Tag Archives: Electronic Privacy Information Center

The US Federal Trade Commission Is Useless And Incompetent

How useless is the US Federal Trade Commission (FTC)?

There has been a lot going on with Google these days and somebody should be keeping an eye on this company. We need an agency that not only has authority but also isn’t afraid to use its powers. Yet, time and time again, the FTC has shown that it’s reluctant to get involved with anything having to do with Google.

I published several posts on this site about The Electronic Privacy Information Center’s (EPIC) lawsuit against the FTC. This lawsuit was a last resort for EPIC to force the FTC to do its job properly. The FTC should be embarrassed with itself for getting an outside group to file a lawsuit against them so that something serious can be done about Google’s many violations. Yet, the FTC fought that lawsuit because it didn’t want others telling the federal agency what to do and how to do it.

The FTC has refused to say anything about Google’s new more intrusive privacy policy, which has ignited deep concern all over the world. The only thing said came from the FTC Chairman, Jon Leibowitz, who acknowledged that Google’s new privacy policy is “binary” and “brutal”. He refused to elaborate, though.  It’s now the 8th day of March and the new Google privacy policy has been in effect for a week – still no word from the FTC.

The FTC’s silence is stunning considering the scrutiny and the amount of attention given to Google’s privacy policy. All you have to do is look through all the posts on this site to see just how much attention Google has received. Some of that attention includes:

 About three dozen US State Attorneys General sent Google a strongly worded letter expressing concern for how there isn’t an opt-out option for users; several bipartisan members of the US Congress and Senate condemned Google’s new privacy policy saying that it leaves users with no privacy at all; numerous consumer advocacy groups spoke against Google’s new privacy policy; the European Union said that Google’s new privacy policy violates their data protection laws; several other countries from around the word have expressed their concerns too.

Yet – even after all this is happening, the FTC is still asleep or moving at a glacial pace. WAKE UP! Do your job!

English: Washington, D.C. headquarters of the ...

In an interview on the C-SPAN program, Newsmakers, the FTC Chairman was asked why the federal agency moves so slowly to act against abuses, while European regulators do a great job of protecting the privacy of their citizens. The battles the FTC chooses to fight seem to be always three years too late. The Chairman responded by saying this:

“We’re not a regulatory agency. We’re an enforcement and policy agency, so it’s harder for us to set up rules in advance, so…you’re right…it’s a tricky question…responding to how do we make things better going forward as opposed to correcting mistakes a few years ago…we try our best using the tools that we have”

This is an admission that the FTC is incompetent and useless. When the new consumer Privacy Bill of Rights was unveiled last month by the White House, one of the major announcements was something called “Do Not Track”. This proposal for a new Do Not Track button is meant to keep people safe against online spying or tracking. As many of you already know, just about any website you visit has multiple tracking companies spying on your every move – including Google. There are over 800 of these tracking companies, many of whom are solely in business to keep track of Internet users’ online habits. They use tracking devices to monitor how you browse the web from site to site. Google has several of these tracking tools to keep an eye on users not only on their own websites, but on other people’s websites too. What the Do Not Track button will allow is a way for Internet users to express to these companies that they prefer not to be tracked.

However, this proposed Do Not Track button gives a false sense of security and totally lacks real value. This is because it’s voluntary for companies to respect the Do Not Track preference of Internet users and companies can still monitor your computer habits either way. In addition, the advertising industry (which Google is deeply embedded in) has vehemently opposed a web browser default setting that would prevent tracking. They oppose an anti-tracking tool that would outright prevent tracking of all sorts – no exceptions. They also want it to be completely self-regulatory and under their terms.

The FTC has given up on pushing for comprehensive and stringent laws to protect online user privacy. Instead, the FTC sided with the tracking companies and approved of the self-regulatory approach the tracking companies prefer. The FTC Chairman said:

“This is not a year Congress is going to pass a lot of legislation…but it is a year we should be working on privacy and so the best way to do it is….government using its bully pulpit and pushing very hard for the best self-regulatory standards”

He wants these tracking companies to police themselves. The FTC will only get involved (at least they say they will) if these companies engage in deceptive practices. The FTC will never get involved because evidence has already shown they often do not.

