EPIC logo 
   FOR IMMEDIATE RELEASE   
   March 17, 2009   
   
   Contact:   
   Marc Rotenberg, Executive Director   
   John Verdi, Staff Counsel   
   (202) 483-1140   
   rotenberg@epic.org   
   verdi@epic.org   
   
   
   
   EPIC FILES FEDERAL TRADE COMMISSION COMPLAINT CONCERNING GOOGLE DATA BREACH,   
         CALLS FOR FEDERAL INVESTIGATION INTO CLOUD COMPUTING SECURITY   
   
   WASHINGTON, DC - The Electronic Privacy Information Center (EPIC) has filed a complaint 
   with the Federal Trade Commission arising from the   recent Google Docs data breach. On 
   March 7, 2009, Google, Inc. announced that it had inadvertently disclosed user-generated 
   documents stored on the cloud computing service. EPIC's complaint calls for the FTC to 
   investigate the adequacy of Google's privacy and security safeguards. EPIC also asked the 
   Commission to enjoin Google from offering cloud computing services until safeguards are 
   verifiably established.   
   
   In 2000, an EPIC complaint to the FTC resulted in the Commission's imposition of a 
   comprehensive information security program for Microsoft Passport and similar services. In 
   December 2004, EPIC filed a complaint with the Commission against databroker ChoicePoint, Inc. 
   The complaint resulted in $15 million in civil penalties and redress - the largest FTC fine 
   for consumer privacy violations. Recently, EPIC brought a complaint to the Federal Trade 
   Commission calling for privacy safeguards as a condition of the Google-Doubleclick merger. 
   Although the Commission failed to act in that matter, a subsequent review by the Department of 
   Justice in a similar matter led Google to back off a proposed deal with Yahoo.
     
   EPIC's complaint describes Google's routine assurances that it will secure documents on its 
   servers. Google encourages users to "add personal information to their documents and spreadsheets." 
   Yet Google's cloud computing services have been increasingly subject to security vulnerabilities, 
   including high-profile data breaches involving Gmail and Google Desktop. EPIC's complaint notes 
   that Google stores and transmits documents in plain text, while some other cloud computing services 
   encrypt data to safeguard users' privacy. 
     
   EPIC Executive Director Marc Rotenberg said, "Given the growing dependence of US consumers, 
   businesses, and federal agencies on cloud computing services, providers like Google must ensure 
   the security of personal information stored on their servers. The Google Docs data breach highlights 
   the hazards of Google's inadequate security practices, as well as the risks of cloud computing 
   services generally. There is ample precedent for the Federal Trade Commission to begin an 
   investigation." 
     
   EPIC is a public interest research center in Washington, D.C. EPIC was established in 1994 to focus 
   public attention on emerging civil liberties issues and to protect privacy, the First Amendment, 
   and constitutional values. EPIC has a long history of protecting consumer privacy through advocacy 
   before regulatory commissions. 
   
   More information is available at:   
   
   "In the Matter of Google and Cloud Computing Services: Complaint and Request for Injunction, Request 
   for Investigation and for Other Relief" (filed by EPIC, Mar. 17, 2009) 
   http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf