Application security, Compliance Management, Incident Response, Network Security, Privacy, TDR, Vulnerability Management

Privacy group urges FTC to investigate Google’s cloud services

Updated Wednesday, March 18, 2009 at 5:26 p.m. EST

The Electronic Privacy Information Center (EPIC), a privacy advocacy group, filed a complaint with the Federal Trade Commission (FTC) on Tuesday urging an investigation of Google's cloud computing services to determine the adequacy of its privacy and security safeguards.

Google's cloud computing services include Gmail, Google Docs, Google Desktop, Picasa web albums, and Google Calendar. Google states numerous times on the related websites for these services that documents stored on its servers are secured.

“Rest assured that your documents, spreadsheets and presentations will remain private unless you publish them to the web or invite collaboration and/or viewers,” Google states on the Google Docs help webpage.

But in its complaint, EPIC cited a number of privacy and security incidents involving Google's cloud computing services. Early this month, Google disclosed that documents stored on Google Docs were inadvertently shared with those who were not authorized to view them. The complaint also cites other vulnerabilities in Gmail and Google Desktop dating back to 2005.

In addition, EPIC's complaint states that Google, in its terms of service, denies any responsibility for harm that might result from an information leak.

Lillie Coney, associate director of EPIC, told Wednesday that it undermines consumer rights to say that the company will protect user's data when its terms of service say the company can't be held responsible if disclosure of information occurs.

“That's not the way consumers should be treated -- it's not acceptable,” Coney said.

Google responded with a statement, emailed to

"We have received a copy of the complaint but have not yet reviewed it in detail," the statement said. "Many providers of cloud computing services, including Google, have extensive policies, procedures and technologies in place to ensure the highest levels of data protection. Indeed, cloud computing can be more secure than storing information on your own hard drive. We are highly aware of how important our users' data is to them and take our responsibility very seriously."

EPIC also requested that the FTC require Google to change its terms of service related to cloud computing, to prohibit Google from offering these services until safeguards are established and to compel Google to make a $5 million contribution to privacy research.

An FTC spokeswoman said the agency is currently reviewing the complaint.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.