The Google, The FTC, and The News headlines

If anyone’s been looking at the tech headlines today, particularly the really big sites with very political writers, you may have read something about the FTC having Google in chains over outrageous privacy violations.

Some of that info is based on fact but most of what I’ve read is personal takes on the news with a heavy spin to sidetrack the facts and make a story.

Google behind bars

First, lets just get the elephant in the room to step into the light so we’re all looking at it:

Google’s bread and butter is handling trust and privacy properly.
If users can’t trust Google, we can’t use them.

This is why Google has repeatedly been it’s own whistle blower.

  • The web was programmed by humans..
  • Humans make mistakes..
  • The real measure of things is dealing with the mistakes!

When Google’s engineers came up with a shockingly brilliant method of ‘fingerprinting’ WiFi access points by sampling the data coming to/from the devices it wasn’t anyone outside the company that complained.

The fact is that many homes (and some businesses) have zero wireless security, so what was a brilliant plan to get a ‘fingerprint’ ended up becoming a nightmare of un-encrypted data that had to be destroyed properly.

Plus Google had to figure out what it could do to prevent this from happening again, so as part of the punishment Google helped devise for themselves, they setup a fund to create a privacy resource/knowledge base.

At the time many sites tried to make news from the issue and imply that Google was a privacy nightmare, stealing data from unsuspecting users, etc.., etc.., totally overlooking the fact that anyone could (and probably does) roam around in a vehicle and collect the exact same data Google collected.

The majority of the media coverage was almost insulting to the intellect of the readers, but I saw smart people drinking the cool-aid so don’t feel bad if you saw the headlines and got the wrong idea too.

This latest issue is no different at all in terms of Google acting responsibly and the news makers trying to generate headlines.

So here’s a factual take on the actual settlement, not some poorly considered opinion that I’m hoping will make this a headline:

“Google Inc. has agreed to settle an FTC complaint that it used deceptive tactics and violated its own privacy policy when it launched the Google Buzz social network last year. In addition to alleged FTC privacy violations, this is the first time the FTC has alleged violations of the substantive privacy requirements of the U.S.-EU Safe Harbor Framework, a method for U.S. companies to transfer personal data lawfully from the European Union to the United States.

The settlement agreement bars the Google from future privacy misrepresentations, requires it to implement a comprehensive privacy program and includes regular, independent privacy audits for the next 20 years. This is the first time an FTC settlement order has required a company to implement a comprehensive privacy program to protect the privacy of consumers’ information.

According to the FTC complaint, on the day Buzz was launched through the Gmail service, users got a message announcing the new service and were given two options: “Sweet! Check out Buzz,” and “Nah, go to my inbox.” However, some Gmail users who clicked on “Nah…” were enrolled in certain features of the Google Buzz social network anyway. For those Gmail users who clicked on “Sweet!,” the FTC alleges that they were not adequately informed that the identity of individuals they emailed most frequently would be made public by default. Google also offered a “Turn Off Buzz” option that did not fully remove the user from the social network.

When Google launched Buzz, its privacy policy stated that “When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.” The FTC complaint charges that Google violated its privacy policies by using information provided for Gmail for another purpose – social networking – without obtaining consumers’ permission in advance.

The agency also alleges that by offering options like “Nah, go to my inbox,” and “Turn Off Buzz,” Google misrepresented that consumers who clicked on these options would not be enrolled in Buzz. In fact, they were enrolled in certain features of Buzz.

The complaint further alleges that a screen that asked consumers enrolling in Buzz, “How do you want to appear to others?” indicated that consumers could exercise control over what personal information would be made public. The FTC charged that Google failed to disclose adequately that consumers’ frequent email contacts would become public by default.

Finally, the agency alleges that Google misrepresented that it was treating personal information from the European Union in accordance with the U.S.-EU Safe Harbor privacy framework. The framework is a voluntary program administered by the U.S. Department of Commerce in consultation with the European Commission. To participate, a company must self-certify annually to the Department of Commerce that it complies with a defined set of privacy principles. The complaint alleges that Google’s assertion that it adhered to the Safe Harbor principles was false because the company failed to give consumers notice and choice before using their information for a purpose different from that for which it was collected.”