I’m not the only person who thinks the FTC is useless. Scott Cleland, who wrote an article for The Daily Caller, laid out evidence to clearly show how poorly the FTC is doing its job compared to the US Department of Justice, Congress, Attorneys General, and the European Commission. He writes,

“The evidence is mounting that the European Union is stepping in to fill the void of FTC law enforcement concerning Google. Currently, EU law enforcement is confronting Google on at least three different major law enforcement matters, and in the U.S., the DOJ, State Attorneys General, and Congressional overseers have taken a consistent, bipartisan tough law enforcement approach with Google. However, this is in stark contrast to the FTC’s consistently lax law enforcement record with Google”

He then goes on to present the evidence. To read the full article, please click here.

It’s clear that the FTC is failing the American people. They don’t have any regulatory ability, they are repeatedly negligent in enforcement, and they advocate for ineffective policies like the voluntarily Do Not Track browser add-on that will only give people a false sense of security. I conclude that the FTC is completely and utterly useless.

For more information:

SFGate, “What Do Not Track will mean remains unclear” – click here

googleexposed, “US Federal Trade Commission Chairman Gives Candid And Revealing Talk About Google” – click here

googleexposed, “Use anti-tracking tools….” – click here

Tagged , , , , , , ,

College Students Are Vulnerable To Google’s Spying And They Don’t Even Know It

Image representing Google as depicted in Crunc...

Image via CrunchBase

 Has your school “Gone Google”? Are you a college student who’s been forced to use Google services because your school has decided to adopt Google Apps for Education? Are you an administrator who thought it would be best to give away your students’ information to Google so that you can save your institution some money and time? Well then, please keep reading – there are important things you should seriously reconsider.

For those who don’t know, Google offers businesses and educational institutions (kindergarten all the up to college) the ability to allow Google to run services for them. For businesses this comes with a monetary cost, but for educational institutions they can use Google’s services for “free”.

Google Apps for Education allows colleges, such as Brown University, to use Google’s email, chat, videos, docs, etc. The institutions are allowed to use Google’s services under their own domain name – so you’re basically using Google but with your college’s name attached instead. The supposed advantages of switching over to Google run services is that it offers these schools more storage space, it saves them money, it saves on time, and other resources. For schools who don’t have high functioning systems, Google might even allow them do more by offering students greater online capabilities that their school probably couldn’t do on their own.

But – do the added capabilities to your school’s system and placing the burden of upkeep onto Google really benefit students in the long run? Does diminishing the privacy and giving away the personal data of your students to a company like Google a smart thing to do? Is it wise to hand over all that personal data to Google’s cloud storage just because it saves you a bit of time and money? I sure don’t think so.

In a video Google uploaded to promote its Apps for Education services, an employee of Brown University admits:

“You know, you can’t neglect the fact that we signed a zero dollar contract. It’s awfully nice to save money and still provide excellent functionality and excellent IT service”

And this is the reason Google claims it offers free services to schools:

“Google Apps for Education is free. We plan to keep the core offering of Google Apps for Education free. This includes user accounts for future incoming students. As you may know, Google was founded by a research project at Stanford University, and this is just one way we can give back to the educational community.”

Aww, how sweet! How considerate of Google to do something as charitable as that! But you know what, it sounds too good to be true…what’s the catch? Let’s keep digging…

It might be nice and all to save your school some money, but you’re putting your students at grave risk without their explicit consent. Schools are giving up students’ information to a company who will use that information to target advertisements to those students. How is that ethical or responsible? Remember that Google does not target ads to students before their graduation – but upon graduation, Google can do whatever they want with those students’ information.

Okay, for example, a student at Harvard University has an email account run by Google Apps for Education. During the time that student is enrolled as a current and active Harvard University student, their email information will not be used to target personalized advertisements at them. However, that student will still be subjected to Google’s spying for “market research” purposes. Upon graduation, that student now has a Google run Harvard email service that is completely been let loose to Google. Google may now begin targeting ads to this student.

Students who are under an educational institution’s contract with Google do not have any additional privacy protections of any significance than the average Google user. They are still very vulnerable to privacy violations and their personal data is harvested by Google without their knowledge whatsoever. Students just assume that their email address with their college is between them and their college. But there is a third party listening in on everything – and that’s Google.

