Google's new privacy policy raises new worries for feds

Following Google’s announcement of sweeping changes to its privacy policies on Jan. 24, concerns are being raised about possible user profiling and access to user information that could affect federal agencies and employees.

For example, a privacy watchdog is cautioning that there may be implications for Google’s role as a vendor of cloud email, Android mobile solutions and identity management services to federal agencies.

“Congress should investigate Google's role as a federal contractor in light of its new data collection and profiling practices,” Jeff Chester, executive director of the Center for Digital Democracy, wrote in an email to FCW on Jan. 25. “The government should require a better privacy standard from Google when it serves as a federal contractor.”


Related story:

Google search change could hamper access to government info


However, the General Services Administration said its Google Apps for Government are not at risk and are not affected by Google’s new privacy policy.

"The recent changes announced by Google pertain only to their free, publicly available services,” the GSA statement said. “These changes do not apply to Google Apps for Government, which is the version used by GSA. Our usage of the Google Apps solution is governed by contractual agreement with Google and our prime contractor, Unisys. The solution is compliant with all federal regulations and requirements, including those regarding privacy and data protection."

Even so, while the GSA’s Google Apps application is exempted, it was not immediately known whether those same conditions applied to other federal agencies utilizing Google services through agreements with YouTube, Gmail and Android application providers, or to agencies using Google’s services as a certified identity provider to the federal government. Google users often have to log in with a username, which, in many workplaces, might be linked to the agency or company as much as the individual user.

Google's new policies are raising questions in the blogosphere about how Google will use the tracking information it collects on individuals, whether it would assemble detailed dossiers on individuals, how long it would be stored, who might have access to it, and whether it would ever be disclosed publicly or to third parties. The answers might have impact on federal workers, especially those in sensitive positions or those involved in contracting.

For example, there might be reason for concern if Google assembles a tracking profile based on online activity by a federal contracting officer who is involved in a vendor selection in which Google is competing. There may be ethical and privacy concerns about which Google company members are allowed to view the profile, or how that profile might be used or distributed.

In another hypothetical scenario, there may be privacy concerns related to Google’s collection of phone numbers and location data for a federal employee in a sensitive national security or law enforcement position who uses an Android mobile device. It was not clear from the announcements how that information would be stored, and who might have access to it.

In theory, those concerns might apply whether the federal contracting officer used Google at work or at home. Broadly speaking, Google’s policy changes also are triggering privacy concerns for the public, including federal executives and employees, who use Google’s search, Gmail, YouTube in their private lives.

Google announced it would begin consolidating and tracking personal user data collected through search, Gmail, YouTube, Google+ and other products into a single user data profile for the purpose of better serving users. That allows Google to better target advertising to individual tastes across platforms; for example, users who view a Lady Gaga video on YouTube may see ads for upcoming concert tickets when they open their Gmail email account.

Google executives described the changes as a streamlining and simplification of its services. “Regulators globally have been calling for shorter, simpler privacy policies—and having one policy covering many different products is now fairly standard across the Web,” Alma Whitten, Google’s director of privacy, product and engineering, wrote in a blog post about the new policy.

The changes go into effect March 1. Users cannot opt out of the new policies.

Reaction to the policy changes on the Web was leaning negative. Although a few bloggers and observers were mildly supportive, many others questioned Google’s motives and foresaw the possibility of broad profiling and significant privacy risks.

“Google’s Broken Promise—The End of ‘Don’t Be Evil,’” was the headline at Gizmodo. “This is an entirely new level of sharing. And given all of the negative feedback that it had with Google+ privacy issues, it's especially troubling that it would take actions that further erode users' privacy," Gizmodo said.

Those risks may be heightened for federal employees in general, many of whom work in sensitive positions, such as federal law enforcement or national security.

Federal contracting workers also may be facing greater privacy risks, as a result of the strict ethics rules and conflict-of-interest prohibitions related to federal contracting. In every agency, there are dozens if not thousands of employees who are covered by the contracting ethics rules.

In Google’s role as a federal contractor, its new privacy policies may create new difficulties, Chester said.

“Google's contracts with the federal government should be reviewed to ensure that it cannot gather and analyze additional data. These contracts may require revision to limit the kinds of data practices Google just announced, which will enable it to collect and harvest complete profiles of its users,” Chester said.

Google's privacy changes are coming at a time when competition appears to be intensifying for social media advertising dollars. Facebook recently changed its format to Timeline, with more than 60 new applications being introduced in its Timeline Open Graph. Google also announced recently it was adding social results to its search engine, which also was greeted with mixed reactions.

Google is on the defensive on its new privacy policy because of its track record on the subject, according to Juliana Gruenwald in an article in the National Journal.

"The company has come under increased attention after a privacy settlement last year with the Federal Trade Commission on privacy concerns over the rollout of Google's now-defunct social-networking service Buzz,” Gruenwald wrote. “The commission said that Google engaged in deceptive practices when it automatically signed Gmail users up for Buzz without users’ consent.”

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Fri, Jan 27, 2012 OBE

Everything you do on the Internet was compromised long ago. Google's publicized Privacy Policy only affects the good and neutral actors. Evil actors were and still are fully capable of messing up your life. Its the cost of 'free'. Get over it.

Thu, Jan 26, 2012

What angers me most is that I take every precaution to protect my identity online and my family and something like this totally goes against everything I believe in when i am online. If i want to connect to a site I have a shortcut on my toolbar.. i dont need google to help me get connected

Thu, Jan 26, 2012

This is a huge violation in my right to privacy. My only choice seemed to be to delete my google accounts so I did and while i was at it.. i deleted facebook too since it appears to be going down the same route.

Thu, Jan 26, 2012 Jim FL

This is why I switched to DuckDuckGo several months ago. They have a strict "no tracking" policy. My understanding is they use the Bing engine in the backend, but it seems to work fine. I very rarely need to go to Google. I have Gmail and Google+ accounts that I don't use and will avoid even more now. I'm glad I never started using GoogleDocs.

Thu, Jan 26, 2012 OccupyIT

Everyone of our contracts includes a Non-Disclosure Agreement (NDA) and Rights in Data Clause. Why should the darling Google be exempt from what we know works? Someone have a sweetheart pushing business their way?

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above