Privacy group slams Google's cloud services

Powered by SC Magazine

The non-profit Electronic Privacy Information Center (Epic) has filed a complaint with the US Federal Trade Commission (FTC) about the security standards of Google's cloud computing services.

The filing (PDF) highlights a number of "privacy and security risks" concerning an array of Google services, including Gmail, Google Docs, Google Desktop, Picasa Web Albums and Google Calendar.

Epic's main concern is that Google does not encrypt the information held on its servers.

The group argues that doing so would ensure more respect for individuals' privacy, and "provide users with the ability to fully control and customise their online experience".

The complaint states that Google's service terms do not adequately match its promise to consumers that documents stored on Google servers are secure.

Epic points to the homepage for Google Docs as an example, which states that "files are stored securely online".

But Epic argues that Google's Terms of Service "explicitly disavow any warranty or any liability for harm that might result from Google's negligence, recklessness, mal intent, or even purposeful disregard, of existing legal obligations to protect the privacy and security of user data".

The filing claims that Google's security practices have led to a number of data breaches, including a case on 7 March this year when some Google Docs users discovered that their documents had been shared with unauthorised users.

Epic has asked the FTC to review Google's privacy safeguards and service terms, and to instruct the company to disclose all incidents of data loss or breach.

It also asks the FTC to forbid Google from offering cloud computing services "until safeguards are verifiably established", and for Google to contribute US$5m to a public fund that will help support research into privacy enhancing technologies, including encryption, effective data anonymisation, and mobile location privacy.

Epic was established in 1994 to focus public attention on emerging civil liberties issues, and to protect privacy.

The organisation has previously complained to the FTC about the security standards relating to the single sign-on service provided by Microsoft Passport, as well as those employed by data broker ChoicePoint.

The FTC appeal about Google's services cites Section 5 (a) of the Federal Trade Commission Act (15 U.S.C) which prohibits unfair or deceptive acts or practices in, or affecting, commerce.

"Google's inadequate security practices, and the resultant Google Docs data breach, caused substantial injury to consumers, without any countervailing benefits," said Epic in the filing.

Copyright ©

Privacy group slams Google's cloud services
Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.