You are browsing the archive for Privacy.

California DMV’s Autonomous Vehicle Regulations Must Protect Users’ Privacy

3:48 pm in Uncategorized by Consumer Watchdog

Driverless CarI was up in Sacramento today to call on the Department of Motor Vehicles to ensure that the regulations that they are developing to govern the use of autonomous vehicles – popularly known as driverless cars – will protect the operators’ privacy.

The company that will be most directly affected by the new autonomous vehicle regulations is Google, which is pioneering development of the robot-driven cars. The Internet giant was the driving force behind SB 1298, which charged the DMV with the task of developing the regulations and also rebuffed attempts to require privacy protections in the law.

However, it is not too late to implement privacy safeguards in this rulemaking and Consumer Watchdog called on the DMV to do so. Failure to act will mean substantial privacy risks from the manufacturers’ driverless car technology if there are not protections from what Google is best known for: the collection and use of voluminous personal information about us and our movements.

The DMV regulations must give the user control over what data is gathered and how the information will be used. Merely stating what data is gathered with no explanation of its use is woefully inadequate. The DMV’s autonomous vehicle regulations must provide that driverless cars gather only the data necessary to operate the vehicle and retain that data only as long as necessary for the vehicle’s operation. The regulations should provide that the data must not be used for any additional purpose such as marketing or advertising without the consumer’s explicit opt-in consent.

Without appropriate regulations, autonomous vehicles will be able to gather unprecedented amounts of information about the use of those vehicles. How will it be used? Just as we are now tracked around the Internet, will Google and other purveyors of driverless car technology now be looking over our shoulders on every highway and byway? Will the data be provided to insurance companies for underwriting purposes or to third parties that develop some kind of a driving score related to where and when individuals travel? Will it be used to serve in-car advertisements or advertisements through other venues in the Google suite of products? Will it be used to track our movements and those of surrounding cars and mobile devices so that Google’s advertisers can better locate us?

Google is the aforementioned leader in driverless car research and is attempting to steer regulatory efforts in various states, especially California. That’s why our concerns are so focused on the company. So I ask: Why won’t Google endorse simple privacy safeguards for its self-driving cars? I think there are two reasons.

First, Google’s entire business model is based on building digital dossiers about our personal behavior and using them to sell the most personal advertising to us. You’re not Google’s customer; you are its product – the one it sells to corporations willing to pay any price to reach you. Will the driverless technology be just about getting us from point to point or more about tracking how we got there and what we did along the way?

Second, computer engineers, who believe that more data is always better, are in charge at Google. They may not know what they would use data for today, but they think they may someday find a use for it and don’t want any restrictions on them now.

Google is first and foremost an advertising company; 98 percent of its $38 billion in revenue comes from advertising, and the more personalized the marketing the better. Indeed, Executive Chairman Eric Schmidt has said, “We don’t need you to type at all. We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.”

Read the rest of this entry →

Now Even Google Says Don’t Be A “Glasshole”

4:49 pm in Uncategorized by Consumer Watchdog

Looks like even Google is finally figuring out the innate privacy invasive properties of its wearable computing device, Google Glass. The Internet giant has posted a list of do’s and don’t's on its Glass website that tells “Explorers” — the first group of people to get access to Glass for $1,500 — how not to be “Glassholes.”

You’ll recall that Chairman Eric Schmidt once said it was Google’s policy to get right up to the “creepy line,” but not to cross it. It seems pretty clear that some Googlers have figured out that Glass has crossed the line and are attempting a rowback.

From the list of Do’s:

Ask for permission.
Standing alone in the corner of a room staring at people while recording them through Glass is not going to win you any friends (see Don’ts #4). The Glass camera function is no different from a cell phone so behave as you would with your phone and ask permission before taking photos or videos of others.

And here’s Google’s final point on the list of Don’t's:

Be creepy or rude (aka, a ‘Glasshole’).
Respect others and if they have questions about Glass don’t get snappy. Be polite and explain what Glass does and remember, a quick demo can go a long way. In places where cell phone cameras aren’t allowed, the same rules will apply to Glass. If you’re asked to turn your phone off, turn Glass off as well. Breaking the rules or being rude will not get businesses excited about Glass and will ruin it for other Explorers.

