It’s either one more swipe at the 800-pound gorilla, or it’s a serious problem brewing for Google. Today a Washington-based advocacy group filed a complaint asking the FTC to review Google’s security standards for its cloud computing services. Among those services: Gmail, Docs, and Picasa.
The source of the complaint, and its target, are definitely serious matters. The Electronic Privacy Information Center (EPIC) wants the trade commission to investigate “the adequacy of the privacy and security safeguards” of Gmail, Calendar, Docs, and Picasa. Earlier this month Google had to report a breach of its Docs application, which is one of the reasons EPIC filed with the FTC, it’s petition states. Docs has 4.4 million users; Gmail has 26 million.
EPIC has a track record that merits attention. Its petitions have led
to revised security standards for Microsoft’s Passport database and a
$15 million fine against ChoicePoint for privacy breaches. A statement from Google acknowledged the complaint and asserted that “cloud computing can be more secure than storing information on your own hard drive. We are highly aware of how important our users’ data is to them and take our responsibility very seriously.”
It better. In its petition EPIC wants the FTC to demand a revision of Google’s terms of service concerning how it handles data. For example, the EPIC petition takes issue with the “misleading” nature of the security available by storing personal information on a third-party server. It wants warnings about potential breaches to be called out and the need for personal hard-drive back-up to be reinforced. Google, says EPIC, “explicitly assures consumers that Google Docs saves to a secure, online storage facility without the need to save to your local hard drive.”
Google will most likely have to rewrite those insurances to be a bit less cavalier. EPIC also wants a $5 million donation to a public fund that will support research into technologies such as encryption, data anonymization and mobile location privacy.
The FTC has gone on record several times over the past year as a tough enforcer of customer data privacy. The EPIC petition quotes commissioner Deborah Platt Majoras’ comment last March: “By now,the message should be clear: companies that collect sensitive consumer information have a responsibility to keep it secure the FTC has charged companies with security deficiencies in protecting sensitive consumer information [on more than 20 occasions].”