Get Off Of My Cloud! Privacy Group Asks FTC To Investigate Google
The Electronic Privacy Information Center (EPIC) Tuesday filed a complaint with U.S. Federal Trade Commission and asked for an investigation into what it claims are security problems with Google's cloud computing services, which also include Google Calendar, Google Desktop and Picasa Web Albums. Until the purported problems are remedied, EPIC asked that the FTC suspend the services.
EPIC said that despite known security breaches, the Mountain View, Calif.-based company "encourages consumers to save personal data to the company's cloud computing services ... and repeatedly assures users that it will safeguard their information."
"Google explicitly assures consumers that 'Google Docs saves to a secure, online storage facility ... without the need to save to your local hard drive,' " said EPIC. "Google states that "your data is private, unless you grant access to others and/or publish your information."
While Internet security breaches happen on a regular basis, EPIC said Google's "inadequate security" is a deceptive trade practice since the company has not only known about the security issues, but also because its Terms of Service "explicitly disavows any warranty or any liability for harm that might result from Google's negligence, recklessness, malintent, or even purposeful disregard of existing legal obligations to protect the privacy and security."
"Prior to [a] Google Docs Data Breach, Google knew that cloud computing services are susceptible to data breaches," said EPIC. "Google was aware that common-sense security measures, including storing user data in encrypted form, rather than in clear text, could reduce the likelihood and extent of consumer injury."
Based on the filing, EPIC asked the FTC to require Google to revise its Terms Of Service with respect to cloud computing services.
The group also wants the FTC to compel Google to make its information security policies more transparent, and to disclose all incidents of data loss or data breach to the FTC.
Until safeguards are put in place, EPIC urged the FTC to suspend Google's cloud services.
EPIC also asked that the FTC compel Google to contribute $5 million to a public fund that will help support research concerning privacy technologies, including encryption, effective data anonymization and mobile location privacy.
A Google spokesperson told The New York Times that Google has not extensively reviewed the filing but said it is investigating EPIC's concerns.
"Many providers of cloud computing services, including Google, have extensive policies, procedures and technologies in place to ensure the highest levels of data protection," said Google's Adam Kovacevich. "Indeed, cloud computing can be more secure than storing information on your own hard drive. We are highly aware of how important our users' data is to them and take our responsibility very seriously."
EPIC has previously initiated a number of other security complaints to the FTC, including Microsoft Passport, ChoicePoint, TJX, Reed Elsevier and Seisint.