Does Google’s California Privacy Case Impact Public Sector and Business Users?

By Doug Miller

Many of us have been following a legal case being fought in California in which 10 plaintiffs are suing Google over its practice of scanning the content of private Gmail messages for the purposes of showing ads related to the content of the user’s email.

The plaintiffs and many privacy organizations claim Google “unlawfully opens up, reads, and acquires the content of people’s private email messages” and this violates California’s privacy laws and federal wiretapping statutes. Google states that it has always done this and “all users of email must necessarily expect that their emails will be subject to automated processing.” Google also states that the revenue gained by delivering context-sensitive ads to Gmail users enables it to offer a free service. In fact, Google was just awarded a patent related to scanning the content of emails, ranking the content and matching ads to the content. Read the rest of this entry »

Why Is Google Dragging Its Heels on European Privacy?

By Doug Miller

Last week saw the latest chapter unfold in Google’s privacy battle with the European Union. In October 2012, France’s Commission Nationale de l’Informatique et des Libertes, or CNIL published a set of recommendations, on behalf of 27 European data protection authorities, suggesting that Google should address the “uncontrolled combination of data across services” and other data collection issues in its new privacy policy. The CNIL has now announced that Google has not provided a satisfactory response and it will proceed with recommending “repressive action” against Google. My colleague Jeff Gould published a piece this week on Google’s new battle with Europe and asked the question: who will win? Perhaps an equally interesting question to ask is: why isn’t Google complying with European privacy requests? No one can know for sure what Google’s management is thinking but one set of circumstances may be a factor in its lack of response. Read the rest of this entry »

Google – Let Us Opt Out of Your Data Mining Machine

By Doug Miller

The French data protection agency (aka the CNIL), acting on behalf of a large group of European data protection agencies, today announced that it was taking action to push Google to make a number of changes to its privacy policy that came into effect earlier this year.

One of the big issues for the CNIL is the lack of control for the user over the amount of data that is collected when you use a Google cloud service or how that data can be used. There is no opt-out for users if they don’t want their browsing habits and internet content mined for the purpose of enhancing Google’s search or displaying more relevant Google ads.
Read the rest of this entry »

Is Wozniak really wrong?

By Doug Miller

Steve Wozniak’s recent comments on how cloud computing is going to cause “lot of horrible problems in the next five years” and comments such as…

“with the cloud, you don’t own anything. You already signed it away”

… has sparked wide-ranging commentary in the media and blogosphere.

One of the more interesting reactions was one published by David Linthicum on InfoWorld in an article titled “Wozniak is wrong about cloud computing.”

One of the points Mr. Linthicum makes is…

“I suspect he’s referring more to consumer-oriented clouds and social networking sites that leverage your information in exchange for use of their services.”

Both of these folks raise some valid points. However, to Mr. Wozniak’s claims, if you go with the right cloud solutions with the right privacy agreements and terms of services, the data ownership and protection issues should be properly addressed – right? Mr. Linthicum’s point that this is more about consumer-oriented clouds raises questions as well.

Is Wozniak right or wrong? The answer may be within our control.
Read the rest of this entry »

The Bank of Google

By Doug Miller

This week I read about Google’s new achievement of ISO 27001 compliance for its Google Apps offering. One of the more interesting news pieces was a story in Wired where Eran Feigenbaun (aka Eran Raven) Google’s Director of Security for Google Apps was interviewed and compared Google Apps to a bank “in the days when a bank was a new idea”. His actual quote was:

“It’s very similar to the situation banks were in hundreds of years ago. They had to convince us to give them our money, to take the money out from under the mattress and put it in the bank.”

The more I think about it, the more I agree with Mr. Feigenbaun. Google is like a bank for our data. But before I dive more into the banking analogy, I think it is worth noting that it makes total sense for Google to do everything it possibly can to secure its infrastructure by conforming with ISO 27001 and other standards.
Read the rest of this entry »

What Utah CIO’s firing means for public sector cloud computing

By Jeff Gould

Utah’s Governor has just fired the state’s CIO over a data breach that let foreign hackers steal the social security numbers of 280,000 state residents. Why did this unfortunate episode happen, and what can we learn from it?

