Describing the Privacy of Complex Things is Complex… so is testing black box behavior of same, both could do better.

Recently the Mississippi Attorney General sued Google, revisiting some of the same claims that the EFF made in late 2015, alleging that Google is mining student data in violation of agreements and the student privacy pledge.

The title of this post is my TL|DR summary of an excellent post by Bill Fitzgerald, the Privacy Initiative Director at Common Sense Media. It raises  an important point, which is that it is important that the vendors that provide EDTech services be accurate, transparent and comprehensible, about what is happening with use data, it is equally important to hold those that criticise, advocate, lobby, and enforce privacy to similar standards.

Based on the information currently available, the Mississippi AG lawsuit does not appear to meet this standard.

1.The lawsuit lacks specific evidence of any actual evidence of data mining. This was pointed out in the ED Week article about this by Benjamin Herold , where he says

“The Mississippi attorney general’s office, meanwhile, has provided only limited information about how it determined that Google is tracking students, using their data to build profiles, and targeting them with ads. Officials “tested” …[but] declined to provide any details about the nature of those tests, citing their ongoing investigation. The lawsuit itself contains no information demonstrating that any of Google’s allegedly deceptive practices actually occur.” 

This is also born out in the FAQ which says:

Q: What information is Google collecting?
A: It is unclear at this time exactly what information Google is collecting from its GSFE users. Through this lawsuit, the Attorney General seeks to uncover exactly what information Google is accessing and collecting. The lawsuit also seeks information as to how Google is using that data.

2.The allegations about Chrome Sync are both technically incorrect and refers to functionality (sync passwords, browser history, bookmarks etc.) that is similar to functionality that exists in nearly every modern browser/operating system. For reference see both Google’s response to Sen. Franken and the Chrome help page for adding a “trust no one” passphrase that prevents Google from reading sync data (see ) the descriptions of what does not work if this is done make it very clear what it is used for.

3. The references to non-core services ignore the clear statements that Google makes to schools (in the terms and in the admin console) that schools are responsible for obtaining parental approval for all users under 18 prior to enabling a non-core service . One question that has not been answered in Mississippi is if the student accounts the AG used had YouTube enabled for students, and if so, did the school obtain the parental permission.

4.On the claim that the Google policies are complex and in places contradictory. I’d point folks to the EDU privacy notice https://gsuite.google.com/terms/education_privacy.html  which is a short (<1200 word), easy to read document that summarizes the policies provides answers to that would lead one to believe the Miss. lawsuit got the facts wrong and very clearly addresses the concern about multiple conflicting polices by saying…

“Where there are terms that differ, as with the limitations on advertising in G Suite for Education, the G Suite for Education agreement (as amended) takes precedence, followed by this Privacy Notice and then the Google Privacy Policy.”

As far as them being complex, yes, that is a fair point, because it is a complex system and yes there are areas for improvement, but one very clear area I’d point to is where the word “privacy” links to depending on consumer or GSuite accounts.

privacy-compare

5.In a video clip of an interview with journalist Anna Wolfe, Hood make the claim that his office looked at “some other class action lawsuits that Google settled where they were in fact mining data of children”. No details were provided, but I cannot identify what “Class action settlements” he was referring to. The most likely one (Matera v. Google) appears to have been modified so that it does not include Google Apps for Education. The settlement document says

“Subsequently, on October 17, 2016, Plaintiff Matera filed an Amended Complaint (ECF No. 58), …… eliminating allegations pertaining to Google Apps”

6. As long as we are on the subject of court settlements and prior bad acts, it is worth remembering that a federal court shut down AG Hood’s abuse of authority in a prior case against Google after a series of Pulitzer prize winning articles on how the influence of lobbyists can sway congressional leaders and state attorneys general.

Some privacy and transparency areas that Google could improve on include:

  1. Disabling all non-core Google services by default for newly created GSuite for Education domains.
  2. Specifically clarifying what takes precedence for schools the ADmin notice that it is the schools responsibility to get permission from parents for students under 18 (and therefore under 13) to use services such as YouTube, Google + etc..) or the terms corresponding language that prohibits the use by under 13 in these services 9e.g. YouTube, Google + and the Google Chrome Store).
  3. Requiring developers to post links to terms and privacy policies in their listing in the Chrome Apps Store, and conspicuously displaying the link.
    • Require the same for Apps found apps discovered through Google Drive’s “connect more apps” feature.
    • Require the same for 3rd Party “google add-ons” for sheets, docs and forms. This last is particularly important as the user interface presents access to these 3rd party services from a menu within a document or spreadsheet. This has the potential to  create confusion over what is a Google product. Also since these services are listed with a tool (Google Drive) that is provided by the school it may create the impression that these tools are recommended, vetted, sanctioned or approved by the district.
    • This is shown below-the Drive App Pear deck has a link to policies, the Docs Add-on EasyBib does not.

