Privacy

As Google continues to struggle to defend its changes to its privacy policies, the company could see the whole controversy shift to a federal court.

The Electronic Privacy Information Center said Wednesday that it planned to ask a federal court to order the Federal Trade Commission to enforce the privacy settlement the agency reached last year with Google. EPIC says Google's privacy changes violate that settlement.

"We haven't yet seen the filing so [we] can't comment on the specifics," Google said in a statement in response to EPIC's court filing. "Protecting people's privacy is something we think about all day across the company, and we welcome discussions about our approach."

Google says the changes will make it easier for users to understand its privacy policies. It also denied a claim EPIC made in its court filing that the company did not obtain users consent before sharing data with third parties. Google maintains that it does not share user data with third parties and that will continue to be the case even after the privacy changes go into effect on March 1.

No matter how hard it tries, it appears Google has yet to convince members of Congress that its proposed privacy changes are not as troubling as they appear to some on the surface.

Google Deputy General Counsel Mike Yang and Public Policy Director Pablo Chavez met Thursday with about 10 members of the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade, which has jurisdiction over consumer privacy, to address concerns over the changes the company plans to make to its privacy policies on March 1.

Last week, the company said it plans to consolidate its numerous privacy policies but also will track users and collect data about them as they move from one Google product to another. In addition to the briefing, Google issued yet another blog post Wednesday about the privacy changes in which it tried to debunk what it described as myths about its approach to privacy.

Subcommittee Chairwoman Mary Bono Mack, R-Calif., who organized the closed-door briefing, told reporters that while Google did a thorough job of explaining the changes and the tools available to consumers to control the level of privacy they want, she and other members were not satisfied with everything they heard.

"At the end of the day, ultimately, I don't think that their answers to us were very forthcoming necessarily in what this really means for the safety of our families and our children and ourselves," she said. "At the same time, they did a thorough walk through of the technology that exists and explained how they feel they can still protect privacy to whatever level the consumer wants. I think the concern in Congress is how much active participation does a user have to do to protect their privacy."

She said that when members asked about why Google wasn't offering consumers a clear opt-out of having data collected about them, the Google officials pointed to the various privacy control tools such as Google Dashboard. Bono Mack said she and other committee members continue to worry that these tools are "too complicated to find, too complicated to do."

Despite such concerns, Bono Mack gave little indication that the committee plans to do much more at this point other than hold more hearings this year on consumer privacy and continue to press Google for better answers.

A Bono Mack aide noted that Google officials have said they do not think the privacy changes violate the privacy settlement it reached last year with the Federal Trade Commission over the roll out of its now-defunct social networking service Buzz. He noted that panel, however, plans to reach out to the FTC itself for clarification on the issue. So far, the FTC has declined to comment on the issue.

As the tech world anxiously awaits Facebook's expected initial public offering, a Forbes columnist questioned the value of owning stock in the social networking service.

The daily online deals site LivingSocial lost $558 million last year, the Washington Post reports.

Microsoft is looking to take advantage of the public uproar over Google's proposed changes to its privacy policies, Information Week reports.

WikiLeaks founder Julian Assange is appealing a British court's order that he be extradited to Sweden to face sexual misconduct allegations, according to The New York Times.

All of today's e-Reads can be found on our Tech Page.

A month after its bid to buy rival T-Mobile USA was derailed, AT&T announced it is reshuffling its management by putting a company veteran in a new position where he will help chart the company's future business strategy, Reuters reports.

Members of the Senate Judiciary subcommittee questioned calls to update a 1988 law aimed at protecting privacy of video rental records, PC World reports.

Amazon announced that its fourth quarter profits fell by 57 percent due to increased shipping costs and its Kindle Fire, which the Internet retailer is selling at a loss, according to Bloomberg.

USA Today reports that scammers are targeting those Facebook users who are wary of the company's plans to roll out its new Timeline service.

Apple has become the world's top PC maker -- if its popular iPad tablet is included in the definition of a personal computer, according to Information Week.

To read all of today's e-Reads, go to our Tech page.

Google is defending its proposed changes to its privacy policies against bipartisan concern on Capitol Hill, saying that it still gives consumers control and many tools to manage their privacy.

Google said last week that while it is streamlining privacy policies, it also will track and collect data about users as they move from one Google service to another.

"We believe that the relevant issue is whether users have choices about how their data is collected and used," Google Public Policy Director Pablo Chavez wrote in a letter Monday to lawmakers.

House lawmakers from both parties, however, have raised concerns about the changes, including why Google is not offering users an opportunity to opt out of being tracked while using all of Google's services.

Google argued in its letter that the company is not collecting any new information and still provides users with many tools to manage the level of privacy they want to have while using Google products. Chavez noted, for example, that if users have chosen to opt out of receiving targeted ads, that preference will not change.

"We give users choice and control over how they use our products. People can use many of our services, including Search, Maps, Google News, YouTube and more, without logging into their Google Account, or creating one in the first place," Chavez said.

