EPIC Sues FTC Over Google's Planned Privacy Changes 100
angry tapir writes "The Electronic Privacy Information Center has filed a lawsuit against the U.S. Federal Trade Commission, asking a court to force the agency to take action against Google over planned changes in the company's collection of personal data. EPIC, in briefs filed Wednesday, asked the U.S. District Court for the District of Columbia to require the FTC to enforce a 2011 privacy agreement between the agency and Google over the company's fumbled rollout of its Buzz social networking service."
Re:EPIC (Score:3, Informative)
How is that a surprise? I thought that was already done. Especially considering you log into the calendar and G+ service with the same username.... again, how is that a friggin surprise, or a problem?
Oops. Principals and principles tainted. (Score:5, Informative)
Interesting. Marc Rotenberg, President and Executive Director of EPIC served as counsel [wikipedia.org] on the Senate Judiciary Committee to PIPA sponsor Patrick Leahy. The very same unconstitutional PIPA that Google just protested against and helped get shut down with your help and mine.
I don't know about you, but a lawyer at counsel who could advise the Chairman of the Senate Judiciary Committee that he could get away with sponsoring a bill that violates not one, but at least two of our human rights enshrined in the Bill of Rights to suit a tiny minority commercial interest might be a wee bit biased.
Odd coincidence, that he's leading the group now suing Google over something or other. How did they expect us to not know that? Do they not have the Google? Are they living in the 1980's still?
In case you don't remember who Senator Leahy is and how he's working against your free speech and due process rights, here's an article [talkingpointsmemo.com] with interesting links. Being as how you're reading this though, it's unlikely you don't know this.
And here's former Senator and chairman of the Democratic National Committee Chris Dodd saying if the politicians took the graft they oughtta pass this bill (PIPA and SOPA): link [ibtimes.com].
Re:EPIC (Score:5, Informative)
Yep, that's certainly the idea. Note that most of Google's existing privacy policies already did give them the ability to share user's data across all its services. For example, YouTube already shows videos that your friends share on Google+. The problem was that they were inconsistent. Google cannot currently share data from YouTube with other sites. Their new policy allows them to do that. This is all explained in their letter to U.S. Congress [google.com].
Now what exactly is the problem with this? It seems to me that if Google is going to share my data, there are three sets of people they could share it with:
I see a significant harm if they were to engage in the first two. I don't really have a problem with the third. And this privacy policy specifically prevents them from doing the first two. So what this allows them to do is share my information, from one Google service to another, for the purposes of showing me relevant links and ads. In that case, where is the harm? Further, how am I worse off having, for example, Google search results informed by what YouTube videos I've been watching. It sounds like it could give me more relevant search results.
Further, I would much rather know that anything I upload to any Google service might be used by any other Google service, than have to remember a complex set of rules about which products' privacy policies allow Google to share data with which other products.
What does this mean? What do you mean by "share" in this context? Withhold your Calendar from whom? As far as I am concerned, the only people who have access to my calendar are me and Google's servers. If the Google+ app had access to my calendar (for example, it might show appointments on the side), that doesn't increase the people who have access to my calendar: It's still just me and Google's servers.
Since when did any company give you explicit control over how the data is stored on their servers? With Google's new policy, it is simple: if you use a service, your data for that service will be stored on Google and may be used by any other service within that company (and not sold to third parties). How is that harmful? How is that different to any other company?
Re:EPIC (Score:4, Informative)
I think the outrage is simple.
Google has a different privacy policy for each of its services, and if it decides it wants to share the data between services, the conflict makes it a legal nightmare.
Unifying the privacy policy - a great idea, because it simplifies life for everyone. However, one of the changes is that Google will also unify your profile data among all services (it could once the new policy was in place, but I believe afterwards, it said it will).
So now everything you've ever done (your youtube, your browsing (double click, google ads, CDN, any site that uses a Google-hosted javascript or something), picasa, your searches) will be available in one, all linked nicely to your details you put on your G+ page. Even what Android or iOS apps you used and how long you used them.
It's like the supermarket cards - all the juicy details of your shopping habits is pure gold to insurance companies.
Basically, you cannot use the Internet without Google - even if you use Bing exclusively, never go to YouTube and other Google projects, there's a ton of other crap hosted by Google that your web experience would suck worse than with NoScript.
If you've put up a carefully written Facebook pages, carefully choose your friends, your real self will be exposed to Google I'm sure employers and marketing ages will be anteing up lots of money to see your real self - what websites you view, what you've searched, what kind of videos you browsed. A veritable gold mine.
Re:EPIC (Score:4, Informative)
Okay, so those approximately match my first and second sharing types in my list of three. For #1, they state that they will not do this in the new policy [google.com]:
The "unless" includes a bunch of exceptions, which I don't see as a big deal but you may disagree. In summary, a) if you give them permission, b) if you have a domain administrator (doesn't apply to normal users), c) with a third party affiliate for "processing", which must also agree to the privacy policy (not quite sure what that means), d) if compelled to by a court.
For #2, that isn't what they meant at all by "sharing information between services". It does NOT imply that, for example, your calendar would be randomly shared on Google+. It only means that they will share data with you and you alone, across services (for example, to give you relevant results and ads). If you haven't used Google+, the sharing is very straightforward and very tightly controlled: only things you explicitly post on there get shared, and every time you share something, it explicitly asks that you nominate a group of people or individuals to share it with, and once posted, that group of people cannot be changed.
Re:Oops. Principals and principles tainted. (Score:5, Informative)
According to that article, Rotenberg served as counsel to Leahy "after graduation from law school". His EPIC biography says he was admitted to the MA bar in 1987 --- so he worked for Leahy around 1987. He co-founded EPIC in 1994.
PIPA was introduced by Leahy in 2011, around 20 years later.
Given everything EPIC has been doing for the last 17 years, it seems more likely (though less "interesting") that Rotenberg didn't like what he saw from his stint with the SJC, and that put him on the alternate path that led to EPIC.
Math is hard, as they say, but valiantly we try.