The US Federal Trade Commission Releases Online Privacy Report

For more information:

SlashGear, “FTC echoes public siren call for De-Personalized Web” – click here

Washington Post, “FTC releases final privacy report...” – click here

Washington Post – click here

Advertisement

The FTC Has A Strong Case Against Google

The Stanford privacy researcher who first uncovered Google evading the default privacy settings for all users of Apple’s Safari web browser believes that the Federal Trade Commission has a “slam dunk” case that Google violated its privacy agreement with the government.

“The facts in this case are unusually clear cut,” Jonathan Mayer, a grad student in computer science and law and a researcher at the Stanford Law Center for Internet and Society, in a phone interview with TPM.

Read more – click here

The US Federal Trade Commission Is Useless And Incompetent

How useless is the US Federal Trade Commission (FTC)?

There has been a lot going on with Google these days and somebody should be keeping an eye on this company. We need an agency that not only has authority but also isn’t afraid to use its powers. Yet, time and time again, the FTC has shown that it’s reluctant to get involved with anything having to do with Google.

I published several posts on this site about The Electronic Privacy Information Center’s (EPIC) lawsuit against the FTC. This lawsuit was a last resort for EPIC to force the FTC to do its job properly. The FTC should be embarrassed with itself for getting an outside group to file a lawsuit against them so that something serious can be done about Google’s many violations. Yet, the FTC fought that lawsuit because it didn’t want others telling the federal agency what to do and how to do it.

The FTC has refused to say anything about Google’s new more intrusive privacy policy, which has ignited deep concern all over the world. The only thing said came from the FTC Chairman, Jon Leibowitz, who acknowledged that Google’s new privacy policy is “binary” and “brutal”. He refused to elaborate, though.  It’s now the 8^th day of March and the new Google privacy policy has been in effect for a week – still no word from the FTC.

The FTC’s silence is stunning considering the scrutiny and the amount of attention given to Google’s privacy policy. All you have to do is look through all the posts on this site to see just how much attention Google has received. Some of that attention includes:

 About three dozen US State Attorneys General sent Google a strongly worded letter expressing concern for how there isn’t an opt-out option for users; several bipartisan members of the US Congress and Senate condemned Google’s new privacy policy saying that it leaves users with no privacy at all; numerous consumer advocacy groups spoke against Google’s new privacy policy; the European Union said that Google’s new privacy policy violates their data protection laws; several other countries from around the word have expressed their concerns too.

Yet – even after all this is happening, the FTC is still asleep or moving at a glacial pace. WAKE UP! Do your job!

In an interview on the C-SPAN program, Newsmakers, the FTC Chairman was asked why the federal agency moves so slowly to act against abuses, while European regulators do a great job of protecting the privacy of their citizens. The battles the FTC chooses to fight seem to be always three years too late. The Chairman responded by saying this:

“We’re not a regulatory agency. We’re an enforcement and policy agency, so it’s harder for us to set up rules in advance, so…you’re right…it’s a tricky question…responding to how do we make things better going forward as opposed to correcting mistakes a few years ago…we try our best using the tools that we have”

This is an admission that the FTC is incompetent and useless. When the new consumer Privacy Bill of Rights was unveiled last month by the White House, one of the major announcements was something called “Do Not Track”. This proposal for a new Do Not Track button is meant to keep people safe against online spying or tracking. As many of you already know, just about any website you visit has multiple tracking companies spying on your every move – including Google. There are over 800 of these tracking companies, many of whom are solely in business to keep track of Internet users’ online habits. They use tracking devices to monitor how you browse the web from site to site. Google has several of these tracking tools to keep an eye on users not only on their own websites, but on other people’s websites too. What the Do Not Track button will allow is a way for Internet users to express to these companies that they prefer not to be tracked.

However, this proposed Do Not Track button gives a false sense of security and totally lacks real value. This is because it’s voluntary for companies to respect the Do Not Track preference of Internet users and companies can still monitor your computer habits either way. In addition, the advertising industry (which Google is deeply embedded in) has vehemently opposed a web browser default setting that would prevent tracking. They oppose an anti-tracking tool that would outright prevent tracking of all sorts – no exceptions. They also want it to be completely self-regulatory and under their terms.