You may have seen that Virgin Atlantic staff who greet “Upper Class” passengers — the airline’s name for First Class– as they arrive at Heathrow Airport are now sporting Glass purportedly to offer them information on such things as the weather at their destination.

How long do you think it will be before they are recording and videoing arriving passengers and maybe even linking it to facial recognition technology? Just, what we need, right? First Class “Glassholes.”

Posted by John Simpson, Privacy Project Director at Consumer Watchdog.

Target Needs to Pay for Targeting Our Privacy

8:04 pm in Uncategorized by Consumer Watchdog

Target ShirtTarget is targeting our privacy. There’s a big red bullseye, a target – like the one on the shirt I’m wearing today – that Target and Neiman Marcus, who chose not to show up to answer questions today, have put on us because they haven’t done enough to protect our private financial data. And the reason is that there’s no financial incentive to do so.

110 million Americans had their personal financial information breached. That ‘s one out of two adult Americans. I was in Sacramento today to testify in front of a joint California Assembly committee hearing investigating the breach. And yet Target did not send a single representative to Sacramento today to answer questions about the largest data breach in American history?

The fact that Target didn’t show up today tells us all we need to know about how sorry Target is and how committed it is to our privacy.

If you are as offended by this as I am, I have a t-shirt for you to wear too.

The reason Target won’t face legislative questions today is the same reason that our personal financial information and data is at such grave risk: there is no price to pay. There are few financial penalties to companies like Target when our personal data is taken.

Beyond public embarrassment, Target has little financial incentive to care.

We, the consumers, pay the consequences but we have no remedies.

According to the Committees’ own staff research, 1 in 4 consumers whose personal information that is taken becomes a victim of identity theft. 1 in 4 victims of a data breach is also a victim of identity theft. If these numbers apply to Target, that would potentially create more than 25 million identity theft victims.

There’s a harm. The retailers had a role in creating that harm. And yet they have no liability under California law for what they have or have not done to safeguard the sanctity of our personal information.

The problem with privacy violations is that unlike thefts of money or property the law does not recognize a harm and does not provide a remedy.

As the Committees’ staff research states: consumers have no remedy under the law for the loss of financial privacy suffered through these data breaches, and the 1 in 4 risk of id theft they face. Zero remedies.

So why would retailers invest in greater security, or meet voluntary industry standards, or move away from risky magnetic strip technology?

If they don’t have to pay a price they don’t have an incentive to change. And that leaves our private financial information with a big bullseye on it.

What can we do?

We need a California financial information act that mirrors our Medical Information Privacy Act.

When there is a data breach of our medical information, the drug company, hospital or medical center is liable to the consumer for $1,000 per violation.

Guess what? Medical data breaches are fewer and farther between. When they occur companies pay a big price.

The same should be true for our financial data. We need a California Financial Information Privacy Act.

It would:

  • Change notification standards to be immediate.
  • Write minimum-security standards into the law so that they are no longer voluntary.
  • Set limits on the time data can be retained. And limits on what information can be collected and retained
  • Most importantly: create a private right of action. Put a price tag on retailers’ mistreatment of our private financial information.

Until there is a price to pay, Target and other retailers will continue to make us targets.

If you are as offended as I am by Target’s absence today in Sacramento, please share our Target design online to show your displeasure.

When a company as big as Target won’t provide a single representative to answer questions about the largest data breach in American history, it is time for California to step up and deliver on the promise in Article 1 Section 1 of our state constitution: Privacy is an inalienable right.

Posted by Jamie Court, President of Consumer Watchdog.

Google’s Page Clueless When It Comes to Privacy Concerns About Glass

4:34 pm in Uncategorized by Consumer Watchdog

Google CEO Larry Page simply doesn’t get it when it comes to privacy concerns about the Internet giant’s new computerized eyewear, Google Glass. He made that crystal clear at the annual shareholders’s meeting Thursday.

