Forgot your password?
typodupeerror
Google Privacy Your Rights Online

EPIC Sues FTC Over Google's Planned Privacy Changes 100

Posted by samzenpus
from the when-in-doubt-sue dept.
angry tapir writes "The Electronic Privacy Information Center has filed a lawsuit against the U.S. Federal Trade Commission, asking a court to force the agency to take action against Google over planned changes in the company's collection of personal data. EPIC, in briefs filed Wednesday, asked the U.S. District Court for the District of Columbia to require the FTC to enforce a 2011 privacy agreement between the agency and Google over the company's fumbled rollout of its Buzz social networking service."
This discussion has been archived. No new comments can be posted.

EPIC Sues FTC Over Google's Planned Privacy Changes

Comments Filter:
  • EPIC (Score:3, Funny)

    by Narcocide (102829) on Thursday February 09, 2012 @01:06AM (#38977727) Homepage

    What on earth... why are all these trolls so angry?

    • by leoplan2 (2064520)
      You're right. All this astroturfing (read the comments) is simply EPIC
    • Re:EPIC (Score:5, Insightful)

      by NeutronCowboy (896098) on Thursday February 09, 2012 @01:14AM (#38977779)

      Ok, I don't understand. On the one hand, Google is forced to implement a comprehensive privacy program. On the other hand, EPIC complains that Google's new privacy rules are.... too comprehensive? Can someone point me to what is actually changing in the privacy terms that is actually so bad? As far as I can tell, everyone's just complaining that the policies are going to be merged. So instead of having 20 separate privacy policies, now each service is governed by the same. How is that bad?

      Just wondering, cuz I seriously don't get the outrage.

      • Re:EPIC (Score:5, Funny)

        by martin-boundary (547041) on Thursday February 09, 2012 @01:29AM (#38977879)

        So instead of having 20 separate privacy policies, now each service is governed by the same. How is that bad?

        Well, IANAL but a priori, it's rather obvious that if you have several privacy policies that aren't exactly the same, then when you replace them all with a single one, you must lose some rights that you had for some services, and possibly gain some other rights that you had for some other services. So you end up with a different mix from what you initially signed up for in a given service. If you were happy with the original policies, you may not like the new ones.

        Aw crap! That reads like a lawyer's explanation. When I die, I'll go straight to Hell, and the only computer languages allowed will be Javascript....

        • Re:EPIC (Score:5, Insightful)

          by buback (144189) on Thursday February 09, 2012 @01:37AM (#38977951)

          Meanwhile: Facebook changes it's privacy policy for the 20th time since the announcement of google's policy change.

          • by Anonymous Coward

            Facebook didn't run afoul of the government like Google did with Buzz.

            The rules change based on what you've done in the past.

          • The difference is, Facebook is openly evil. Their CEO describes their users as suckers and even nontechnical people like my mother know that you'd have to be an idiot to use Facebook. Google, in contrast, spends a lot of money persuading people that they're not evil, so people are actually surprised when they do something like this...
            • by jdgeorge (18767)

              Mmmm.... I missed how having the consistent privacy policy was evil. Disappointing? Maybe. Frustrating? Possibly. But doing the web equivalent of standing in front of you with a megaphone telling you it's important that you know about and understand the unification of their privacy policy is "evil"?

      • simple explanation (Score:4, Insightful)

        by dutchwhizzman (817898) on Thursday February 09, 2012 @03:36AM (#38978697)
        Google did not do the EULA thing just for private single persons, but they signed actual contracts with business users. Those policies get changed as well, not to the benefit of said business users. Those business users have a much stronger case in court to object to the changes, since there is a clear contract, money at stake and all that.

        The biggest underlying change, also for businesses, is that in practice Google now reserve the right to have any bit of data they get on you, no matter how, linked to all the other bits of data on you. This applies to both private and business use, or a combination of both. If you think how much google scrapes and logs, they will probably know more about you than your mother, your best friend and your girl/boyfriend combined. Imagine what could happen to your business or personal life if that data got into the hands of a company that actually knows how to mine raw data.... oh wait....
      • Re:EPIC (Score:4, Informative)

        by tlhIngan (30335) <(ten.frow) (ta) (todhsals)> on Thursday February 09, 2012 @04:03AM (#38978809)

        Ok, I don't understand. On the one hand, Google is forced to implement a comprehensive privacy program. On the other hand, EPIC complains that Google's new privacy rules are.... too comprehensive? Can someone point me to what is actually changing in the privacy terms that is actually so bad? As far as I can tell, everyone's just complaining that the policies are going to be merged. So instead of having 20 separate privacy policies, now each service is governed by the same. How is that bad?

