User Picture

Google’s Terms Of Service: We Can Do Whatever We Want

By: Consumer Watchdog Friday April 11, 2014 6:33 pm

From time to time it’s instructive to look at an online company’s Terms of Service (TOS) so you understand what you’re agreeing to when you use it.  A look at Google’s TOS is particularly timely because the Internet giant’s legal beagles have revised it and the  new one takes effect on Monday.

Google Logo with devil's tailHere’s what they say about content you put on their services:

Some of our Services allow you to upload, submit, store, send or receive content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.

That sounds pretty good at first blush.  It’s yours and it stays yours — except for the fact what the first paragraph granteth, the next paragraph taketh.  To wit:

When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services…

In other words, Google claims the right to do whatever it wants with your stuff, even if you quit the service.

It’s also interesting to note the substantial addition to the new TOS, which the Internet giant claims the right to change in the future on a whim.  Google  conveniently provides a marked copy that shows changes.  Here’s the big addition:

Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.

 

There can be no doubt: Google snoops on everything you send them, as it makes its way through the Internet giant’s computer systems and when it is stored in Google’s cloud, so Google can build digital dossiers about you.

You’re not Google’s customer; you’re Google’s product.  And, they claim the right to pretty much do whatever they want with with your stuff.

California DMV’s Autonomous Vehicle Regulations Must Protect Users’ Privacy

By: Consumer Watchdog Tuesday March 11, 2014 3:48 pm

Driverless CarI was up in Sacramento today to call on the Department of Motor Vehicles to ensure that the regulations that they are developing to govern the use of autonomous vehicles – popularly known as driverless cars – will protect the operators’ privacy.

The company that will be most directly affected by the new autonomous vehicle regulations is Google, which is pioneering development of the robot-driven cars. The Internet giant was the driving force behind SB 1298, which charged the DMV with the task of developing the regulations and also rebuffed attempts to require privacy protections in the law.

However, it is not too late to implement privacy safeguards in this rulemaking and Consumer Watchdog called on the DMV to do so. Failure to act will mean substantial privacy risks from the manufacturers’ driverless car technology if there are not protections from what Google is best known for: the collection and use of voluminous personal information about us and our movements.

The DMV regulations must give the user control over what data is gathered and how the information will be used. Merely stating what data is gathered with no explanation of its use is woefully inadequate. The DMV’s autonomous vehicle regulations must provide that driverless cars gather only the data necessary to operate the vehicle and retain that data only as long as necessary for the vehicle’s operation. The regulations should provide that the data must not be used for any additional purpose such as marketing or advertising without the consumer’s explicit opt-in consent.

Without appropriate regulations, autonomous vehicles will be able to gather unprecedented amounts of information about the use of those vehicles. How will it be used? Just as we are now tracked around the Internet, will Google and other purveyors of driverless car technology now be looking over our shoulders on every highway and byway? Will the data be provided to insurance companies for underwriting purposes or to third parties that develop some kind of a driving score related to where and when individuals travel? Will it be used to serve in-car advertisements or advertisements through other venues in the Google suite of products? Will it be used to track our movements and those of surrounding cars and mobile devices so that Google’s advertisers can better locate us?

Google is the aforementioned leader in driverless car research and is attempting to steer regulatory efforts in various states, especially California. That’s why our concerns are so focused on the company. So I ask: Why won’t Google endorse simple privacy safeguards for its self-driving cars? I think there are two reasons.

First, Google’s entire business model is based on building digital dossiers about our personal behavior and using them to sell the most personal advertising to us. You’re not Google’s customer; you are its product – the one it sells to corporations willing to pay any price to reach you. Will the driverless technology be just about getting us from point to point or more about tracking how we got there and what we did along the way?

Second, computer engineers, who believe that more data is always better, are in charge at Google. They may not know what they would use data for today, but they think they may someday find a use for it and don’t want any restrictions on them now.

Google is first and foremost an advertising company; 98 percent of its $38 billion in revenue comes from advertising, and the more personalized the marketing the better. Indeed, Executive Chairman Eric Schmidt has said, “We don’t need you to type at all. We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.”

California Attorney General Takes the Lead In Cybersecurity

By: Consumer Watchdog Thursday February 27, 2014 7:54 pm

Kamala HarrisData breaches at major retailers Target and Neiman Marcus during last year’s holiday shopping season affected more than 100 million people and focused new attention on the need to protect person information stored online.

While it’s clear that tough data breach legislation must be enacted, California Attorney General Kamala Harris is taking action to improve cybersecurity in the state before new laws are passed. Today she released recommendations to California businesses to help protect against and respond to the increasing threat of malware, data breaches and other cyber risks.

In addition Harris is leading an investigation by state attorneys general into the Target and Neiman Marcus breaches, Don Thompson of the Associated Press reported:

Harris’ office also disclosed that California is leading a multistate investigation into the massive holiday season consumer data theft at discount retailer Target Corp. and luxury retailer Neiman Marcus, breaches that left tens of millions of customers at risk. More than 7 million Californians were affected by the Target breach alone, Special Assistant Attorney General for Law and Technology Jeff Rabkin said.

The U.S. Justice Department is taking the lead in trying to identify the culprits, who are suspected to be based overseas, while the multistate investigation focuses on whether the retailers share blame because they lacked the necessary precautions to prevent the thefts. The state investigation also will explore whether Target and Neiman Marcus acted properly as soon as they learned of the problem, Rabkin said in a telephone interview.

The guide, Cybersecurity in the Golden State, offers suggestions focused on small to mid-sized businesses, which are particularly vulnerable to cybercrime and often lack the resources to hire cybersecurity personnel. In 2012, 50 percent of all cyber attacks were aimed at businesses with fewer than 2,500 employees and 31 percent were aimed at those with less than 250 employees, Harris said.

Key recommendations for small business owners include:

  • Assume you are a target and develop an incident response plan now.
  • Review the data your business stores and shares with third parties including backup storage and cloud computing. Once you know what data you have and where it is, get rid of what is not necessary.
  • Encrypt the data you need to keep. Strong encryption technology is now commonly available for free, and it is easy to use.
  • Follow safe online practices such as regularly updating firewall and antivirus software on all devices, using strong passwords, avoiding downloading software from unknown sources and practicing safe online banking by only using a secure browser connection.

In 2003 California was the first state to pass a data breach notification. In 2012 the law was amended to require any breach that involved more than 500 Californians be reported to the attorney general.

The 170 breaches reported to the attorney general’s office in 2013 represent a 30 percent increase over the 131 identified the year before, according to figures provided to The Associated Press. Among entities reporting breaches in 2012 were American Express Travel Related Services Co., Kaiser Permanente and several state government agencies, including the departments of Public Health and Social Services.

Given the current data breach laws Harris is taking meaningful action. But, what’s ultimately needed is a law that would make her best practice recommendations legal mandates. We need a California Financial Information Privacy Act that would:

  • Change breach notification standards to be immediate.
  • Set limits on the time data can be retained. And limits on what information can be collected and retained.
  • Write minimum-security standards into the law so that they are no longer voluntary.
  • Most importantly: create a private right of action. Put a price tag on retailers’ mistreatment of our private financial information.

Until there is a real price to pay, Target, Neiman Marcus and other retailers will continue to make us targets.

Posted by John M. Simpson, Consumer Watchdog’s Privacy Project Director.

Now Even Google Says Don’t Be A “Glasshole”

By: Consumer Watchdog Tuesday February 25, 2014 4:49 pm

Looks like even Google is finally figuring out the innate privacy invasive properties of its wearable computing device, Google Glass. The Internet giant has posted a list of do’s and don’t's on its Glass website that tells “Explorers” — the first group of people to get access to Glass for $1,500 — how not to be “Glassholes.”

You’ll recall that Chairman Eric Schmidt once said it was Google’s policy to get right up to the “creepy line,” but not to cross it. It seems pretty clear that some Googlers have figured out that Glass has crossed the line and are attempting a rowback.

From the list of Do’s:

Ask for permission.
Standing alone in the corner of a room staring at people while recording them through Glass is not going to win you any friends (see Don’ts #4). The Glass camera function is no different from a cell phone so behave as you would with your phone and ask permission before taking photos or videos of others.