Google GlassI made my annual trek to Mountain View to attend the Internet giant’s shareholder meeting and pose some questions directly to Google’s top executives. I said Glass is one of the most privacy invasive and Orwellian devices ever made because it allows a user to surreptitiously photograph or video us or our kids. “It’s a voyeur’s dream come true,” I said, before noting the hypocrisy in unleashing a device that enables massive violations of everyone else’s privacy, but operating under rules that barred cameras and recording devices from the meeting. Take a look at a video from the meeting.

“Obviously, there are cameras everywhere, ” responded Page. “”People worry about all sorts of things that actually, when we use the product, it is not found to be that big a concern.”

“You don’t collapse in terror that someone might be using Glass in the bathroom just the same as you don’t collapse in terror when someone comes in with a smartphone that might take a picture. It’s not that big a deal. So, I would encourage you all not to create fear and concern about technological change until it’s actually out there and people are using it and they understand the issues.”

John SimpsonPage tried to compare the video cameras on ubiquitous smartphones with Google Glass. That’s exactly the point. There is a huge difference. I don’t collapse in fear that I’ll be videoed in the bathroom by a smartphone camera precisely because it’s obvious that someone is using the camera. I can politely ask them to stop, or escalate my protests as appropriate if necessary. Indeed, consider this satirical video, “Supercharge”, featuring Page and Executive Chairman Eric Schmidt if you don’t understand what I mean. It’s obvious Schmidt is invading the privacy of the gentleman in the next stall. Take a look at the video. You’ll see what I mean.

It doesn’t work that with Glass and that’s what is so creepy. There’s an app that snaps a photo with a wink. People have no idea that they are being photographed or videoed. That’s what people are worried about and they want the ability to delete videos and photos from Google’s database when they discover their privacy has been invaded.
Page says we shouldn’t worry about “technological change until it’s actually out there and people are using it.” He’s wrong. You need to to think about the impact before the technology is implemented. That’s what’s entailed in the concept of privacy by design, something that Google just doesn’t seem to get.

And here’s another point to ponder: As Google was holding its annual meeting, The Washington Post was breaking the details of NSA’s overreaching, intrusive snooping on users of some of the biggest Internet companies including Google with its PRISM program. Can’t you imagine a billion Glass users and a billion winks and the data that would flow to NSA?

Posted by John Simpson, Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog online on Facebook and Twitter.

Google Glass Won’t Allow Facial Recognition Apps For Now

8:28 pm in Uncategorized by Consumer Watchdog

Google GlassGoogle is apparently reacting to widespread concerns about one of the most privacy invasive and Orwellian potential applications for its computerized eyeglasses known as Google Glass. Late Friday the Internet giant said it won’t — for now — allow facial recognition software on the device.

Facial recognition software has pretty much been developed to the stage where if such an app were allowed on Glass, a user could scan a crowd, select a face and rapidly discover the person’s identity and all the myriad details about them available on the Internet.

It would be Big Brother at his best. (Or is that worst?) However, from what I can see Google’s announcement is little more than a PR move. Google is not making any long-term promises. Indeed, the Internet giant is very much keeping the door open for including facial recognition software in the future. Google offered this post of explantion on its Google+ Glass page:

When we started the Explorer Program nearly a year ago our goal was simple: we wanted to make people active participants in shaping the future of this technology ahead of a broader consumer launch. We’ve been listening closely to you, and many have expressed both interest and concern around the possibilities of facial recognition in Glass. As Google has said for several years, we won’t add facial recognition features to our products without having strong privacy protections in place. With that in mind, we won’t be approving any facial recognition Glassware at this time.

We’ve learned a lot from you in just a few weeks and we’ll continue to learn more as we update the software and evolve our policies in the weeks and months ahead.

John SimpsonYou’ll recall that Google Executive Chairman Eric Schmidt has said that the company’s policy on privacy is to go right up to the “creepy line,” but not to cross it. So, for now facial recognition is beyond the creepy line. The question is: How long will be before the “creepy line” is pushed further down the road so that facial recognition software is OK?