The FTC has given up on pushing for comprehensive and stringent laws to protect online user privacy. Instead, the FTC sided with the tracking companies and approved of the self-regulatory approach the tracking companies prefer. The FTC Chairman said:

“This is not a year Congress is going to pass a lot of legislation…but it is a year we should be working on privacy and so the best way to do it is….government using its bully pulpit and pushing very hard for the best self-regulatory standards”

He wants these tracking companies to police themselves. The FTC will only get involved (at least they say they will) if these companies engage in deceptive practices. The FTC will never get involved because evidence has already shown they often do not.

I’m not the only person who thinks the FTC is useless. Scott Cleland, who wrote an article for The Daily Caller, laid out evidence to clearly show how poorly the FTC is doing its job compared to the US Department of Justice, Congress, Attorneys General, and the European Commission. He writes,

“The evidence is mounting that the European Union is stepping in to fill the void of FTC law enforcement concerning Google. Currently, EU law enforcement is confronting Google on at least three different major law enforcement matters, and in the U.S., the DOJ, State Attorneys General, and Congressional overseers have taken a consistent, bipartisan tough law enforcement approach with Google. However, this is in stark contrast to the FTC’s consistently lax law enforcement record with Google”

He then goes on to present the evidence. To read the full article, please click here.

It’s clear that the FTC is failing the American people. They don’t have any regulatory ability, they are repeatedly negligent in enforcement, and they advocate for ineffective policies like the voluntarily Do Not Track browser add-on that will only give people a false sense of security. I conclude that the FTC is completely and utterly useless.

For more information:

SFGate, “What Do Not Track will mean remains unclear” – click here

googleexposed, “US Federal Trade Commission Chairman Gives Candid And Revealing Talk About Google” – click here

googleexposed, “Use anti-tracking tools….” – click here

US Federal Trade Commission Chairman Gives Candid And Revealing Talk About Google

Yesterday, the chairman of the US Federal Trade Commission (FTC), Jon Leibowitz, was a guest on the C-SPAN show “Newsmakers”. He was interviewed by Brendan Greeley, writer for Bloomberg, and Juliana Grunwald, a writer for National Journal.

It was a very interesting interview and Mr. Leibowitz revealed many things that I will share with you in a moment. First of all, I have to acknowledge how wonderfully Brendan Greeley performed. He was prepared with tough questions to ask the chairman. I thought he did a great job making sure he could get the most out of the chairman.

The interview was about 30 minutes long and here are the highlights (a link to view the interview video is located at the bottom of this post):

• 04:00 – “We called for more transparency because nobody reads online privacy notices…”  – Jon

This is so true. Nobody reads them.

• 04:20 – “…choice because consumers should have the right not to have their information collected…your computer is your property…people should have the right not to have their information collected particularly about sensitive issues.” – Jon

Again, very true! It’s our personal data and our property. Google should have no right to profit off and sell our personal data to advertisers without our explicit consent

• 04:53 – “There seems like there’s two buzz words here and I’m gonna try to see if we can explain both of them. There’s self-regulatory, which is what the industry is pushing…and then there’s a word that kept on showing up in the White House report which was stakeholder approach…it doesn’t seem like the two of those are gonna work very well together. You have the industry taking care of itself and you have the White House suggesting that you get industry plus private watchdog groups plus Congress getting together to figure out the best approach…it seems like Washington is where the stakeholder goes to die.” – Brendan

Right on, Brendan! Self-regulation is absolutely nonsense and ineffective. How can you let Google and the advertising companies police themselves? It doesn’t make sense. This whole Privacy Bill of Rights proposal that the White House eventually wants to make law will not amount to much if Google and its advertising minions are allowed to dominate the upcoming negotiations to fully develop this bill. An independent body needs to keep an eye on Google.

• 11:16 – “I’m not too sure many people will opt-out. I happen to like getting, you know, ads that relate to the things I’m interested in – so we sense is not too many people will opt-out” – Jon

Jon! Jon! Jon! What are you thinking?? You don’t mind getting creepy targeted ads? You don’t mind these tracking companies spying on everything you do on the web so that they can analyze the perfect ad for you? This is ridiculous.

I have written on here before about a store that sent baby ads to a pregnant teenage girl before her parents even knew she was pregnant – click here

There was also an article where a man said he rather have his daughters spied on by tracking companies so that they can target ads for them, rather then his daughters seeing random ads that could potentially include…heaven forbid…a Viagra commercial! Kids see random ads all the time on television, magazines, and on billboards – I don’t think it’s going to damage your children. Forfeiting your child’s privacy to prevent them from seeing irrelevant ads for their age group and gender is really pathetic – click here

But Jon is correct on one thing – people do not opt-out when the opt-out of tracking option is not the default setting. It’s not that people want to be tracked, it’s because people don’t know better. The fact is that many people don’t change the default settings of their web browser. They also don’t look around to make sure their privacy and security settings are set to its maximum level. Google and their advertising minions know this fact already.

• 12:14 – “Other than saying that [Google] have been clear and that it’s a very binary and somewhat brutal choice that they’re giving consumers…I can’t say much more and I’ll just leave it at that, but we’re aware.” – Jon

Exactly. Google is telling its users that they have to either take it all or leave it all. There is no middle option. First of all, they need to tell users the whole truth about why they’re changing their privacy policies – which is to make it easier to sell your information to advertisers. Then they need give users an option to opt-out of this data harvesting. Shame on Google!

• 12:20 – “‘Binary and brutal was plenty’” – Brendan

Ha!

• 12:23 – “Perhaps too much” – Jon

Nope. You’re just being honest.

• 12:26 – “You’re suggesting that they be more explicit about what they do and I wonder if they were completely upfront…about what they are doing with your information whether there would be a market at all. I wonder if I would sign up for a service that said ‘in exchange for this free way to get in touch with your family and friends we’re going to sell information about you’. In a way, they are misrepresenting what their fundamental purpose is” – Brendan

Again, excellent job Brendan. Google is definitely lying to its users. Google is not changing its privacy policies to simply give you a better experience. It is changing it to make it easier to sell your personal data to advertisers. Google makes over 90% of its revenues from advertising. You are not Google’s customer, you are Google’s product.

Now, Google says that they don’t “sell” your private information to advertisers, they simply “share” it. Google thinks we’re stupid, ha-ha. Selling….sharing…whatever…a distinction without a difference.

• 12:46 – “I’m not sure everybody is selling information about consumers” – Jon

Jon! Jon! Jon! What are you saying? Selling….sharing…a distinction without a difference!

I got the impression that Jon was hinting at something here, almost like he was trying to say that another company sells your information even more than Google – that other company being Facebook. That’s only because Facebook is a social networking site that requires you to share a lot more personal information about yourself. But Google launched Google Plus last summer and said that its own social networking site will now be an “extension” of Google itself. In addition, unlike Facebook, Google has multiple services all over the web and it has multiple tracking devices all over the web. Google’s tracking devices are on millions of websites. So enough of the “pick between the lesser of two evils” game – just protect our privacy!

Afterwards Brendan asked him if it would be possible to have a ratings system for privacy policies, something similar to the ratings system for movies and television shows.  Jon replied back saying that the advertising industry can come up with that system themselves and that it might not be such a bad idea. But then, Brendan replied back pointing out it wouldn’t be taken seriously because, again, that would be self-regulation. You need an independent body to check these things.

• 14:28 – “It does seem like we’re still talking about a self-regulatory approach” – Brendan

I know! Enough with this self-regulation nonsense. It does not work!

• 15:19 -“I also think, speaking for myself not the commission…privacy legislation has a place and if we could come up with… a comprehensive balanced, Congress could, set of guidelines….that would be probably a good thing” – Jon

• 17:12 – “This is not a year Congress is going to pass a lot of legislation…but it is a year we should be working on privacy and so the best way to do it is….government using its bully pulpit and pushing very hard for the best self-regulatory standards” – Jon

Even though self-regulation won’t do anything to really protect Americans online, you just have to settle for less because Congress cannot pass a new law during an election year…well, doesn’t that suck? But we’re not going to settle for less. We don’t want to give Americans a false sense of security!

• 20:00 – “It feels like Do Not Track is an answer to a browsing habit that’s about 3 years old in the sense that more and more people get their information over the Internet through apps and through their mobile devices…how do you keep the FTC from always fighting abuses that are 3 years old.”  – Brendan

Yet again, excellent job Brendan!

• 20:45 – “We’re not a regulatory agency. We’re an enforcement and policy agency, so it’s harder for us to set up rules in advance, so…you’re right…it’s a tricky question…responding to how do we make things better going forward as opposed to correcting mistakes a few years ago…we try our best using the tools that we have” – Jon

Um…okay….thanks?

