Submission Number: 00331
Received: 5/2/2011 12:00:00 AM
Commenter: James Brown
Agency: Federal Trade Commission
Initiative: Proposed Consent Agreement In the Matter Google, Inc. (Google Buzz), File No. 1023136
Attachments: No Attachments
To the FTC,
I am submitting this comment on the proposed consent order, In the Matter of Google Inc., File No. 1023136, between the FTC and Google. The consent order comes as a result of the complaint filed by the Electronic Privacy Information Center ("EPIC") regarding the privacy breach to Gmail users caused by Google Buzz.
The FTC complaint, which draws heavily on the complaint EPIC filed with the agency, alleges that Google employed unfair and deceptive practices when it launched the Google Buzz social networking service.
I strongly support the FTC settlement agreement, which applies to all Google products and services, including Gmail and Google Buzz. It bans Google from misrepresenting its privacy policies in the future, requires independent privacy audits every two-years for the next 20 years, and requires that Google institute a comprehensive privacy program to safeguard its users data and personal information.
As part of the Comprehensive Privacy Program, the FTC should require Google to:
- Be transparent as to when and what data it collects on users
- Limit data retention to the minimum time necessary
- Encrypt all communications with and between Google cloud-based services using SSL or similar appropriate technologies
- Routinely encrypt all cloud-based services (Gmail, Docs, etc.) stored data using a unique key known only to the user and not available to google or any provider
- Encrypt all Gmail to Gmail emails and chats using open standards like pgp / gpg.
- Offer the option to encrypt all emails from Gmail to non-Gmail users using open standards like pgp / gpg.
- Not disclose user data to law enforcement without a warrant
- Require Google to disclose to the user any data turned over to law enforcement unless prohibited by law or a court order
- Allow users to use Google services anonymously
- Not require Google Accounts for Android phones
- Not track Android users without explicit permission
- Allow users to control the information Google collects on them without putatively limiting service offerings