Google privacy impact on feds becomes clearer

Responding to an outcry over its new privacy policy, Google is now offering tips on how users can minimize the profiling of their personal information. But federal users still may be vulnerable to new risks under the policy, experts said.

While the new privacy policies do not apply to current Google Apps for Government cloud contracts, federal employees still are potentially vulnerable to several types of privacy risks, especially when they use Google services in their private lives.

Under the new privacy policy announced on Jan. 24, Google officials said the company would collect each user’s information from Gmail, search, YouTube, Google Maps and its many other platforms and integrate it into an individual profile for the user. The goal is to better target advertising to each person across platforms. Users cannot opt out of the new policy.

Initial reaction, while somewhat mixed, raised broad questions about risks to privacy for all users, including heightened risks related to profiling and loss of locational privacy for federal executives and employees using Google services at work and at home.

The questions included whether Google would assemble detailed dossiers on individuals, how long the information would be stored, who might have access to it, and whether it would ever be disclosed publicly or to third parties.

Google, in an "FAQ" on the new policy, said it only releases the user’s profiling information in rare cases for “valid legal requests.” In the past, that has included law enforcement agency requests, not necessarily with a warrant, said David Jacobs, consumer privacy fellow with the Electronic Privacy Information Center, in an interview with Federal News Radio on Jan. 27.

The privacy risks presumably would be greatest for federal workers in sensitive positions, such as law enforcement, national security and contracting. For example, a federal law enforcement agent who uses an Android phone in his private life would be sharing potentially sensitive phone numbers and location information with Google under the new policy.

A Google profile on a federal user with a private Gmail account might also present a “tempting target” for cyber hackers, Jacobs added. Chinese hackers were alleged to have broken into the Gmail accounts of several White House officials in one incident, he said.

Since the initial Google announcement, the General Services Administration released a statement to FCW saying Google Apps for Government is exempted from the new privacy policy.

Google also confirmed that the privacy changes do not apply to the existing contracts negotiated with the federal government, according to an article in the Washington Post.

However, despite those clarifications, the privacy issues apparently still would apply to federal users who use Google applications or services at work without a contract, or who use Google services at home.

“Government agencies or government employees that use Google in private capacities, or that use Google’s freely available services without a contract, are going to have to deal with the new changes in privacy practices,” Jacobs said in the Federal News Radio interview.

Since the announcement, Google also has clarified that users can minimize how many personal details are collected on them.

“You still have choice and control,” Google said in the “FAQ.” “You don’t need to sign in to use many of our services, including Search, Maps and YouTube. If you’re signed in, you can still edit or turn off your Search history, switch Gmail chat to “off the record,” control the way Google tailors ads to your interests, use Incognito mode on Chrome, or use any of the other privacy tools we offer.” The company suggested users take advantage of the Google Dashboard for some settings.

However, several experts have pointed out that those controls don't solve all the risks. Users of Androids are especially likely to be affected by the profiling of their information, including collection of phone numbers and location data, according to an article in the Washington Post.

That is because most Android users maintain their Gmail or YouTube sign-in while using the smart phone. If they don't, they sacrifice a lot of the functionality that people buy smart phones for, the Post article said.