The December 2022 issue of IEEE Spectrum is here!

Close bar

Google Agrees to 20 Years of Privacy Audits

The Internet giant agrees to increased scrutiny in the wake of privacy issues surrounding its fledgling social network, Google Buzz

2 min read
Google Agrees to 20 Years of Privacy Audits

It’s been just about a year since members of Congress asked the US Federal Trade Commission (FTC) to look into privacy issues concerning Google Buzz, Google's social networking site.

Now Google has agreed to settle FTC complaints that the company “used deceptive tactics and violated its own privacy promises to consumers when it launched its social network”. According to the settlement, Google can’t misrepresent their privacy policies in the future and must submit to biennial, independent privacy audits for the next 20 years.

Launched in February 2010, Buzz offered a way for Gmail users to post updates and share content, much as they would on other social networking sites like Facebook. To Google's chagrin, the new product came under fire almost instantly for its privacy settings.

By default, Buzz made all items a user posts public and searchable on the Internet. Gmail users, who were signed up by default, also found their contact lists had been mined to populate the Buzz network and were visible to other users. The long list of Buzz privacy issues outlined by the FTC details how this data mining went awry:

…many users complained about the automatic generation of lists of followers and people to follow from email contact lists that included in some cases: individuals against whom they had obtained restraining orders; abusive ex-husbands; clients of mental health professionals; clients of attorneys; children; and recruiters they had emailed regarding job leads.

Google quickly responded to complaints, adding new features and changing default settings (The Washington Post’s Rob Pegoraro posted a good run-down of Buzz’s first week).

The FTC then stepped in to investigate whether Google broke an implicit or explicit promise that information obtained from Gmail users would only be used to provide them with e-mail service. According to the FTC, Google’s actions were “deceptive” because the company failed to obtain permission from users to use their information in other ways even though the company said it would.

This isn’t the first federal fallout in all the fuss over Google Buzz. In September 2010, Google agreed to pay $8.5 million to settle a class-action lawsuit filed on behalf of users.

Google apologized on Wednesday for Buzz’s failures. “We don’t always get everything right. The launch of Google Buzz fell short of our usual standards for transparency and user control,” Google’s privacy director Alma Whitten wrote on the company blog. Whitten links to a few places where Google users can go to manage their privacy settings.

The FTC says this is the first time it has created a settlement that has "required a company to implement a comprehensive privacy program to protect the privacy of consumers’ information".

Could this settlement usher in a new era of FTC involvement in protecting privacy on the Internet? After all, gaps in privacy protection aren't exclusive to Google. Facebook has been repeatedly criticized for failing to keep user information private. Just weeks ago, the e-commerce site Etsy made headlines after turning on a social networking feature that exposed the previously private (and potentially embarrassing) shopping histories of its users.

“Today’s action should serve as a reminder to Facebook, Twitter, Yahoo and other sites with social aspects that they should be more careful and transparent when it comes to sharing their users’ information,” says Levi Sumagaysay of Good Morning Silicon Valley.

The FTC will grant 30 days for public comments before finalizing the agreement. You can make comments on it through May 2, 2011 on this site.

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less