Coalition of 38 States Draws Up Security Steps for Google

After a two-year investigation into whether or not Google’s Street View violates privacy protections, law enforcement officials have again told the company it is time to shape up. Google acknowledged breaches this week and said no longer will there be a scenario in which a midlevel engineer launches a program to secretly gather data from possibly millions of unencrypted global Wi-Fi networks, unbeknownst to his bosses.

“To make sure of this, a coalition of 38 states has drawn up numerous specific steps for Google to take, ranging from educating its engineers to educating its lawyers,” reports The New York Times. “Whatever Google was doing before to improve its privacy controls was not enough, the states say.”

“There is no reason to believe they are not going to comply with each and every term in this agreement,” said Matthew F. Fitzsimmons, the Connecticut assistant attorney general who worked on the settlement.

Compliance by Google will not be directly monitored, but if states believe the company is in breach, they can address concerns with the executive committee behind the deal, including AG’s of Massachusetts, Illinois and Texas.

Some privacy experts are encouraged by the program. “This gives me some glimmer of hope that going forward, the culture of Google will include more privacy by design,” said Joseph L. Hall, senior staff technologist at the Center for Democracy and Technology. “Then they could do things in an innovative way on the front end that won’t result in needing to beg for forgiveness later.”

Others are less optimistic. “People who care about privacy have to be grateful that the state AG’s are trying to do their jobs, but it is hard to imagine this latest settlement will make much difference in how Google behaves,” said attorney Gary L. Reback, who represented companies that unsuccessfully pushed for antitrust charges against Google. “This is the third time the company has promised to educate its employees, including once in a Federal Trade Commission order, all to no avail.”

“Under a settlement Google made with the FTC in 2011, the company must submit to an independent audit of a newly constructed privacy plan every two years for two decades,” notes the article. “The settlement concerned Google’s unauthorized use of private information of users of its Gmail service as public content for its Google Buzz social network.”