Thursday, January 26, 2012

privacy - Google's new login consolidation rules (Tu.24Jan12)

video source: http://youtu.be/KGghlPmebCY

Uploaded by on Jan 24, 2012
A brief overview of recent changes to the Google Privacy Policy
     Google announced this week that it is rolling out a new, main privacy policy that covers the majority of its products.  The company is consolidating over 60 privacy notices into the main privacy policy.  It's keeping a few separate for "legal and other reasons". 
     "The main change is for users with Google Accounts," explains Alma Whitten, Director of Privacy, Product and Engineering at Google.  "Our new Privacy Policy makes clear that, if you're signed in, we may combine information you've provided from one service with information from other services. In short, we'll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience."
From: FCW Daily  Sent: Thursday, January 26, 2012 Subject: Say goodbye to some favorite technologies | Google's new rules raise new worries
Google's new privacy policy raises new worries for feds
By Alice Lipowicz, Federal Computer Week, January 25, 2012
article source: http://fcw.com/Articles/2012/01/25/Googles-new-privacy-policy-could-have-impacts-on-feds-at-work-and-at-home.aspx?s=fcwdaily_260112&p=1
     Following Google's announcement of sweeping changes to its privacy policies on Jan. 24, concerns are being raised about possible user profiling and access to user information that could affect federal agencies and employees.
     For example, a privacy watchdog is cautioning that there may be implications for Google's role as a vendor of cloud email, Android mobile solutions and identity management services to federal agencies.
     "Congress should investigate Google's role as a federal contractor in light of its new data collection and profiling practices," Jeff Chester, executive director of the Center for Digital Democracy, wrote in an email to FCW on Jan. 25.  "The government should require a better privacy standard from Google when it serves as a federal contractor."

Related story: Google search change could hamper access to government info

     However, the General Services Administration said its Google Apps for Government are not at risk and are not affected by Google's new privacy policy.
     "The recent changes announced by Google pertain only to their free, publicly available services," the GSA statement said.  "These changes do not apply to Google Apps for Government, which is the version used by GSA.  Our usage of the Google Apps solution is governed by contractual agreement with Google and our prime contractor, Unisys.  The solution is compliant with all federal regulations and requirements, including those regarding privacy and data protection."
     Even so, while the GSA's Google Apps application is exempted, it was not immediately known whether those same conditions applied to other federal agencies utilizing Google services through agreements with YouTube, Gmail and Android application providers, or to agencies using Google's services as a certified identity provider to the federal government.  Google users often have to log in with a username, which, in many workplaces, might be linked to the agency or company as much as the individual user.
     Google's new policies are raising questions in the blogosphere about how Google will use the tracking information it collects on individuals, whether it would assemble detailed dossiers on individuals, how long it would be stored, who might have access to it, and whether it would ever be disclosed publicly or to third parties.  The answers might have impact on federal workers, especially those in sensitive positions or those involved in contracting.
     For example, there might be reason for concern if Google assembles a tracking profile based on online activity by a federal contracting officer who is involved in a vendor selection in which Google is competing.  There may be ethical and privacy concerns about which Google company members are allowed to view the profile, or how that profile might be used or distributed.
     In another hypothetical scenario, there may be privacy concerns related to Google's collection of phone numbers and location data for a federal employee in a sensitive national security or law enforcement position who uses an Android mobile device.  It was not clear from the announcements how that information would be stored, and who might have access to it.
     In theory, those concerns might apply whether the federal contracting officer used Google at work or at home.  Broadly speaking, Google's policy changes also are triggering privacy concerns for the public, including federal executives and employees, who use Google's search, Gmail, YouTube in their private lives.
     Google announced it would begin consolidating and tracking personal user data collected through search, Gmail, YouTube, Google+ and other products into a single user data profile for the purpose of better serving users.  That allows Google to better target advertising to individual tastes across platforms; for example, users who view a Lady Gaga video on YouTube may see ads for upcoming concert tickets when they open their Gmail email account.
     Google executives described the changes as a streamlining and simplification of its services.  "Regulators globally have been calling for shorter, simpler privacy policies—and having one policy covering many different products is now fairly standard across the Web," Alma Whitten, Google's director of privacy, product and engineering, wrote in a blog post about the new policy. 
     The changes go into effect March 1.  Users cannot opt out of the new policies.      Reaction to the policy changes on the Web was leaning negative.  Although a few bloggers and observers were mildly supportive, many others questioned Google's motives and foresaw the possibility of broad profiling and significant privacy risks.
     "Google's Broken Promise—The End of 'Don't Be Evil,'" was the headline at Gizmodo. "This is an entirely new level of sharing.  And given all of the negative feedback that it had with Google+ privacy issues, it's especially troubling that it would take actions that further erode users' privacy," Gizmodo said.
     Those risks may be heightened for federal employees in general, many of whom work in sensitive positions, such as federal law enforcement or national security.
     Federal contracting workers also may be facing greater privacy risks, as a result of the strict ethics rules and conflict-of-interest prohibitions related to federal contracting.  In every agency, there are dozens if not thousands of employees who are covered by the contracting ethics rules.
In Google's role as a federal contractor, its new privacy policies may create new difficulties, Chester said.
     "Google's contracts with the federal government should be reviewed to ensure that it cannot gather and analyze additional data.  These contracts may require revision to limit the kinds of data practices Google just announced, which will enable it to collect and harvest complete profiles of its users," Chester said.
     Google's privacy changes are coming at a time when competition appears to be intensifying for social media advertising dollars.  Facebook recently changed its format to Timeline, with more than 60 new applications being introduced in its Timeline Open Graph. Google also announced recently it was adding social results to its search engine, which also was greeted with mixed reactions.
Google is on the defensive on its new privacy policy because of its track record on the subject, according to Juliana Gruenwald in an article in the National Journal.
     "The company has come under increased attention after a privacy settlement last year with the Federal Trade Commission on privacy concerns over the rollout of Google's now-defunct social-networking service Buzz," Gruenwald wrote.  "The commission said that Google engaged in deceptive practices when it automatically signed Gmail users up for Buzz without users' consent."
     About the Author:  Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.  Follow her on Twitter: @AliceLipowicz
Reader comments
Thu, Jan 26, 2012 Jim FL
This is why I switched to DuckDuckGo several months ago.  They have a strict "no tracking" policy.  My understanding is they use the Bing engine in the backend, but it seems to work fine.  I very rarely need to go to Google.  I have Gmail and Google+ accounts that I don't use and will avoid even more now.  I'm glad I never started using GoogleDocs.
Thu, Jan 26, 2012 OccupyIT
Everyone of our contracts includes a Non-Disclosure Agreement (NDA) and Rights in Data Clause.  Why should the darling Google be exempt from what we know works?  Someone have a sweetheart pushing business their way?
Thu, Jan 26, 2012
The combined policy is actually an improvement.  You have always been able to, and still can, opt out of using this data to serve you ads.  http://techcrunch.com/2012/01/24/you-call-that-evil/
Thu, Jan 26, 2012 Tom Savage
The most important question, IMHO, is whether or not tracking information could be compromised by bad guys.  It could happen.  The wisest course of action is simply not to collect it for your Government customers.


1 comment:

  1. Good information. Lucky me I came across уour site by chance (stumbleupon).
    I've book marked it for later!
    Also see my website > one month loan

    ReplyDelete

Please, avoid posting advertisements. Content comments are welcomed, including anonymous. Posts with profanity will not be published.