FTC Urged to Investigate Security of Google Services
An online privacy group is calling on the U.S. Federal Trade Commission to investigate whether Google is making deceptive claims over the security of data stored in cloud-computing services such as Gmail and Google Docs.
The Electronic Privacy Information Center (EPIC) filed a 15-page complaint on Tuesday, asking the FTC to force Google to stop offering online services that collect data until the presence of adequate privacy safeguards is verified. EPIC also wants Google to disclose all data loss or breach incidents.
Google has not reviewed the complaint in detail but has policies in place to ensure data is protected, it said in a statement Wednesday.
"Cloud computing can be more secure than storing information on your own hard drive," the statement said.
Cloud-computing services offer several advantages for users since many are accessed through a Web browser and do not require other software to be installed on a computer. Software updates are integrated automatically into the service, another maintenance advantage. But the safety and security of the data is in the hands of the company providing the service, and access to it depends on network availability.
The popularity of cloud computing services continues to rise. Figures from ComScore in September 2008 showed that 26 million people are using Google's Gmail service, EPIC wrote in its complaint.
EPIC cites several incidents where data held by Google was at risk, the most recent of which occurred earlier this month with its Google Docs office productivity service.
An error in the service caused some documents to be exposed to other users without proper permission. Google said the error occurred between users who had already shared documents before and amounted to less than 0.5 percent of documents held in the service. EPIC also listed other security flaws in Gmail as well as Google Desktop, a desktop indexing program.
EPIC contends that Google assures users that data is stored securely, but the company's terms of service say it holds no liability for harm.
Google Docs would be more secure if personal data was encrypted rather than stored in clear text, which is a commonsense security practice, EPIC argued in its complaint.
"Google made material representations that misled consumers regarding its security practices, and users reasonably relied on Google's promises," the complaint said.
EPIC also wants Google to revise its terms of service concerning how it handles data. It also would like the company to donate US$5 million to a public fund that will support research into technologies such as encryption, data anonymization and mobile location privacy.