Google privacy impact on feds becomes clearer

Responding to an outcry over its new privacy policy, Google is now offering tips on how users can minimize the profiling of their personal information. But federal users still may be vulnerable to new risks under the policy, experts said.

While the new privacy policies do not apply to current Google Apps for Government cloud contracts, federal employees still are potentially vulnerable to several types of privacy risks, especially when they use Google services in their private lives.

Under the new privacy policy announced on Jan. 24, Google officials said the company would collect each user’s information from Gmail, search, YouTube, Google Maps and its many other platforms and integrate it into an individual profile for the user. The goal is to better target advertising to each person across platforms. Users cannot opt out of the new policy.

Initial reaction, while somewhat mixed, raised broad questions about risks to privacy for all users, including heightened risks related to profiling and loss of locational privacy for federal executives and employees using Google services at work and at home.

The questions included whether Google would assemble detailed dossiers on individuals, how long the information would be stored, who might have access to it, and whether it would ever be disclosed publicly or to third parties.

Google, in an "FAQ" on the new policy, said it only releases the user’s profiling information in rare cases for “valid legal requests.” In the past, that has included law enforcement agency requests, not necessarily with a warrant, said David Jacobs, consumer privacy fellow with the Electronic Privacy Information Center, in an interview with Federal News Radio on Jan. 27.

The privacy risks presumably would be greatest for federal workers in sensitive positions, such as law enforcement, national security and contracting. For example, a federal law enforcement agent who uses an Android phone in his private life would be sharing potentially sensitive phone numbers and location information with Google under the new policy.

A Google profile on a federal user with a private Gmail account might also present a “tempting target” for cyber hackers, Jacobs added. Chinese hackers were alleged to have broken into the Gmail accounts of several White House officials in one incident, he said.

Since the initial Google announcement, the General Services Administration released a statement to FCW saying Google Apps for Government is exempted from the new privacy policy.

Google also confirmed that the privacy changes do not apply to the existing contracts negotiated with the federal government, according to an article in the Washington Post.

However, despite those clarifications, the privacy issues apparently still would apply to federal users who use Google applications or services at work without a contract, or who use Google services at home.

“Government agencies or government employees that use Google in private capacities, or that use Google’s freely available services without a contract, are going to have to deal with the new changes in privacy practices,” Jacobs said in the Federal News Radio interview.

Since the announcement, Google also has clarified that users can minimize how many personal details are collected on them.

“You still have choice and control,” Google said in the “FAQ.” “You don’t need to sign in to use many of our services, including Search, Maps and YouTube. If you’re signed in, you can still edit or turn off your Search history, switch Gmail chat to “off the record,” control the way Google tailors ads to your interests, use Incognito mode on Chrome, or use any of the other privacy tools we offer.” The company suggested users take advantage of the Google Dashboard for some settings.

However, several experts have pointed out that those controls don't solve all the risks. Users of Androids are especially likely to be affected by the profiling of their information, including collection of phone numbers and location data, according to an article in the Washington Post.

That is because most Android users maintain their Gmail or YouTube sign-in while using the smart phone. If they don't, they sacrifice a lot of the functionality that people buy smart phones for, the Post article said.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Mon, Feb 6, 2012 GigHarbor

I noticed on my HTC Verizon phone, that on my search maps, they had a photo of me that does not exist on my phone nor publically but only behind logins. I suspect that Google stole my PII from which was linked to my gmail account. I deleted my photo from there now but Google has it cached. Why should Google be able to steal a photo that is not public and make it public on my phone. This is an outgrage and I want it to be dealt with for me and millions of other people. Google says it doesn't put out PII...that is an outright lie.

Mon, Jan 30, 2012 RayW

The best profile to keep on Google (and many other sites like Facebook) is one full of tailored false information and minimized crosslinking between sites. Although with the current push by the top level of the Federal Gov to be on the sites that are an issue, that probably will not work for some Feds. But then again, some folks look at the Gov and say "what privacy?" and put their bedroom pictures and addresses up, not realizing what else the lack of privacy will affect, now and in the future (just look at some of the random dirt from the past that is pulled up and made to look like yesterday on politicians that the media hate....)

My daughter has what she THOUGHT was a private group on Facebook, until she was being hit on by a strange 'person' on another group who claimed to be a friend but was using the false information. Oh well, you either believe and care or you don't.

Mon, Jan 30, 2012

Google is FAILING their "Don't be evil" motto/pledge.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group