We'll pay your fine, but we won't admit we did anything wrong.
Those are the terms Google agreed to in its record-breaking settlement with the Federal Trade Commission, which announced Thursday it had penalized Google for the second time in a year for violating privacy promises made to its users.
Google's failure to cop to any wrongdoing has sparked dissent within the FTC and outcry from privacy advocates, who call the settlement "woefully insufficient." While Google hasn't assumed liability for any transgressions, the explanations it has offered are troubling themselves.
First, some background: Google has agreed to pay a $22.5 million fine for violating a consent decree signed with the FTC and misrepresenting privacy settings to users of Apple's Safari browser. The FTC faulted Google for using "cookies" that tracked Safari users online, despite Google's assurances that it would not do so.
The FTC order states that the defendant, Google, "denies any violation of the FTC Order, any and all liability for the claims set forth in the Complaint, and all material allegations of the Complaint save for those regarding jurisdiction and venue." In a dissenting statement, FTC commissioner J. Thomas Rosch expressed concern that allowing the company to deny liability in these circumstances was "unprecedented" and could set a troubling example for other firms.
The FTC's (second) reprimand is a major blow to Google's pro-privacy messaging and "don't be evil" image. But Google's response to the whole matter, as well as to past privacy issues, is no doubt doing some damage on its own.
When accused of a transgression, Google has repeatedly attributed issues to internal oversight or error. Just a little mix up, and all that. And here, once again, Google has answered regulators' fingerpointing with what amounts to an "Oops, we didn't mean to." That's our personal information they're "oops-ing" with, and not just once or twice, either. Intentional or not, Google's string of privacy oversights, and disquieting attempts to explain them as "by accident," are cool comfort from a company we're supposed to trust with our emails, questions, contacts, and, increasingly, whereabouts.
In Thursday's announcement, Google didn't go so far as to say that there weren't any cookies tracking user activity, or dispute facts laid out by the FTC, but seemed to dismiss the regulators for getting hung up over some technicalities.
"The FTC is focused on a 2009 help center page published more than two years before our consent decree, and a year before Apple changed its cookie-handling policy," a Google spokesperson said in a statement. "We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple's browsers."
Google's response when Stanford researcher Jonathan Mayer first noted the Safari breach essentially amounted to a "shucks, sorry, that wasn't supposed to happen." In a statement released in February of this year, Google blamed the presence of Google advertising cookies on a "functionality" in the Safari browser that activated them, adding that it "didn't anticipate that this would happen." Not one person in Google's army of the world's best and brightest engineers could anticipate this would happen? One of the world's top tech companies -- which is worth more than $200 billion, has pioneered groundbreaking technology and is entrusted with millions of users' personal information -- essentially chalked up the incident to technical difficulties.
Google has been embroiled in another public relations nightmare, with slip-ups seemingly at every turn, following its admission that its Street View team accidentally collected personal information, such as emails and passwords, via Wi-Fi networks.
First, Google told the world in 2010 that the Wi-Fi data free-for-all was "quite simply...a mistake," and pinned the "inadvertent" data collection on a single "engineer working on an experimental WiFi project." That engineer wrote some code that Google's mobile team later included in its software, though Google said the team didn't specifically intend to capture personal data. This effort to contain the problem by pointing fingers at one engineer only raises more questions about how carefully the company is considering the public's privacy. Do people often slip code into products without oversight? And no one took a look at this progammer's code?
Turns out a few people did. The FCC's investigation of the matter revealed that that lone engineer actually shared his work with the entire Google Street View team. And two years after promising to delete the data it collected by "mistake," Google has admitted to regulators in Europe that due to an "error," it still had some of that data in its possession.
Google is an enormous, innovative company forging new ground in numerous fields. It also has a lot on its mind -- competitors, investors, advertisers, regulators, and, somewhere on that list, us. But judging from what Google has told us itself, it doesn't seem to be able to multitask all of that successfully. Wanting to position itself as privacy conscious with our best interests in mind, Google chalks up its missteps to "mistakes," "errors," and unanticipated consequences. Would it be better to hear that the company messed up with our privacy because it reached a bit too far, as with Google Buzz, than to hear one more time that something slipped through the cracks? With these "mistakes," it's our personal data that's often being put at risk.
Do companies mess up? Yes. Yet from the user's vantage point, it appears that out of all the things Google is trying to juggle, it's dropping the ball when it comes to our information.
Follow Bianca Bosker on Twitter: www.twitter.com/bbosker
This is straight out of the Simpsons with Mr Burns buying a statue of justice
You're the one who sounds like a "hired (Google) PR agent". Did you not read the article? It's so obvious Google got caught (for a 2nd time ! ) with it's pants down AND it's hand in the cookie jar (pardon the pun). Their language and defensive-posturing, like a little kid, tells it all. How much of "the story" do you have to read before you can make your own decision about their transparent culpability ? Why doesn't "Google" just refuse to pay one penny if they are so blameless as they pitifully try to represent ? You think the FTC would shut them down ? Not a prayer !
Reality check :
All that being said, it would certainly appear there is relatively little interest in the ongoing prosecution of "Google". Why ? Because my bet is you use it, "jillxz" uses it, Bianca Bosker uses it, I use it, and I'm sure anyone and everyone who is an Internet Cowboy/Cowgirl uses it...unless you work for the NSA or the military, "Google" is the best search engine around. And let me assure you, "Google" 's not paying me a penny for my position...Personally, as long as I continue to surf the Internet, I'm glad they're around.
And I'll make you another bet. I bet that each and every individual bureaucratic FTC government employee is glad "Google" 's around too !
J.B.
That doesn't excuse Google's actions, but anyone with any knowledge concerning how the legal system works would understand why the FTC could not get Google to admit liability.
When is "too BIG to FAIL" too big to fail?
I avoid them like the plauge they are turning out to be. You should too.
Google uses POST because the request returns user-specific content if the user is logged into their Google account. POST implies that the request may have side-effects and that the response should not be cached and returned to other clients. This is the correct use of HTTP. Unfortunately, many web services use GET when they should be using POST.
This was Apple's cookie blocker and Apple's privacy policy, both of which were developed long after Google designed the relevant aspects of their ad widgets. I don't understand how Google could be held liable for a bug in Apple's web browser.
One of the things that a lot of people don't understand about software development is that whenever you change something, it creates the potential to shake out bugs that were always there but were never discovered. Nobody realized that Safari's cookie blocker was broken until they turned it on by default and it failed to work as promised with the most pervasive third-party tracking cookie on the Web.
Oops, you caught us not deleting all that stuff as promised. Gosh, we're really, really sorry.
Oh, caught again, we're so BAD. Naughty us. We apologize and, wait wut?? You're fining us for repeatedly invading people's privacy and lying about it?
NO FAIR. You guys are mean.
-Google.