Why Google's Privacy Controls are a Joke -- Lessons for FTC/FCC

Google's latest privacy controls are a bad joke, certainly not sufficient to warrant the FTC completely absolving serial privacy violator Google from all responsibility in the Google WiSpy Affair, especially given that other law enforcement bodies have found misrepresentation of facts and violation of users' privacy.

• Hopefully, the FCC's investigation of Google WiSpy will not look the other way like the FTC apparently did, when a Fortune 200 company with the industry's longest privacy violation rap sheet, was caught red-handed violating millions of Americans' privacy and found to have misrepresented facts and misled investigators, got off without any FTC sanction, oversight or accountability whatsoever.

Why are Google's latest privacy controls insufficient?

First, Google's leadership is clearly not publicly supportive of more privacy controls, but openly skeptical and defiant that Google does not need to alter its approach to innovation to better protect privacy and security.

• To fully grasp the continuing deep hostility to privacy by Google's leadership, please check out: "Google CEO Eric Schmidt's Most Controversial Quotes about Privacy."
• Google CEO Eric Schmidt also has repeatedly defended Google's uber-priority that promoting innovation comes before privacy and security safeguards -- to the point that it is referred to as Google's "launch-first, fix-later" approach to innovation.
• Don't forget how hostile Google's leadership was to following the law and posting Google's privacy policy on its homepage, and how Privacy International ranked Google as having "entrenched hostility to privacy."
• It is telling that Google's recent "privacy controls" were not communicated by the CEO or founders, so it is unlikely anyone in Google's notoriously loose corporate culture will take them seriously.
• It is even more telling that Alma Whitten, Google's new head of privacy recently admitted that there will be no privacy veto in launching new products and services and that even she indicates fealty to Google's innovation-uber alles approach.
• Simply, the FTC showed shockingly little objectivity or healthy skepticism because they did not put Google's latest "assurances" in the context of the copious evidence that questions Google's sincerity and commitment to actually protecting users privacy and security.

Second, consider how weak Google's latest privacy controls actually are.

• There is no enforcement, oversight or accountability mechanism to ensure they are implemented or followed.
• Concerning people, Alma Whitten has become the CYA privacy documentation czar at Google, not a Chief Privacy Officer that most companies that are serious about privacy have.
  • Google also has not indicated that there will be front-line engineers who will be responsible and held accountable for ensuring privacy in products or services beyond maintaining an undefined privacy design document.
  • There is also no commitment to include privacy and security compliance in employees' performance/compensation reviews or consideration for bonuses.
• Concerning their new training commitment, is anyone else amazed and appalled that a 12 year-old Fortune 200 company that hundreds of millions of users rely on for privacy and security protection, until now has not had an ongoing supplemental privacy/security training program? Outrageous.
• Concerning their new compliance commitment, did anyone notice that it is only a general commitment to have compliance on a going-forward basis for new products and services and no commitment to review or audit all 500 existing Google products and services for privacy and security safeguards?
  • This is a very bad joke. 99.9% of the risk to users' privacy and security comes from existing Google products and services that apparently are not subject to this new unenforceable and unaccountable compliance commitment.
    • What about compliance for the litany of existing products and services that have well-known privacy/security weaknesses: Gmail; Google search; Google Earth; Street View; Latitude Geo-tracking; Google Picassa Facial Recognition; Google Translation; 411 voice recognition; Google Books; Google Docs; Google Buzz; cloud computing; DNA prints; Google-NSA partnership; Google WiSpy; Spy Satellite contract; etc.?

In sum, Google continues its long practice of giving lip service to privacy issues and privacy enforcement entities supposedly responsible for consumer privacy protection, like the FTC, continue to give Google a free pass.

The FCC, the State Attorneys General, and many international privacy authorities need to take a much more skeptical look at how Google's privacy talk does not match its privacy walk.

For over a decade, Google has serially caused privacy threats and scandals, and Google has repeatedly evaded the serious consequences that would befall other companies if they did what Google has done.

The big question is if illegally wiretapping and snooping on millions of Americans is not a serious problem worthy of investigation, sanction, oversight and accountability, what would be?