You are browsing the archive for California Attorney General.

Google Ending Privacy Breach Consumer Watchdog Targeted in FTC Complaint

12:40 pm in Uncategorized by Consumer Watchdog

Google PlayGoogle apparently is ending an egregious privacy breach involving people who buy apps from its Google Play store using Google Wallet to pay. Consumer Watchdog filed a complaint to the Federal Trade Commission with a copy to California Attorney General Kamala Harris about what Google was doing. The complaint alleged that the Internet giant was violating its privacy policies and its “Buzz” consent agreement with the FTC.

Rep. Hank Johnson, D-GA, also questioned Google about what it was doing. Google was sending to apps developers the name, email address and address of people who bought apps on Google play. It tried to claim that the the information was necessary for the transaction, but that’s clearly not the case when talking about downloading an app from its app store. Neither Apple nor Microsoft provide such personal information about people who buy apps from their stores. Google’s response to Rep. Johnson, confirmed what Google was doing and actually showed it was unnecessary. Consumer Watchdog sent a second letter to the FTC with a copy to California Attorney General Harris when Google answered Rep. Johnson’s letter.

On Tuesday WebProNews and DroidLife reported Google was addressing the concerns on a new Wallet Merchant Center it is rolling out and no longer sending the personal information about apps buyers.

I’m glad the change is coming, but I’ve got questions.

What role did the Federal Trade Commission or the California Attorney General’s office play in this change? Why did Google only act when formal complaints were filed? Will there be fines?

John M. SimpsonGoogle has become a serial privacy violator. You’ll remember that new sooner was the ink dry on the “Buzz” consent agreement than it was caught hacking around the privacy settings on the Safari browser used on iPhones, iPads and other Apple devices. It ultimately cost Google a fine of $22.5 million, which is pocket change to a company that has annual revenue of around $50 billion. It’s like giving a $25 parking ticket to a person who makes $50,000 a year.

Google is simply figuring that fines are a cost — and a minor one at that — of doing business. In case you missed it, on Monday Germany hit Google with a $189,225 for the Wi-Spy incident where its Street View Cars sucked up emails, URLs, passwords, account numbers as they snapped photos around the world.

In describing the fine The New York Times‘ Claire Cain Miller wrote:

Regulators in Germany, one of the most privacy-sensitive countries in the world, unleashed their wrath on Google on Monday for scooping up sensitive personal information in the Street View mapping project, and imposed the largest fine ever assessed by European regulators over a privacy violation.

The penalty? $189,225.

Put another way, that’s how much Google made every two minutes last year, or roughly 0.002 percent of its $10.7 billion in net profit.
It is the latest example of regulators’ meager arsenal of fines and punishments for corporations in the wrong. Academics, activists and even regulators themselves say fines that are pocket change for companies do little to deter them from misbehaving again, and are merely baked into the cost of doing business.

The fact Google is changing Google Wallet’s practices makes it clear Google violated the Buzz Agreement. Google claims that it is taking privacy seriously now that it is operating for 20 years under the Buzz Agreement. It isn’t and the regulators aren’t holding Google’s feet to the fire.

The company’s executives need to be held to account in a meaningful way. I’ve always argued the way to get corporate executives’ attention is to hit them with jail time when they flout the law. It’s not going to happen here, but a meaningful fine for the second Buzz violation sure would be nice.

Posted by John M. Simpson, Director of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog online on Facebook and on Twitter.

Consumer Watchdog Files 2nd Request Asking FTC To Act Against Google For Apps Privacy Violations

8:15 pm in Uncategorized by Consumer Watchdog

FTC Building

Consumer Watchdog has filed a second complaint asking that the Federal Trade Commission act immediately against Google’s most recent privacy violation – sharing users’ personal information with apps developers — after new information became available in a letter from Google to Rep. Hank Johnson, (D-GA).

We’ve also expressed our concerns again to California Attorney General Kamala Harris.

When we filed our first complaint, we estimated that Google — which has effectively become a serial privacy violator — in ignoring the terms of its so-called “Buzz Consent Order” with the FTC should face penalties that reach into the billions of dollars.

Here is what Google has been doing: They have been sending to app developers personal information about each user who purchased an app from Google, without obtaining the user’s permission. The personal information sent by Google includes the users’ names, certain physical address information and email addresses. Neither Apple nor Microsoft engage in similar conduct when they sell apps through their stores.

