March 18, 2009
Google's missteps with security for online documents has generated a petition by the Electronic Privacy Information Center (EPIC) with the FTC for unfair or deceptive acts or practices. Google's brief exposure of documents in the Google Docs service is the subject of the petition. Google for its part notes that the breach affected one half of one percent of users and did not expose them to the world at large. These were notified of the error and Google timely fixed the problem. EPIC wants an injunction against Google that stops it from providing any cloud services until there are verifiable security standards. It also wants Google to significantly contribute to a fund that EPIC and other public advocacy groups could draw upon
to bludgeon Google and other companiesfor their work. It seems that anything less than perfection in security is not satisfactory for EPIC and a chance for opportunistic attempts at funding.
The timing could not be more auspicious, as the FTC just concluded a two day workshop on Securing Personal Data in the Global Economy. Some of the discussion centered on securing information that would be available in multiple jurisdictions, or through cloud computing. The FTC is interested in this, though nothing in the agendasuggests that inadvertent errors in security would be intolerable. After all, there have been massive credit card number breaches from various companies charged with similar security concerns and none of them have received the death penalty from the FTC. All they got were fines and requirements to perform remedial action.
This is one of those areas where the market should decide which companies are reliable and which companies are not. The FTC should establish baseline standards and let the players take it from there. EPIC is fine as a watchdog, but it's a more than a little self-serving on this issue.
March 18, 2009 | Permalink
TrackBack URL for this entry: