A privacy advocacy group has asked the Federal Trade Commission to pull the plug on Gmail, Google Docs, Google Calendar, and the company's other Web apps until government-approved "safeguards are verifiably established."
If the FTC grants the request, hundreds of millions of Internet users would be unable to access their e-mail or documents until the agency's formidable collection of lawyers in Washington, D.C., became satisfied with the revised applications. The outage would extend to businesses that pay for access to Google Apps.
The Electronic Privacy Information Center submitted the far-reaching request to the FTC in a letter from its director, Marc Rotenberg, on Tuesday. It argues that a formal legal injunction halting all Google cloud-computing services pending formal government approval is necessary to "adequately safeguard the confidential information" of users.
"If we were talking about a child safety seat that could not be securely attached to a car passenger seat, the commission in that instance would say to the company, 'Look, you've got to fix that problem,'" Rotenberg, a lawyer and adjunct law professor, said in a telephone interview on Tuesday. "Consumers are at risk when that product is in the marketplace. We have a similar view of cloud computing at this point: people are at risk."
EPIC sent the letter a week after a bug in Google Docs exposed a small fraction of word-processing and presentation documents. Google said the problem affected only 0.05 percent of documents stored at the site, that affected Google Docs users had been notified, and it affected only people with whom users had already shared documents.
As an additional punishment, EPIC wants Google to be forced to pay $5 million into a "public fund" that it and like-minded advocacy groups could financially benefit from.
For its part, Google said it was reviewing EPIC's letter and provided CNET with this statement: "Many providers of cloud computing services, including Google, have extensive policies, procedures and technologies in place to ensure the highest levels of data protection. Indeed, cloud computing can be more secure than storing information on your own hard drive. We are highly aware of how important our users' data is to them and take our responsibility very seriously."
Paragraph 57 of EPIC's letter asks the FTC to "enjoin Google from offering cloud computing services until safeguards are verifiably established."
Microsoft and Yahoo declined to comment on Tuesday.
EPIC regularly sends letters to the FTC asking for action against technology companies. It targeted DoubleClick; it also questioned Microsoft's Passport authentication system, which yielded a settlement in August 2002.last year targeting Ask.com, which had already discontinued the practice in question. In 2000, the group
The complaints invoke the FTC's legal authority to file civil lawsuits against "unfair or deceptive acts or practices." In this case, EPIC claims that Google is violating that law because of its "inadequate security practices."
"One of the powers of the FTC is to say if you can't provide a safe product, we can take it from the marketplace," Rotenberg said. He acknowledged having the FTC attempt to pull the plug on Google Apps until privacy fixes were done was a long shot, but said the broader goal was to raise awareness of the privacy and security risks of cloud computing. (EPIC previously claimed Gmail was illegal and attempted to have it shut down.)
Jim Harper, director of information policy studies at the free-market Cato Institute, said that nothing Google has done is unfair or deceptive.
"EPIC is unable to persuade the public of a problem, so it goes to a very willing government agency that has nothing else to do but machinate about these kinds of issues," Harper said. He added, referring to the $5 million fund EPIC wants Google to set up: "This is a new fundraising tool."
CNET's Stephanie Condon contributed to this report
(Disclosure: Declan McCullagh is married to a Google employee.)