        I think the outrage is simple.

        Google has a different privacy policy for each of its services, and if it decides it wants to share the data between services, the conflict makes it a legal nightmare.

        Unifying the privacy policy - a great idea, because it simplifies life for everyone. However, one of the changes is that Google will also unify your profile data among all services (it could once the new policy was in place, but I believe afterwards, it said it will).

        So now everything you've ever done (your youtube, your browsing (double click, google ads, CDN, any site that uses a Google-hosted javascript or something), picasa, your searches) will be available in one, all linked nicely to your details you put on your G+ page. Even what Android or iOS apps you used and how long you used them.

        It's like the supermarket cards - all the juicy details of your shopping habits is pure gold to insurance companies.

        Basically, you cannot use the Internet without Google - even if you use Bing exclusively, never go to YouTube and other Google projects, there's a ton of other crap hosted by Google that your web experience would suck worse than with NoScript.

        If you've put up a carefully written Facebook pages, carefully choose your friends, your real self will be exposed to Google I'm sure employers and marketing ages will be anteing up lots of money to see your real self - what websites you view, what you've searched, what kind of videos you browsed. A veritable gold mine.

        • Re:EPIC (Score:4, Insightful)

          by icebraining (1313345) on Thursday February 09, 2012 @06:08AM (#38979371) Homepage

          your real self will be exposed to Google I'm sure employers and marketing ages will be anteing up lots of money to see your real self - what websites you view, what you've searched, what kind of videos you browsed. A veritable gold mine.

          Please tell me how can I as an hypothetical employer access that information about a person without her or his consent.

          Google is fucking scary in how much they know about you, but lets not throw lies with it. They offer no way to access that information unless you're law enforcement. Which, again, is bad enough, but not so bad as you're claiming.

          • by Sentrion (964745)

            Please tell me how can I as an hypothetical employer access that information about a person without her or his consent.

            They same way employers ALWAYS do, they hand you a consent form, either during the hiring process after you've been given an offer, and often after you have accepted the offer and tendered your resignation to your current employer, or after years of working with no problems your employer hands you a consent form to sign and tells you firmly that your consent to [drug test, background search, cavity search, etc.] is a "condition of your employment and refusal to consent will be grounds for disciplinary actio

            • So you're blaming Google for an hypothetical future where they have such a a feature.

              Should I judge you too based on things I can imagine you might do in the future?

        • noscript ftw.
        • For those who want to work around this:

          http://slashdot.org/journal/277383/making-google-keep-to-itself-with-multifox [slashdot.org]

          For extra security, use CookieMonster 1x to only temp-allow Google's cookies in the instance used to view Google services, and maybe use a separate proxy for those tabs (although Multifox doesn't allow separate proxies for separate identity windows, so you'll have to use FoxyProxy with per-site rules)

        • Basically, you cannot use the Internet without Google - even if you use Bing exclusively, never go to YouTube and other Google projects, there's a ton of other crap hosted by Google that your web experience would suck worse than with NoScript.

          Actually I surf quite nicely most of the time as I already block most of Google's data gathering methods and yet, I haven't encountered a website that wouldn't allow me to access it for blocking Google's attempts unlike Facebook. Combine with Ghostery and Noscript along with a pretty comprehensive host file and I'm not giving out as much information as others who simply don't care about the situation.

          • by Uzuri (906298)

            There actually are a number of sites out there hitting googleapis.com and googleusercontent.com, so depending on where you go, you can run into trouble. I run into it most on news sites, sometimes when registering for things (many places are using Google's captcha), and once in a while on forums, so it truly does depend on where you're headed as to whether you see it or not.

            I find that RequestPolicy for Firefox makes it easy to pick and choose which sites are permitted to talk to Google without needing to

    • Re:EPIC (Score:4, Insightful)

      by c0lo (1497653) on Thursday February 09, 2012 @01:29AM (#38977877)

      What on earth... why are all these trolls so angry?

      Maybe it is not because Google will combine the privacy policies into a single one, but also all the users data across all its services? [macworld.com]

      Perhaps the move will no longer let you share individual services data, like sharing your Google+ data but withhold your Calendar?
      If so, would you still be considering trolls the guys at EPIC?

      • Re: (Score:3, Informative)

        by NeutronCowboy (896098)

        How is that a surprise? I thought that was already done. Especially considering you log into the calendar and G+ service with the same username.... again, how is that a friggin surprise, or a problem?

        • by c0lo (1497653)

          How is that a surprise? I thought that was already done.

          Wow... just wow... I mean: you thought that it was already done and this is reason enough not to come as a surprise for anyone?