And here’s Google’s final point on the list of Don’t's:

Be creepy or rude (aka, a ‘Glasshole’).
Respect others and if they have questions about Glass don’t get snappy. Be polite and explain what Glass does and remember, a quick demo can go a long way. In places where cell phone cameras aren’t allowed, the same rules will apply to Glass. If you’re asked to turn your phone off, turn Glass off as well. Breaking the rules or being rude will not get businesses excited about Glass and will ruin it for other Explorers.

You may have seen that Virgin Atlantic staff who greet “Upper Class” passengers — the airline’s name for First Class– as they arrive at Heathrow Airport are now sporting Glass purportedly to offer them information on such things as the weather at their destination.

How long do you think it will be before they are recording and videoing arriving passengers and maybe even linking it to facial recognition technology? Just, what we need, right? First Class “Glassholes.”

Posted by John Simpson, Privacy Project Director at Consumer Watchdog.

Target Needs to Pay for Targeting Our Privacy

By: Consumer Watchdog Tuesday February 18, 2014 8:04 pm

Target ShirtTarget is targeting our privacy. There’s a big red bullseye, a target – like the one on the shirt I’m wearing today – that Target and Neiman Marcus, who chose not to show up to answer questions today, have put on us because they haven’t done enough to protect our private financial data. And the reason is that there’s no financial incentive to do so.

110 million Americans had their personal financial information breached. That ‘s one out of two adult Americans. I was in Sacramento today to testify in front of a joint California Assembly committee hearing investigating the breach. And yet Target did not send a single representative to Sacramento today to answer questions about the largest data breach in American history?

The fact that Target didn’t show up today tells us all we need to know about how sorry Target is and how committed it is to our privacy.

If you are as offended by this as I am, I have a t-shirt for you to wear too.

The reason Target won’t face legislative questions today is the same reason that our personal financial information and data is at such grave risk: there is no price to pay. There are few financial penalties to companies like Target when our personal data is taken.

Beyond public embarrassment, Target has little financial incentive to care.

We, the consumers, pay the consequences but we have no remedies.

According to the Committees’ own staff research, 1 in 4 consumers whose personal information that is taken becomes a victim of identity theft. 1 in 4 victims of a data breach is also a victim of identity theft. If these numbers apply to Target, that would potentially create more than 25 million identity theft victims.

There’s a harm. The retailers had a role in creating that harm. And yet they have no liability under California law for what they have or have not done to safeguard the sanctity of our personal information.

The problem with privacy violations is that unlike thefts of money or property the law does not recognize a harm and does not provide a remedy.

As the Committees’ staff research states: consumers have no remedy under the law for the loss of financial privacy suffered through these data breaches, and the 1 in 4 risk of id theft they face. Zero remedies.

So why would retailers invest in greater security, or meet voluntary industry standards, or move away from risky magnetic strip technology?

If they don’t have to pay a price they don’t have an incentive to change. And that leaves our private financial information with a big bullseye on it.

What can we do?

We need a California financial information act that mirrors our Medical Information Privacy Act.

When there is a data breach of our medical information, the drug company, hospital or medical center is liable to the consumer for $1,000 per violation.

Guess what? Medical data breaches are fewer and farther between. When they occur companies pay a big price.

The same should be true for our financial data. We need a California Financial Information Privacy Act.

It would:

  • Change notification standards to be immediate.
  • Write minimum-security standards into the law so that they are no longer voluntary.
  • Set limits on the time data can be retained. And limits on what information can be collected and retained
  • Most importantly: create a private right of action. Put a price tag on retailers’ mistreatment of our private financial information.

Until there is a price to pay, Target and other retailers will continue to make us targets.

If you are as offended as I am by Target’s absence today in Sacramento, please share our Target design online to show your displeasure.

When a company as big as Target won’t provide a single representative to answer questions about the largest data breach in American history, it is time for California to step up and deliver on the promise in Article 1 Section 1 of our state constitution: Privacy is an inalienable right.

Posted by Jamie Court, President of Consumer Watchdog.

