Cyber Law and Business Report – February 22, 2012

Anniversary of 1980 “Miracle on Ice” hockey game


Robert Ellis Smith is a journalist who uses his training as an attorney to report on the individual’s right to privacy.  Since 1974, he has published Privacy Journal, a monthly newsletter on privacy in a computer age based in Providence, R.I.

Smith is a frequent speaker, writer, and Congressional witness on privacy issues and has compiled a clearinghouse of information on the subject: computer data banks, credit and medical records, the Internet, electronic surveillance, the law of privacy, and physical and psychological privacy.  His first book, Privacy: How to Protect What’s Left of I, was nominated for a National Book Award in 1980.

Smith is the author of Ben Franklin’s Web Site: Privacy and Curiosity from Plymouth Rock to the Internet (2004), the first and only published history of privacy in the U.S. He is also the author of Our Vanishing Privacy (1993), The Law of Privacy Explained (1993), Privacy: How to Protect What’s Left of It; Workrights, a book describing individual rights in the work place; and The Big Brother Book of ListsPrivacy Journal also publishes Compilation of State and Federal Privacy Laws, Celebrities and Privacy (2006), War Stories, a collection of anecdotes on privacy invasions and an electronic guide to privacy laws called Consumer’s Handheld Guide to Privacy Protections.

The New York Times said Smith “sounds the alarm about maintaining freedom and privacy in the computer age” and called him “a principled critic.” Privacy Journal is “a privacy watchdog,” according to Time magazine.

Smith has been asked to write the definitive statement on privacy in the last two editions of The World Book Encyclopedia.  He has appeared on all three network morning news programs, as well as “Face the Nation,” “Nightline,” and “All Things Considered.”  He has been a regular commentator on “Marketplace” on American Public Radio and has written a regular column on the popular Web site

From 1970 to 1973, Smith was the assistant director of the Office for Civil Rights in the U.S. Department of Health, Education, and Welfare.  Prior to that, he had nine years of experience as a news reporter and editor with the Detroit Free Press, Trenton Times, The Southern Courier, and Newsday. He has taught at Harvard College, University of Maryland, and Emerson College, and currently at Brown University.

A 1962 graduate of Harvard College, Smith received his law degree from the Georgetown University Law Center in 1976.  He served as a member of the District of Columbia Human Rights Commission until 1986.  In 1997, Vice President Gore named him to the Civil Liberties Panel of the White House Commission on Aviation Safety and Security.  From 1996 to 2002, he served as vice chair of the Coastal Resources Management Council, which protects the 400 miles of Rhode Island coastline.


Google’s latest controversy stems from its circumventing browser settings for Apple’s Safari browser which accounts for approximately 1 in 20 web searches but nearly half of mobile searches.  Google’s has claimed the process was an “accident.”





Google’s roll-out of a new privacy policy effective March 1, 2012, combined with the launch of the Google Search Plus Your World program (which merges Google+ with Google Search results) earlier this month, has created a torrent of criticism across the globe.

(1) Google Is Creating an Omnibus Privacy Policy for the “Googleverse”

Currently, Google has approximately 80 privacy policies covering its many websites and offerings.  For example, the following Google products/services each have their own privacy policy:

+1 Button, Advertising, Advisor, Apps, Blogger, Books, Buzz, Chrome, Chrome Frame, Gears, Google+, Google Music, Google Notebook, Google TV, Google Web Toolkit, Groups, Health Knol Location Service in Firefox, Mobile, Moderator, Orkut, Picasa, Postini, Safe Browsing, Sites, Store, Toolbar, Trader, Translator Toolkit, Voice, Wallet, Web Accelerator, Web History, YouTube

The new policy creates one omnibus policy govering all such applications, simplifying the process and creating greater transparency.

(2)  Users Already Consent to Sharing (Much of) this Data 

As Google explains :

The main change is for users with Google Accounts. Our new Privacy Policy makes clear that, if you’re signed in, we may combine information you’ve provided from one service with information from other services. In short, we’ll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience.

Since as early as 2005, Google has disclosed that

[w]e may combine the information you submit under your account with information from other Google services or third parties in order to provide you with a better experience and to improve the quality of our services.

(although it is unclear whether this is true for all Google services).  Nonetheless, this may explain why one lawyer noted that that “[w]hat we have is not a reaction to a change in legal language, but it’s a change in perception.”  As Forbes’ Kashmir Hill wrote in her Not So Private Parts blog:

What’s changing is not Google’s privacy policies but its practices. By combining information from across all of its services, Google will be able to better target users with ads, offer more innovative features, and, importantly for Google, better compete with Facebook.

(3)  Users Can Opt-Out (sort-of)

Users who do not consent to the Privacy Policy changes can quit their services and extract their data entirely – or alternatively the user can refrain from using Google services requiring a log-in after March 1st.

