Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

Facebook vs Google – the pot calling the kettle black

Facebook vs Google – the pot calling the kettle black

  • Comments 1

In case you missed it a few days, a story broke that said that Facebook was caught hiring a PR firm to spread stories about Google about how they invade people’s privacy.  From The Daily Beast:

For the past few days, a mystery has been unfolding in Silicon Valley. Somebody, it seems, hired Burson-Marsteller, a top public-relations firm, to pitch anti-Google stories to newspapers, urging them to investigate claims that Google was invading people’s privacy. Burson even offered to help an influential blogger write a Google-bashing op-ed, which it promised it could place in outlets like The Washington Post, Politico, and The Huffington Post.

The plot backfired when the blogger turned down Burson’s offer and posted the emails that Burson had sent him. It got worse when USA Today broke a story accusing Burson of spreading a “whisper campaign” about Google “on behalf of an unnamed client.”

But who was the mysterious unnamed client? While fingers pointed at Apple and Microsoft, The Daily Beast discovered that it's a company nobody suspected—Facebook.

Confronted with evidence, a Facebook spokesman last night confirmed that Facebook hired Burson, citing two reasons: First, because it believes Google is doing some things in social networking that raise privacy concerns; second, and perhaps more important, because Facebook resents Google’s attempts to use Facebook data in its own social-networking service.

I find this accusation very ironic coming from Facebook when you consider that Facebook has suffered its own accusations about privacy breaches – giving information to advertisers, tracking users for targeted ads, default privacy settings becoming more and more expansive, and so forth.  Is Facebook really in a position to call out Google?

Even though I work for Microsoft and therefore can hardly be considered unbiased, I think Microsoft would be in a position to call out others for lack of privacy protection.  I say this based on the fact that in my division, every new feature that we implement has to go through Privacy reviews and we have to give special consideration to protection users’ personal data (I wrote about this a couple of weeks ago on the classification of HBI, MBI and LBI).  We have people who’s jobs it is to work on Privacy concerns and our internal specifications have sections that explicitly make us say what we’re doing for Privacy.  This is not uncommon across the company. 

My point is not to bluster about how great we are but instead to illustrate the fact that Microsoft has been in business for over three decades.  That means that over time we have gotten used to people nit-picking about privacy issues; since the company handles a lot of business data, there have historically been concerns about securing customer data.  Microsoft’s policies surrounding privacy evolved out of necessity and therefore was forced to deal with the issue sooner than newer organizations that first attempt to get the product up and running and then fix stuff afterward.

By contrast, Google and Facebook started off in the consumer space where privacy concerns were not as important.  Both companies have only been around less than a decade and a half.  It’s all part of the growing pains of success.  Of course, now that confidentiality breaches are a weekly event, even companies that cater to consumers have to start thinking about it.  Others who have been in the business a while can sit back and watch them define policies.

Otherwise, one day Google or Facebook will have to hold a press conference saying “Uh, yeah… we experienced a breach this past weekend by a hacking group…”

Leave a Comment
  • Please add 7 and 6 and type the answer here:
  • Post
  • "I think Microsoft would be in a position to call out others for lack of privacy protection ... we have gotten used to people nit-picking about privacy issues."

    Let's recite some facts:

    Microsoft's lobbyists file numerous commnets with government agencies like the FT.  Microsoft claims they have a comprehensive corporate-wide privacy program audited and enforced by Truste. ... but  ....  Microsoft and Truste filed pleadings in federal court where they say seperate sites have seperate privacy policies and the Microsoft.com privacy policy does not cover many of their web sites or offline activities.  TRUSTe chimes in and says they only monitor online privacy policies and not corporate-wide privacy privacy programs or offline issues.  They also both say that they are not contractually bound by their online privacy policy if someone just visits the web sites because they say no contract is formed (case 1:09-cv-04567).

    The issue came up because Microsoft mains an IP address blacklist under their "Frontbridge" service (now called Microsoft Exchange Hosted Services).  Microsoft has been compiling this blacklist often using faulty procedures and they have put many small e-mail servers erroneously on the blacklist.  This includes many law firms who run their own mail servers for security and archiving purposes.  Cisco has a similar list (Ironport).

    Microsoft and Cisco then often refuses to tell people what information has been collected about them, why they have been blacklisted, and errors are often not corrected.  If there is a response at all Microsoft and Cisco often respond in an arrogant and accusatory manner even though they are sometimes wrong about the list.  Claims have been made that because these activities are not on the main site then the main privacy policy does not apply and TRUSTe refuses to adjudicate complaints because they say it is happening on a non-TRUSTe site.  Any time a company wants to circumvent their privacy policy they just set up a new domain with a new privacy policy and do the data collection there.

    It seems to me you would know all about this since you work in this area.  Of course I am sure you call this "nitpicking" by privacy kooks so there must be something wrong with the complainer.

Page 1 of 1 (1 items)