AAA Gets an “F” For Dumping Agents, Leaving Customers in the Lurch

By: Consumer Watchdog Tuesday February 18, 2014 1:51 pm

 AAA TruckTriple-A has been American drivers’ friend almost since U.S. roads linked the nation together. It has rescued families from flat tires and worse. It has planned millions of family vacations and sold well-regarded auto insurance. It has always skewed toward older drivers and welcomed their devoted renewal of memberships. Its employees got good benefits and stayed with the organization.

For all those reasons, it’s a shock to hear that—at least in Northern California—AAA is dumping senior employees like so much excess baggage, according to a lawsuit filed by 10 of them. At AAA’s California State Auto Club branch, successful veteran insurance agents report being fired or forced out and replaced with younger, cheaper hires and call center employees.

Drivers who have kept up their AAA memberships for decades should be steamed about this on principle. But there are practical reasons to be angry, especially for drivers with AAA auto, home or boat insurance.

The laid-off AAA insurance agents are the people you would have called if you had a policy question or problem with a claim. Or if you wanted to add your child to a policy. Or maybe just for advice—for instance about whether a rental car is covered or whether your auto insurance is good in Canada.

Where are you going to get that help now? Who you gonna call?

Your file would likely become a “house account,” often with no agent assigned. Maybe the call center kid can find your file, put you on hold and hunt for a manager to help him figure it out. The hourly workers answering the phone won’t know you from Adam.

If the same thing is going on at other AAA chapters, it’s not likely the public will know unless more lawsuits emerge.

Judy DuganThe “why” of these dismissals is not complicated. Insurance agents get bonuses when they sell new policies and smaller yearly payments from the insurance company as policies are renewed. The agents are expected to earn your loyalty and keep you in the fold.

The senior agents service up to thousands of policies built up by sales over the years. This takes time, so they may sell fewer new policies.

By dismissing the agents, CSAA gets to keep their yearly servicing payment.

CSAA’s bet is that you won’t care enough to endure the thrash of taking your business elsewhere. The fact that anyone laid off at age 50 is unlikely to ever find a comparably paying job? Not AAA’s problem.

Layoffs off of older, higher-paid employees are nothing new in modern corporate culture. But this is a case when the fallout also harms the customer in a direct way. It’s worth thinking about before you dial the number on the AAA insurance brochure you got in the mail.

Posted by Judy Dugan, Research Director Emeritus for Consumer Watchdog

Iron Kay — Insurance Companies Pick Fight With Wrong Family

By: Consumer Watchdog Friday February 7, 2014 12:30 pm

Iron KayDan Shea’s Aunt Kay was 83, vibrant and healthy in 2011, when she suffered terrible injuries in a head-on accident. Kay spent five months in the hospital rehabilitating and being repaired with so many metal parts that the family dubbed her “Iron Kay.”

Then the real fight began—one that changed Dan, a San Diego civic booster and Republican notable, into an implacable foe of insurance company tactics. He’s told Kay’s story in a short, even charming, video, “The Iron Lady,” that calmly exposes corporations trying to outwait Kay’s lifespan to preserve their profits.

Farmers and two affiliates of Nationwide have been resisting a settlement for more than two years and counting. It’s costing the corporations a bundle, but if Kay dies before their legal options run out, they’ll save a bundle. It’s a perfectly legal tactic, which Dan is determined to change. The fight is Kay’s reason for living through her pain.

Kay will never be the same: She can’t drive and can barely walk. She’s living with family and dependent on them. But she’s fully determined to get as far back to normal as possible.

Kay expected to at least recover financial independence, even after $800,000 in hospital bills. Both Kay and family of the 17-year-old boy in the truck were very well-insured by major companies. The boy was at fault, but there was no rancor between the families.

Then they encountered the insurance lawyers. It ultimately dawned on them that the insurance companies would benefit by delaying until Kay died, to make most of their liability disappear.

Kay originally did not want to sue, so Dan asked for mediation. Farmers Insurance, the boy’s insurer, agreed but stalled for months. Then the insurers offered a ridiculously low settlement–barely over half of the medical bills, much less her ongoing medical costs. Then they stalled some more and tried intimidating Kay with a long deposition about her life since adolescence.

When the case got to court in October of last year, within a few days a jury spurned the insurers’ argument that they really owed little, and awarded Kay $2.1 million dollars.

