TMCnet News

Google slammed for latest privacy breach
[February 20, 2012]

Google slammed for latest privacy breach


Feb 18, 2012 (San Jose Mercury News - McClatchy-Tribune Information Services via COMTEX) -- Google (GOOG) faced an avalanche of criticism Friday as regulators, digital rights activists and consumer groups harshly criticized the Internet giant's deliberate decision to override the privacy controls in the Web browsers of Apple (AAPL) iPhone and Mac users.



Given that Google has been under a privacy microscope, the latest in a series of stumbles by the Internet giant left many observers even more perplexed and troubled than Google's actions in the past -- even if they accepted the company's assertion that the privacy problems caused by its changes to Apple's Safari browser were inadvertent.

"What this really marks is a significant breach of user trust," said Danny Sullivan, editor-in-chief of Search Engine Land and a veteran Google watcher, who has defended the company against its legion of critics in the past. "Google deliberately worked around something in Safari to make ads work in the way it wanted them to work, regardless of whether the user wanted that or not." The breach also suggests, some critics said, a willingness at Google to compromise its famous "Don't be evil" principles in the heat of its intense rivalry with Facebook and other competitors for digital advertising dollars.


"I think there is this relentless search for data that the actual user is not aware of. So I think it is happening overall in the industry," said Lori Andrews, a law professor at the Chicago-Kent College of Law and author of the book "I Know Who You Are and I Saw What You Did," about data collection in the Internet advertising industry.

Google had privacy problems with its ill-fated Buzz social network in 2010, its collection of data from unprotected home and business Wi-Fi networks through its Street View cars that same year and a dispute only last month over changes to its privacy policies.

The revelations Thursday appear certain to draw more attention from the U.S. Federal Trade Commission. Last year, after an investigation of the Buzz privacy issue, the FTC ordered Google to undergo independent privacy reviews for 20 years and make other broad privacy changes.

Google denies it was trying to track people's online behavior when it bypassed built-in privacy protections in Apple's Safari browser. The Google code was discovered by Stanford University researcher Jonathan Mayer.

The company's own website, until recently, said Safari users did not have to make setting changes to block Google's so-called tracking "cookies." But Google last year began taking advantage of a feature in Apple's browser that allows users to access social networking features like Facebook's "Like" button and Google's "+1" button to see personalized ads and other content, the search company said in a written statement. The effect of those changes, Google said, was that the company's own advertising tracking cookies were inadvertently placed on users' browsers, leaving the statement on Google's website untrue.

Google removed that statement this week, after it was confronted by The Wall Street Journal with Mayer's research.

Cookies are small bits of software code that act like an automobile license plate for a Web browser, allowing marketers and data aggregators such as Google's DoubleClick ad network to catalog users' browsing history to deduce their desires and interests. They are a key to the $36.5 billion in advertising revenue Google recorded in 2011.

Mayer said in an interview with this newspaper Friday that the Safari breach likely affected millions of iPhone and Mac users, although he said he has not calculated exactly how many people were affected.

Google "is a company that asks users to place a lot of trust with them, organizing the world's information, and increasingly organizing your information, and of course with the corporate ethic of 'Don't be evil,' " Mayer said. "So I think it's right to hold Google to a higher standard. They are supposed to have the best engineers; they are supposed to have the best lawyers. They are supposed to be a role model for industry. ... This definitely falls short of the standard Google is supposed to meet." If the FTC determines that Google violated its Buzz settlement order the company could face penalties of up to $16,000 per violation per day per user.

The FTC, Congress and several state attorneys general already are investigating Google's search dominance on antitrust grounds. Sen. Jay Rockefeller, D-West Virginia, chairman of the Senate Committee on Commerce, Science and Transportation, said Friday that he would examine the Safari incident. And three other Congress members, Reps. Ed Markey, D-Mass., Joe Barton, R-Texas, and Cliff Sterns, R-Fla., also asked the agency to look into whether the Safari breach violates its recent settlement with Google.

An agency spokeswoman said Friday the FTC is aware of the Safari issue, but she declined to comment on the possibility of an investigation.

The Electronic Privacy Information Center complained to the agency Friday about the latest privacy revelation.

"What they said about how this would work for Safari users turned out not to be true," said Marc Rotenberg, EPIC's executive director. "And they benefited (financially) from this." The breach brought strong criticism from groups such as Consumer Watchdog, the Association for Competitive Technology and the Center for Democracy & Technology. It could lead to renewed efforts in Congress to require features that block tracking cookies to be included in all major Web browsers.

"We've always thought a big privacy event could pretty well drive legislation" for Do Not Track features, said Justin Brookman, CDT's director of consumer privacy. "That's what we could see coming out of this." For its part, an embattled Google on Friday continued to stand by a statement that its placement of advertising cookies on Safari browsers was inadvertent.

"We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It's important to stress that, just as on other browsers, these advertising cookies do not collect personal information," Google said in a written statement.

Critics countered that cookies do allow digital marketers to identify a user's browser.

Saying cookies don't themselves collect information "is not the same thing as saying that as a result of this, no personal information was leaked about you, or there was no change in the information that websites were able to collect about you or associate to you," said Lee Tien, senior staff attorney with the Electronic Frontier Foundation, a San Francisco digital rights group.

Contact Mike Swift at 408-271-3648. Follow him at Twitter.com/swiftstories or Facebook.com/mike.swift3.

___ (c)2012 the San Jose Mercury News (San Jose, Calif.) Visit the San Jose Mercury News (San Jose, Calif.) at www.mercurynews.com Distributed by MCT Information Services

[ Back To TMCnet.com's Homepage ]