Submission Number: 00137
Received: 5/2/2011 12:00:00 AM
Commenter: Tom Usher
Organization: Real Liberal Christian Church
Agency: Federal Trade Commission
Initiative: Proposed Consent Agreement In the Matter Google, Inc. (Google Buzz), File No. 1023136
Attachments: No Attachments
To the FTC,
I am submitting this comment on the proposed consent order in the Matter of Google Inc., File No. 1023136, between the FTC and Google.
The consent order comes as a result of the complaint filed by the Electronic Privacy Information Center ("EPIC") regarding the privacy breach to Gmail users caused by Google Buzz.
The FTC complaint, which draws heavily on the complaint EPIC filed with the agency, alleges that Google employed unfair and deceptive practices when it launched the Google Buzz social networking service.
I support 1) banning Google from misrepresenting its privacy policies in the future 2) requiring independent privacy audits every two-years for the next 20 years and 3) requiring Google to institute a comprehensive privacy program to safeguard its users data and personal information.
As part of the Comprehensive Privacy Program, the FTC should require Google to:
- Always encrypt all cloud-based services (Gmail, Docs, etc.)
- Never disclose private user-data to any governmental or other entity without the prior written approval of the user or in the absence of a true warrant (not a mere, so-called "National Security Letter" from the FBI or the like)
- Always be transparent as to what data it collects on users
- Always encrypt all Gmail to Gmail emails and chats using open standards like pgp and via secure tunneling.
Provided users are made aware in advance that such requirements are not being made of other entities, such as Google competitors, these proposals should not necessarily have to apply to similar products and services offered by Google's competitors, many of which may be beta startups or vastly limited in scope and resources.
Users should though be made aware of what security/privacy features are available and in use especially for publicly offered services.
What private entities do regarding their private/internal communications is a different matter where safeguards run into employer/employee privacy expectations and the like.