[ad_1]
Google announced Monday that it would close Google Plus, the solution to the problem of Facebook's giant social network, after many difficulties, after discovering a security breach exposing the private data of 500,000 users.
Google did not inform its users of the security issue encountered in March because it did not appear that anyone had access to the user's information. The "Office of Data Protection and Privacy" of the company decided that he was not legally bound to report it. , the search giant said in a blog post.
The decision to remain silent, which has raised the eye of the cybersecurity community, is part of the relatively new rules in California and Europe that govern when a company must disclose a security episode.
Up to 438 applications made by other companies may have had access to this vulnerability via coding links called application programming interfaces. Outside developers could have seen the user names, email addresses, profession, gender and age. They do not have access to phone numbers, messages, Google Plus posts, or other Google account data, the company said.
Google has stated that it has found no evidence that external developers are aware of the security breach or any indication that a user profile has been tampered with. The flaw was corrected in an update in March.
Google examined "the type of data involved, whether we could accurately identify users to inform, whether there was evidence of misuse and whether a developer or user could take action in response. In this case, none of these thresholds has been reached, "wrote Ben Smith, vice president of engineering at Google.
Monday's disclosure may be subject to further scrutiny because of a note to senior management that was prepared by Google's policy and legal services teams warning that the company would be embarrassed – such as this was the case for Facebook this year – if this vulnerability was made public.
Earlier this year, Facebook acknowledged that Cambridge Analytica, a British research organization that was working for the Trump campaign, had improperly obtained access to the personal information of nearly 87 million Facebook users. Mark Zuckerberg, chief executive of Facebook, spent two days testifying at congressional hearings on this and other issues.
In May, Europe adopted new laws on general data protection regulations, which require companies to notify regulators of possible leakage of personal information within 72 hours. Google's security problem occurred in March, before the new rules took effect.
California recently passed a privacy law, which will come into effect in 2020, allowing consumers, in the event of data breach, to sue up to $ 750 per violation. It also gives the State Attorney General the right to attack companies for intentional breach of privacy.
Steven Andrés, a lecturer on management information systems at San Diego State University, said there was no obvious legal obligation for Google to disclose the vulnerability. But he added that it was disturbing – although not surprising – to see that the company was discussing how the reporting of the vulnerability might appear to regulators.
No federal law requires companies to disclose a security vulnerability. Companies must go through a patchwork of state laws with different standards.
Arvind Narayanan, professor of computer science at Princeton University, who often criticizes technology companies for lax privacy practices, says on Twitter It was common for companies to solve a problem before it was exploited. "It happens thousands of times every year. Requiring disclosure of all this would be totally counterproductive, "Narayanan wrote.
In private meetings with lawmakers last month, Mr. Pichai promised to testify before the end of the year at a hearing on whether technology companies were filtering conservative voices in their products. He will also be asked if Google plans to re-enter the Chinese market with a censored search engine. The vulnerability discovered in March and the company's discussion of how regulators might react should also appear in his testimony.
Last month, Google was criticized for not sending Mr. Pichai to a hearing with senior Facebook and Twitter officials.
Introduced in 2011, Google Plus was to become a Facebook competitor linking users to various Google products, including its search engine and YouTube. But apart from a few loyal users, he has not made his way. In 2018, it was an afterthought.
Google would not say how many people are now attending Google Plus, but he said in his blog post that the service was little used – 90% of user sessions lasted less than five seconds.
When Google engineers discovered the vulnerability, they concluded that the work required to maintain Google Plus was worth the effort, given the low usage of the product, the company said.
Google has announced its intention to disable the consumer version of Google Plus in August 2019, although a version intended for business is still present.
The failure of Google Plus has relieved Google of some pressure on the problems faced by Facebook and Twitter, especially Russian misinformation efforts.
When Google announced in August that it had removed accounts suspected of being linked to Iranian influence campaigns, the company announced that it had deleted 13 Google Plus accounts, compared to 652 accounts deleted by Facebook for the same reasons.
Follow Daisuke Wakabayashi on Twitter: @ Daiwaka
[ad_2]
Source link
