
Response to EFF complaint about student data privacy - bluehex
http://googleforeducation.blogspot.com/2015/12/the-facts-about-student-data-privacy-in.html
======
a_bonobo
Google:

> There are no ads in these Core Services, and student data in these services
> is not used for advertising purposes.

This isn't in the original EFF complaint, EFF specifically says (at least in
the press release [1]) that Google doesn't advertise:

EFF:

>This allows Google to track, store on its servers, and data mine for non-
advertising purposes

Google then says:

>In addition, our systems compile data aggregated from millions of users of
Chrome Sync and, after completely removing information about individual users,
we use this data to holistically improve the services we provide. For example
if data shows that millions of people are visiting a webpage that is broken,
that site would be moved lower in the search results. This is not connected to
any specific person nor is it used to analyze student behaviors.

Which is exactly what the EFF's complaint is about!

EFF:

>Google’s practices fly in the face of commitments made when it signed the
Student Privacy Pledge, a legally enforceable document whereby companies
promise to refrain from collecting, using, or sharing students’ personal
information except when needed for legitimate educational purposes or if
parents provide permission.

so imho Google just confirms what the EFF said

[1] [https://www.eff.org/press/releases/google-deceptively-
tracks...](https://www.eff.org/press/releases/google-deceptively-tracks-
students-internet-browsing-eff-says-complaint-federal-trade)

~~~
dvdplm
I agree with you. I get the impression that data aggregation&analysis is so
deeply ingrained in Google company culture that it's entirely possible the
responsible people truly believes nothing went wrong here.

~~~
pdkl95
From PBS Frontline's "United States Of Secrets" (part 2):

    
    
        LIZ FIGUEROA, (D) State Senator, CA, 1998-06: We walk into this room, and it’s myself
        and two of my staff— my chief of staff and one of my attorneys. And across from us
        was Larry, Sergey, and their attorney.
    
        All of a sudden, Sergey started talking to me. He said, “Senator, how would you feel
        if a robot went into your home and read your diary and read your financial records,
        read your love letters, read everything, but before leaving the house, it imploded?”
        And he said, “That’s not violating privacy.”
    
        I immediately said, “Of course it is. Yes, it is.” And he said, “No, it isn’t.
        Nothing’s kept. Nobody knows about it.” I said, “That robot has read everything.
        Does that robot know if I’m sad or if I’m feeling fear, or what’s happening?”
        And he looked at me and he said, “Oh, no. That robot knows a lot more than that.”
    

Of course, what that ridiculous robot analogy leaves out is that to be useful,
_something_ has to be reported back to Google; if the "implosion" prevented
_all_ of the data from returning to Google, there would be no point in sending
the robot.

> Nobody knows about it.

This idea that no _person_ knows about it is suspiciously similar to the word
games the NSA plays with their claims of only needing a warrant once a human
searches for something they already captured and stored.

~~~
profeta
Senator, if i was spending billions on robots to go to people homes and read
their diaries and then explode before leaving, would you think there was some
ulterior motive on me building those robots?

~~~
ethbro
Or even more reasonably, if I were spending billions on such robots and they
became a pervasive part of society, such that every family had such a robot
regularly visiting their house and their daily routine was dependant on such
robots...

Coupled with the fact that the function of said robots could be changed with a
code push...

Doesn't that create an incredible opportunity for monetization and therefore
risk for future abuse?

Just because we could provide a perfect search result to any query if we knew
everything about a person (including their current thoughts) doesn't make
enacting that a reasonable or good idea.

------
sveme
When Google starts to state that the Future of Privacy Forum (FPF) agrees with
their policies, you know that something's amiss. Looking at fpf.org, they
present themselves as a Thinktank, but it's probably more honest to describe
them as industry lobbyists.

(i) Pages like [https://fpf.org/issues/ad-
tracking/](https://fpf.org/issues/ad-tracking/) don't present a critical and
balanced view on ad tracking but put forward the view of ad companies.

(ii) A random quote from the page on big data: "In Big Data: Catalyst for a
Privacy Change, Joseph Jerome discusses the rise of big data and the role of
privacy in both the Fourth Amendment and consumer contexts, and argues that
the future of privacy will have the be built upon a foundation of trust." The
future of privacy needs to be built on a foundation of trust? Well, you can
state that, but it indicates that you're not an independent thinktank but try
to advance policies that are beneficial to your supporters

(iii) Supporters
([https://fpf.org/about/supporters/](https://fpf.org/about/supporters/)) all
big shots, but also including Facebook, ComScore, ad companies and so on.

So take it with a grain of salt that the Forum for the Future of Privacy
states that Google has done nothing wrong.

~~~
pdkl95
[https://fpf.org/about/](https://fpf.org/about/)

[https://fpf.org/about/our-mission/](https://fpf.org/about/our-mission/)

Their "About Us and "Mission" pages are identical, and are full of glowing
talk about _convening a discussion_ that "seeks to advance responsible data
practices", and doesn't say anything about privacy. This smells strongly of a
corporate/lobbyist PR front.

~~~
cpeterso
The Future of Privacy Forum's future of privacy is "no privacy".

