Privacy Group Seeks FTC Scrutiny of Google Apps

In the wake of a recent Google Docs security breach, the Electronic Privacy Information Center petitions the Federal Trade Commission to investigate Google's cloud computing services' security and privacy safeguards. The privacy group claims, if necessary, the FTC should bar Google from offering its cloud computing services like Google Docs and Gmail until Google installs reasonable security and privacy policies. Google says all is well.

A prominent privacy rights groups filed a petition with the Federal Trade Commission March 17 asking the agency to investigate the security and privacy safeguards of Google Apps. If necessary, the Electronic Privacy Information Center contends, the FTC should issue an injunction barring Google from offering its suite of cloud applications-Gmail, Google Apps and Picasa-until the service's security and privacy are verifiably established.

The FTC petition comes a week after a glitch in Google Docs caused private documents to be shared accidentally. Google quickly fixed the flaw and claimed fewer than 0.05 percent of Google Docs documents were affected by the privacy breach.

"Google routinely represents to consumers that documents stored on Google's servers are secured," EPIC stated in its petition. "The permanent transfer of the user's data, from devices and servers within the control of the user, to Google has profound implications for privacy and security."

While Google claims a user's data is private unless user permission is granted or the document is published, EPIC notes in its petition, "Google's terms of service explicitly disavow any warranty or liability for harm that might result from Google's negligence, recklessness, mal intent, or even purposeful disregard of existing legal obligations to protect the privacy and security of user data."

The number of consumers using Google Docs more than doubled last year, increasing 156 percent. As of September 2008, ComScore Media Metric reported 4.4 million consumers using Google Docs.

"We have received a copy of the complaint but have not yet reviewed it in detail. Many providers of cloud computing services, including Google, have extensive policies, procedures and technologies in place to ensure the highest levels of data protection," Google said in a statement. "Indeed, cloud computing can be more secure than storing information on your own hard drive. We are highly aware of how important our users' data is to them and take our responsibility very seriously."

EPIC has previously filed FTC petitions that resulted in Microsoft revising its security standards for Passport and forcing Choicepoint to change its business practices and pay $15 million in fines following a 2005 security breach.

According to a study issued this month by IDC, corporate spending on cloud computing services is expected to grow to $42 billion by 2012. It is estimated that almost 70 percent of Americans currently use Webmail services, store data online or otherwise use cloud computing services.

"Google's inadequate security practices, and the resultant Google Docs data breach, caused substantial injury to consumers, without any countervailing benefits," EPIC stated in its petition. "The harm was reasonably avoidable, in that the damage could have been avoided or mitigated by the adoption of commonsense security practices, including the storage of personal data in encrypted form, rather than in plain text."