Background to the Controversy
Most of the media coverage dealt with the impact of Google’s new policy on consumers. Should they accept the proposed trade-off between privacy and access to Google’s impressive suite of no-cost web services such as Gmail? Conservatives and privacy advocates tend to say no, while libertarians may tend to say “let the people decide.” Does the new policy comply with current or evolving government regulations regarding online privacy? In the U.S., the answer is still up in the air, in Europe it’s probably “no”.
- “Information you give us… like your name, email address, telephone number or credit card”
- “Information about the services that you use and how you use them, like when you visit a website that uses our advertising services or you view and interact with our ads and content”
- “Device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number)”
- “Details of how you used our service, such as your search queries”
- “Cookies and anonymous identifiers [sent] when you interact with services we offer to our partners, such as advertising services or Google features that may appear on other sites”
- “We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads.”
We believe the collection and use of this type of information about individuals by a cloud service officially contracted by a government agency may not be compatible with existing privacy rules and legislation. As noted above, shortly after SafeGov.org issued its statement, Google executives appeared to agree with us and promised that they will “maintain [their] enterprise customers’ data in compliance with the confidentiality and security obligations provided to their domain.”
Google Contracts Say the Policy Does Apply to Government
For example, the State of Texas has published a contract it negotiated with Google partner SADA Systems containing the following clause regarding Customer Data, which we quote in its entirety:
Several things are noteworthy about this clause and the Google Apps Customer Agreement document of which it is part:
- The agreement is not with Google directly, but with its integration partner SADA Systems. SADA is one of the most highly regarded cloud integration firms in the country, and has many successful implementations of GAFG in the public sector. It also implements Microsoft’s competing Office 365 product. The firm’s competence and domain knowledge are not open to doubt.
- We have discovered two other published examples which, except for the customer’s name, are word-for-word identical to the Texas document – these are the GAFG contracts for the town of Downers Grove Illinois and Del Norte County California. These three examples prove that this language is part of a standard document created by SADA.
What It All Means
“For online transactions conducted on Texas.gov, individuals will be requested to enter information about themselves and/or the organization with which they are affiliated. When personally identifiable information is requested, there will be an indication of whether the disclosure of such information is mandatory or optional to continue the transaction... Texas.gov uses server logs and persistent cookies to collect information about the number and types of visitors to Texas.gov and how they use the website… However, no attempt is made to match this information with the identity of the visitor, except as is required to comply with a law enforcement investigation.”
We believe in addition to complying with existing legislation, it is in the interest of Federal, State and Local governments to verify their cloud vendor contracts are consistent with their own stated privacy policies.
In conclusion, we would like to reiterate that GAFG is an innovative product with many useful features. In particular, the simplicity and attractive pricing of GAFG has had a beneficial effect on public sector email and collaboration markets. Google’s pioneering deployment of consumer cloud technology into the enterprise space is putting pressure on traditional enterprise players like Microsoft and IBM to make their own offerings more attractive. These are all good things.
In order to continue to accrue benefits to the American taxpayers, it would be advantageous for all cloud service providers to make clear that the sophisticated user tracking and ad targeting functionality of any of their consumer products is neither appropriate nor acceptable in its public sector offerings.