blogs.computerworld.com/privacy_group_ban_google_services_like_gmail_from_the_cloud
Windows & Microsoft The privacy group Electronic Privacy Information Center (EPIC) has asked the Federal Trade Commission to investigate Google for privacy breaches related to Google Docs and other Google services --- and to ban Google from offering any cloud services, including Gmail, Google Docs and others until the company can prove it is capable of safeguarding people's privacy. The complaint comes as a result of an incident in which people's private documents stored on Google Docs were shared with other users without their permission on March 7 EPIC, though, says that the security breach was far from isolated, and claims it's part of an ongoing pattern at Google. It says that Google's security is inadequate, and that Google misleads people into believing that data stored with Google is secure. It's asking that the FTC investigate whether Google's security is adequate, and until that is determined, asks that any cloud-relating Google service be shut down. That means Gmail, Google Docs, Google Calendar, and others.
It claims that Google assures people that their data is safe with the company, and that Google urges people to store their personal information on various Google services. Google routinely represents to consumers that documents stored on Google servers are secure. For example, the homepage for Google Docs states "Files are stored securely online" (emphasis in the original) and the accompanying video provides further assurances of the security of the Google Cloud Computing Service. Google also explicitly assures consumers that "Google Docs saves to a secure online storage facility . Google encourages users to "add personal information to their documents and spreadsheets," and represents to consumers that "this information is safely stored on Google's secure servers." Google states that "your data is private, unless you grant access to others and/or publish your information." Google represents to consumers, "Rest assured that your documents, spreadsheets and presentations will remain private unless you publish them to the Web or invite collaborators and/or viewers." The complaint then details a series of what it calls security breaches: 24. On March 7, 2009, Google disclosed user-generated documents saved on its Google Docs Cloud Computing Service to users of the service who lacked permission to view the files. For example: * In January 2005, researchers identified several security flaws in Google's Gmail service. The flaws allowed theft of "usernames and passwords for the 'Google Accounts' centralised log-in service" and enabled outsiders tosnoop on users' email. The security flaw exposed Google users' personal data to malicious internet sites. The vulnerability "could enable a malicious individual to achieve not only remote, persistent access to sensitive data, but in some conditions full system control." The complaint goes on to say that Google's inadequate security is an unfair business practice and a deceptive business practice. It asks that the FTC investigate the privacy and security safeguards of Google's cloud services, that Google revise its Terms of Service to make clear its security and privacy practices. It also asks the FTC to Enjoin Google from offering Cloud Computing Services until safeguards are verifiably established. In other words, ban Gmail, Google Docs, Google Calendar, and other cloud-based services. In addition, it asks that Google contribute $5,000,0000 to a public fund that will help support research concerning privacy enhancing technologies, including encryption, effective data anonymization, and mobile location privacy. As a practical matter, don't expect the FTC to ban Google from offering Gmail and other services --- and, in fact, the FTC shouldn't do it. It would simply cause too much hardship for too many people who use the services. But the FTC should certainly launch an investigation, and Google should pay the $5 million for the fund.
Thomas Foust on March 19, 2009 - 2:22 PM I have been in the battle for privacy online, with security online there is no privacy online. What this is teaching me, is that Google is proving who are the honest people on the net and who is not. When is action going to start being taken against those who use information to damage people? When I have been posting my own information about my past and activities online using Google Docs. Users who have been fighting against me, do to the support I give Google and their services still go out of there way to obtain information which I had never posted that I had told family and friends that would remain private. The problem is not Google as much, as the users out here on the Net engaged in garbage behavior. And with todays technology advancements, I do not know why the serious problems are not addressed. It is more of the masses who are the issue and there abuse of this technology then Google and many other corporations who provide these services for free.
Google has to secure Submitted by Anonymous on March 20, 2009 - 9:10 AM BS! They don't know what testing changes before putting the changes into use is about. They tell users to trust them and they turn around and intentionally use the data without telling them. In short, they routinely abuse users privacy even after stating they will not. They continually push there monoply and try to do deals they should know better than trying (Yahoo for example). They need a very big US and EU investigation to occur within the internal workings at Google! Maybe then they will start taking their customers privacy and laws of the law seriously!
Ban Google Submitted by Steve G on March 19, 2009 - 12:27 PM I looked at using Google Docs late last year because I have a need to allow a few other people access to documents. They have an entry that basically says they are allowed to share any and all documents saved on their servers. I want to say it also said the docs can be shared with anyone but I could be wrong about that. It could have said they are allowed to share with certain third-party companines. My point is that was it really a breach or was it intended to be shared. I decided against using Google Docs at that time because of the sharing issue. If you don't read the fine print then it's your own fault.
Preston's next post has to Submitted by Anonymous on March 19, 2009 - 11:08 AM Preston's next post has to be: Ban Microsoft from the Desktop as they don't know how to protect your data.
This is the stupidest argument I have ever heard Submitted by Anonymous on March 18, 2009 - 8:39 PM They should know that their is no way to guaranty privacy. Microsoft, Apple and Linux can not guaranty your documents will be 100% free from hackers or others who gain physical access to your machine and that is without having to provide access to them through the internet. If all computer programs or service had to be held off until it is 100% security could be guarantied (which is not even technically possible, just that no flaws are known), then no software would ever ship. Their are times that you have to say this is good enough, and we are shipping with what we have.
Google & EPIC Submitted by Anonymous on March 18, 2009 - 8:36 PM Having entered a dot com firm that relies solely on Google for collaboration and messaging (without Postini), I was sick to my stomach each and every time links were shared.
Google Release Management Submitted by Anonymous on March 18, 2009 - 3:17 PM Google has been flowed from the beginning since there release manangement would'nt pass any funtional audit today. The auditors must have finally sold thier Google stock since it's tanked over 50% from a year back. a free software model has failed, time to get back to business.
Frank on March 18, 2009 - 1:44 PM Google may not reveal privata data, but the fact that they store it means anyone can exploit it, just wait for a Chinese Government writ forcing them to reveal the data. Google should refuse to store all kind logs, Ixquick is an internet searcher that does not store any IP, if they can do it, why not Google?
US Restaurant Chain Bakes in Whitelisting (Source: Bit9) Targeted attacks, data theft and PCI DSS complia...
|
http://csua.com/feed/