      • by basotl (808388)
        You can opt out of data sharing globally on Google. This seems the best policy for those concerned with privacy. I really don't see the benefit to privacy of opting out on one service and not another. I would also imagine that would become a tangle to code around.
      • Re:EPIC (Score:5, Informative)

        by mgiuca (1040724) on Thursday February 09, 2012 @02:32AM (#38978329)

        Maybe it is not because Google will combine the privacy policies into a single one, but also all the users data across all its services?

        Yep, that's certainly the idea. Note that most of Google's existing privacy policies already did give them the ability to share user's data across all its services. For example, YouTube already shows videos that your friends share on Google+. The problem was that they were inconsistent. Google cannot currently share data from YouTube with other sites. Their new policy allows them to do that. This is all explained in their letter to U.S. Congress [google.com].

        Now what exactly is the problem with this? It seems to me that if Google is going to share my data, there are three sets of people they could share it with:

        • Third-party companies, such as advertisers (e.g., selling your personal data for profit)
        • Your social connections (e.g., sharing your personal information without your permission)
        • You (e.g., showing you ads relevant to your interests)

        I see a significant harm if they were to engage in the first two. I don't really have a problem with the third. And this privacy policy specifically prevents them from doing the first two. So what this allows them to do is share my information, from one Google service to another, for the purposes of showing me relevant links and ads. In that case, where is the harm? Further, how am I worse off having, for example, Google search results informed by what YouTube videos I've been watching. It sounds like it could give me more relevant search results.

        Further, I would much rather know that anything I upload to any Google service might be used by any other Google service, than have to remember a complex set of rules about which products' privacy policies allow Google to share data with which other products.

        Perhaps the move will no longer let you share individual services data, like sharing your Google+ data but withhold your Calendar?

        What does this mean? What do you mean by "share" in this context? Withhold your Calendar from whom? As far as I am concerned, the only people who have access to my calendar are me and Google's servers. If the Google+ app had access to my calendar (for example, it might show appointments on the side), that doesn't increase the people who have access to my calendar: It's still just me and Google's servers.

        Since when did any company give you explicit control over how the data is stored on their servers? With Google's new policy, it is simple: if you use a service, your data for that service will be stored on Google and may be used by any other service within that company (and not sold to third parties). How is that harmful? How is that different to any other company?

        • by c0lo (1497653)

          Perhaps the move will no longer let you share individual services data, like sharing your Google+ data but withhold your Calendar?

          What does this mean? What do you mean by "share" in this context?

          My bad, I missused "share" to mean
          1. "harvest/aggregate to sell to 3rd parties"
          2 . "share/use your calendar with your social connections just because you have more permissive setting in your Google+" (I don't know if it makes sense, I'm using neither of them).

          Clearer?

          • Re:EPIC (Score:4, Informative)

            by mgiuca (1040724) on Thursday February 09, 2012 @04:11AM (#38978849)

            Okay, so those approximately match my first and second sharing types in my list of three. For #1, they state that they will not do this in the new policy [google.com]:

            We do not share personal information with companies, organizations and individuals outside of Google unless...

            The "unless" includes a bunch of exceptions, which I don't see as a big deal but you may disagree. In summary, a) if you give them permission, b) if you have a domain administrator (doesn't apply to normal users), c) with a third party affiliate for "processing", which must also agree to the privacy policy (not quite sure what that means), d) if compelled to by a court.

            For #2, that isn't what they meant at all by "sharing information between services". It does NOT imply that, for example, your calendar would be randomly shared on Google+. It only means that they will share data with you and you alone, across services (for example, to give you relevant results and ads). If you haven't used Google+, the sharing is very straightforward and very tightly controlled: only things you explicitly post on there get shared, and every time you share something, it explicitly asks that you nominate a group of people or individuals to share it with, and once posted, that group of people cannot be changed.

            • by Guidii (686867)

              We do not share personal information with companies, organizations and individuals outside of Google unless... The "unless" includes a bunch of exceptions, which I don't see as a big deal but you may disagree. In summary, ...c) with a third party affiliate for "processing", which must also agree to the privacy policy (not quite sure what that means)

              c) means that you might, for example, buy something from Google, and they might have to ship it to you. When they put your name on that envelope, they are "sh

            • by thoromyr (673646)

              you don't have good reading comprehension. They promise not to randomly share SPI (which may not mean you think it means) to random individuals (e.g., making it publicly available) but they can provide it to business partners. The kicker is that your identity is not considered SPI, nor is your location, nor information about your economic or financial situation.

              In other words they are planning on doing the largest privacy-removing correlation in history and selling to those that can afford it. I mean, provi

              • by mgiuca (1040724)

                you don't have good reading comprehension.