Some of the lawmakers who wrote Google last week say they are not satisfied with the company's explanation. "Google did a little tap dancing in the letter, and Chairman Bono Mack intends to aggressively pursue the 'opt out' question in our briefing with the company later this week," said Ken Johnson, a spokesman for Rep. Mary Bono Mack, R-Calif. She chairs the Energy and Commerce subcommittee with jurisdiction over consumer privacy issues and plans to meet privately later this week with Google representatives to discuss its privacy changes.

And Rep. Edward Markey, D-Mass., a senior Energy and Commerce member, said Google has yet to satisfy his concerns. "Sharing users' personal information across its products may make good business sense for Google, but it undermines privacy safeguards for consumers," Markey said in a statement. "Despite Google's recent response, it still appears that consumers will not be able to completely opt-out of data collection and information sharing among Google's services. Congress and consumers need more details, and I look forward to meeting with Google to get clarification about what the options are for consumers who wish to say no to these new changes."

The Obama administration is in talks with the European Commission about possible revisions to a 2000 agreement ensuring U.S. companies are in compliance with the European Union's privacy directive given proposed changes to those rules.

Commerce Department Senior Internet Policy Adviser Ari Schwartz told Tech Daily Dose Thursday that U.S. and EU officials are in discussions about whether the safe harbor agreement also will need to be revised.

The commission on Wednesday proposed several changes to the directive that would streamline compliance but also toughen some of the standards. It also makes it clear that the EU rules do apply to U.S. companies that do business in Europe -- even U.S.-based websites used by Europeans.

Schwartz and Federal Trade Commission member Julie Brill declined to comment on the proposed changes to the EU directive.

But both the Commerce Department and the Federal Trade Commission voiced some concerns with an earlier draft of the commission's proposed changes.

A bipartisan group of House Energy and Commerce members asked Google on Thursday to explain why it plans to start tracking users and collecting information about them across all the company's products.

"As an Internet giant, Google has a responsibility to protect the privacy of its users," the eight lawmakers wrote Google CEO Larry Page. "Therefore, we are writing to learn why Google feels that these changes are necessary, and what steps are being taken to ensure protection of consumers' privacy rights."

The letter was signed by Energy and Commerce ranking member Henry Waxman, D-Calif., Oversight and Investigations Subcommittee Chairman Cliff Stearns, R-Fla., as well as Reps. Joe Barton, R-Texas, Marsha Blackburn, R-Tenn., G.K. Butterfield, D-N.C., Diana DeGette, D-Colo., Edward Markey, D-Mass., and Jackie Speier, D-Calif., who is the only signer who doesn't sit on Energy and Commerce.

Even before announcing its proposed privacy changes on Tuesday, Google was already under scrutiny after reaching a settlement last year with the Federal Trade Commission over allegations that the company deceived its Gmail users in the rollout of its now-defunct social networking service Buzz. Google is also the subject of an antitrust probe by the FTC.

The lawmakers questioned why users are not allowed to opt out of Google's privacy changes. "Consumers should have the ability to opt out of data collection when they are not comfortable with a company's terms of service and that the ability to exercise that choice should be simple and straightforward," they added.

The representatives asked Google to answer by Feb. 16 a long list of questions about the changes, including what information it now collects and will collect after the changes go into effect on March 1, whether it shares such data with anyone else, how the privacy changes affect users of its Android mobile phone operating system, and what protections will be provided to children and teens.

In a new blog post Thursday, Google responded to some of the concerns raised about its privacy changes. It noted that users don't have to be logged into Google to use services such as search or YouTube. And for those who do log in and therefore would be tracked, the company says it offers a variety of privacy controls. "We're making things simpler and we're trying to be upfront about it. Period," Google Policy Manager Betsy Masiello wrote.

Google, meanwhile, now says that the privacy changes will not apply to government workers who use its Google Apps for Government enterprise email system. Google made the comments after Karen Evans, the former director of electronic government in the administration of former President George W. Bush, said the proposed changes would have a "serious impact" on government users.

Some U.S. tech industry officials said Wednesday that they worry that the European Commission's proposed changes to its privacy rules could be costly for them to comply with and may hamper innovation.

"We welcome revisions that would make it easier for global companies to demonstrate compliance with the EU privacy regime, and to ease the administrative burdens," Software and Information Industry Association Vice President Mark MacCarthy said in a statement. "However, SIIA is concerned that the breadth of these proposed regulations threaten the Internet economy and impede economic growth and job creation."

The release of the proposed changes to the commission"s 1995 data privacy directive is the first step in a lengthy process.The commission has called for simplifying the current compliance process that requires businesses to deal with data protection authorities in each EU member country. Under the proposed changes, companies would only have to deal with one data protection authority.

But the commission also calls for toughening the current rules by requiring companies to get express consent from European users before collecting or using personal data. It also would require companies to give users a "right to be forgotten," which would allow users to delete personal data when there is no "legitimate" reason to retain it.

The rules would apply to U.S. companies that do business in Europe or offer services or websites targeted at Europeans. This could include a U.S. based website used by Europeans, such as Google or Facebook. Industry representatives worry it will increase the cost of doing business and possibly hamper innovation.

