Most InfoSec experts agree on one thing: Google does not care about the privacy of its users. In the fight against big data abuse and unchecked surveillance from governmental and corporate sources, Google consistently comes up as an enemy to privacy advocates. The newest example of Google’s overreach is in a rather frightening court case. New Mexico is suing Google for what it asserts is privacy violations against minors.
According to the 24-page document filed by New Mexico Attorney General Hector Balderas, the lawsuit alleges that Google is leveraging its Google Education program to mine children’s data. The Google Education program is used by 80 million educators, with 25 million obtaining free Chromebooks for school classrooms. Additionally, Google Education gives students classroom access to its G Suite of Education, which includes Chrome browser, Gmail, Drives, Docs, and other notable programs.
Where things get sinister, according to Attorney General Balderas, is what occurs as students use these programs and products:
Google did not obtain verifiable parental consent via an online form, a toll-free number, a video-conference call or by any other method allowed under COPPA... Furthermore, the pop-up notifications that Google displayed to students when first accessing their Google Education accounts are not intended nor available for review by the child’s parent. The notifications appear when the child uses his or her Chromebook computer or logs on to 3 Chrome browser in order to complete school work... Even if such notifications fully informed a child of Google’s collection practices (they do not), such notice is insufficient under COPPA because children under 13 do not have the capacity to consent to Google’s data collection practices.
Such data being collected includes web activity, personal contacts, and voice recordings, all of which are used to create a profile on each individual child. The data collected for these profiles is then utilized for commericial, monetary purposes. All of this is being done while in direct violation of Google’s own terms and conditions.
Balderas sums up the threat that, if what is asserted can be proven in court, Google’s actions pose in the following excerpt:
The consequences of Google’s tracking cannot be overstated: children are being monitored by one of the largest data mining companies in the world, at school, at home, on mobile devices, without their knowledge and without the permission of their parents. Vast amounts of personal data generated by the student while online will be captured by Google and added to the student’s profile. While purporting to offer only educational services, Google instead has stripped children and parents of autonomy and control of their most sensitive personal information, forcing children to acquiesce to constant monitoring, in perpetuity, in exchange for their education.
While some may think that privacy and cybersecurity are separate issues, they really are not. Imagine if this data were leaked? Imagine the amount of usage that pedophiles on the dark web can gleam from having access to such rich, detailed reports on minors? If cybersecurity is about protecting the innocent, privacy rights must also be consistently considered. Silicon Valley will continue on its same course unless they are called onto the carpet for their actions.
More will be reported on this New Mexico vs. Google case as details continue to emerge.
Featured image: Flickr / Truthout.org