Privacy group slams Google's cloud services

Powered by SC Magazine
 

The non-profit Electronic Privacy Information Center (Epic) has filed a complaint with the US Federal Trade Commission (FTC) about the security standards of Google's cloud computing services.

The filing (PDF) highlights a number of "privacy and security risks" concerning an array of Google services, including Gmail, Google Docs, Google Desktop, Picasa Web Albums and Google Calendar.

Epic's main concern is that Google does not encrypt the information held on its servers.

The group argues that doing so would ensure more respect for individuals' privacy, and "provide users with the ability to fully control and customise their online experience".

The complaint states that Google's service terms do not adequately match its promise to consumers that documents stored on Google servers are secure.

Epic points to the homepage for Google Docs as an example, which states that "files are stored securely online".

But Epic argues that Google's Terms of Service "explicitly disavow any warranty or any liability for harm that might result from Google's negligence, recklessness, mal intent, or even purposeful disregard, of existing legal obligations to protect the privacy and security of user data".

The filing claims that Google's security practices have led to a number of data breaches, including a case on 7 March this year when some Google Docs users discovered that their documents had been shared with unauthorised users.

Epic has asked the FTC to review Google's privacy safeguards and service terms, and to instruct the company to disclose all incidents of data loss or breach.

It also asks the FTC to forbid Google from offering cloud computing services "until safeguards are verifiably established", and for Google to contribute US$5m to a public fund that will help support research into privacy enhancing technologies, including encryption, effective data anonymisation, and mobile location privacy.

Epic was established in 1994 to focus public attention on emerging civil liberties issues, and to protect privacy.

The organisation has previously complained to the FTC about the security standards relating to the single sign-on service provided by Microsoft Passport, as well as those employed by data broker ChoicePoint.

The FTC appeal about Google's services cites Section 5 (a) of the Federal Trade Commission Act (15 U.S.C) which prohibits unfair or deceptive acts or practices in, or affecting, commerce.

"Google's inadequate security practices, and the resultant Google Docs data breach, caused substantial injury to consumers, without any countervailing benefits," said Epic in the filing.

Copyright ©v3.co.uk


Privacy group slams Google's cloud services
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1053

Vote