------
danieldk
Besides not addressing the points that EFF raised, one of my serious problems
with Google Apps (as a user) is data leakage across services and accounts.

Some examples:

\- Google Hangouts is one of the covered apps. But to be actually useful (e.g.
if you want to share images), you had to turn on Google+. Images end up in
Google+ photo albums, which are not covered by the Google Apps agreement and
the data can be mined for advertising purposes.

\- Google Drive is also covered, which means that data on Drive is not mined
for ads. However, in a realistic work environment, you have to share files
outside your organisation. If you share a file and someone ends up opening it
on a non-Apps Google account, your document has been leaked to an ad-mined
Drive account.

\- When Google Photos was introduced, suddenly all my Drive photos were there
as well. Google Photos is not covered, which means that the photos can be
mined for ads. Luckily, this problem seems to have been resolved.

\- Google Mail is covered by the terms of apps. But if I go to Google Plus,
people I communicated with via e-mail are suggested as circle additions. Since
Google Plus is not covered by the Apps terms, why does data from e-mail end up
there?

My impression is that (perhaps driven by the consumer apps) data isolation is
a real problem within Google and there is a certain amount of data shared
between apps that are covered by the Google Apps terms and those that aren't.
This seriously undermines my trust in Google Apps and its suitability for
business/education.

Of course, I could switch off every Google service in Apps outside what is
covered. But then you need two Google accounts, which is really inconvenient.

~~~
profeta
I am one of the suckers that try to live with two google accounts.

It is maddening.

For example, if you do not agree to g+ on your main account and by mistake you
select that account on the dropdown from hangouts or the play store* then you
get the EULA agreement and there is no way to go back to the app and select
another account if you don't agree. Because as soon as you decline you exit
the app, and opening the app again will how the aggrement for the last
selected account, if you having another account already green lighted. The
workaround? remove one account. clear data on that app, and redo everything.

* there is no way to NOT show the main (undesired) account on the drop down, and you have to use the dropdown a lot on hangouts as SMS is another account! so every time i move from sms to wifi calls, i have 1 in 2 chances of screwing everything, even more so as my profile pic on my main account is not shown because i never agreed to some policy that would allow it

~~~
fixermark
I find that using Chrome with the multiple accounts feature helps a great
deal. You can theme the different Chrome accounts differently to provide a
visual hint when you're in the wrong window. And if you consistently log into
only one web account from each Chrome account, you never get the multiple-
login selector.

~~~
profeta
yeah, that is easy. i also do that with firefox. i have one themed using a
proxy to work, the other not.

i was mostly talking about android apps, where there is hardly an alternative
for google services.

------
mirkules
Here is EFF's full complaint:
[https://www.eff.org/files/2015/12/01/ftccomplaint-
googlefore...](https://www.eff.org/files/2015/12/01/ftccomplaint-
googleforeducation.pdf)

Basically, it boils down to:

\- Google is violating the student privacy pledge by logging non-educational
material a student user sees, by having sync turned on by default, and by
allowing administrators to turn on sync if it is off

\- Student Privacy Pledge is enforcable by the FTC due to previous precedent

\- EFF wants FTC to open an investigation into Google's practices, and, if
found in violation, to stop the offending practices and delete already-
collected personal data.

It seems fairly straghtforward to me.

------
DadFoundMy
I am an American high school senior and can say confidently that most American
students are screwed over pretty extensively when it comes to the software
they are forced to use.

I have several classes that require the use of proprietary software such as
Google classroom, Microsoft silver light, and Adobe flash. On top of that I
cannot even remember the last time I was given a document that wasn't a .docx.

It would be one thing if these tools were optional, but they are strictly
required and students' grades do suffer if they choose to opt out of using
them. In previous years I simply followed along in my windows VM, but after
getting accepted to the university of my choice I've had enough. I have
alerted all of my teachers I will not be using Google classroom, or complete
any assignment that requires the use of flash, silver light, or any other
proprietary software. Has my grade suffered? Sure, but now that I am securely
in the school of my choice I could not care less.

~~~
mavhc
Won't the university have similar requirements?

Society is living with compromises. If you want everyone to switch to open
source software make it better than the alternatives, they won't switch
because of any other reason.

~~~
cbhl
My university was interesting; you could get a computer degree with the
Engineering department or with the Math/CS department, and their IT policies
were polar opposites. Engineering was 99% Windows/MATLAB/Visual Studio/you
name it. CS was 99% Linux/GCC/CUPS/etc.

If you were on the wrong platform you had a hell of a time submitting
assignments. (CS students on Windows found their C programs would run fine on
their laptops but would crash in the CS environment because of compiler and C
std lib differences. Engineering students on Linux found that they couldn't
open the .docx files to submit lab reports without destroying the mandatory
formatting in the tables.)

~~~
psykovsky
So, supposedly educated young persons couldn't even "Save as..." and choose a
free format when saving the documents? That's not a software problem...

~~~
detaro
And having a copy in a free format helps with submitting a correctly formatted
.docx how?

~~~
psykovsky
They[0] should be saving the documents in a free format, despite the closed
source software. Office supports .odf files or some other free format, does it
not?