Meanwhile, Computerworld reports that apps developers are scrambling to write software for Glass. Already in the mix are apps from Twitter, Facebook, CNN and Elle. And, it’s not only mainstream apps that are focusing on Glass. Mikandi just announced it has developed a porn App for the computerized eyeglasses.

Posted by John M. Simpson, Director of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog online on Facebook and Twitter.

Bipartisan Privacy Caucus Asks Important Privacy Questions About Google Glass

1:33 pm in Uncategorized by Consumer Watchdog

Sergey Brin Wearing Google Glass Eight members of Congress have sent a letter to Google CEO Larry Page asking tough and necessary questions about the Internet giant’s new wearable computing device, Google Glass.

The letter from members of the Bipartisan Privacy Caucus, whose Co-chair is conservative Joe Barton, (R-TX), says, “As members of the Congressional Bipartisan Privacy Caucus, we are curious whether this new technology could infringe on the privacy of the average American.”

It’s great to see that in a largely dysfunctional Congress some members can reach across the aisle and demonstrate that privacy is not a partisan issue. Besides Barton others signing the letter are Rep. John Barrow (D-GA), Rep. Steve Chabot (R-OH), Rep. Henry C. “Hank” Johnson Jr. (D-GA), Rep. Walter Jones (R-NC), Rep. Richard Nugent (R-FL), Rep. Bobby Rush (D-IL) and Rep. Loretta Sanchez (D-CA).

The letter also poses several questions intended to make sure consumers’ rights are protected. They include:

  • When using Google Glass, is it true that this product would be able to use Facial Recognition Technology to unveil personal information about whomever and even some inanimate objects that the user is viewing? Would a user be able to request such information? Can a non-user or human subject opt out of this collection of personal data? If so, how? If not, why not?
  • In Google’s privacy policy, it states that the company “may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number).” Would Google Glass collect any data about the user without the user’s knowledge and consent? If so, why? If not, please explain.
  • Will Google Glass have the capacity to store any data on the device itself? If so, will Google Glass implement some sort of user authentication system to safeguard stored data? If not, why not? If so, please explain.

Read a copy of the Bipartisan Privacy Caucus letter here.

John M. SimpsonThe Representatives want answers to their questions by June 14. I’m betting that Google stalls. Ultimately I think the Representatives will need a Congressional hearing where CEO Page has to answer queries under oath.

As word of the Privacy Caucus’s letter was being reported, Google was holding its annual meeting with developers. Google Glass product director Steve Lee claimed in a “fireside chat” that the Glass team takes privacy seriously.

What a joke! The fact is that Google has become a serial privacy violator. It’s executives just don’t understand what privacy means and there is no reason to expect that they will. For instance, asked about whether Glass will offer facial recognition technology, Lee said, “We’ve definitely experimented with it but it is not in the product today. I can imagine that existing…”

Posted by John M. Simpson, Director of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog online on Facebook and Twitter.

Trifecta — Patient Safety, Pollution Prevention & Privacy

6:10 pm in Uncategorized by Consumer Watchdog

Patient Safety Advocates What a week! Three big victories in California will keep us safer from dangerous doctors, toxic polluters and privacy invasions, but we only got there thanks to your support.

State Senator Curren Price and Assemblyman Richard Gordon proposed yesterday to strip the California Medical Board of its authority over physician discipline. The physician-run Board has let dangerous doctors keep practicing as investigations take years to complete. You joined us, and families who lost loved ones to reckless prescribing, when we called for a transfer of doctor investigations to impartial prosecutors at the Department of Justice.

Senator Price said it all when he told the LA Times he proposed cutting the Board’s power because, “I don’t want anybody else to die.” With your help we’ll keep the pressure on in Sacramento to make this reform a reality.

On Wednesday, the state’s top toxics regulator shut down the state’s largest battery recycler, Exide, for leaking lead, arsenic and other toxins into the surrounding community for more than two decades. The action came only after Consumer Watchdog exposed endemic failures at the Department of Toxic Substances Control to prevent pollution and punish serial polluters in our report, Golden Wasteland. Nevertheless, Californians could be on the hook for millions in clean-up costs because the DTSC never required the company to put money away for cleanup.