Kay hasn’t gotten a penny. The insurance companies stalled again, and on January 7 they demanded a new trial. When it’s denied, they can file for an appeal. That could string out for a year or two.

Dan Shea found that having plenty of insurance, no matter how much it costs in premiums, doesn’t mean the company will protect you when you need it. And that everything the insurers have done is within the law.

Dan and his family have the determination and resources to keep fighting, and Dan is calling on state legislators to fix these interminable delays.

The fix shouldn’t stop at auto and property insurance. There are also horrible insurance company incentives embedded in state medical malpractice law. For instance, if an infant is severely disabled by medical negligence, insurers for the doctor and hospital could have to pay millions for a lifetime of expert care.

If the baby somehow dies, its economic value dies, too. The law in California restricts dead-child lawsuits to such a low payout that grieving parents usually can’t even get a lawyer to take their case. So what incentive does an at-fault hospital or doctor have to keep that baby alive?

The same is true if the wronged patient suffers a terminal illness—why pay now if you can stall until the problem literally goes away?

We need more people with Dan’s determination to change this.

Posted by Judy Dugan, Research Director Emeritus for Consumer Watchdog.

Keystone XL Builder Has Explosive Problems

By: Consumer Watchdog Wednesday February 5, 2014 5:25 pm

TransCanada ExplosionTransCanada, the company that would build and own the Keystone XL oil pipeline from Canada’s tar sand fields to the U.S. Gulf Coast, has dialed up its lobbying in Congress after a U.S. State Department report that favored the pipeline. The giant oil pipeline is perfectly clean and safe, say the lobbyists. TransCanada will be using the best, newest technology, monitoring and materials. The citizens of Montana, South Dakota, Nebraska and points south need not worry their little heads.

Then, BOOM! A TransCanada natural gas pipeline in Manitoba, Canada blew up in a spectacular fireball on January 25, reaching hundreds of feet into the air. It burned for 12 hours and only its rural location prevented a human catastrophe. (A nearly identical gas pipeline explosion in San Bruno, California killed eight people and burned a neighborhood in 2010). A TransCanada pipeline in Ontario exploded in a nearly identical manner in 2011. Another TransCanada pipe in Ontario blew up in 2009 as well.

A week after the Manitoba blast, TransCanada still didn’t know what caused it, or wouldn’t say.

Oil pipelines may fail without fireballs, but are no less dangerous to neighbors and the environment. No matter what a pipeline carries, maintenance and vigilance matter. But keeping a pipeline from exploding—or gushing a lake of flammable, toxic crude oil into local water supplies—isn’t a profit center. (What would pour out of Keystone XL is actually a slurry of corrosive tar and chemical-laced, highly flammable thinners.) To a corporation, safety spending is a dead loss. Only the lip service is free.

Ronald Reagan famously said of negotiating with the Soviet Union, “Trust, but verify.” The same goes for the promises of TransCanada, yet U.S. pipeline regulators are too strapped for staff and money to verify even existing pipeline safety, according to a New York Times story.

Another TransCanada pipeline explosion in 2009, in Ontario’s northern wilderness, was blamed on “95% corrosion” of the pipe. A Canadian government report said TransCanada’s inspection tools “failed to accurately assess” the level of corrosion.

The real question about the Keystone XL pipeline is why the United States should bear all of these risks, for no reward. A Consumer Watchdog study last year found that the pipeline, by sending Canadian oil overseas from the Gulf Coast, would actually raise gasoline prices in the U.S. The number of permanent jobs created would be paltry. Domestic oil production is rising and U.S. consumption is falling, so there is no economic rationale for more tar sands oil.

The XL pipeline, with all its attendant risks of spills, pollution–even deliberate vandalism or terrorism–is being built through America but not for America.

Canadians who understand the danger are turning down proposals for oil pipelines to their own Pacific coast.

Oh, and the U.S.State Department report that TransCanada’s lobbyists are waving so proudly? It was drafted by a subcontractor with financial ties to TransCanada. Chalk up one more reason why the U.S. should decline to be TransCanada’s beast of burden.

Posted by Judy Dugan, Research Director Emeritus of Consumer Watchdog.