IBM, Microsoft, Google, Verizon

Google Tightening Privacy Leash on Employees

October 24, 2010

AP – Google Inc. is tightening its privacy leash on employees in an effort to ensure they don't intrude on people while the Internet search leader collects and stores information about its users.

Besides promoting longtime employee Alma Whitten to be its director of privacy, Google said Friday that it will require all 23,000 of its employees to undergo privacy training. The company also is introducing more checks aimed at making sure workers are obeying the rules.

Google's tougher privacy measures appear to be a response to recent breaches that have raised questions about the company's internal controls and policies.

In the most glaring example that indicated the company didn't have a good grasp on what its workers were doing, Google acknowledged in May that one of its engineers had created a program that vacuumed up potentially sensitive personal information, including e-mails and passwords, from unsecured wireless networks while Google cars cruised neighborhoods around the world. The vehicles were dispatched primarily to take photos for Google's online mapping service, but they also carried equipment to log the location of Wi-Fi networks.

The incident, which some critics have derisively labeled as "Wi-Spy," was caused by "an engineer's careless error as well as a lack of controls to ensure that necessary procedures to protect privacy were followed," Canada Privacy Commissioner Jennifer Stoddart concluded in a report this week.

Several other countries have skewered Google for scooping up 600 gigabytes of data — equivalent to about six floors of an academic library — from Wi-Fi systems for more than two years before detecting a problem five months ago in response from to an inquiry from regulators in Germany.

Google initially said it had only captured fragments of people's online activities, but Canada's investigation determined that entire e-mails, passwords and website addresses had been obtained and stored. In confirming Canada's findings Friday, Google said it wants to delete all the Wi-Fi data remaining on its computers as quickly as possible, but must hold on to most of the information while authorities in different countries conduct their own investigations.

So far, Google has purged the Wi-Fi data it got in Ireland, Austria, Denmark and Hong Kong after gaining clearance from regulators in those countries. It still has the data from more than 20 other countries, including the United States, where a coalition of state attorneys generals has been looking into the breach.

While some countries have asserted Google's Wi-Fi snooping was illegal, the company has maintained it didn't break any laws even as management apologized for its bad behavior.

"We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users," Alan Eustace, Google's head of engineering, wrote in a Friday blog post.

Google's privacy safeguards appeared to be suspect once again after the Gawker blog reported that an engineer in its Kirkland, Wash. office had been using the privileges of his job to spy on the online accounts of four minors. Prompted by that report, Google last month acknowledged that it had fired the engineer for violating its privacy policies.

Maintaining the public's trust is critical to Google because the success of its search engine and part of its long-term business plans hinge in part on its ability to build databases about its users' preferences. Among other things, Google believes the information helps it deliver better search results than its rivals and sell more of the ads that generate virtually all the company's revenue.

Google, based in Mountain View, Calif., hopes to become an even bigger part of people's online lives by introducing more social networking features on its website so it can better compete with Facebook in the increasingly lucrative field of connecting friends and family members online. When Google introduced a social networking option into its free e-mail service in February, many users protested because the feature exposed their contact lists without prior permission.

MySpace Said to Share User IDs With Advertisers

October 23, 2010

AP – MySpace has been sharing with its advertisers data that can be used to identify user profile pages, but the company doesn't consider that to be a problem.

The company said it did not consider the data to be information that could identify a person, partly because MySpace doesn't require members to use their real names. The social networking site acknowledged transmitting information to advertisers that included a user ID and the last page viewed before a user clicked on an ad.

MySpace issued the statement following a report in The Wall Street Journal disclosing the sharing. The Journal and MySpace are both owned by News Corp.

The Journal also said some MySpace applications developed by outside parties had been sharing user IDs in violation of MySpace's terms of use.

Although MySpace also shares user IDs with application developers, it does not allow them to share that data further.

The social networking site said it found recently that an app called "Tagme" had again violated this prohibition, but that the developer, BitRhymes Inc., had "promptly complied."

"Tagme was briefly suspended at an earlier time due to a similar violation of our terms, but complied within a matter of hours before being reinstated," MySpace said.

BitRhymes said in a statement the sharing "was inadvertently done by an advertiser company we worked with," and said its policy was not to pass personally identifiable information to third parties.

"When we were informed of the issue, any suspect relationship was immediately dissolved," it said.

The Journal report was part of its continuing investigative series on online privacy. It came a week after a similar expose found that all of the top 10 applications on larger social networking site rival Facebook, including Zynga Game Network Inc.'s FarmVille, with 59 million users, have been transferring user IDs to outside companies. In both cases, the companies said knowledge of a user ID did not allow outside parties to view data the user had listed as private.

But the Journal found that data gathering firm RapLeaf Inc. had linked Facebook data with its own database of Internet users and sold it to other firms. RapLeaf told the newspaper that those transmissions were unintentional.