It's unclear what impact the proposed changes will have on an agreement the United States negotiated with the EU in the late 1990s after the directive first went into effect. The privacy directive bars the transfer of personal data about Europeans to non-EU countries that don't have privacy protections deemed to be "adequate" by EU officials. U.S. companies that adhere to the privacy principles in the safe harbor agreement negotiated between the U.S. and EU were deemed to be in compliance with the directive even though the U.S. lacks a broad consumer privacy law.

But Christopher Wolf, director of Hogan Lovells' privacy and information management practice, said while the EU has been silent on the issue, he expects the safe harbor agreement may eventually have to be revised to reflect the changes to the EU's privacy rules.

Some U.S. privacy advocates said they hope the proposed changes will force some rethinking of the U.S. approach to privacy, which relies on a mix of industry self-regulation and narrowly targeted privacy laws aimed at specific sectors such as finance and health. So far, efforts to pass broad consumer privacy legislation in Congress haven't gone very far.

"Once Google and Facebook are following European rules, there will be no way for the companies to justify the obviously inadequate protection in the U.S.," John Simpson of Consumer Watchdog, a vocal Google critic, said in a statement. Google has come under fire after it said Tuesday that it plans to begin tracking users and collecting data about them as they move from one Google service to another.

The Electronic Privacy Information Center Thursday urged the Federal Trade Commission to examine whether Google's new personalized search results violate antitrust laws or a privacy agreement the Internet firm reached with the agency last year.

Google's new "Search plus Your World" service uses information from its social networking service Google + and other data to provide personalized search results. In a blog post Tuesday about the new service, Google said it would make it easier for users to find more personalized information on the Web, "the people you know and things they've shared with you, as well as the people you don't know but might want to... all from one search box."

Already under scrutiny over privacy mistakes it made in the launch of its now-defunct social networking service Buzz, Google said it "set a high bar" in protecting the privacy of the personalized search results, which are not available to others and are encrypted.

But EPIC said the service still raises privacy concerns. A previous FTC complaint filed by the group against Google's Buzz led to a major privacy settlement with the company last year. The agreement required Google to build privacy into its products, establish a comprehensive privacy program and agree to periodic independent privacy audits. At the same time, the FTC is conducting an antitrust probe of Google examining whether it favors its own products in its search results.

EPIC Executive Director Marc Rotenberg said during a conference call that the rollout of the new search service has parallels with the launch of Buzz in that Google is requiring Google + users to opt out of receiving personalize search results. "Although data from a user's Google + contacts is not displayed publicly, Google's changes make the personal data of users more accessible," Rotenberg wrote in a letter Thursday to the FTC.

EPIC also said incorporating results from Google's social networking service into its popular search engine may put competitors at a disadvantage. "Incorporating results from Google + into ordinary search results allows Google to promote its own social network by leveraging its dominance in the search engine market," Rotenberg said.

In a statement, a Google spokesman said the goal of the new service is to provide users with the most relevant information. "Search plus Your World doesn't change who has access to content, it simply helps people rediscover information they already have access to," the spokesman said in a statement. "We've taken special care with our new features to provide robust security protections, transparency and control for our users."

Two more wireless companies are defending their use of diagnostic software provided by Carrier IQ, saying they do not use it to collect personal information about mobile users.

Sen. Al Franken, D-Minn., released responses on Wednesday from Motorola and T-Mobile to his letter expressing concerns about whether Carrier IQ software is used to collect personal information about smart phone users. Motorola noted that it installs the controversial software on certain smart phones at the request of wireless carriers and doesn't receive any data from Carrier IQ.

T-Mobile said it does not collect any personal information about its subscribers through Carrier IQ's software and only uses the software to help improve the performance of its service. This echoed responses Franken got last week from other wireless companies including AT&T and Sprint as well as Carrier IQ itself.

"The diagnostic software from Carrier IQ assists T-Mobile in improving our customers' wireless experience by capturing and analyzing a narrow set of data related to some of the most common issues our customers' experience: device/battery performance, application failures and signal strength," T-Mobile Senior Vice President Thomas Sugrue wrote in a letter to Franken. "Through Carrier IQ, T-Mobile collects this type of technical data solely to understand what is happening on the device and the network so that we can more effectively and directly troubleshoot" service issues.

Franken has voiced concern about reports that a bug in the Carrier IQ software resulted in some text messages being captured. "I appreciate the responses I received, but I'm still very troubled by what's going on," Franken said last week after receiving responses from other wireless firms. "People have a fundamental right to control their private information. After reading the companies' responses, I'm still concerned that this right is not being respected."

A Franken spokeswoman did not respond to a request for comment on whether her boss plans to seek more information through a hearing or offer legislation. Franken introduced legislation earlier this year that would require companies to obtain explicit permission from users before tracking their location information or sharing it with third parties.

Carrier IQ has denied reports that federal authorities are investigating the company over concerns raised about its software.