Google’s activities caught the eye of Rep. Johnson who wrote the Internet giant a letter asking that Google to explain what was going on. Susan Molinari, chief of Google’s Washington DC lobbying shop, responded.

Rather than justifying its conduct, Google’s argument demonstrated that the company lacks any satisfactory explanation for its practices. Here is part of what I wrote in our second letter to Charles Harwood, Acting Director of the FTC’s Bureau of Consumer Protection:

In its response to Congressman Johnson, Google did not challenge the accuracy of widespread reports that the company routinely discloses confidential information to applicant developers regarding all users who purchase applications from Google. For purposes of evaluating Google’s conduct under the Buzz Consent Order, then, it can be taken as fact that Google engages in this behavior.

Certainly, Google implied in its response that users know or should have assumed that the company would share confidential user identification information with application developers. But that suggestion directly contradicts the privacy representations made by Google to users that users should feel secure because Google will not willy nilly share their information but will only disclose confidential information when “necessary” to process the user’s transaction. More specifically, Google responded to Congressman Johnson as follows:

“Information such as name and email address is necessary for developers to issue refunds, reversals, payment adjustments — all of which developers are responsible for under the Seller Terms of Service — and investigate chargebacks.”

“Refunds, reversals, payment adjustments” are not the transactions at issue in this matter. Rather, Google’s privacy policy misrepresentation goes to the initial user purchase transactions for device applications. As I noted in my earlier letter, developers do not need users’ private information for the initial purchase transactions. They have routinely processed such transactions without using confidential user information. Google never contests this fact in its response to the congressman.

John Simpson
So, let’s assume everything Google says in its letter to Rep. Johnson is true. That means developers only need the users’ confidential information when a request for a refund, reversal or payment adjustment is made. The disclosure exception Google points to in its policy (“necessary to process your transaction”) might justify Google giving confidential information to developers for specific users who request refunds (and the like), but not for every single user who bought an app. It’s clear Google violated its pledge to protect the confidentiality of millions of users who bought applications in good faith reliance on Google’s public statements and who never sought a refund, reversal or payment adjustment.

For what it’s worth the FTC’s Harwood has told me that he referred both of Consumer Watchdog’s formal complaints to the Bureau of Consumer Protection’s Enforcement Division. Meanwhile, Adam Miller, Supervising Deputy Attorney General in the Privacy Enforcement and Protection Unit of the California Attorney General’s office also responded to my earlier letter. He wrote:

“Although our office cannot share any details of any investigation we may pursue, I can assure you that we will look into the concerns raised in your letter to us, as well as your letter to the Federal Trade Commission on the same matter. Should you have any further concerns please contact me at the above telephone number or address.”

Google’s most recent violation of the Buzz Consent Order is a matter of intense concern to Consumer Watchdog, to other privacy advocacy groups, to apps users across the country, and to the press. Although given the opportunity by Congressman Johnson, Google has yet to come up with a credible justification for its inappropriate conduct. In fact the letter to the Congressman simply makes Google’s violations clear. Both the FTC and the California Attorney General need to take strong action against Google.
______________________________________________________________________________________________________
Posted by John M. Simpson. John is a leading voice on technological privacy and stem cell research issues. His investigations this year of Google’s online privacy practices and book publishing agreements triggered intense media scrutiny and federal interest in the online giant’s business practices. His critique of patents on human embryonic stem cells has been key to expanding the ability of American scientists to conduct stem cell research. He has ensured that California’s taxpayer-funded stem cell research will lead to broadly accessible and affordable medicine and not just government-subsidized profiteering. Prior to joining Consumer Watchdog in 2005, he was executive editor of Tribune Media Services International, a syndication company. Before that, he was deputy editor of USA Today and editor of its international edition. Simpson taught journalism a Dublin City University in Ireland, and consulted for The Irish Times and The Gleaner in Jamaica. He served as president of the World Editors Forum. He holds a B.A. in philosophy from Harpur College of SUNY Binghamton and was a Gannett Fellow at the Center for Asian and Pacific Studies at the University of Hawaii. He has an M.A. in Communication Management from USC’s Annenberg School for Communication.