Privacy groups seek FTC probe of Google, Yahoo for exposing data to NSA

Contend that unseen data collection by NSA suggests lack of adequate security on Internet company networks

Several advocacy groups are calling for an investigation into Internet companies Yahoo and Google whose networks were secretly accessed by the National Security Agency (NSA).

In a letter sent Wednesday, the groups asked the U.S. Federal Trade Commission (FTC) find out how the NSA could to extract so much data without the knowledge of Google and Yahoo.

"The Commission should pursue this investigation because it routinely holds itself out as the defender of consumer privacy in the United States," the authors said. "It is inconceivable that when faced with the most significant breach of consumer data in U.S. history, the Commission could ignore the consequences for consumer privacy."

The letter, signed by officials from the Electronic Privacy Information Center, Privacy Rights Clearinghouse, Center for Digital Democracy and others, follows recent reports that the NSA gained access to millions of consumer records by secretly tapping directly into data streams from major Internet companies.

The reports prompted fresh concern about NSA surveillance activities and of the privacy of data being held by the world's largest Internet companies.

Google, Yahoo, Microsoft and others have insisted that they divulge consumer information to the NSA and other government agencies only under appropriate court orders. Each has denied providing any help to the NSA and other spy agencies gathering data on Internet users.

In fact, in a court filing earlier this week the companies demanded that the government release more information about the kind of data that Internet companies are being asked to provide the NSA.

The letter from the privacy groups stands out because it seeks to hold Google and Yahoo responsible for the NSA's data collection activities because of a lack of network security controls.

"We are saying that the companies should do more to protect the privacy of user data and that the FTC has a responsibility to police these practices, particularly since both Google and Facebook are subject to consent orders concerning privacy," said Marc Rotenberg, executive director of EPIC.

Rotenberg said consumer privacy groups have long urged Internet companies to adopt better privacy and security practices to safeguard the information they collect. He noted that privacy groups have asked Internet companies to minimize data collection when possible and to delete unneeded data.

Therefore, Internet companies must be held responsible for breaches of data they store, he said.

A Google spokeswoman wouldn't comment on the letter. Yahoo didn't respond to a request for comment.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is jvijayan@computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Tags MicrosoftinternetGoogleYahoonsaU.S. Federal Trade CommissionElectronic Privacy Information CenterNational Security AgencyCenter for Digital DemocracyFederal Trade Commissioncyberwarfare

Show Comments