Carmen BalberRounding out this week’s trifecta was a rare reversal by Google on the privacy front: The internet giant quietly stopped sharing consumers’ private emails and addresses with app developers that use its Google Play store. The reversal came after a Consumer Watchdog complaint to the Federal Trade Commission and California Attorney General Kamala Harris that Google was not only violating consumers’ privacy, but violating its own agreement with the FTC not to share information without consumers’ permission.

And this breaking news: This morning, the Court of Appeal sided with us to reject Mercury Insurance’s attempt to throw out a case the company has delayed for nearly a decade. The suit would hold Mercury accountable for charging illegal broker fees to consumers. We are fighting that battle on a second front before an administrative judge in San Francisco right now.

So that’s really four big wins this week. Thanks for sharing them with us.
__________________________________________________________________
Posted by Carmen Balber, Executive Director of Consumer Watchdog. Follow Consumer Watchdog on Facebook and on Twitter.

Google’s Income Tax Rate Was Only 8 Percent

2:26 pm in Uncategorized by Consumer Watchdog

Evil GoogleGoogle, the company that makes its money by assembling digital dossiers about its users and selling them to advertisers for the highest bid, reported earnings Thursday. Revenue increased 31 percent to $13.97 billion and net income in the first quarter rose 16 percent to $3.35 billion, or $9.94 a share.

Admittedly as I listened to the earnings call my eyes began to glaze over. CEO Larry Page droned on about how “over the last two years, we’ve worked hard to increase our velocity, improve our execution and focus on the big bets that will make a difference in the world.”

Yada yada..

But when Page turned the call over to Patrick Pichette, Senior Vice President and Chief Financial Officer, for a nitty gritty report on the accounting details something really caught my attention.

John M. Simpson Pichette said that in the first quarter of 2013 Google only paid an effective income tax rate of eight percent. I was shocked. I knew that by exotic tax strategies called the “Double Irish” and the “Dutch Sandwich” Google had managed to trim its overall effective tax rate to 22.2 percent in 2009. Now they’ve got it down to 8 percent. If this keeps up, people like you and me will be paying Google when they file their return.
Supposedly the corporate income tax rate in the United States is 35 percent. In the UK, Google’s second largest market it’s 28 percent. No corporation seems to pay that.

Here’s a proposal: Various court decisions have concluded that when it comes to things like the First Amendment, as Mitt Romney famously put it, “Corporations are people, my friend.” Well, OK, let’s tax them just like people.
____________________________________________________________________
Posted by John M. Simpson, Director of Consumer Watchdog’s Privacy Project. Following Consumer Watchdog on Facebook and Twitter.

EU’s Google Antitrust Deal Beats FTC, But Still Doesn’t Do Enough

4:26 pm in Uncategorized by Consumer Watchdog

European Union

Details of Google’s proposed settlement with the European Union to avoid antitrust charges have been leaking out of Brussels over the weekend. And while EU competition authorities appear to have accomplished more that the gentle tap on the wrist meted out by the U.S. Federal Trade Commission, the deal as so far revealed doesn’t do enough to end Google’s anti-competitive practices.

The provisions of the EU agreement still have to be publicly released, but based on what’s emerged so far, here’s the good news: Unlike the deal with the FTC, which wasn’t even a consent agreement, the EU is demanding that the settlement would be legally binding for five years. A third party would ensure compliance and Google would face fines of 10 percent of its global annual sales if it fails to keep its promises.
The bad news is that instead of requiring Google to change its algorithm and treat all services the same, the deal will apparently allow Google to continue favoring its own services in search results so long as it labels them as its own.

Google essentially has been using its dominant position as gatekeeper of the Internet to unfairly promote its own service at the expense of competitors and consumers. In Europe it has about 90 percent of the search market. In the U.S. it’s around 70 percent. About all this agreement appears to do is require Google to be transparent about the way it unfairly abuses its market position.

Indeed, labeling could actually leave the impression with some consumers that the Google-branded result was a better one, rather than one that received a better position because Google had its thumb on the scale.