Andrew Weis, who works for a consulting firm whose expertise includes cybersecurity, wrote a piece in The Chronicle of Higher Education called “Does Google’s new privacy policy protect student privacy in the cloud“. He writes,

“The problem is that the privacy rights afforded to educational institutions through existing contracts are often hard to distinguish from the terms and conditions offered to regular consumers. For example, Harvard University’s home site for its Google Apps for Education service refers viewers to Google’s basic terms and conditions and further claims that the university has ‘no authority to enforce these standards’…university and college-based users may find themselves just as vulnerable as the average consumer”

Just think this through seriously. Think about the treasure trove of personal data Google has access to. Think about all the sensitive information that gets exchanged in those college emails. Students use their college’s email address for all sorts of things, including, but definitely not limited to: discussing assignments with their professors, they use it to retrieve their grades, and they use it communicate with student clubs they’re involved in.

Google has access to students’ timetables, courses, social security numbers, and every single sensitive data they exchange through those emails. Many students use their school’s email address exclusively for the most sensitive college related correspondence. Why on Earth would anybody let Google have access to this information?

Mr Weis writes,

“Though some universities, including Harvard, actively discourage students from using their student accounts to transmit personally identifiable or confidential information, students can and do transmit such information on a regular basis. Professors routinely notify students of their grades on individual assignments via e-mail, and students may receive preliminary notice of disciplinary measures via their accounts.”

It should give you pause, too, that Google releases personal data to law enforcement at increasingly high rates than ever before. In the last 6 months, official requests for personal data of American Google users skyrocketed by 29% from its already high level. When Google gives this data up to law enforcement, it does not notify users that their data has been compromised.

Students are vulnerable to this sharing of information. Google’s new privacy policy also makes it easier for law enforcement to retrieve more information from Google. Marc Rotenberg, director of the Electronic Privacy Information Center, explains:

“Let’s say you have subpoena of records for someone who might have posted something to YouTube. Traditionally, you might limit that subpoena to YouTube activity, because that’s what is relevant to the investigation. What Google has done by combining user data is basically make all of their activity on Google potentially relevant to an investigation”

Completely transitioning to Google Apps for Education might give these colleges more functionality, more storage, and “free” services – but you have to remember that you are not Google’s customer, you are Google’s product. Schools are irresponsibly exposing their students to Google’s tracking and students are paying for it. They are not paying for it monetarily via increases in their tuition fees – but they are definitely paying for it.

The currency Google uses and loves so much is personal data – not dollars. Google later monetizes that personal data at exorbitant profits. Over 90% of Google’s revenues come from advertising and the company rakes in about $40 billion per year. Students are paying to use Google Apps by forfeiting their privacy. Schools are selling the souls, so to speak, of these students in exchange for the ability to do a bit more. This is not a fair trade – far from it. At least with increased tuition fees a student can rest assured knowing their information is safe. Now that Google knows every single thing about them, the adverse ramifications of these schools’ decision to adopt Google Apps for Education can haunt them…well…forever.

Moreover, this lack of privacy has even deeply concerned nearly three dozen state attorneys general who have said that different levels of government are reevaluating whether or not to continue using Google run services. They even said that all the data Google collects is enormously susceptible to identity theft. In a letter to Google over a week ago, they wrote:

“Those consumers who remain in the Google ecosystem may be making more of their personal information vulnerable to attack from hackers and identity thieves. Our offices litigate cases of identity fraud with regularity and it seems plain to us that Google’s privacy policy changes, which suggest your company’s intent to create richer personal data profiles, pose the risk of much more damaging cases of identity theft and fraud when that data is compromised, a risk that will grow as instances of computer hacking grow. With this newly consolidated bank of personal data, we foresee potentially more severe problems arising from any data breach”

Educational institutions have an important responsible to keep their students safe and they need to handle their privacy in the utmost care. Letting Google have access to your students’ personal data might mean you get to spend less dollars maintaining your own system, it might be more convenient, it might save you more time – but, in the long run, it’s definitely not worth it. Students are unwitting victims of their college’s decision to implement Google applications into their systems and it is the students who are paying the ultimate price.

To find out if your school has “Gone Google” – click here

Contact your school’s administration and let your concerns be heard. Tell Google to mind its own business – not yours.

