitute unfair or deceptive trade practices that violate the Federal Trade Commission Act. For starters, it says, all users who checked their Gmail account last week were suddenly signed up for Buzz. While Google offered users a chance to "check out" the service, it didn't give them the option to avoid it.

"Regardless of whether a user clicked the button labeled 'Sweet! Check out Buzz' or “Nah, go to my inbox,’ Google Buzz was activated," the complaint says.

Gmail account holders who then began using Buzz found their first public posting was essentially a list of their most frequent e-mail contacts. Buzz decided for itself who users e-mailed most often, then put those users on a list as "followers" and made that list public. Quickly, nightmare hypothetical scenarios were published -- workers who had recently e-mailed about job interviews had their job hunt exposed, for example. Cheating lovers or spouses were outed.

"Gmail contact lists routinely include deeply personal information, including the names and email addresses of estranged spouses, current lovers, attorneys and doctors," the EPIC complaint said. "Users were not explicitly warned that their lists would be automatically visible to the public. ... Anyone looking at a newly activated Buzz user’s following list would know that the list indicated which people that user communicated with most often."

In addition to causing potential embarrassment -- or worse – Google may have broken the law by disclosing e-mail contacts, EPIC said.

"Improper disclosure of even a limited amount of subscriber information by an e-mail service provider can be a violation of both state and federal law," it said. "An attempt by an e-mail service provider to attempt to convert the personal information of all of its customers into a separate service raises far-reaching concerns."

Google has already gone through two rounds of revisions with its service, and Buzz now tells new users that frequent e-mail partners will be “followers” unless the user prevents that. New users now see a list of potential followers -- checked by default -- when they sign up for the service.

But on Tuesday, Rotenberg said that Google still hadn't gone far enough to address privacy concerns. Buzz still ropes in Gmail users and their e-mail contacts by default, which can lead to unintended disclosure of personal information, he says.

Rotenberg said Buzz users should have to actively opt in before Buzz is activated, rather than opt out.

"It's always about the defaults," he said.

EPIC has called on the FTC to force Google to:

*make Buzz a fully opt-in service.
* force Google to cease using Gmail users’ private address book contacts to compile social networking lists.
*give Buzz users more control over their information.


For a company that has already dealt with plenty of privacy related issues, Google's misreading of public reaction to Buzz is a surprise, said Larry Ponemon, a privacy researcher who runs The Ponemon Institute.

"It is astonishing to me that a decision was made to release a product that the average person would see as a potential privacy snafu," he said. "Things like this seem to happen because people making decisions just aren't thinking about privacy. … Sometimes companies don't when they are about to release something they think is really cool."

Ponemon did say that he was impressed with Google's quick response to the controversy, taking only a few days to make changes to the service.

"They did take it seriously, you could tell they had all hands on deck," he said.

Rotenberg said Google was more worried about stiff competition in the social media world than privacy.

“Google tried to take advantage of its market position" by dragging all Gmail users into Buzz overnight, he said, thereby giving the service a running start in the uphill battle to catch Facebook and Twitter in the social networking space.

That's why he wants the FTC to be more proactively involved in privacy policy.

"The FTC has had a hands-off policy, leading to some bad business practices," he said.

Google said in an e-mail statement to msnbc.com that it was working hard to make adjustments to its service based on user feedback, and will keep "user transparency and control top of mind.

“We also welcome dialogue with EPIC and appreciate hearing directly from them about their concerns," the statement continued. "Our door is always open to organizations with suggestions about our products and services.”



Sources: MSNBC, First Read, Red Tape Chronicles, FTC

No comments: