I’m a big fan of CNET’s “Buzz Out Loud” podcast and often enjoy co-host Molly Wood’s occasional “Molly Rant” but I’m disappointed to see her jumping on the Google-bashing bandwagon with her latest rant: “Google Buzz: Privacy nightmare.” Instead of appreciating the “privacy by design” features of Buzz, she seems to be rushing to privacy paternalism—just as I feared many would when I blogged about the Buzz launch.
Molly’s primary complaint, repeated several times, is that “you automatically follow everyone in your Gmail contact list, and that information is publicly available in your profile, by default, to everyone who visits your profile.” Actually, while Buzz does automatically follow some users your contact list, it does so only for the ones you chat with most using Gmail (which I believe means only other Gmail users). After that, Buzz simply tells you when other users follow you, and makes it easy to follow them.
So what’s the big deal? Molly’s concern, shared by a number of other bloggers, is that, before a user can start Buzzing, they have to set up Google Profile (another Google product launched last August, which typically appears on the bottom of the first page of Google search results for that name) and the default setting for Google profiles is to “Display the list of people I’m following and people following me.” In this respect, your Google Profile is a lot like your Facebook profile, except that users can decide to hide their followers/followees on their Google profile. (On Facebook, that information is part of the limited bucket of “publicly available information” and can’t be hidden by the user from their profile, but users can opt-out of having their profile accessible at all through search engines or Facebook search.)
There are essentially three ways of dealing with this concern about inadvertent sharing of sensitive contacts: Continue reading →
Says Epic Games founder and CEO Tim Sweeney. I wonder what the FTC will think about this prospect in the report Congress asked them to send this year about video games. I think it’s safe to assume that the thought of life-like sex and violence will create a true technopanic.
Unlike with wiretaps, law enforcement agents are not required by federal statutes to obtain search warrants before employing pen registers or trap and trace devices. These devices record non-content information regarding telephone calls and Internet communications. (Of course, “non-content information” has quite a bit of content – who is talking to whom, how often, and for how long.)
The Electronic Privacy Information Center points out in a letter to Senate Judiciary Committee Chairman Patrick Leahy (D-VT) that the Department of Justice has consistently failed to report on the use of pen registers and trap and trace devices as required by law:
The Electronic Communications Privacy Act requires the Attorney General to “annually report to Congress on the number of pen register orders and orders for trap and trace devices applied for by law enforcement agencies of the Department of Justice.” However, between 1999 and 2003, the Department of Justice failed to comply with this requirement. Instead, 1999-2003 data was provided to Congress in a single “document dump,” which submitted five years of reports in November 2004. In addition, when the 1999-2003 reports were finally provided to Congress, the documents failed to include all of the information that the Pen Register Act requires to be shared with lawmakers. The documents do not detail the offenses for which the pen register and trap and trace orders were obtained, as required by 18 U.S.C. § 3126(2). Furthermore, the documents do not identify the district or branch office of the agencies that submitted the pen register requests, information required by 18 U.S.C. § 3126(8).
EPIC has found no evidence that the Department of Justice provided annual pen register reports to Congress for 2004, 2005, 2006, 2007, or 2008. “This failure would demonstrate ongoing, repeated breaches of the DOJ’s statutory obligations to inform the public and the Congress about the use of electronic surveillance authority,” they say.
It’s a good bet, when government powers are used without oversight, that they will be abused. Kudos to EPIC for pressing this issue. Senator Leahy’s Judiciary Committee should ensure that DoJ completes reporting on past years and that it reports regularly, in full, from here forward.
Earlier this month, Google made news when it announced that its cloud computing productivity suite Google Docs had suffered a technical glitch that temporarily compromised a subset of users’ shared documents. After becoming aware of this glitch, Google notified its users via email and posted an entry to the Official Google Docs Blog that offered a more detailed explanation of what happened.
It turns out that a bug in Google’s permissions code was causing certain documents that had been shared by their author with other users but subsequently unshared to remain visible to those users. By the time Google notified its users, the bug had already been resolved, and Google estimates that only around 0.05% of all documents were vulnerable due to the glitch. As to how many documents were actually viewed by unauthorized parties, it’s unclear at this point.
All in all, the Google Docs glitch, while troubling, seems relatively minor as far as bugs go. Nevertheless, the Electronic Privacy Information Center’s Mark Rotenberg jumped on the chance to attack Google, as he often does when Google makes news for anything privacy-related. Yesterday, EPIC filed a complaint with the Federal Trade Commission that called on the FTC to investigate Google’s privacy safeguards, order Google to shut down all cloud computing services—including Gmail, which has 26 million users—pending a thorough privacy evaluation, and force Google to pay $5 million to a fund that would be setup for “privacy research.”
Watchdog activist groups like EPIC can play a useful role in the public discourse on privacy, helping to publicize unsavory behavior by companies and educating consumers about keeping data secure. Unfortunately, however, these groups’ admirable focus on protecting privacy sometimes edges on the myopic, causing them to overreact to data breaches and sometimes even call for regulatory interventions that are decidedly anti-consumer. EPIC’s latest complaint about Google is a classic example of this.
Continue reading →
Facebook sparked a major user uprising when it amended its terms of service earlier this month to grant the social networking site greater licensing rights over user-submitted content. The implications of Facebook’s amended Terms of Use were originally uncovered by The Consumerist this past Sunday in a story entitled, “Facebook’s New Terms Of Service: ‘We Can Do Anything We Want With Your Content. Forever.’” The title pretty much sums up what the controversy was all about: under Facebook’s amended Terms of Use, even after a user deletes his Facebook account, Facebook would retain its license to distribute nearly all types of user-submitted content including photos and videos.
Predictably, news of Facebook’s expanded licensing rights made many users angry, with several Facebook groups against Terms of Use modifications popping up, attracting thousands of members overnight. As is often the case with juicy reports like this one, news of the Facebook fiasco spread throughout the blogosphere rapidly, eventually making its way to major tech sites and even the main page of CNN.com. By yesterday afternoon, a snapshot of Mark Zuckerberg’s face was plastered on Fox News Channel, next to an excerpt of an entry he posted to Facebook’s blog in defense of the social networking site’s new terms.
Facebook’s explanation of its new terms seemed reasonable enough: even after a user quits Facebook, material that user has posted on friends’ walls and other messages the user has sent to others may remain available. Facebook also noted that its perpetual license only allowed the site to use material in accordance with departed users’ privacy settings (presumably at the time of their departure). Under the new terms, therefore, Facebook would still be required to respect albums marked as private–and ensure they stay that way.
But the seemingly stark contrast between Facebook’s attempts to justify the changes to its terms of use and, well, the actual language of terms themselves left many observers dissatisfied. In theory, if a user who had a Facebook photo album open to her entire network were to delete her account, Facebook would retain license to make those photos available to members of her network in perpetuity. And depending on how you parse the amended terms, Facebook could even use your profile pic in ads for the social network long after you terminated your Facebook account.
Continue reading →
Over the past year or so, many market-oriented critics of Google, like Scott Cleland and Richard Bennett, have criticized the company for aligning itself with Left-leaning causes and intellectuals. Lately, however, what I find interesting is how many leading leftist intellectuals and organizations have begun turning on the company and becoming far more critical of the America’s greatest capitalist success story of the past decade. The reason this concerns me is that I see a unholy Right-Left alliance slowly forming that could lead to more calls for regulation not just of Google, but the entire search marketplace. In other words, “Googlephobia” could bubble over into something truly ugly.
Consider the comments of Tim Wu and Lawrence Lessig in Jeff Rosen’s huge New York Times Magazine article this weekend, “Google’s Gatekeepers.” Along with Yochai Benkler, Lessig and Wu form the Holy Trinity of the Digital Left; they set the intellectual agenda for the Left on information technology policy issues. Rosen quotes both Wu and Lessig in his piece going negative on Google. Wu tells Rosen that “To love Google, you have to be a little bit of a monarchist, you have to have faith in the way people traditionally felt about the king.” Moreover:
Continue reading →
Declan McCullagh, CNET News’ chief political correspondent, does a nice job debunking the privacy fears about Google Flu Trends that a couple of pro-regulatory privacy advocates have set forth. Flu Trends is a very cool application that uses search terms as an indicator of possible upticks in flu-related illnesses in various regions of the U.S. Of course, it didn’t take long for some Chicken Littles to rain on the parade with their irrational fears about data privacy. As Declan notes, however, there is no personally identifiable information being collected or shared here. It’s just search term analysis. Moreover, if these privacy-sensitive advocates are really that paranoid about it, they should just just Tor or another anonymizer to cloak their searches instead of calling in the regulators to suffocate another technology while its still in the cradle.
Anyway, make sure to read Declan’s excellent piece.
Comments 
Posted in: Googlephobia, Privacy, Security & Government Surveillance 
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.
