Privacy groups seek FTC probe of Google, Yahoo for exposing data to NSA
Contend that unseen data collection by NSA suggests lack of adequate security on Internet company networks
Computerworld - Several advocacy groups are calling for an investigation into Internet companies Yahoo and Google whose networks were secretly accessed by the National Security Agency (NSA).
In a letter sent Wednesday, the groups asked the U.S. Federal Trade Commission (FTC) find out how the NSA could to extract so much data without the knowledge of Google and Yahoo.
"The Commission should pursue this investigation because it routinely holds itself out as the defender of consumer privacy in the United States," the authors said. "It is inconceivable that when faced with the most significant breach of consumer data in U.S. history, the Commission could ignore the consequences for consumer privacy."
The letter, signed by officials from the Electronic Privacy Information Center, Privacy Rights Clearinghouse, Center for Digital Democracy and others, follows recent reports that the NSA gained access to millions of consumer records by secretly tapping directly into data streams from major Internet companies.
The reports prompted fresh concern about NSA surveillance activities and of the privacy of data being held by the world's largest Internet companies.
Google, Yahoo, Microsoft and others have insisted that they divulge consumer information to the NSA and other government agencies only under appropriate court orders. Each has denied providing any help to the NSA and other spy agencies gathering data on Internet users.
In fact, in a court filing earlier this week the companies demanded that the government release more information about the kind of data that Internet companies are being asked to provide the NSA.
The letter from the privacy groups stands out because it seeks to hold Google and Yahoo responsible for the NSA's data collection activities because of a lack of network security controls.
"We are saying that the companies should do more to protect the privacy of user data and that the FTC has a responsibility to police these practices, particularly since both Google and Facebook are subject to consent orders concerning privacy," said Marc Rotenberg, executive director of EPIC.
Rotenberg said consumer privacy groups have long urged Internet companies to adopt better privacy and security practices to safeguard the information they collect. He noted that privacy groups have asked Internet companies to minimize data collection when possible and to delete unneeded data.
Therefore, Internet companies must be held responsible for breaches of data they store, he said.
A Google spokeswoman wouldn't comment on the letter. Yahoo didn't respond to a request for comment.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is firstname.lastname@example.org.
- U.S. commercial drone industry struggles to take off
- Snowden leaks erode trust in Internet companies, government
- NSA phone metadata collection program renewed for 90 days
- NSA isn't evil, says noted civil libertarian
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts