Groups Similar Search Look up By Text Browse About

ID: 102986

URL: https://thenextweb.com/google/2018/10/11/congress-is-fed-up-with-google-after-it-hid-major-data-breach-for-months/

Date: 2018-10-11

Congress is fed up with Google after it hid major data breach for months

Googles childish approach to business ethics has landed it in hot water with Congress yet again. After discovering a software glitch earlier this year – persisting since 2015 — the company chose to hide it from consumers and regulators. That is, until The Washington Post exposed it earlier this week. The glitch, which has since been fixed, affected the companys Google+ social network and exposed the personal data of nearly 500K users. Not here exactly, but on our new hardware site Plugged. Google has since shut Google+ down permanently. But questions remain over the timeline, and why the company chose not to disclose the glitch and potential breach. Senators John Thune, Roger Wicker, and Jerry Moran, are now demanding answers. The trio sent a letter to Google CEO Sundar Pichai on Thursday requesting information about the nature of the companys response to the breach. Specifically, the Senators are demanding a copy of an internal company memo allegedly detailing plans to keep quiet about the glitch. Google initially stated it hadnt disclosed the glitch because it wasnt sure if any breach had actually occurred. The Senators letter calls that motivation into question: But according to an internal memo cited in the article, a factor in Googles decision not to disclose the vulnerability was fear that doing so would draw immediate regulatory interest, bring Google into the spotlight alongside or even instead of Facebook despite having stayed under radar throughout the Cambridge Analytical scandal, and almost [guarantee] Sundar will testify before Congress. The letter calls on Google to provide the Senators with a copy of the memo and to answer a series of seven questions related to its choice not to disclose the glitch and what it thinks its obligations to its users are. The Senators also gave Google a deadline by which to respond with its answers (5:00 PM, 30 October) and set up a staff meeting. It comes off a bit like Thune and company are trying to give Google extra homework for breaking the rules, but the existence of the memo could be perceived as an attempt to subjugate regulatory efforts during a high-profile period for big tech. Google says it had no legal obligation to disclose the glitch. This latest kerfuffle for Google isnt the first time this year its been in poor graces with members of Congress. Sundar Pichais refusal to join Facebook CEO Mark Zuckerberg and Twitters Jack Dorsey for a hearing last month raised the ire of Capitol Hill. Now Pichai runs the risk of Congress ordering one that focuses solely on Google. The company appears to be struggling to find its identity under Pichais leadership. This year alone it suffered employee protests over its involvement in developing AI for the military and for building a censored Search engine for the Chinese government. The latter of which earned it yet another rebuking from the US government when Vice President Mike Pence personally requested Google immediately stop working on it. It cant be a good thing for Google to be on the US governments bad side — especially considering AI regulation is almost certainly coming to the US. Perhaps Googles parent company, Alphabet, should consider putting someone in charge who doesnt, allegedly, need to be protected from testifying in front of Congress.



ID: 103061

URL: https://arstechnica.com/tech-policy/2018/10/senators-to-google-why-didnt-you-disclose-google-vulnerability-sooner/

Date: 2018-10-11

Senators to Google: Why didn’t you disclose Google+ vulnerability sooner?

3 GOP senators want Google to give answers over data leak that affected 500,000 users. So far, one federal proposed class-action lawsuit has been filed in the wake of the episode. In a Thursday letter sent to Google CEO Sundar Pichai, Sen. John Thune (R-S.D.), Sen. Roger Wicker (R-Miss.), and Sen. Jerry Moran (R-Kan.) have asked a number of pointed questions of the tech giant. Among others, the lawmakers seek answers to some basic questions that for now the company has been unwilling to answer publicly. As they wrote: Please describe in detail when and how Google became aware of this vulnerability and what actions Google took to remedy it. Why did Google choose not to disclose the vulnerability, including to the Committee or to the public, until many months after it was discovered? Are there similar incidents which have not been publicly disclosed? …Please provide a copy of Google's internal memo cited in the WSJ article. The senators asked Google to respond by 5pm ET on October 30. Google did not immediately respond to Ars request for comment.



