Results 1 to 3 of 3

Thread: Google did not disclose security bug because it feared regulation, says report

  1. #1

    Google did not disclose security bug because it feared regulation, says report

    https://www.cnbc.com/2018/10/08/goog...lus-users.html

    8/10/2018


    Sundar Pichai, chief executive officer of Google Inc., attends a news conference in New Delhi, India, on Wednesday, Jan. 4, 2017.


    Google did not initially disclose a Google+ security bug when it first discovered it this spring because it feared regulatory scrutiny and reputational damage, according to a Wall Street Journal report citing documents and people briefed on the incident.

    Google wrote in its own blog post on the incident that it determines when to notify users about privacy and security bugs based on the type of data involved, whether it can accurately identify who to inform, whether there is evidence of misuse, and whether there is any action that a user can take in response, and that based on that criteria it didn't immediately alert users of the Google+ bug.

    However, a memo prepared by Google's legal and policy staff and seen by the Journal shows that leadership was also concerned about causing a potential privacy scandal. The memo allegedly warned senior executives that news of the bug would cause "immediate regulatory interest" and draw comparisons to Facebook's Cambridge Analytica data scandal.

    It's been a rocky summer for big tech: In the past year, Google, Facebook, Twitter, and other technology companies have all testified before various Congressional and Senate committees about their data and privacy practices, the risk of election meddling, and their possible conservative bias, among other topics.

    In this case, the possibly exposed data included the names, email addresses, birth dates, profile photos, and gender of up to 500,00 Google+ accounts, though not any information related to personal communication or phone numbers. Google says that 438 apps may have used the application programming interface, or API, that made the private data available, but that it found no evidence that any developers misused the information.

    The company plans to shut down all consumer functionality of Google+ over the next ten months, although it will maintain the enterprise version used by its G Suite business customers. Since the social network first launched in 2011, it failed to gain popular appeal and was broken up into separate products in 2015. The blog post states that the consumer version currently has low usage and engagement and that 90 percent of user sessions last less than five seconds.

    Google discovered the bug during a comprehensive review of third-party developer access to all Google account and Android device data. Google shares fell more than 2 percent to $1134.23 on the news, though recovered several hours after the report initially published, to less than a percent down.

    Alphabet didn't immediately respond to a request for comment.



  2. Remove this section of ads by registering.
  3. #2

    Google+ to shut down after coverup of data-exposing bug

    https://techcrunch.com/2018/10/08/google-plus-hack/

    Google is about to have its Cambridge Analytica moment. A security bug allowed third-party developers to access Google+ user profile data since 2015 until Google discovered and patched it in March, but decided not to inform the world. When a user gave permission to an app to access their public profile data, the bug also let those developers pull their and their friends’ non-public profile fields. Indeed, 496,951 users’ full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status were potentially exposed, though Google says it has no evidence the data was misused by the 438 apps that could have had access.

    The company decided against informing the public because it would lead to “us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal,” according to an internal memo. Now Google+, which was already a ghost town largely abandoned or never inhabited by users, has become a massive liability for the company.



    The news comes from a damning Wall Street Journal report that said Google is expected to announce a slew of privacy reforms today in response to the bug. Google made that announcement about the findings of its Project Strobe security audit minutes after the WSJ report was published. The changes include stopping most third-party developers from accessing Android phone SMS data, call logs and some contact info. Gmail will restrict building add-ons to a small number of developers. Google+ will cease all its consumer services while winding down over the next 10 months with an opportunity for users to export their data while Google refocuses on making G+ an enterprise product.



    Google also will change its Account Permissions system for giving third-party apps access to your data such that you have to confirm each type of access individually rather than all at once. Gmail Add-Ons will be limited to those “directly enhancing email functionality,” including email clients, backup, CRM, mail merge and productivity tools.

    90 percent of Google+ sessions were less than 5 seconds


    Embarrassingly, Google admits that “This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.” For more on G+’s demise, read our 2014 take on the beginning of the end.

    Since the bug and subsequent security hole started in 2015 and was discovered in March before Europe’s GDPR went into effect in May, Google will likely be spared a 2 percent of global annual revenue fine for failing to disclose the issue within 72 hours. The company could still face class-action lawsuits and public backlash. On the bright side, G+ posts and messages, Google account data and phone numbers and G Suite enterprise content wasn’t exposed.


    How Google+ looked, in case you can’t remember

    Given it’s unclear whether the G+ user data was scraped or if it will be employed for a nefarious purpose, the news of the bug itself might have eventually blown over, similar to how I wrote Facebook’s recent 50 million user privacy breach may be forgotten if no evil use is found. But because Google tried to cover up the problem because it didn’t meet some threshold of severity, the company looks much worse. That casts doubt on whether Google is being transparent on tons of other controversial questions about its practices.

    The fiasco could thrust Google into the same churning sea of scrutiny currently drowning Facebook, just as the company feared. Google has managed to float above much of the criticism leveled at Facebook and Twitter, in part by claiming it’s not really a social network. But now its failed Facebook knock-off from seven years ago could drag down the search giant and see it endure increasing calls for regulation, as well as testimony before Congress.


  4. #3
    At least two U.S. states and two European Union member states are investigating a breach at Alphabet Inc’s Google that may have exposed private profile data of at least 500,000 users to hundreds of external developers.

    The investigations follow Google’s announcement on Monday that it would shut down the consumer version of its social network Google+ and tighten its data-sharing policies after a “bug” potentially exposed user data that included names, email addresses, occupations, genders and ages.
    “We are aware of public reporting on this matter and are currently undertaking efforts to gain an understanding of the nature and cause of the intrusion, whether sensitive information was exposed, and what steps are being taken or called for to prevent similar intrusions in the future,” Jaclyn Severance, a spokeswoman for Connecticut Attorney General George Jepsen, said.
    The New York Attorney General’s office also said it was looking into the breach.

    More at: https://www.reuters.com/article/us-g...-idUSKCN1MJ1M0
    Never attempt to teach a pig to sing; it wastes your time and annoys the pig.

    Robert Heinlein

    Give a man an inch and right away he thinks he's a ruler

    Groucho Marx

    I love mankind…it’s people I can’t stand.

    Linus, from the Peanuts comic

    You cannot have liberty without morality and morality without faith

    Alexis de Torqueville

    Those who fail to learn from the past are condemned to repeat it.
    Those who learn from the past are condemned to watch everybody else repeat it

    A Zero Hedge comment



Similar Threads

  1. Government Regulation of Facebook? - Ron Paul Liberty Report
    By bunklocoempire in forum Ron Paul Forum
    Replies: 0
    Last Post: 03-23-2018, 03:54 PM
  2. Replies: 2
    Last Post: 02-12-2018, 08:00 PM
  3. Report: Regulation ‘Has Essentially Ground to a Halt’ Under Trump
    By Origanalist in forum U.S. Political News
    Replies: 4
    Last Post: 05-22-2017, 05:03 PM
  4. Replies: 4
    Last Post: 05-07-2017, 10:52 AM
  5. Replies: 1
    Last Post: 07-06-2010, 06:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •