By Mike Swift, San Jose Mercury News –
SAN JOSE, Calif. — Google has long faced privacy and antitrust problems with federal and European regulators. But states appear increasingly willing to confront the Internet giant over those same concerns, and also could exact significant financial penalties.
Friday, the Connecticut state attorney general’s office said it is investigating Google’s recent bypassing of the default privacy settings of Apple’s Safari Web browser to allow Google’s “+1” button to work. The offices of New York Attorney General Eric Schneiderman and Maryland Attorney General Douglas Gansler are also investigating the Safari breach, according to a source familiar with the inquiries. Those offices declined to comment.
“We have some concerns and are looking into it,” said Matthew Fitzsimmons, an assistant attorney general who heads a four-lawyer Internet privacy task force for Connecticut Attorney General George Jepsen.
Fitzsimmons declined to discuss which Connecticut laws Google might have broken, but he said the state is in the early stages of considering what information it will demand from the Mountain View, Calif., company. Connecticut is also leading an ongoing multi-state inquiry of an earlier privacy breach in which cars photographic streets for Google’s Street View scooped up data from home and business Wi-Fi networks that were not password-protected.
Federal regulators have already wrapped up their investigation of the Street View breach, with the Federal Trade Commission declining to hit Google with any fines. Fitzsimmons said he could not provide a timeline for when the states’ Street View probe might conclude.
Maryland and Washington, meanwhile, recently led an effort by 36 state attorneys general to collectively complain about Google’s March 1 privacy policy change, which allowed personal data collected through any one Google service to be shared with all of them.
The Safari breach was discovered by Stanford researcher Jonathan Mayer, and first reported by the Wall Street Journal last month. The changes Google made to Safari had the unintended effect, Google said, of allowing advertising tracking “cookies” that Safari normally blocks to begin logging the movements of Safari users across the web. Cookies are small pieces of software that Google and many other companies use to track a person’s online interests in order to target ads.
“We learned of the issue in the same manner in which a lot of other folks did,” Fitzsimmons said in an interview Friday. “It was fairly recently, and at this point it’s just in the beginning stages of trying to wrap our heads around what may have happened.”
Safari is the default browser on Apple’s hugely popular iPhones and iPads. The Wall Street Journal reported Friday that the FTC, along with European regulators, is also investigating whether the Safari breach violated the recent settlement between Google and the government over a third privacy breach, involving Google’s Buzz social network in 2010. Under the Buzz settlement, in which Google did not admit legal wrongdoing, the company promised not to misrepresent its privacy policies and agreed to 20 years of independent privacy audits.
Google has said that it did not intend to allow ad tracking cookies when it changed software code in Safari to allow the use of its +1 button, which allows people to flag content that interests them. The potential legal problem for Google is that its website had told Safari users that they would not be tracked under the browser’s default settings — but that wasn’t the case.
“We will of course cooperate with any officials who have questions,” Google said in a written statement Friday, in response to a question about the state investigations. “But it’s important to remember that we didn’t anticipate this would happen, and we have been removing these advertising cookies from Safari browsers.”
An FTC spokeswoman declined to comment Friday. Google could face a federal penalty of $16,000 per day per violation if it were found to have violated the Buzz settlement.
