The Electronic Privacy Information Center (EPIC) has asked the Federal Trade Commission to investigate the privacy and security measures of Gmail, Google Docs and Google’s other “cloud computing” services for consumers.
The complaint highlights Google’s recent security breach with Google Docs, citing this as one example of the dangers of putting consumers’ data in the cloud. The complaint also implores the FTC not only to investigate Google’s safety measures for cloud products, but also asks to hold Google accountable for any and all security breaches with their cloud-based applications. EPIC goes so far as to demand that the FTC prevent Google from offering any cloud computing services, including Gmail, until it installs heavier security safeguards.
That’s right: EPIC wants to take away your Gmail. Cloud computing is not a new technology and the Google Docs situation was certainly not the first security breach But now that consumer services in the cloud like Gmail, Google Docs and others are beginning to take off, privacy groups are suddenly waking up to the risks involved. We do tend to trust cloud services such as Web-based email, document, and photo storage without thinking too much about it. And better security is certainly needed. But this is not only a Google problem. It is an industry-wide problem. EPIC is trying to make an example out of Google because it is the big company everyone is scared of most.
(Photo by cdw9)
Here’s the full complaint:
EPIC Complaint ABout Google Cloud Services – Get more Information Technology
huhhh????
“…cloud computing is not a new technology….”
from what you guys (and others) have been spouting i thought this was the newest thing since sliced bread…
guess not…
(sarcasm off)
not sure if this is the right group, but google, and others should be held to an extremely high level of security, as should companies that deal with credit card data, etc…
so what’s your issue with them protecting security rights, and trying to get harder/more substantive security measures enforced…
do you even understand what’s involved with security in a client server process/application ????
The newest thing since sliced bread?
That makes no sense.
pat….
simply shows that you and i come from different generattions.. i was writing asm code, for microcode.. when you were probably learning to crawl…
I wish these privacy groups would stop making assumptions about everyone.
I want tight security as much as the next guy. But I’m also well aware that, as with my own site/server, security can possibly be breached. It’s a fact that I’m aware of, and being that it’s a free service, I accept.
Do I want loose security? No. Do I want these boneheads to take away the free service because they deem it “not secure enough”? Hell no!
@Jim,
I agree. It’s surprising that these small, nameless groups can speak on behalf of the masses. Who are these people? Why can’t the cloud-crowd police our own security; and potential security breach?
Once again attorneys getting involved in areas that they have no expertise on.
Doesn’t EPIC has anything useful to do? Google is a private company and the success of its business will be decided by the market alone and not some do-gooders out there who thought that they’re the guardians of the world. If users feel that gmail is not secure, they will abandon the service is massive numbers and go to other services. Google didn’t come with a gun and force users to use its various services. Users must use those services at their own risks.
This lobbying for government interference in private businesses has got to be stopped because it is a hindrance (costwise, etc…) to running their businesses.
I agree with you, falafulu. EPIC shoud just F**K off of Google and move on with their lives.
Ummm, one small detail. Google is not a private company, that is why it is traded on the stock market under the symbol GOOG…. which is why it’s a complaint with the FTC.
Private means privately owned whether it is traded on the exchange or not. It doesn’t belong to the taxpayers and that’s what private company means.
AIG with their billions of bailout $ is not private, since the US government injected funds into it which takes equity in AIG. US government has no shares in GOOGLE and that means that Google is private.
I disagree. According to your logic, your accountant should be able to sell your prvate financial details to a third party without your consent because he works for a private accountancy firm.
I think the line in the article “EPIC wants to take your Google away” is very misleading. This would be as if a lawmaker 2 years ago called for greater controls on bank lending, and a journalist wrote “Lawmaker wants to take your credit cards away.”
I think if the subprime financial debacle has taught us anything, it is that it is better to require these safeguards now before a major security breach happens, instead of afterwards.
From India
Anjali Sen
Smart Babes said…
your accountant should be able to sell your prvate financial details to a third party without your consent because he works for a private accountancy firm.
Yes, that’s correct, but in a free market environment, the market decides and lawmakers, so any firm that doesn’t protect its customers details would know the consequence which a certain death/collapse. Why do you need the law when the market operates fine on its own?
Look at the financial meltdown? What caused it? Yep, government interference. Let the market decides its own destiny and keep the government visible hands out of it.
If you want to dig deep into property rights (an objective legitimate rights), then you look no further than Capitalism Magazine, which have some good articles.
“Cloud computing” is a nice buzzword, but remind me again how the privacy issues here are any different than those that have been around with Yahoo! Mail, Hotmail, Tripod, and any number of the countless “Web 1.0″ services that have been storing user data for the past decade and a half?
Oh, that’s right. There isn’t a difference. Just another group looking for any excuse to push their agenda through Washington.
new terms, new lawsuits
Perhaps the good people of EPIC would be kind enough cancel their own google accounts and/or cede their own civil rights and leave the rest of us alone?
These are certainly good questions to bring up, but frankly we all make the value-based judgment of whether to use google docs, gmail, etc. MY right to make that decision for myself, back the hell away slowly.
Google’s spending a lot of resources on keeping their stuff secure. Too many breakdowns on that front and they’ll go out of [that] business.
The focus must be on enforcing honesty and transparency, not taking away all of our rights to use the services we choose.
Sorry, not a fan of the “nanny state” that treates everyone as a kindergardner and take all their constitutionally guaranteed rights. There are fancy words for that, like fascism, and people who profit immesurably on the govt side of that equasion.
Again – if you don’t want to use gmail, don’t.
Funny, how for every person in a group who actually DOES something and provides value to others and improves their options and standard of living, ther’es at least one complainer who does nothing but sit back and think of problems. Seriously, therapy anyone?
