Groups Similar Search Look up By Text Browse About

Senators to Google: Why didn’t you disclose Google+ vulnerability sooner?

3 GOP senators want Google to give answers over data leak that affected 500,000 users. So far, one federal proposed class-action lawsuit has been filed in the wake of the episode. In a Thursday letter sent to Google CEO Sundar Pichai, Sen. John Thune (R-S.D.), Sen. Roger Wicker (R-Miss.), and Sen. Jerry Moran (R-Kan.) have asked a number of pointed questions of the tech giant. Among others, the lawmakers seek answers to some basic questions that for now the company has been unwilling to answer publicly. As they wrote: Please describe in detail when and how Google became aware of this vulnerability and what actions Google took to remedy it. Why did Google choose not to disclose the vulnerability, including to the Committee or to the public, until many months after it was discovered? Are there similar incidents which have not been publicly disclosed? …Please provide a copy of Google's internal memo cited in the WSJ article. The senators asked Google to respond by 5pm ET on October 30. Google did not immediately respond to Ars request for comment.

Congress seeks more information on the Google+ data exposure

It sent the company a letter requesting additional details. Since the Google+ data exposure came to light earlier this week, European regulatory authorities have announced investigations into the matter and a US Senator has called for an FTC probe. Now, the Senate Committee on Commerce, Science and Transportation has sent the company a letter requesting more information about the incident and Google's decision to keep it under wraps. "Data privacy is an issue of great concern for many Americans who use online services. Particularly in the wake of the Cambridge Analytica controversy, consumers' trust in the companies that operate those services to keep their private data secure has been shaken," the Senators write. "It is for this reason that the reported contents of Google's internal memo are so troubling. At the same time that Facebook was learning the important lesson that tech firms must be forthright with the public about privacy issues, Google apparently elected to withhold information about a relevant vulnerability for fear of public scrutiny." While Google discovered and fixed a bug in March that allowed outside developers to access around 500,000 Google+ users' private info, it chose not to disclose the finding. The company's official line is that because there was no evidence that data was misused and no way to know who was affected, it didn't find a disclosure necessary. However, an internal memo obtained by the Wall Street Journal noted that revealing the bug could result in "us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal. " The letter, which was signed by committee Chairman John Thune (R-SD) and subcommittee Chairmen Roger Wicker (R-MS) and Jerry Moran (R-KS), asks for a copy of the memo referenced by the Wall Street Journal as well as detailed information on how the company discovered the issue and dealt with it. Additionally, the committee wants to know why Google didn't disclose the bug, whether it reported the problem to the FTC, if any similar incidents have been found and not reported and if Google will inform the committee in the event that it finds the bug did lead to data misuse. The committee has requested a response by October 30th as well as a staff briefing on the matter.