Oct 10, 2018
Google is shutting down its social network, but the move may be too little, too late. According to “anonymous sources” at the Alphabet Inc., hundreds of thousands of Google+ users’ private data was exposed between 2015 and 2018 and, to make matters worse, the company decided to withhold information on the breach out of fear of public backlash. Now, Google+, widely considered one of Google’s biggest failures anyway, is going to be shut down. Google itself simply responded to the report by saying that it did not detect any misuse of the private data and, therefore, opted not to disclose it.
“Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” a company spokesperson said. Basically, since Google knows everything about you already, they are perfectly positioned to know if your private information is actually being leveraged in some way after they accidentally brought it out into the open.
According to the sources, the real issue was that Google feared not just reputational damage, but also “regulatory scrutiny.” When the company’s internal evaluation indicated that users could not be “accurately identified” so that Google could inform them of the data breach and that there did not appear to be any “misuse” of the private data, it opted to keep quiet. Furthermore, the company said, there were no “actions a developer or user could take in response to the breach.”
Russell Brandom, a reporter for The Verge, noted Google truly did not break any laws by failing to disclose the 500,000-odd Google+ users who were exposed. “What happened…wasn’t technically a breach,” he wrote. “With no clear data stolen, Google had no legal reporting requirements.”
Of course, the real issue for Google now is that they got caught not reporting the data breach that wasn’t, and experts like John Reed Stark, former chief of the SEC Office of Internet Enforcement, is, as a result, now writing articles that list “10 Questions the SEC probably has for Google.” Stark predicted in that article the SEC will likely investigate Google and suggested the possibility of a congressional investigation as well.
Do you think that Google should have disclosed the breach?