from Mercurio, John <John.Mercurio@bm.com>

to Christopher Soghoian <chris@soghoian.net>

date Tue, May 3, 2011 at 10:38 AM

subject RE: Op-Ed Opportunity: Google Quietly Launches Sweeping Violation of User Privacy

mailed-by bm.com

Thanks for the prompt reply. I’m afraid I can’t disclose my client yet. But all the information included in this email is publicly available. Any interest in pursuing this?

From: Christopher Soghoian [mailto:chris@soghoian.net]

Sent: Tuesday, May 03, 2011 10:11 AM

To: Mercurio, John

Subject: Re: Op-Ed Opportunity: Google Quietly Launches Sweeping Violation of User Privacy

- Hide quoted text -

Who is paying for this? (not paying me, but paying you)

On Tue, May 3, 2011 at 10:08 AM, Mercurio, John <John.Mercurio@bm.com> wrote:

Mr. Soghoian,

I wanted to gauge your interest in authoring an op-ed this week for a top-tier media outlet on an important issue that I know you’re following closely.

The topic: Google’s sweeping violations of user privacy. Google, as you know, has a well-known history of infringing on the privacy rights of America’s Internet users. Not a year has gone by since the founding of the company where it has not been the focus of front-page news detailing its zealous approach to gathering information – in many cases private and identifiable information - about online users.

Despite an unprecedented rebuke from the Federal Trade Commission last month forcing Google into a government mandated two-decade privacy review program, Google is at it again – and this time they are not only violating the personal privacy rights of millions of Americans, they are also infringing on the privacy rules and rights of hundreds of companies ranging from Yelp to Facebook and Twitter to LinkedIn in what appears to be a first in web history: Google is collecting, storing and mining millions of people’s personal information from a number of different online services and sharing it without the knowledge, consent or control of the people involved.

The Federal Trade Commission made it clear last month that Google had agreed to change its ways, and in so doing, the United States government gave Google an imprimatur of credibility and trust amongst the American people. As FTC Chairman Jon Leibowitz stated not four weeks ago: “When companies make privacy pledges, they need to honor them…This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations.”

Unfortunately the ink was barely dry on the settlement before Google rolled out its latest tool designed to scrape private data and build deeply personal dossiers on millions of users – in a direct and flagrant violation of its agreement with the FTC.

In light of the recent agreement between the government and Google, Congress and the FTC must immediately investigate this latest violation of online privacy. The American people must be made aware of the now immediate intrusions into their deeply personal lives Google is cataloging and broadcasting every minute of every day– without their permission.

I’m happy to help place the op-ed and assist in the drafting, if needed. For media targets, I was thinking about the Washington Post, Politico, The Hill, Roll Call or the Huffington Post.

Please let me know your thoughts. Also, I’m available to discuss this by phone, if you’re available.

Many thanks,

John

LESS THAN ONE MONTH AFTER FTC PRIVACY VIOLATION SETTLEMENT, GOOGLE QUIETLY LAUNCHES SWEEPING VIOLATION OF USER PRIVACY

About Google Social Circles

Recently, Google quietly introduced its latest attempt to enter the social space with a new feature called Google Social Circles. The idea behind the feature is to scrape and mine social sites from around the web to make connections between people that wouldn’t otherwise exists and share that information with people who wouldn’t otherwise have access to it. All of this happens without the knowledge, consent or control of the people whose information is being shared. Here is how Google Social Circles works:

1) Google’s robots scour the web for people’s social connections on different websites. These connections are then stored in a collection people’s connections on different websites. This collection is then mined, creating connections between people on different websites, that those people never intended and can’t control.

2) This information is then shared with anyone who has a Google account, whether it is Gmail, Chat or another Google service that includes a personal profile -- more than 146 million people have Gmail accounts alone, and some estimates say as many as 400 million people have at least one Google account.

3) Google Social Circles automatically enables people to trace their contacts' connections and profile information by crawling and scraping the sites you and your contacts use, like Twitter, MySpace, YouTube, Facebook, Yelp, Yahoo and many others, likely in direct violation of the Terms of Service for those sites, unless those sites have partnered with Google on this “service,” something else users ought to be aware of.

4) Even if you are not a Google account holder, your information is still mined, stored and shared as long as you have some connection on any site Google scrapes to someone who has a Google account. You don’t even have to have a direct connection to the person with a Google account. If someone you are connected to is connected with someone with a Google account, your information will be shared.

5) To find out if your own Social Circles direct and secondary connections that Google has indexed to your account, visit: http://www.google.com/s2/u/0/search/social#socialcircle, and https://profiles.google.com/u/0/connectedaccounts

Privacy Violations

The ability to abuse this information and violate the privacy rights of millions of Americans is clear:

No notice: Google does not notify people that their information is being used in a way that the person would not expect—to connect different groups of people within an Internet-wide database Google created.

No consent: Google Social Circles does not ask “permission” from individuals who will have their profiles, connections and other personal data shared in the new network. Google will simply “scrape” their information from dozens of sources and compile the data into one massive dossier aligned directly with user’s personally identifiable information.

No control: On all of the sites Google scrapes, you can change your mind. You can delete your account. You can make or break connections to other people. How do you remove this information from the database that Google is sharing with hundreds of millions of people? You can’t.

Serious real world risks: Google is taking different parts of people’s lives—parts they deliberately separated onto different sites—and presenting the collage Google created to other people. Reminiscent of Google Buzz, Google’s latest plan totally disregards the intimate and potentially damaging details that could be revealed, including sexual orientation, political affiliation, personal connections, etc…

Steals from other sites: Dozens of private companies will have their own privacy rules and regulations violated by the Google information fishing intrusion.

Disregards FTC agreement: Despite the clear direction from the FTC to the contrary, Google has again created a program without a clear path for users to “opt out”.

References

· FTC Statement on Google Settlement

http://www.ftc.gov/opa/2011/03/google.shtm

· Google Shows Off How Well It Knows Your Social Circle

Switched.com (HuffingtonPost Tech)

http://www.switched.com/2010/08/09/google-shows-off-how-well-it-knows-your-social-circle/

· “Do you feel like big brother is watching you now?”

About.com

http://marketing.about.com/b/2011/03/31/google-wants-you-to-1.htm

· Google’s Social Circle & Social Search May Not Violate Any Privacy Laws But It Gives Me The Creeps

LibrarianByDay.com

http://librarianbyday.net/2010/03/30/googles-social-circle-social-search-may-not-violate-any-privacy-laws-but-it-gives-me-the-creeps/

----------------------------

The information, and any attachments contained in this email may contain confidential and/or privileged information and is intended solely for the use of the intended named recipient(s). Any disclosure or dissemination in whatever form, by another other than the intended recipient is strictly prohibited. If you have received this transmission in error, please contact the sender and destroy this message and any attachments. Thank you.