San Francisco — Google’s recent privacy flaw with Google Docs may have caused a concern for their customers and it may even make them think twice whether or not to store sensitive data with Google’s cloud computing services. An online privacy advocacy group on Tuesday asked the Federal Trade Commission (FTC) to probe the adequacy of Google Inc.’s security safeguards on Gmail, Google Docs, Google Calendar, and the company’s other Web apps until government-approved “safeguards are verifiably established,” according to a filing from the Electronic Privacy Information Center (EPIC).
In a complaint filed with the U.S. Federal Trade Commission, the Electronic Privacy Information Center submitted the far-reaching request to the FTC in a letter from its director, Marc Rotenberg, on Tuesday. It argues that a formal legal injunction halting all Google cloud-computing services pending formal government approval is necessary to “adequately safeguard the confidential information” of users.
“Recent reports indicate that Google does not adequately safeguard the confidential information that it obtains,” EPIC mentioned in its letter. “Given the previous opinions of the FTC regarding the obligation of service providers to ensure security, EPIC hereby petitions the FTC to open an inquiry into Google’s cloud computing services.”
“If we were discussing about a child safety seat that could not be securely attached to a car passenger seat, the commission in that instance would say to the company, ‘Look, you have got to fix that problem,’” Rotenberg, a lawyer and adjunct law professor, said in a telephonic interview on Tuesday. “Consumers are at risk when that product is in the marketplace. We have a similar view of cloud computing at this point: people are at risk.”
The Washington, D.C.-based group, which concentrates on civil liberties and privacy issues, also asked the FTC to bar Google from offering cloud computing services until the company has put certain safeguards in place.
If the FTC grants the request, hundreds of millions of Internet users would be unable to access their e-mail or documents until the agency’s formidable collection of lawyers in Washington, D.C., became satisfied with the revised applications. The outage would extend to businesses that pay for access to Google Apps.
Google said in a statement that it has received a copy of the complaint but has not yet reviewed it in detail.
“We are considerably aware of how important our users’ data is to them and take our responsibility very seriously,” the firm said, adding that Google has extensive polices, procedures and technologies to ensure the highest levels of data protection.
Early this month, Google said a bug in online productivity software, Google Docs, caused a small percentage of users to inadvertently share their personal documents with other users. The bug, which has since been fixed, affected 0.05 percent of all documents and was limited to people who had previously shared online documents with others, according to Google.
“The Google Docs data breach highlights the hazards of Google’s inadequate security practices, as well as the risks of cloud computing services generally," said Rotenberg in a statement.
He added that there was “ample” precedent for the FTC to begin an investigation.
Despite these incidents, Google still boast the security of its products on its Web site. “Google made material representations that misled customers regarding its security practices, and users reasonably relied on Google’s promises," EPIC said.
Google needs “commonsense security practices” like storing data in encrypted fashion, the filing said.
Given that the FTC has taken action on data breaches with companies like ChoicePoint and Compgeeks.com, the agency should do the same with Google, EPIC wrote.
ChoicePoint was ordered to pay $15 million in penalties and fines in 2006 after it admitted to compromising the personal financial records of 163,000 of its customers.
Earlier this year, the FTC banned Compgeeks.com from making deceptive privacy and data security claims after it was revealed that the company stored customer data in an unencrypted fashion, which allowed hackers to access the data.
“As a result of the popularity of cloud computing services, data breaches on these services pose a heightened risk of identity theft,” EPIC said. “The FTC should hold accountable the purveyors of cloud computing services, particularly when service providers make repeated, unequivocal promises to consumers regarding information security.”
As an additional punishment, EPIC wants Google to be forced to pay $5 million into a “public fund” that it and like-minded advocacy groups could financially benefit from.