Privacy Group Asks FTC To Investigate All Google Apps
The incident only affected about .05% of documents, the company said. But the fact that it occurred at all has some privacy advocates asking what other security breaches might lie in store for Google users.
Now, the Electronic Privacy Information Center is asking the Federal Trade Commission to investigate all Google applications that allow people to store media in the "cloud"--including Google Docs, Gmail, Picasa and Google Calendar.
"The Google Docs data breach highlights the hazards of Google's inadequate security practices, as well as the risks of cloud computing services generally," the group states in a complaint filed this week.
Specifically, the privacy organization is asking the FTC to probe whether Google engaged in an unfair or deceptive business practice by telling users that uploaded material would remain private, but then failing to deploy "commonsense" security measures.
"Google represents to consumers, 'Rest assured that your documents, spreadsheets and presentations will remain private unless you publish them to the Web or invite collaborators and/or viewers,'" states the complaint, which quoted directly from a Google Docs help page. "Google's inadequate security practices ... caused substantial injury to consumers, without any countervailing benefits. The harm was reasonably avoidable, in that the damage could have been avoided or mitigated by the adoption of commonsense security practices, including the storage of personal data in encrypted form, rather than in clear text."
Google said in a statement that it had received the complaint, but hadn't reviewed it in detail. The company also said it had polices in place "to ensure the highest levels of data protection."
The advocacy group requested that the FTC take a host of actions, including shutting down Gmail, Picasa, Docs and Google's other cloud computing services.
But that outcome is unlikely, according to Seattle-based cyberlaw expert Venkat Balasubramani. "It's very unrealistic," he said, adding that the recent breach resulted from an unintentional glitch and was limited in scope.
This isn't the first time the Electronic Privacy Information Center has asked the FTC to rule against Google. Two years ago, the organization unsuccessfully lobbied the FTC to block Google's $3.1 billion merger with DoubleClick.
The FTC was already scrutinizing the broader question of whether the rise in cloud computing services poses risks to security. This week, the agency held a two-day meeting addressing the topic.