Groups Similar Search Look up By Text Browse About

Google faces mounting pressure from Congress over Google+ privacy flaw


Republican leaders from the Senate Commerce Committee are demanding answers from Google CEO Sundar Pichai about a recently unveiled Google+ vulnerability, requesting the companys internal communications regarding the issue in a letter today. This past March, Google had discovered a flaw in its Google+ API that had the potential to expose the private information of hundreds of thousands of users. In the internal memo first obtained by The Wall Street Journal, officials at Google opted not to disclose the vulnerability to its users or the public for fear of bad press and potential regulatory action. Now, lawmakers are asking to see those communications firsthand. As the Senate Commerce Committee works toward legislation that establishes a nationwide privacy framework to protect consumer data, improving transparency will be an essential pillar of the effort to restore Americans faith in the services they use, the lawmakers wrote. It is for this reason that the reported contents of Googles internal memo are so troubling. On Wednesday, some of the senators Democratic counterparts on the committee reached out to the Federal Trade Commission to demand that the agency investigate the Google+ security flaw, saying in a letter that if agency officials discover problematic conduct, we encourage you to act decisively to end this pattern of behavior through substantial financial penalties and strong legal remedies. The Google+ privacy flaw comes amid a heated debate over consumer data privacy kicked off by Facebooks ongoing Cambridge Analytica scandal. Over the past few weeks, lawmakers have repeatedly heard from tech executives, policy heads, and advocates on how to craft an overarching federal privacy bill. Pichai has stayed away from those discussions, even leaving the companys seat vacant at a recent Senate Intelligence Committee hearing in which executives from Facebook and Twitter faced off with lawmakers. At the same time, some senators are expressing a new openness to anti-monopoly action against modern tech companies like Google. In an interview published today in The Atlantic, Sen. Mark Warner (D-VA) expressed concern that both Google and Facebook may be too large for effective competitors to emerge. Is there ever an ability to really break up their market dominance? Warner said. Even if youve got a better app, you can never match them on dataBy sending these letters and requesting investigations, Congress is beginning to take what theyve heard in hearings to start to take action on behalf of consumers. Particularly in the wake of the Cambridge Analytica controversy, consumers trust in the companies that operate those services to keep their private data secure has been shaken, todays letter reads. At the same time that Facebook was learning the important lesson that tech firms must be forthright with the public about privacy issues, Google apparently elected to withhold information about a relevant vulnerability for fear of public scrutiny. Google has until October 30th to respond to the senators inquiries, just weeks before Pichai is scheduled to testify in front of the House Judiciary Committee following the November midterm elections. An exact date for that hearing has yet to be announced.

Senators to Google: Why didn’t you disclose Google+ vulnerability sooner?


3 GOP senators want Google to give answers over data leak that affected 500,000 users. So far, one federal proposed class-action lawsuit has been filed in the wake of the episode. In a Thursday letter sent to Google CEO Sundar Pichai, Sen. John Thune (R-S.D.), Sen. Roger Wicker (R-Miss.), and Sen. Jerry Moran (R-Kan.) have asked a number of pointed questions of the tech giant. Among others, the lawmakers seek answers to some basic questions that for now the company has been unwilling to answer publicly. As they wrote: Please describe in detail when and how Google became aware of this vulnerability and what actions Google took to remedy it. Why did Google choose not to disclose the vulnerability, including to the Committee or to the public, until many months after it was discovered? Are there similar incidents which have not been publicly disclosed? …Please provide a copy of Google's internal memo cited in the WSJ article. The senators asked Google to respond by 5pm ET on October 30. Google did not immediately respond to Ars request for comment.