1. Italian Courts convicts Google for privacy violations in video uploads
An Italian court on 24 February found three Google executives guilty of privacy violations for allowing a video depicting bullying to be posted on its website. The court in Milan found that the three men, David Carl Drummond, George De Los Reyes, and Peter Fleitcher, violated the privacy rights of a young man with Down’s Syndrome when they allowed a video showing his classmates bullying him to remain on the Google Italy website from September to November 2006. All three men were given a suspended sentence, though prosecutors had asked for a one-year imprisonment.
The legal basis for the charges, following the prosecutor’s theory of the case, was that those executives failed to exercise a pre-emptive control over the contents published by Google final users. The consequence is that under this interpretation of data protection law, every Internet Service Provider is requested to infringe its user privacy, to do a prior check on the legitimacy of the action performed by the users themselves. This interpretation of the law means that Google is co-responsible for the legality of content containing the images of persons, before anyone has complained about the content.
It is noteworthy that European law protects internet providers from responsibility if they remove illicit content as soon as they are informed of its existence – which is what Google did. According to EDRI:
The consequence is that under this (odd) interpretation of data protection law, every Internet Service Provider is requested to infringe its user privacy, to do a prior check on the legitimacy of the action performed by the users themselves.
A nice Catch 22, and a goodbye to network neutrality and online privacy !
Google’s Deputy General Counsel reacted to the news quickly, with a strongly-worded statement [Google Blog post] calling the decision an attack on “the very principles of freedom on which the Internet is built,” and promising to appeal the ruling.
More info here.
2. Google’s relationship with the NSA
Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google — and its users — from future attack.
The partnership strikes at the core of one of the most sensitive issues for the government and private industry in the evolving world of cybersecurity: how to balance privacy and national security interests. Director of National Intelligence Dennis C. Blair called the Google attacks, which the company acknowledged in January, a “wake-up call.” Cyberspace cannot be protected, he said, without a “collaborative effort that incorporates both the U.S. private sector and our international partners.”
The agreement will not permit the agency to have access to information belonging to Google users, but it still re-opens long-standing questions about the role of the agency.
The American Civil Liberties Union, among other civil liberties groups, is asking its members to contact Google executives and ask them not to work with the U.S. National Security Agency to investigate cyberattacks allegedly coming from China. Similarly, privacy advocacy group Electronic Privacy Information Center has filed a Freedom of Information Act (FOIA) request with the NSA asking for derails on the agency’s purported partnership with Google on cybersecurity issues.
3. Google’s relationship with China
In mid-December, Google detected a highly sophisticated and targeted attack on its corporate infrastructure originating from China that resulted in the theft of intellectual property. Google claims to have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. The accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties.
The attack also targeted at least other 33 companies, from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors.
American intelligence and law enforcement officials have been alerted in order to assemble powerful evidence that the masterminds of the attacks were on the Chinese mainland.
But while much of the evidence, including the sophistication of the attacks, strongly suggested an operation run by Chinese government agencies, or at least approved by them, company engineers could not definitively prove their case. Today that uncertainty, along with concerns about confronting the Chinese without strong evidence, has frozen the Obama administration’s response to the intrusion, one of the biggest cyberattacks of its kind, and to some extent the response of other targets, including some of the most prominent American companies.
As a result of the attack, Google posted a surprising message on its official company blog that raised the possibility the search engine may leave the Chinese market rather than continue operations under oppressive Chinese censorship laws.
Unlike other companies like Yahoo! and MSN, Google was upfront to its Chinese users that the results were censored and did not move any of the infrastructure connected to email or personal information into the country, thereby shielding the data from Chinese laws. This compromise between profits and free speech protected the company from some of the fury human rights groups had for other American companies that kowtowed to Chinese business interests, but such protection was also limited to the conditions that Google had already laid down. The hack of the email accounts of human rights activists, information that Google went at lengths to protect from Chinese laws and officials, appears to be the final straw for Google.
4. Google Buzz privacy concerns
The new networking service issued by Google company called Google Buzz has met criticism and confusion from its users who complained that a list of people they frequently email or chat with has appeared on their profile.
Google moved quickly over the weekend to try to contain mounting criticism of Buzz, its social network, apologizing to users for features that were widely seen as endangering privacy and announcing product changes to address those concerns.
But Marc Rotenberg, executive director of the Electronic Privacy Information Center, said his organization still intended to file a complaint with the Federal Trade Commission this week pending its review of Google’s changes.
“Even with these changes, there is still the concern that Gmail users are being driven into a social networking service that they didn’t sign up for,” Mr. Rotenberg said.