Feeds

Google Buzz accused of EPIC FAIL

Tweetbooked Gmail hit with FTC complaint

Build a business case: developing custom apps

The Electronic Privacy Information Center (EPIC) - a high-profile public advocacy group - has filed a complaint with the US Federal Trade Commission over Google Buzz, the Tweetbook-esque "social networking" service that Mountain View bolted onto Gmail early last week.

In its complaint, EPIC says that the new service violated user expectations, diminished user privacy, and contradicted Google's privacy policy. The group even questions whether Buzz violated federal wiretap law. The US Electronic Communications Privacy Act prevents operators of "electronic communication" services from disclosing certain subscriber information without consent - including "addressing" information - and the privacy watchdog believes this "may" apply to Buzz.

"The argument is that Google could have violated federal law by disclosing address book contacts without getting proper consent," EPIC privacy counsel Kim Nguyen tells The Reg.

Like Facebook or Twitter, Buzz is a means of sharing personal info and media with others across the web in (near) real-time. But unlike a Facebook or a Twiiter, it's not a standalone service. It's an add-on for Gmail, designed to dovetail with Google's existing online email service and tap users' existing Gmail and Google Chat contacts.

Introduced last Tuesday and pushed out to an estimated 32.1 million Gmail users beginning that same day, Buzz automatically identified users' most frequent email and chat contacts as people they'd like "to follow" - i.e. people you'd like to receive posts from. By default, it exposed this list to the world, and many complained that the checkbox that allowed users to hide this list was far from prominent.

After a firestorm of criticism over the service, Google agreed to move the checkbox to a more prominent position. Then, over the weekend, it announced that it would change the way the service handled user Gmail contacts. At set-up time, rather than automatically identifying email and chat contacts for following, it would "suggest" people to follow and give the user the opportunity to make changes.

The word from CNET is that these changes were driven at least in part by complaints from employees at Google's weekly all-hands meeting.

But with its complaint, EPIC says the service still goes too far. The complaint urges the FTC to require Google to make Buzz "fully opt-in" - meaning it would only be added to Gmail if users specifically asked for it. "Sites like Facebook and Twitter are first and foremost social networking sites," Nguyen tells us. "Gmail users sign up for email addresses, and for most users, email is private. With Buzz, Google made a private email service into a social networking site, and that violates user expectations."

The complaint also urges the FTC to require Google to stop using Gmail users' private address books to build its social networking lists and to give users "meaningful control over their personal data."

Over the weekend, Google also added a Buzz tab to a user's central Gmail "settings" that let them disable Buzz entirely, and it provided a link to this tab from the initial Buzz setup screen. Earlier this week, in a blog post, the Electronic Frontier Foundation - another privacy advocate - said Google's weekend changes were "a significant step forward." But it was still critical of the way Google has handled the service and it at least indicated the service should be opt-in.

"While a full opt-in model would be less likely to result in inadvertent disclosures of private information, this is a significant step forward," wrote EFF's Kurt Opsahl. "Problems arose because Google attempted to overcome its market disadvantage in competing with Twitter and Facebook by making a secondary use of your information.

"Google leveraged information gathered in a popular service (Gmail) with a new service (Buzz), and set a default to sharing your email contacts to maximize uptake of the service."

Over the past few days, so many news stories have indicated that privacy concerns arose because Google failed to properly test the service before its release. But there's some confusion about the extent of this testing. According to the BBC, Google only tested the service with employees, forgoing "more extensive trials with external testers," while a CNET report says the company tested the service with at least some externtal users in its internal "usability lab."

Regardless, the fact remains that for all the changes Google made over the past week, Buzz is an opt-out service. And fundamentally, it's designed to hook into users' existing private email accounts and encourage them - in one way or another - to instantly expose more data than they would on a new standalone service.

As it filed its complaint over Google Buzz, EPIC also noted that the FTC has so far failed to take action over a complaint it filed in March of last year involving Gmail and other web-based Google Apps. In this March complaint, the privacy group called for a formal FTC probe of these services after a Google snafu saw the company inadvertently share certain Google Docs files with users who were unauthorized to view them.

EPIC urged the FTC to shut down Google's so-called cloud computing services, including Gmail and Google Docs, if Google can't ensure the safety of user data stored by these apps.

"After Goggle's most recent privacy misstep [involving Google Buzz], the FTC should rally respond to our [other complaint] and that's what we expect they will do," Nguyen tells us. ®

>Update: This story has been updated to clarify the contents of the Electronic Communications Privacy Act and correct the estimated number of Gmail users.

Next gen security for virtualised datacentres

More from The Register

next story
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.