Feeds

Google Buzz accused of EPIC FAIL

Tweetbooked Gmail hit with FTC complaint

Next gen security for virtualised datacentres

The Electronic Privacy Information Center (EPIC) - a high-profile public advocacy group - has filed a complaint with the US Federal Trade Commission over Google Buzz, the Tweetbook-esque "social networking" service that Mountain View bolted onto Gmail early last week.

In its complaint, EPIC says that the new service violated user expectations, diminished user privacy, and contradicted Google's privacy policy. The group even questions whether Buzz violated federal wiretap law. The US Electronic Communications Privacy Act prevents operators of "electronic communication" services from disclosing certain subscriber information without consent - including "addressing" information - and the privacy watchdog believes this "may" apply to Buzz.

"The argument is that Google could have violated federal law by disclosing address book contacts without getting proper consent," EPIC privacy counsel Kim Nguyen tells The Reg.

Like Facebook or Twitter, Buzz is a means of sharing personal info and media with others across the web in (near) real-time. But unlike a Facebook or a Twiiter, it's not a standalone service. It's an add-on for Gmail, designed to dovetail with Google's existing online email service and tap users' existing Gmail and Google Chat contacts.

Introduced last Tuesday and pushed out to an estimated 32.1 million Gmail users beginning that same day, Buzz automatically identified users' most frequent email and chat contacts as people they'd like "to follow" - i.e. people you'd like to receive posts from. By default, it exposed this list to the world, and many complained that the checkbox that allowed users to hide this list was far from prominent.

After a firestorm of criticism over the service, Google agreed to move the checkbox to a more prominent position. Then, over the weekend, it announced that it would change the way the service handled user Gmail contacts. At set-up time, rather than automatically identifying email and chat contacts for following, it would "suggest" people to follow and give the user the opportunity to make changes.

The word from CNET is that these changes were driven at least in part by complaints from employees at Google's weekly all-hands meeting.

But with its complaint, EPIC says the service still goes too far. The complaint urges the FTC to require Google to make Buzz "fully opt-in" - meaning it would only be added to Gmail if users specifically asked for it. "Sites like Facebook and Twitter are first and foremost social networking sites," Nguyen tells us. "Gmail users sign up for email addresses, and for most users, email is private. With Buzz, Google made a private email service into a social networking site, and that violates user expectations."

The complaint also urges the FTC to require Google to stop using Gmail users' private address books to build its social networking lists and to give users "meaningful control over their personal data."

Over the weekend, Google also added a Buzz tab to a user's central Gmail "settings" that let them disable Buzz entirely, and it provided a link to this tab from the initial Buzz setup screen. Earlier this week, in a blog post, the Electronic Frontier Foundation - another privacy advocate - said Google's weekend changes were "a significant step forward." But it was still critical of the way Google has handled the service and it at least indicated the service should be opt-in.

"While a full opt-in model would be less likely to result in inadvertent disclosures of private information, this is a significant step forward," wrote EFF's Kurt Opsahl. "Problems arose because Google attempted to overcome its market disadvantage in competing with Twitter and Facebook by making a secondary use of your information.

"Google leveraged information gathered in a popular service (Gmail) with a new service (Buzz), and set a default to sharing your email contacts to maximize uptake of the service."

Over the past few days, so many news stories have indicated that privacy concerns arose because Google failed to properly test the service before its release. But there's some confusion about the extent of this testing. According to the BBC, Google only tested the service with employees, forgoing "more extensive trials with external testers," while a CNET report says the company tested the service with at least some externtal users in its internal "usability lab."

Regardless, the fact remains that for all the changes Google made over the past week, Buzz is an opt-out service. And fundamentally, it's designed to hook into users' existing private email accounts and encourage them - in one way or another - to instantly expose more data than they would on a new standalone service.

As it filed its complaint over Google Buzz, EPIC also noted that the FTC has so far failed to take action over a complaint it filed in March of last year involving Gmail and other web-based Google Apps. In this March complaint, the privacy group called for a formal FTC probe of these services after a Google snafu saw the company inadvertently share certain Google Docs files with users who were unauthorized to view them.

EPIC urged the FTC to shut down Google's so-called cloud computing services, including Gmail and Google Docs, if Google can't ensure the safety of user data stored by these apps.

"After Goggle's most recent privacy misstep [involving Google Buzz], the FTC should rally respond to our [other complaint] and that's what we expect they will do," Nguyen tells us. ®

>Update: This story has been updated to clarify the contents of the Electronic Communications Privacy Act and correct the estimated number of Gmail users.

The essential guide to IT transformation

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
Founder (and internet passport fan) now says privacy is precious
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
Facebook to let stalkers unearth buried posts with mobe search
Prepare to HAUNT your pal's back catalogue
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?