Privacy group appeals to FTC for Google probe

18 Mar 2009

A privacy advocacy group has asked the US Federal Trade Commission (FTC) to pull the plug on Gmail, Google Docs, Google Calendar, and the company's other Web apps until government-approved "safeguards are verifiably established."

If the FTC grants the request, hundreds of millions of internet users would be unable to access their e-mail or documents until the agency's formidable collection of lawyers in Washington, DC, became satisfied with the revised applications. The outage would extend to businesses that pay for access to Google Apps.

The Electronic Privacy Information Center (EPIC) submitted the far-reaching request to the FTC in a letter from its director, Marc Rotenberg, on Tuesday. It argues that a formal legal injunction halting all Google cloud-computing services pending formal government approval is necessary to "adequately safeguard the confidential information" of users.

EPIC cites several incidents where data held by Google was at risk, the most recent of which occurred earlier this month with its Google Docs office productivity service.

An error in the service caused some documents to be exposed to other users without proper permission. Google said the error occurred between users who had already shared documents before and amounted to less than 0.5 per cent of documents held in the service. EPIC also listed other security flaws in Gmail as well as Google Desktop, a desktop indexing programme.  (See: Google Docs experiences a privacy glitch)

EPIC contends that Google assures users that data is stored securely, but the company's terms of service say it holds no liability for harm. Google Docs would be more secure if personal data was encrypted rather than stored in clear text, which is a commonsense security practice, EPIC argued in its complaint. As an additional punishment, EPIC wants Google to be forced to pay $5 million into a "public fund" that it and like-minded advocacy groups could financially benefit from.

Google has not reviewed the complaint in detail but has policies in place to ensure data is protected, it said in a statement Wednesday. "Cloud computing can be more secure than storing information on your own hard drive," the statement said. "We are highly aware of how important our users' data is to them and take our responsibility very seriously."

Cloud-computing services offer several advantages for users since many are accessed through a Web browser and do not require other software to be installed on a computer. Software updates are integrated automatically into the service, another maintenance advantage. But the safety and security of the data is in the hands of the company providing the service, and access to it depends on network availability.

Google has introduced a growing menu of cloud-based software from email to spreadsheets. Last week, the company unveiled Google Voice, which transcribes telephone voice mails and routes the messages to a person's email inbox. (See: Google launches Google Voice)

EPIC regularly sends letters to the FTC asking for action against technology companies. It sent one last year targeting Ask.com, which had already discontinued the practice in question. In 2000, the group targeted DoubleClick. EPIC noted that its previous complaint to the FTC about Microsoft's Passport Internet services led to a 2002 settlement that forced the software giant to "change its business practices."