Google’s public policy blog post explains:

  • You still have choice and control. You don’t need to log in to use many of our services, including Search, Maps and YouTube. If you are logged in, you can still edit or turn off your Search history, switch Gmail chat to “off the record,” control the way Google tailors ads to your interests, use Incognito mode on Chrome, or use any of the other privacy tools we offer. . . .
  • You can use as much or as little of Google as you want. For example, you can have a Google Account and choose to use Gmail, but not use Google+. Or you could keep your data separate with different accounts — for example, one for YouTube and another for Gmail.

(4)  Not Applicable to Enterprise/Government Clients

These changes to not apply to Google’s largre customers whose privacy rights are defined by contract.

(5)  Google is Facing a Political Backlash as a Result:

Only weeks after Google escaped being a “political pinata” over SOPA, it is now facing a similar fight.  The move has triggered demands that Google brief Congress on the changes and calls for the FTC to assess whether Google has violated its 2011 consent decree.  In addition, the Deputy European Union Data Commissioner has indicated that the EU would be looking into the changes once implemented.

It may be facing an even worse public relations backlash, as one survey found that 66 percent of users would cancel their account as a result, how to delete a Google account was emerging as a hot search on Google trends and anti-Google graffiti was spotted in New York.

Google Street View Car in Hunters Point, Long Island City, Queens, New York City – Jacopast (CC)


From Wikipedia:

s it set out to photograph neighborhoods around the world as part of its Street View program, Google equipped its vehicles with antenna as well as cameras so it could create a database with the names of Wi-Fi networks and the coding of Wi-Fi routers. Google collected about 600 gigabytes of data from users of public WiFi stations (which are not owned by Google) during 2006–2010, including snippets of private data such as e-mail. No disclosures or privacy policy was given to those affected or to the owners of the WiFi stations, in more than 30 countries.

Google apologized, said they were “acutely aware that we failed badly here” in terms of privacy protection, that they were not aware of the problem until an inquiry from German regulators was received, that the private data was collected inadvertently, and that none of the private data was used in Google’s search engine or other services. A representative of Consumer Watchdog replied, “Once again, Google has demonstrated a lack of concern for privacy. Its computer engineers run amok, push the envelope and gather whatever data they can until their fingers are caught in the cookie jar.” In a sign that legal penalties may result, Google said it will not destroy the data until permitted by regulators.


From Wikipedia: On February 9, 2010 Google launched Google Buzz, Google’s microblogging service. Anyone with a Gmail account is automatically added as a contact to pre-existing Gmail contacts, and must opt-out if they do not wish to participate.

The launch of Google Buzz as an “opt-out” social network immediately drew criticism for violating user privacy because it automatically allowed Gmail users’ contacts to view their other contacts.

On February 16, 2010, Eva Hibnick, a student at Harvard Law School, filed a class action lawsuit against Google, alleging that Buzz violated several federal laws meant to protect privacy. On the same day, the Electronic Privacy Information Center (EPIC) filed a complaint with the Federal Trade Commission alleging that Google Buzz “violated user expectations, diminished user privacy, contradicted Google’s privacy policy, and may have violated federal wiretap laws.”

Also on February 16, 2010, the Electronic Frontier Foundation wrote “These problems arose because Google attempted to overcome its market disadvantage in competing with Twitter and Facebook by making a secondary use of your information. Google leveraged information gathered in a popular service (Gmail) with a new service (Buzz), and set a default to sharing your email contacts to maximize uptake of the service. In the process, the privacy of Google users was overlooked and ultimately compromised.”

On February 17, 2010, the Privacy Commissioner of Canada, Jennifer Stoddart, issued a statement on Buzz:

We have seen a storm of protest and outrage over alleged privacy violations and my office also has questions about how Google Buzz has met the requirements of privacy law in Canada…My office has a variety of resources available to help companies build privacy into their products and services. When companies consult with us at the development stage, they can avoid the problems we’ve seen in recent days.
—Jennifer Stoddart

On November 2, 2010, Google e-mailed Gmail users to tell them about the outcome of the lawsuit. As part of its settlement, Google will create an $8.5 million fund to award money to groups that promote privacy education on the web, of which the prosecuting lawyers are requesting 25% ($2,125,000) “plus reimbursement of costs and expenses”. The settlement was finally approved in June 2011.

On March 30, 2011, the Federal Trade Commission announced a settlement with Google regarding Buzz. In the announcement, the FTC agreed with the EPIC complaint that Google had violated its privacy policies by using information provided for Gmail for another purpose – social networking – without obtaining consumers’ permission in advance. The FTC also alleged that Google misrepresented that it was treating personal information from the European Union in accordance with the U.S.-EU Safe Harbor privacy framework. The FTC stated that “The proposed settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years.” In response to the announcement that Google has agreed to adopt a “Comprehensive Privacy Plan”, EPIC launched a campaign, called “Fix Google Privacy”, to encourage Internet users to offer their suggestions to improve safeguards for Google’s products and services.


  1. Pingback: Guest Profile: Privacy Journal’s Robert Ellis Smith – Cyber Law & Business Report

Comments are closed.