For more information:

The Chronicle, “Does Google’s New Policy Really Protect Student Privacy in the Cloud?” – click here

The Hill, “Google privacy policy remains a cause for concern” – click here

Mobiledia, “Could Governments Track Citizens After Google’s Privacy Change?” – click here

Tagged , , , , , , , ,

A List Of Major Developments Since Google Announced Its New Privacy Policy

English: Google Logo officially released on Ma...

Image via Wikipedia

Jan. 24: Google announces a plan to link user data across its email, video, social-networking and other services. The company says the move will simplify its privacy policy, improve the user experience and help advertisers find customers more easily, especially on mobile devices. Critics raise privacy concerns. The plan is to take effect March 1.

Jan 26: Eight American lawmakers, consisting of both Democrats and Republicans, send a letter to Google saying that they are concerned about Google’s plans to change its privacy policies and terms of service. In a separate strongly worded letter Rep. Mary Bono Mack, R-Calif and Rep. G.K. Butterfield, D- NC send a letter to the CEO of Google to ask him to appear before Congress.

Feb 1: Rival Microsoft Corp. runs full-page newspaper ads slamming Google and its new policy. Microsoft uses the opportunity to tout its own Web-based alternatives, saying for instance that users of its free email service, Hotmail, don’t have to worry about the content of their emails being used to help target ads.

Feb 2: CEO, Larry Page, declined to appear before Congress, but he sent two of his executive minions to appear instead. After being grilled for two hours, the Google executives failed to ease the concerns of the members of Congress. In fact, they made things worse. Rep. Mary Bono Mack said that the Google executives were not “forthcoming” and that she left the meeting even more confused and concerned than she had going into it. She suggested that Americans should stop using Google services “if Google goes too far

Feb 3: The European Union’s data protection authorities release a letter to Google asking the company to delay the new policy until they have verified that it doesn’t break the bloc’s data protection laws. Google says it had briefed data protection agencies beforehand and had heard no substantial concerns then.

Feb 8: A consumer watchdog group sues the Federal Trade Commission in an attempt to prevent Google from making its planned changes. The Electronic Privacy Information Center contends Google’s new policies would violate restrictions imposed in an agreement reached with the FTC last year.

Feb 16: The Wall Street Journal publishes an article exposing Google’s spying. The article revealed that Google deliberately bypassed security and privacy settings of Apple’s Safari web browser so that Google could track those users. Google admitted that it purposely bypassed the privacy setting, which resulted in Apple users being tracked without their knowledge. The following day, several Apple users file a class-action lawsuit against Google for violating their privacy.

Feb 20: Microsoft writes a blog post to reveal that Internet Explorer browser users were exposed to tracking too by Google. Microsoft said that Google deliberately confused a security protocol feature, which resulted in tracking cookies to be set on Internet Explorer browsers.

Feb 22: 36 US Attorneys General send a letter to Google expressing deep concern about their new privacy policy. They said that Google’s new privacy policy will expose users to violations of their rights and privacy. They urged Google to give users an opt-out option.

Feb 23: The White House unveils a consumer Privacy Bill of Rights. The proposal is intended to give Internet users back control of their personal data and protect their online privacy. However, these proposed new guidelines are not mandatory for Google and advertisers to abide by and emphasizes self-regulation too much. Immediately after the White House made the announcement, Google finally caved and said that they will include a ‘Do Not Track’ option for their Chrome web browser. Google’s web browser was the only one that did not have this anti-tracking functionality, while everybody else’s did. Google says it will include the Do Not Track by the end of the year. Why does it need to take that long? Who knows…it’s Google.

Feb 24: Google hires Susan Molinari as their head lobbyist in Washington. Ms. Molinari has extensive close ties with the Republican establishment. She was once a Republican representative in Congress herself. Google hired her because they want to influence how lawmakers vote in the coming months. They hope that Ms. Molinari can convince Republican lawmakers to vote against stringent online privacy laws.

Feb 26: The Chairman of the US Federal Trade Commission says that Google is giving its users a “binary and somewhat brutal choice” with their new privacy policy.

Feb 28: France’s regulator says a preliminary analysis finds that Google’s new policy appears to violate European data-protection rules. The regulatory agency CNIL says Google’s explanation of how it will use the data is too vague and difficult to understand “even for trained privacy professionals.”

Tagged , , , , , , , , ,