Have an awesome day!
Dan
Yes, EPIC’s route may be on the level of protecting the animal rights of houseflies. On the other hand, I think “use it or don’t” isn’t the right approach.
Imagine the the lawsuits that will land on EPIC’s doorstep if they win this case!
EPIC fail?
Indeed.
While I appreciate EPIC’s efforts to protect privacy. I do NOT want anyone trying to shut down Gmail temporarily.
Don’t touch my Gmail!
You may sue EPIC, but you won’t win. It is the FTC making the decision.
When push comes to shove, you probably can’t sue Google for a breach of security for this. There is no contract between you and Google as no “valuable consideration” (read: money or a sealed contract) exchanges hands. This is necessary for contract law.
It is truly “user beware.” People need to be aware of this.
See comments in my blog a few days ago, before this one hit. http://tinyurl.com/cufs5x
It’s all well and good to want companies to be responsible, but life on the internet is just as much about personal responsibility. If you’re going to use web-based services and you never stop to think about what you’re actually doing, that’s your issue. Privacy is a good thing, but we’re just as responsible for protecting our own as most third parties ought to be. It’s called the world wide web for a reason.
For my part, I trust Google. And I’ll be extremely angry at any entity that attempts to take away my right to use services I willingly choose to use.
It’s all well and good to want to protect people from themselves, but they’re not going to learn anything that way.
It is important that people be given enough information to make an informed consent on these issues. I suspect most people think they could successfully sue Google for damages.
For example, there could be good reason to cloud-save a spreadsheet of personal information, such credit cards information. If you have access to the Internet, you could access this information to inform the various card providers if you are robbed or lose your cards.
Personally, I think Google would want this type of information to be secure. I assume they are marketing these cloud services (for real money) to businesses. A single breach like this could flush all their investment down the toilet.
But, what recourse do anyone have if there is a breach of security? Google is doing this for free, based on a promise to people. In terms of public relations, Google would probably try to hush this up. But, how well?
I’m sure it is cheaper for Google to give the service away to individuals than it would be to sell it for $10/year. If Google sells it, then there is a contract–which will raise their insurance costs.
While most people reading this thread may understand this, the general public may not catch the legal ramifications of Google giving away this service (not able to enforce a contract against them).
At the very least Google should be required to explain this in simple terms.
“The complaint highlights Google’s recent security breach with Google Docs, citing this as one example of the dangers of putting consumers’ data in the cloud.”
Did this recent security breach actually have anything to do with the cloud? From what I’ve read, the same security breach could have happened regardless of where the information was stored. I get the sense that if a security breach occurs on the cloud, the cloud will get the blame even if it may not be the cloud’s fault.
This was my favorite line -
really this isn’t a spoof?
Can you guys please stop saying “cloud”? Everything is “the cloud”, “in the cloud”, “cloud computing”, “cloud-based applications”. You’re most likely confusing your words. There are some hosting services with the word cloud in them, sold by various companies, such as Amazon’s Elastic Compute Cloud. Its all simply server capacity. The way you are using the term “cloud” is more like a synonym for internet. Its very awkward.
Okay, so Google got a security breach.. so what? Who doesn’t? bunch of jokers
It will be great if acceptable privacy & security standards emerge and can be followed by all cloud providers
As per the food industry where we have the FDA, the NTSB for aircraft and many other such agencies who do their best to keep us safe, so it is probably time for the IT industry as a whole to be regulated. A series of symbols based on impartial government testing could be placed on the appropriate home pages, such as Google Docs and others. This will benefit everyone by giving the industry legitimacy and keeping it on it’s toes: Customers (consumers and businesses) will feel confident at seeing the mark of ’safety’ on their cloud computing provider of choice, while the industry will profit from increasing memberships as their customers gain confidence.
Dont touch my Gmail. It is free and it is the best email service. I dont need to be protected. I am old enough to protect myself.
This site is truly insightful about the latest in digital security andprivacy protection online: http://www.just....com/en/surfing
Nice post! Check out my site too at http://macmaniapodcast.com.
Nice post! Check out my site too at http://macmaniapodcast.com.
No surprise. Ever since the whole Double-Click deal (and subsequent denial of the Yahoo! deal) the FTC has made it clear there is blood in the water with regard to suing Google and the new administration probably won’t help that. This is probably just the first of many. But uh, what happened to consumer choice? I can handle my own affairs, TYVM.
Sigh. What is it with all these people trying to take our things away from us. If people feel secure enough to use gmail then they use it. If not, then they don’t. If someone is stupid enough to put private information in an online program that someone else runs then so be it. Keep your hands off our Internet, money, and lives please. UGH How are people supposed to live and work with all these interruptions?
EPIC is not a “small, nameless group.”
Marc Rotenberg is not just another attorney.
And the Google-Yahoo deal was scuttled by massive antitrust concerns, especially considering the circumstances surrounding the strange behavior of Jerry Yang during negotiations with Microsoft. I covered the hearings (for a real publication that TechCrunch would do well to subscribe to).
The problem is that Google did misrepresent the security in place around its systems. And it didn’t do nearly enough to follow the appropriate data breach laws (California’s is actually quite good).
Something that needs to be addressed either by rulemaking (FTC) or by statute (Congress) is that because a company’s “cloud” can include multiple data centers, the same customer could be treated much differently w/r/t a data breach depending on which data center was breached. There is no case law, either administrative or judicial, on jurisdiction in a “cloud” data breach situation.
This is not a good thing.
And please, TechCrunch, stop with the linkbait headlines. EPIC does not want to take your gmail away.
Mr. Arrington, Esq. should know exactly what Mr. Rotenberg, Esq. wants. He certainly knows who he is. And he should hold his writers to a higher standard.