[0] By "they" I mean the persons who created the documents, not the ones who
try to edit them using Gnu/Linux...

------
yeukhon
Here is a strawman, because I want to challenge the other parallel universe.

Let's say this whole pledge thing didn't exist and the only thing that GAFE
promise is no ads. Now let's supposed Google is collecting and anonymizing
usage data, like most sofwares do, is that a big deal? Since 99% of the people
won't read the ToS and most people assume some level of usage data will be
collected, what would be people's stand on that?

I think, Google's stand on the current issue is that they disagree their
intent violate the pledge. They would argue data collection is anonymized, and
like most software out there (Chrome, FireFox, etc) these are telemetry (and
all sorts) collected. For Google the collection is for regular development
purpose. Perhaps they will argue that they did not do a good job at making a
"disable me" option, and that they didn't make that clear to their customers.
I supposed EFF just doesn't trust Google handling the data in the first place,
since Google can lie about not logging the individual user name in some
server's log file.

~~~
mattlutze
They don't collect anonymized data. They collect data, then anonymize it for
aggregation by their machine learning systems. They still have data with user
information in it.

I'd be surprised if it was just "for regular development purposes."

I'd wager that collected usage information in drives marketing and sales
efforts, to enterprise customers at least but perhaps consumers as well. And
while it's not directly used to target ads at the students on that platform,
I'd be similarly surprised if it wasn't used to train their commercial-side
profiles to make targeting "anonymous" 12-18 year-olds more effective.

~~~
yeukhon
Maybe. Google doesn't specify how they are fitting their data in their
training program. But to be clear, I didn't say they were just for development
purpose. I was imagining that'd be their interpretation. They would see that
as telemetry or diagnostic information.

But if they will provide an opt-out option, that will help resolve the issue.
EFF isn't wrong, they are catching an implicit fineprint, and Google is
interpreting that very differently (not being Google).

------
swiley
The university I go to makes a point of telling us almost every day that we
have no rights because we signed them away when we accepted the application.

------
ap22213
Man, how far Google as fallen. Reading that corporate press release made me
feel embarrassed and uncomfortable for all the people who had (unwisely)
trusted Google over the years.

Maybe they are not (currently) using the data in the very legalese-specific
way that they have claimed. But, there's no doubt that they will build
unrelated products using that data to make their owners gazillions. That's
fine, you say - we're all here to make money, right? But, imagine that you're
tracked, monitored, and experimented on 24/7 throughout your childhood. When
you're 20, will you be surprised when Google's AI will understand every
intention, desire of you and be able to recognize every nuance of your actions
and behavior? To me, that's scary.

~~~
fixermark
That would be super-convenient, as long as the AI is still helping me find
what I'm looking for, wouldn't it?

------
mark_l_watson
I want to be fare to Google but their response was not satisfying to me. There
should be no leakage of students' data that will persist and have an effect on
students' digital (and physical) lives later in life. I side with the EFF on
this issue.

In the comments, a parent advises their kids to only use their Chromebooks for
class activities and never for personal email and web browsing. Great advice,
and should work fine for children with privacy respecting smartphones.

------
em3rgent0rdr
protip: install a full linux distro on your chromebook, and then use non-
google end-to-end encrypted services such as firefox sync or owncloud for
dealing with private data.

~~~
csydas
While this is great for personal purposes, the article is discussing
Schools/Google Apps for Education (GAFE). Chromebooks are nifty for the low
price they offer and the relatively low maintenance needed on them, but this
solution for privacy on them simply doesn't scale once you get above a few
machines due to the fact that you can't just stick a live disk in and install,
you have to go through a few hoops on the Chromebooks/Chrome Machines I'm
familiar with.

GAFE is really convenient in a lot of ways; the EFF is absolutely right to
complain though that there are a lot of privacy issues baked into the whole
thing by virtue of it being Google Services.

Outside of data collection, the issue is that GAFE admins are still at the
mercy of Google changes. We may get advanced notices from Google about changes
and certainly some are optional, but things like G+ integration, Photos, and
so on are completely outside of our control.

My last workplace used GAFE for the University, and we had a lot of very basic
privacy things that popped up as a result of GAFE and new gmail features
pushed out. Our few privacy minded users (mostly older professors) would get
really upset over how much data got sync'd between LDAP and G+ without our
admin realizing it, students who had legitimate privacy concerns (harassment
cases) were frustrated with the same issue, and so on.

I'd like to believe Google could just ease up the data collection from schools
and businesses - it can't be that great compared to the public at large, and
it would make GAFE absolutely perfect for schools. (Seriously, privacy aside,
GAFE is otherwise perfect for a University set up. Unlimited space, great for
student collaboration, and honestly many universities could do away with
Office subscriptions at this point since the Google Office Suite is close
enough for all intents and purposes.)

------
seomint
> For example if data shows that millions of people are visiting a webpage
> that is broken, that site would be moved lower in the search results.

Cue endless SEO community debate & speculation in 3...2...1...

------
Oletros
Sometimes, I don't understand EFF actions

