Google privacy impact on feds becomes clearer
- By Alice Lipowicz
- Jan 27, 2012
While the new privacy policies do not apply to current Google Apps for Government cloud contracts, federal employees still are potentially vulnerable to several types of privacy risks, especially when they use Google services in their private lives.
Initial reaction, while somewhat mixed, raised broad questions about risks to privacy for all users, including heightened risks related to profiling and loss of locational privacy for federal executives and employees using Google services at work and at home.
The questions included whether Google would assemble detailed dossiers on individuals, how long the information would be stored, who might have access to it, and whether it would ever be disclosed publicly or to third parties.
Google, in an "FAQ" on the new policy, said it only releases the user’s profiling information in rare cases for “valid legal requests.” In the past, that has included law enforcement agency requests, not necessarily with a warrant, said David Jacobs, consumer privacy fellow with the Electronic Privacy Information Center, in an interview with Federal News Radio on Jan. 27.
The privacy risks presumably would be greatest for federal workers in sensitive positions, such as law enforcement, national security and contracting. For example, a federal law enforcement agent who uses an Android phone in his private life would be sharing potentially sensitive phone numbers and location information with Google under the new policy.
A Google profile on a federal user with a private Gmail account might also present a “tempting target” for cyber hackers, Jacobs added. Chinese hackers were alleged to have broken into the Gmail accounts of several White House officials in one incident, he said.
Google also confirmed that the privacy changes do not apply to the existing contracts negotiated with the federal government, according to an article in the Washington Post.
However, despite those clarifications, the privacy issues apparently still would apply to federal users who use Google applications or services at work without a contract, or who use Google services at home.
“Government agencies or government employees that use Google in private capacities, or that use Google’s freely available services without a contract, are going to have to deal with the new changes in privacy practices,” Jacobs said in the Federal News Radio interview.
Since the announcement, Google also has clarified that users can minimize how many personal details are collected on them.
“You still have choice and control,” Google said in the “FAQ.” “You don’t need to sign in to use many of our services, including Search, Maps and YouTube. If you’re signed in, you can still edit or turn off your Search history, switch Gmail chat to “off the record,” control the way Google tailors ads to your interests, use Incognito mode on Chrome, or use any of the other privacy tools we offer.” The company suggested users take advantage of the Google Dashboard for some settings.
However, several experts have pointed out that those controls don't solve all the risks. Users of Androids are especially likely to be affected by the profiling of their information, including collection of phone numbers and location data, according to an article in the Washington Post.
That is because most Android users maintain their Gmail or YouTube sign-in while using the smart phone. If they don't, they sacrifice a lot of the functionality that people buy smart phones for, the Post article said.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.