  4. Clarifying the behavior of data collection for GSuite EDU users that are:
    1. Logged into GSuite but have YouTube disabled by the Admin
    2. Logged into GSuite but have YouTube enabled by the Admin

An example that raises this question is the network traffic when a non-logged in user searches YouTube and traffic appears to be going to google search services.

youtubecapture

Non-Core Services Enabled by Default in GSuite EDU

As part of a an attempt to do a methodical test of the “claims” recently made by the Mississippi AG I started from what should be the logical first step, creating a new GSuite for Education domain. One important thing to note is that when doing this (as of 1/17/17), 25 of the non-core 52 services are turned on by default (list attached). A fair criticism might be that the better privacy by default practice would have been to default all of these to OFF and require the Admin to enable them.

The flow looks like this, As soon as an admin signs up, they must verify the domain (creating a DNS entry to prove they have control). As soon as they do this they get the following message

default-1

It is worth noting that YouTube is enabled by default on new GSuite EDU domains (as of testing on /19/17) , despite the under 13 prohibition in the terms], though location, web history and google + are not. Blogger is on by default for all users.

An example of the “notice and consent” for Admin when enabling new services can be seen below.

 

default-3

 

A fair point could be made about contradicting terms and it is reasonable to think that Districts might be confused about how to determine what take precedence between the pop up dialog the admin clicks overrides and the general prohibition on under 13 in the youtube terms (the same is true for chrome web store which prohibits under 13)

Also the default setting for new products is to enable them

default2

 

The following table lists the default status of non-core services in a new EDU GAFE domain upon domain activation (as of 01/22/2017)

 

 

Service
Status
Blogger On for everyone
Quickly post thoughts, interact with people, and more
Chrome Management On for everyone
Configure policies for Chrome browsers
Chrome Web Store On for everyone
Marketplace for Chrome Web Apps.
FeedBurner On for everyone
Analyze, optimize, publicize, and monetize your RSS and Atom feeds.
Fusion Tables (experimental) On for everyone
Share, discuss, merge, and visualize your datasets
Google Bookmarks On for everyone
Create bookmarks you can access anywhere
Google Books On for everyone
Search the full text of books (and discover new ones)
Google Chrome Sync On for everyone
Sync your Google Chrome bookmarks across multiple computers
Google Developers Console On for everyone
Develop applications using Google APIs and the Google Cloud Platform.
Google Finance On for everyone
Google Finance
Google Groups On for everyone
Create mailing lists and discussion groups
Google in Your Language On for everyone
Volunteer to translate Google’s services into various languages
Google Map Maker On for everyone
Google Map Maker
Google Maps On for everyone
Find local businesses, view maps and get directions
Google My Maps On for everyone
Easily create, share, and publish custom maps.
Google News On for everyone
Create your own customized Google News
Google Photos On for everyone
Store and share photos online with Google Photos and Picasa Web Albums
Google Play Developer Console On for everyone
Distribute your Android content to Google Play
Google Public Data On for everyone
Public Data
Google Search Console On for everyone
Get Google’s view of your site
Google Takeout On for everyone
Copy content in Google accounts for use in another service or account
Google Voice On for everyone
Google Voice
Mobile Test Tools On for everyone
Mobile Test Tools – A set of HTML5 test suites along with supporting tools for browser compatibility.
Panoramio On for everyone
Share photos of your favorite places.
YouTube On for everyone
YouTube
DART for Publishers Off
DART for Publishers
DoubleClick Campaign Manager Off
DoubleClick Campaign Manager
DoubleClick Creative Solutions Off
DoubleClick Creative Solutions is a rich media production and workflow tool designed for creative agencies to streamline their rich media processes and take control of their turnaround times.
DoubleClick DART Enterprise Off
Enterprise class software ad serving solution
DoubleClick for Publishers Off
DoubleClick for Publishers
DoubleClick Search Off
Manage and optimize pay-per-click advertisements and keywords across all major search engines
Google AdSense Off
Earn money by displaying ads on your site
Google Advertising Professionals Off
Become a Qualified Google Advertising Professional
Google AdWords Off
Find buyers searching for what you sell
Google Analytics Off
Google Analytics
Google Code Off
Google’s home for developers
Google Custom Search Off
Create a search engine tailored to your needs
Google My Business Off
Get your business on Google for free with Google My Business
Google Payments Off
A faster, safer and more convenient way to shop online
Google Play Off
Google Play
Google Shopping Off
Shop smarter with wishlists of your favorite products
Google Translator Toolkit Off
Google Translator Toolkit
Google Trips Off
Google Trips – Your mobile travel assistant
Google+ Off
Google+
Individual storage Off
Individual storage
Location History Off
Location History and Reporting
Merchant Center Off
Post your products on Merchant Center, find them on Google.
Partner Dash Off
Partner Dash
Play Books Partner Center Off
Provide access to administrative interface for publishers to sell ebooks on Google Play and make them discoverable in Google Books.
Web & App Activity Off
Access and manage your web activity from any computer
YouTube CMS Off
YouTube Content Management System
YouTube Promoted Videos Off
Promote your content on YouTube