Here are the basic facts. Sometime back in March, Romanian data pirates hacked into a state database. Utah, like many states, maintains a database of Medicaid recipients that health insurance providers query to verify a patient’s entitlement status before paying for care. Unfortunately, the way the process works is badly designed: everyone who receives health care in Utah has their name queried, whether they are on Medicaid or not. The CIO can’t be held responsible for this poor workflow design choice. Most likely the politicians are to blame, or perhaps the state department that regulates health insurance in Utah.

Read the rest of this entry »

Safari-gate: Did Google break government computing laws?

By Doug Miller

On February 17th, the Wall Street Journal reported that a researcher working for them discovered that Google ran hidden code designed to circumvent the security settings on Apple devices that use the Safari web browser. While much of the coverage of this revelation has focused on consumers and whether the action may have violated laws or the consent agreement between the FTC and Google, little has been written about the impact for public sector customers. Public sector customers are big users of Apple devices and these users are governed by a strict set of unique regulations and laws. Given the circumstances of the events here, the question needs to be asked: did Google break any of the laws or regulations that restrict entities from accessing or changing government computing systems?

Read the rest of this entry »

Google Drive: Read the Terms

By Doug Miller

Google launched its Google Drive service today and there have been several articles reviewing both the capabilities of this new service (especially how it compares to DropBox) and also lots of chatter about the terms of service. If you are curious about what Google Drive is, the official announcement is here and Walt Mossberg had a good write up here.

I am a big user of DropBox so I was very interested in trying out this new competitor. Overall, it seems like a solid product. I installed it on both a PC and an Android tablet and it worked as advertised. I was able to upload some files and view these in the browser, on my tablet and on my computer. I even tried accessing Google Drive files from my Windows phone using the web interface and this worked as well. I’m probably not going to replace DropBox just yet but this is a decent product.
Read the rest of this entry »

Google, Schools and the Data Gold Rush

By Doug Miller

Back in the 1800s, the possibility of striking it rich simply by picking up gold nuggets that were lying in creek beds – getting something for nothing – was a lure that hundreds of thousands of people couldn’t resist. Today, personal data is the new valued resource and it has become this century’s “gold nugget lying in a creek bed” to simply be collected for free and sold for millions. You might think that the gold extracted in a typical gold rush was much more valuable than personal data could ever be, but the revenue generated from mining personal information is worth much, much more. For example, the California gold rush that lasted about 16 years generated 8.3 million troy ounces of gold which would be worth over $13 billion at today’s prices. But today, Google makes over three times that much in one year from its advertising business which is built upon mining and refining vast amounts of personal data.
Read the rest of this entry »

What is Google hiding from the FCC?

By Jeff Gould

Last week the FCC gave Google a verbal beatdown that, had it been delivered with karate chops rather than words, would have made Chuck Norris proud. In a 25 page report detailing its efforts to get Google to explain why it eavesdropped on the WiFi transmissions of untold thousands of home and business users, the Commission upbraided the search giant for its repeated attempts to stonewall and derail the investigation. With its relentless accumulation of compromising details the report makes for fascinating reading. But for those who don’t have the time, I offer here a brief summary and some speculation about what is really going on in this decidedly murky affair.

The eavesdropping occurred as part of Google’s effort to create a vast database of worldwide WiFi router locations that would enable location-based advertising on Android cell phones. But instead of limiting itself to collecting just the network addresses and GPS coordinates of the WiFi routers passed by its roving Google Cars (the only data needed for its declared purpose), Google also surreptitiously recorded over a two year period the content of transmissions sent by users who failed to properly secure their routers. According to information released by French regulators and cited by the FCC, the captured content included racy emails and postings to sexually explicit web sites, as well as much other material the owners certainly never intended to disclose to strangers.

Read the rest of this entry »