Privacy group slams Google's cloud services

Powered by SC Magazine
 

The non-profit Electronic Privacy Information Center (Epic) has filed a complaint with the US Federal Trade Commission (FTC) about the security standards of Google's cloud computing services.

The filing (PDF) highlights a number of "privacy and security risks" concerning an array of Google services, including Gmail, Google Docs, Google Desktop, Picasa Web Albums and Google Calendar.

Epic's main concern is that Google does not encrypt the information held on its servers.

The group argues that doing so would ensure more respect for individuals' privacy, and "provide users with the ability to fully control and customise their online experience".

The complaint states that Google's service terms do not adequately match its promise to consumers that documents stored on Google servers are secure.

Epic points to the homepage for Google Docs as an example, which states that "files are stored securely online".

But Epic argues that Google's Terms of Service "explicitly disavow any warranty or any liability for harm that might result from Google's negligence, recklessness, mal intent, or even purposeful disregard, of existing legal obligations to protect the privacy and security of user data".

The filing claims that Google's security practices have led to a number of data breaches, including a case on 7 March this year when some Google Docs users discovered that their documents had been shared with unauthorised users.

Epic has asked the FTC to review Google's privacy safeguards and service terms, and to instruct the company to disclose all incidents of data loss or breach.

It also asks the FTC to forbid Google from offering cloud computing services "until safeguards are verifiably established", and for Google to contribute US$5m to a public fund that will help support research into privacy enhancing technologies, including encryption, effective data anonymisation, and mobile location privacy.

Epic was established in 1994 to focus public attention on emerging civil liberties issues, and to protect privacy.

The organisation has previously complained to the FTC about the security standards relating to the single sign-on service provided by Microsoft Passport, as well as those employed by data broker ChoicePoint.

The FTC appeal about Google's services cites Section 5 (a) of the Federal Trade Commission Act (15 U.S.C) which prohibits unfair or deceptive acts or practices in, or affecting, commerce.

"Google's inadequate security practices, and the resultant Google Docs data breach, caused substantial injury to consumers, without any countervailing benefits," said Epic in the filing.

Copyright ©v3.co.uk


Privacy group slams Google's cloud services
 
 
 
Top Stories
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
Will Nutanix be outflanked before reaching IPO?
VMware muscles in on storage startup in hyper-converged infrastructure.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  70%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 658

Vote