ID: 103099

URL: https://www.engadget.com/2018/10/11/congress-seeks-information-google-data-exposure/

Date: 2018-10-11

Congress seeks more information on the Google+ data exposure

It sent the company a letter requesting additional details. Since the Google+ data exposure came to light earlier this week, European regulatory authorities have announced investigations into the matter and a US Senator has called for an FTC probe. Now, the Senate Committee on Commerce, Science and Transportation has sent the company a letter requesting more information about the incident and Google's decision to keep it under wraps. "Data privacy is an issue of great concern for many Americans who use online services. Particularly in the wake of the Cambridge Analytica controversy, consumers' trust in the companies that operate those services to keep their private data secure has been shaken," the Senators write. "It is for this reason that the reported contents of Google's internal memo are so troubling. At the same time that Facebook was learning the important lesson that tech firms must be forthright with the public about privacy issues, Google apparently elected to withhold information about a relevant vulnerability for fear of public scrutiny." While Google discovered and fixed a bug in March that allowed outside developers to access around 500,000 Google+ users' private info, it chose not to disclose the finding. The company's official line is that because there was no evidence that data was misused and no way to know who was affected, it didn't find a disclosure necessary. However, an internal memo obtained by the Wall Street Journal noted that revealing the bug could result in "us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal. " The letter, which was signed by committee Chairman John Thune (R-SD) and subcommittee Chairmen Roger Wicker (R-MS) and Jerry Moran (R-KS), asks for a copy of the memo referenced by the Wall Street Journal as well as detailed information on how the company discovered the issue and dealt with it. Additionally, the committee wants to know why Google didn't disclose the bug, whether it reported the problem to the FTC, if any similar incidents have been found and not reported and if Google will inform the committee in the event that it finds the bug did lead to data misuse. The committee has requested a response by October 30th as well as a staff briefing on the matter.



ID: 103112

URL: https://www.theverge.com/2018/10/11/17964134/google-plus-congress-privacy-data-vulnerability

Date: 2018-10-11

Google faces mounting pressure from Congress over Google+ privacy flaw

Republican leaders from the Senate Commerce Committee are demanding answers from Google CEO Sundar Pichai about a recently unveiled Google+ vulnerability, requesting the companys internal communications regarding the issue in a letter today. This past March, Google had discovered a flaw in its Google+ API that had the potential to expose the private information of hundreds of thousands of users. In the internal memo first obtained by The Wall Street Journal, officials at Google opted not to disclose the vulnerability to its users or the public for fear of bad press and potential regulatory action. Now, lawmakers are asking to see those communications firsthand. As the Senate Commerce Committee works toward legislation that establishes a nationwide privacy framework to protect consumer data, improving transparency will be an essential pillar of the effort to restore Americans faith in the services they use, the lawmakers wrote. It is for this reason that the reported contents of Googles internal memo are so troubling. On Wednesday, some of the senators Democratic counterparts on the committee reached out to the Federal Trade Commission to demand that the agency investigate the Google+ security flaw, saying in a letter that if agency officials discover problematic conduct, we encourage you to act decisively to end this pattern of behavior through substantial financial penalties and strong legal remedies. The Google+ privacy flaw comes amid a heated debate over consumer data privacy kicked off by Facebooks ongoing Cambridge Analytica scandal. Over the past few weeks, lawmakers have repeatedly heard from tech executives, policy heads, and advocates on how to craft an overarching federal privacy bill. Pichai has stayed away from those discussions, even leaving the companys seat vacant at a recent Senate Intelligence Committee hearing in which executives from Facebook and Twitter faced off with lawmakers. At the same time, some senators are expressing a new openness to anti-monopoly action against modern tech companies like Google. In an interview published today in The Atlantic, Sen. Mark Warner (D-VA) expressed concern that both Google and Facebook may be too large for effective competitors to emerge. Is there ever an ability to really break up their market dominance? Warner said. Even if youve got a better app, you can never match them on dataBy sending these letters and requesting investigations, Congress is beginning to take what theyve heard in hearings to start to take action on behalf of consumers. Particularly in the wake of the Cambridge Analytica controversy, consumers trust in the companies that operate those services to keep their private data secure has been shaken, todays letter reads. At the same time that Facebook was learning the important lesson that tech firms must be forthright with the public about privacy issues, Google apparently elected to withhold information about a relevant vulnerability for fear of public scrutiny. Google has until October 30th to respond to the senators inquiries, just weeks before Pichai is scheduled to testify in front of the House Judiciary Committee following the November midterm elections. An exact date for that hearing has yet to be announced.