A few minutes later, between 22:50 -23:19, Brendan asks an important question about the differences between how the United States protects its citizen’s online privacy versus how the Europeans do it. Europe has very stringent laws in place to protect privacy.

Then, between 23:45 – 24:31, Jon admits that the European system emphasizes regulation and the American system emphasizes enforcement. He then claims that both systems essentially want to protect their people equally and that he doesn’t think the American system is that far behind Europe as some people like to believe.

It’s funny that Jon claims that the American and European systems are essentially equal, but then he admitted earlier that the American system falls short due to a lack of regulation!

Then, in around 24:40, Juliana brings up the “right to be forgotten” plan that the European regulators are now working on to implement that will give Internet users the right to demand Internet companies delete all personal data about them when asked to do so. She then asks if this should be an idea the United States should seriously consider as well.

In response to this question, in between 24:51 -25:55, Jon rambles on about how children need to be protected because they are the most vulnerable, but he fails to really answer the question. Keep in mind that – although it is absolutely important to protect children and it’s nice to bring that up and all – BUT there are already federal laws in place to protect children under 13. Older children and adults have absolutely no real protections online whatsoever! The European “right to be forgotten” will give everybody, young and old, their privacy back! All Americans are vulnerable.

Then, around 26:25 – 26:54, Brendan brings up another great point. He says that independent watchdog groups like The Electronic Privacy Information Center (EPIC) play a very valuable role. He says that EPIC almost functions as a regulator for the FTC because when they bring up complaints to the FTC that is when the FTC starts to finally take action (as they did with Google’s first attempt at social networking called Google Buzz, which launched in 2010).

• 26:55 – “I do think that they perform an enormously valuable role…we want the best information we can from the smartest people who think about these issues” – Jon

They do, indeed. Thank goodness for these groups!

For a video of the full interview, you can watch it on C-SPAN’s website – click here 

Has Google Neglected To Follow Through On The Promises In Its Compliance Report With The FTC?

 According to a Google compliance report, which was obtained by the Electronic Privacy Information Center (EPIC) through a Freedom of Information Act request, Google promised it would do a number of things to notify users of the change to its privacy policies and terms of service.

This self-assessed report was submitted to the US Federal Trade Commission (FTC) on late January. Google has to regularly submit these reports to show how they are respecting the privacy of its users because they agreed to a consent order with the FTC after Google admitted it violated the privacy of it users when it launched its social networking tool called Buzz in 2010. Google also had to pay out millions and is now being more closely watched by the federal agency for 20 years.

In its first compliance report, Google claims it has gone through “exceptional lengths” to notify users of the changes to its privacy policies. They claim that their efforts to notify users include 5 elements, including this one:

“Google will run a homepage promotion on Google.com (and other top-level domains) for five days from the launch date. The text will not be dismissible”

Um…I don’t know about you, but I have yet to see this happen. It’s now Sunday, February 26th, 2012 and Google will launch their new privacy policy on March 1st. Where are the homepage promotions, Google?

Do you guys see it or not? I’m wondering if it could just be me. Ha-ha, but I doubt it because Google is known for not following through on things properly or not at all.

In that same report, Google said,

“An email will be sent to every Google Account holder, except those associated with enterprise (Google Apps) customers. A separate email will be sent to the registered administrators of Google Apps domains, so that they notify their users as they see fit.”

But Google totally screwed this one up. It ended up sending emails to people who don’t have Google accounts. Many were angry that Google knew about their email address even though they have never done business with the company. I have received that same Google email and I’m not connected with Google at all and I’m not alone. Google later called it a “glitch”, but it left people even more suspicious. I wrote more about it in another post – click here

I sure don’t want a company like Google harvesting even more personal data about me when it has these so-called glitches. Who knows where your data can accidentally end up and who gets to see it!? Identity fraud is inevitable if Google left to handle your personal data.

Google has a big problem with not only complying with the FTC’s consent order, as argued by EPIC and many other groups, but it also has a problem with executing plans it outlined in its own self-assessed report!

Google should not be given credit for taking “exceptional lengths” to notify users when it’s so clumsy and negligent.

You can read Google’s full compliance report – click here