Another problem with the deal is that it doesn’t seem to do anything to rectify the damage to the market that Google has already wreaked. I’d have thought some sort of disgorgement of the Internet giant’s ill-gotten gains would have been appropriate.

John SimpsonThe next step in the EU process is for the Google deal to be “market tested.” The competition authorities will make the settlement public and receive comments on whether it solves the problems or not. I suppose it’s possible there may ultimately be stronger sanctions than currently appear to be the case in what’s been leaked or that the authorities will do more after the “market testing,” but frankly I doubt it.

Bottom line: Google has had its wings clipped a little bit. Google will be legally bound to follow labeling rules in Europe for five years and have a third-party enforcer to ensure that happens. It also means that European search results will look different than in the U.S. unless Google decides to take the same approach here or someone forces the company to do so. That could happen. Several state attorneys general led by the Texas attorney general have an open antitrust probe. I’d hope that they would settle for nothing less than what the Europeans got.

And further down the road? Fairsearch Europe has recently filed another antitrust complaint with the EU accusing Google of using Android software “as a deceptive way to build advantages for key Google apps in 70 percent of the smartphones shipped today.” Now that mobile is becoming more important than the wired Internet, Google is flexing its muscles there. The more things change, the more they stay the same…

Posted by John M. Simpson, head of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog on Facebook and Twitter.

Google May Face More Fines for Privacy Violations in Europe

3:32 pm in Uncategorized by Consumer Watchdog

Serial privacy violator Google may face fines in the millions of dollars in Europe as six countries Tuesday opened formal investigations into how Google combined its privacy and data policies last year without bothering to seek users’ consent.

The actions by France, Britain, Germany, the Netherlands, Italy and Spain came as Google refused to make changes in privacy policies requested by a group of European data protection authorities.

For the Internet giant, such fines are rapidly becoming a cost of doing business — and a rather trivial one at that. As the Associated Press pointed out, the French privacy watchdog CNIL can fine a company a maximum of 300,000 euros ($385,000). Based on a projected revenue of $61 billion this year, it earns 300,000 euros in about three minutes. The Brits could impose a fine of up to 500,000 pounds ($750,000).

Maybe with this constant drip, drip of privacy violations Google executives will come to their senses and realize the company runs the risk of losing users’ trust with a seriously negative impact on business.  For now that doesn’t seem to be the case.  “Our privacy policy respects European law and allows us to create simpler, more effective services,” said Google spokesman Al Verney after the investigations were announced.

In other words Google knows what’s right and it’s whatever the company decides to do. After all, their motto is “Don’t be evil,” so how could anything they do be wrong?

Let’s review what’s happened.  A year ago Google announced that it would combine data and privacy policies across its many services.  Google said this would make the user experience simpler and more intuitive.  Google didn’t  point out that it would make the data gathered about users more valuable and fatten its bottom line.  Those digital dossiers it compiles about us is how we are sold to Google’s advertisers.  Remember you’re Google’s product, not it’s customer.

Noting that Google didn’t ask permission before combing users’ information, Europe’s Data Commissioners launched a joint investigation, led by France.  In October they said the new policy is a “high risk” to privacy, but didn’t declare it illegal. They gave Google until February to make changes.  Responding with its usual arrogant manner, Google refused.

John Simpson

“Regulators in six states have begun the process of looking at penalties, and each must now act based on national law,” Isabelle Falque-Pierrotin, CNIL’s president, told Bloomberg News. “We have put in place a countdown for Google now. Promises to change will no longer be enough.”

Technically the six data authorities could block Google from operating in their respective countries, but I doubt that will happen.  I fear this is the most likely outcome: Simply put, Google is arrogant.  They have become a serial privacy violator and see the relatively minuscule fines they have faced as a mere cost of doing business. They violate your privacy, say it was a mistake, claim they care about privacy, occasionally pay a token fine and carry on with business as usual until the next violation when they cycle begins anew.

Maybe the Europeans can break the cycle, but I’m not optimistic

John M. Simpson is director of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog online on Facebook and Twitter.