Google Kept Quiet About an API Bug That Leaked User Data
By Bailey Steen
Google, the internet’s favorite search engine monopoly, exposed the private data of hundreds of thousands of their users. According to documents reviewed by The Wall Street Journal and an internal source for The Washington Post, the company kept quiet about a harmful “API bug” more than six months after their internal predictions found it could place their entire Google+ user network at risk. Their refusal to inform the public was reportedly out of fear the tech giant would likely face “regulatory scrutiny” and “reputational damages” for the breach. Ironically, this delay could spark a new round of regulatory and political scrutiny.
The data breach occurred earlier this March, during the height of Facebook’s Cambridge Analytica scandalwhere 87 million of their users’ personal data was exposed and exploited by the Trump-linked advertising firm. The Journal discovered a memo, prepared by Google’s legal and policy staff and shared with senior executives, which warned disclosing the incident would trigger “immediate regulatory interest” and invite a repeat of the embarrassing Zuckerberg testimonies to Congress. Their problem was their own Google+ operating systems also allowed third-party app developers to gain access to not only the data of their consenting users, but their non-consenting friends as well. It’s exactly the same scandal as Facebook’s.
Instead of going down the road of ethical transparency, which would involve informing their Google+ users their social media network was an insecure mess between 2015 and 2018, terminating all access to the site and paying any due damages to their customers, the company chose only to inform their CEO Sundar Pichai and handled the matter on their own without any oversight or potential consequences.
“Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” a Google spokesman said in a statement to the Journal. “[We considered] whether we could accurately identify [the problem] to inform the users, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met here.”
In a recent Google blog post, the company officially state their delay was based on their lack of knowledge about which users were affected, whether the data had actually been misused and low user engagement with the site as a whole.
“This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps,” said the company blog post. “The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.”
Google estimates that over 500,000 accounts were at risk, though no evidence was presented and no investigation into the scandal is underway. After their six month delay, the blog announced they’ll finally discontinue the consumer version of Google+ within the next ten months, limiting the platform to businesses and other enterprise customers who reportedly use the site for effective communication, as well as imposing new limits on the data shared about users of its popular email service, Gmail — which was another data scandal that TrigTent reported on several months ago.
In response to the story, BuzzFeed News’ tech reporter, Ryan Mac, took to Twitter to inform readers that “the story here isn’t really the potential data breach (which may affect hundreds of thousands) or that Google is shutting down Google+. It’s that Google’s execs knowingly avoided disclosing an issue because they knew it’d invite gov scrutiny & bad PR.” This is consistent with a report that Google was “scrambling” to stop regulation of the big tech industry within the United States. Meanwhile, recent surveys reveal the majority of Americans don’t trust their online institutions.
The story here isn’t really the potential data breach (which may affected hundreds of thousands) or that Google is shutting down Google+.
It’s that Google’s execs knowingly avoided disclosing an issue because they knew it’d invite gov scrutiny & bad PR. https://www.wsj.com/articles/google-exposed-user-data-feared-repercussions-of-disclosing-to-public-1539017194 …
According to the research conduct by Axios and SurveyMonkey, shortly after representatives of Facebook, Google, and Twitter testified before Congress regarding Russian trolls using their platforms during the 2016 presidential election, approximately 4 in 10 Americans were “worried that the government would fail to adequately regulate tech giants.” The average among the public, regardless of political ideology, was 55 percent of the general public.
The most skeptical of government regulation were Republicans, comprising only 45 percent despite their outlets like Breitbart and The Daily Wire continually reporting on the online bias against the right-wing. Independents were the least skeptical of regulation, as only 37 percent thought big tech should remain untouched compared to the majority of 57 percent who want change. They were joined by the 64 percent of Democrats leading the charge.
This is even leading to real governmental policy. Last year, this idea resurfaced in the form of an internet bill of rights platform proposed by the tech-savvy Justice Democrats leader, Rep. Ro Khanna (D-CA). The policy outlines specific programs and rights supported by the majority of American voters — which include free speech, universal access to broadband, the right to fair internet speeds (a la net neutrality), and data privacy protections that are regularly infringed upon by the all-seeing National Security Agency (NSA) and these big tech institutions.
In an interview earlier this week with The New York Times, House minority leader Rep. Nancy Pelosi (D-CA) even suggested that a new agency should be created to manage tech’s growing impact alongside the FCC. “Something needs to be done to protect the privacy of the American people,” she told the newspaper. “We need to come up with overarching values.” She tasked this job to Khanna, residing in the heart of Silicon Valley, who drafted the 10 principles the party stands for. His declaration was this:
“The internet age and digital revolution have changed Americans’ way of life. As our lives and the U.S. economy are more tied to the internet, it is essential to provide Americans with basic protections online.”