Thursday, March 19, 2009

Google Apps threatened by Privacy Group

March, 19th 2009 - EPIC, a public interest research group based in Washington, D.C, has urged the FTC (Federal Trade Commission) to shut down Google's Apps services, including Gmail and Google Docs. The petition filed on March 17th 2009 calls on the FTC to launch a formal probe of the Google Apps service. The petition was sparked by a Google security breach that allowed certain Google Docs files to be viewed by unauthorized users. Google estimates that the breach hit about 0.05 per cent of the documents stored by the service.

The Washington, D.C.based not for profit asked the FTC to assess the privacy and security safeguards used by Google's online apps and determine whether the company has properly represented these safeguards. "Google's inadequate security practices, and the resultant Google Docs data breach, caused substantial injury to consumers, without any countervailing benefits," EPIC stated in its petition. "The harm was reasonably avoidable, in that the damage could have been avoided or mitigated by the adoption of commonsense security practices, including the storage of personal data in encrypted form, rather than in plain text."

It also points to several cases where Google or outside researchers have discovered privacy and security flaws in the company's online apps, including the early March bug involving Google Docs.

The Google service has become an attractive low cost alternative to Microsoft, as the Apps Standard and Education versions are free. The more sophisticated Premier edition costs $50 per user per year and includes, a 99.9% uptime guarantee for Gmail and access to phone support.

Google would not discuss the petition, but it did provide a statement: "We have received a copy of the complaint but have not yet reviewed it in detail. Many providers of cloud computing services, including Google, have extensive policies, procedures and technologies in place to ensure the highest levels of data protection. Indeed, cloud computing can be more secure than storing information on your own hard drive. We are highly aware of how important our users' data is to them and take our responsibility very seriously."