Google says privacy change won't affect government users

Google says privacy change won't affect government users

Company downplays privacy, security concerns from former federal IT official


Google today dismissed concerns by a former senior federal IT official that the company's controversial new privacy policy would create problems for customers of Google Apps for Government (GAFG).

In a statement, Google said the new policy will not change existing contracts that define how it handles and stores data belonging to government users of its cloud services. "Enterprise customers using Google Apps for Government, Business or Education have individual contracts that define how we handle and store their data," Amit Singh, vice president of Google Enterprise said in a statement.

"As always, Google will maintain our enterprise customers' data in compliance with the confidentiality and security obligations provided to their domain," he said.

Singh was responding to concerns raised Wednesday by Karen Evans, former de facto federal CIO and administrator of e-government and IT at the White House Office of Management and Budget.

Evans, who is now an independent consultant, is a founding member of , which is focused on promoting a set of best practices for cloud deployment in the government. On Wednesday, Evans and another Safegov partner, Jeff Gould, CEO of Peerstone Research, released a statement saying that Google's new privacy policy threatens the security of government data in the cloud.

The two of them called on Google to "immediately suspend" the application of its new privacy policy to GAFG users, calling it a significant change that needed further review by the public sector.

Google earlier this week announced that it was replacing separate privacy policies for each of its services with one universal policy. Under the policy, Google will combine user data from services like YouTube, Gmail and Google search and create a single merged profile for each user of its services. Google said the new policy is shorter, easier to understand and will allow the company to deliver better and more targeted services.

According to Evans and Gould, however, the's new policy will have a serious impact on the information collection practices and responsibilities for its GAFG service.

Gould said in an interview that the biggest problem involves GAFG use of technology that is optimized for things like indexing, ad tagging and data mining. The same functions that allow Google to do all sorts of user tracking and data consolidation on the consumer side, exist on its government applications as well, though it is unclear if they are always enabled, he said.

"Google's new privacy policy allows them to look at everything you do on their services and draw a connection between them," he said. "If you put something in your calendar that says you'll be in Oklahoma City next week, Google will look at Google+ to see if you have any acquaintances there and ask you if you want to notify them of your visit."

This sort of tracking and inference-making greatly heightens the risk of accidental data exposure and data leaks, he said. "Even though the risk might seem small for a single individual, when you multiply it by thousands of government users, the risk is much higher," he said.

"A government user does not want Google studying everything they do and drawing correlations about what they are doing. Basically Google should not be making inferences about them," Gould said.

Google maintains that individual contracts it has with GAFG customers clearly define what the company can and cannot do with customer data. Those contracts are unchanged by this week's announcement, the company said.

Gould called on Google to come out with a privacy policy explicitly for Google Apps for Government. "As far as I can tell, they don't have one now," he said. "The policy should state that they won't do any advertising-related data mining at all of information in government user's accounts." He added that Google's competitors should also adopt similar policies for government users.

Such a disclaimer is vital, because not all government contracts will include specific privacy language, he said. "Mentions of privacy on the GAFG page all seem to point to the generic Google Apps privacy policy, which as we've seen ... is subject to the changes scheduled for March 1."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is .

Read more about privacy in Computerworld's Privacy Topic Center.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


ARN Innovation Awards 2022

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

EDGE 2022

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.

Show Comments