The Electronic Privacy Information Center (“EPIC”) recently filed a complaint with the Federal Trade Commission (“FTC”) accusing Google of failing to implement adequate privacy and data security safeguards and engaging in unfair and deceptive trade practices related to its “cloud computing” services.
EPIC asked the FTC to open an investigation into Google’s cloud computing services and to bar Google from offering such services until it establishes adequate safeguards. EPIC also requested that the FTC compel Google to contribute $5 million “to a public fund tat will help support research concerning privacy enhancing technologies, including encryption, effective data anonymization, and mobile location privacy.”
Cloud computing refers to a system that provides off-site software application and data storage services to consumers and businesses through the Internet. Google’s cloud computing services include Gmail, Picasa Web Albums, Google Calendar, Google Desktop and Google Docs.
EPIC’s complaint followed on the heels of a reported data breach involving Google Docs. On March 7, 2009, user documents and files saved through the Google Docs service were exposed to unauthorized users. EPIC also highlighted other purported flaws in Google’s cloud computing services, including a January 2005 incident that allegedly compromised Gmail usernames and passwords, and two separate vulnerabilities with Google Desktop that permitted access to users’ sensitive data.
In its complaint, EPIC stated that “Google’s inadequate security practices, and the resultant Google Docs Data Breach, caused substantial injury to consumer, without any countervailing benefits.” Moreover, EPIC charged that Google made material misrepresentations “that misled consumer regarding its security practices, and users reasonably relied on Google’s promises.” For instance, EPIC argued that Google assured Google Docs users that “files are stored securely online” and that all documents are saved “to a secure online storage facility.” According to EPIC, in light of the Google Docs breach, the assurances Google made to consumers were deceptive, and thus, the FTC should step in to protect consumers.
For more information on the privacy issues surrounding cloud computing services, please see our prior blog post here.