                Thanks, that's a really nice way to start a conversation.

                They promise not to randomly share SPI (which may not mean you think it means) to random individuals (e.g., making it publicly available) but they can provide it to business partners. The kicker is that your identity is not considered SPI, nor is your location, nor information about your economic or financial situation.

                Where are you getting the definition? From the glossary linked to by the privacy policy [google.com], per

  • by gearloos (816828) on Thursday February 09, 2012 @01:15AM (#38977787)
    So, I'm a Tmobile Customer. I opt out. So am I still bound by my contract? I don't particularly need Google snooping any more than they already do, which is considerably. What is the average Joe Android User to do? This is interesting. I know it has no implication if I prefer to not use Google + but they are making Google Plus a mandatory part of using their service. So.. again.. Tmo user opting out. Will Tmo get me out of my contract? interesting...
    • by basotl (808388)
      You can still opt out of the data sharing. In addition you can remove Google+ from search results. As far as Google+ it self as long as you don't enter data there is nothing really there.
      • by Mashiki (184564)

        You can? The last thing I read in their privacy policy stated you can't opt out of any data sharing between any of the platforms at all.

    • Re: (Score:3, Insightful)

      Search using Yahoo. Or Bing. Hell, Microsoft is starting to look a lot less evil than Google. Nothing forcing anyone to use Google. So I says fuck 'em. Can't believe I now wish I'd bought an iPhone instead of an android. Next time. Anyway, if people really want to send Google a message, stop using them. Maybe a mass one day general boycott, like on February 15 to protest. Everyone use yahoo or Bing on that day. Just an idea. Spread da word if you think it worth it.
      • Bing also seems to provide better image search results, at least for my purposes. It's one of those things nobody knows because they've been told Google is the best and they shouldn't bother trying anything else.
        • The only thing I see on Google as being a draw for me is the satellite view and street view on the maps. Other than that it's a wash. If it's just search results I'm hard pressed to see the difference. Especially lately when you have to filter like a mad man in order to get useful results (NO, I wanted to learn about mountain lions, not horny old women!). And when you filter you always end up eliminating search results that would have been useful to you in the first place. So now we have to rely on Wikipedi
  • by Anonymous Coward

    For privacy reasons I block all cookies with Firefox using Add-on Cookie Monster (Default Action: Rejected) and only allow certain sites for session cookies via Cookie Monster options.

    I did not allow any Google cookies until yesterday and Google search worked fine.

    But since yesterday, if I search for something, a left mouse click on a result leads to nowhere, or when i "middle" click, to open result in new tab, I get an empty page with a long URL like http://www.google.com/url?sa=t&rct=j&q=reddit

    • by Anonymous Coward

      Google redirect javascript accesses "window.localStorage" without any error-checking.

      If Cookie Monster Add-on is used and cookies are disabled, accessing "window.localStorage" causes a "Security Error" in Firefox.

      So the Google redirect javascript fails silently.

  • by Anonymous Coward

    If they dont like the policies then they shouldnt use the services. It really is this simple, if you dont like something they dont use it. I cant see how people dont understand this anymore.

    "I find that show offensive, Im going to sue so they change it to make it bland and mediocre!", "I dont like that companies policies, Im going to sue them so they make it how I think they should run their company!", "I dont like that persons beliefs, Im going to sue them for not believing what I do!" blah blah blah. If

  • by Dhalka226 (559740) on Thursday February 09, 2012 @11:16AM (#38981613)

    So, I think by now a lot of good conversations (and a fair bit of trolling!) have been started in this thread about Google, the changes they want to make, etc. I see no reason to add to that.

    What I want to know is simpler: How in the world does EPIC feel it has standing to sue the FCC?

    It could sue Google, certainly -- probably as EPIC, but if not it could do it as individual users because each of those users can claim to be effected. But that's where their beef is, and that's where any perceived harm is. The FCC's not blocking a company's change doesn't make them liable for it and it certainly doesn't make them the cause of a tort that EPIC can sue to redress. If there is a violation of law or rights, it originates from Google.

    The FCC and Google have an agreement and this may well be in violation of it -- but that is between the FCC and Google. The idea that you can sue a government agency to force it to act in the way you want is pretty ludicrous on its face. How far do you think I would get if I sued the Department of Justice for not arresting Chris Dodd over his claims that the MPAA basically owns the congressmen it donates to?

    In finest Slashdot tradition, I am not a lawyer -- but I fully expect this lawsuit to be slapped out of court in short order for lack of standing.

I find you lack of faith in the forth dithturbing. - Darse ("Darth") Vader

Working...