Google’s childish approach to business ethics has landed it in hot water with Congress yet again. After discovering a software bug earlier this year which potentially exposed user data – persisting since 2015 — the company chose to hide it from consumers and regulators. That is, until The Washington Post exposed it earlier this week.
The glitch, which has since been fixed, affected the company’s Google+ social network and exposed the personal data of nearly 500K users.
Google has since shut Google+ down permanently. But questions remain over the timeline, and why the company chose not to disclose the glitch and potential breach.
Senators John Thune, Roger Wicker, and Jerry Moran, are now demanding answers. The trio sent a letter to Google CEO Sundar Pichai on Thursday requesting information about the nature of the company’s response to the discovery of the glitch. Specifically, the Senators are demanding a copy of an internal company memo allegedly detailing plans to keep quiet about the glitch.
Google initially stated it hadn’t disclosed the glitch because it wasn’t sure if any breach had actually occurred. The Senators’ letter calls that motivation into question:
But according to an internal memo cited in the article, a factor in Google’s decision not to disclose the vulnerability was fear that doing so would draw “immediate regulatory interest,” bring Google “into the spotlight alongside or even instead of Facebook despite having stayed under radar throughout the Cambridge Analytical scandal,” and “almost [guarantee] Sundar will testify before Congress.”
The letter calls on Google to provide the Senators with a copy of the memo and to answer a series of seven questions related to its choice not to disclose the glitch and what it thinks its obligations to its users are.
The Senators also gave Google a deadline by which to respond with its answers (5:00 PM, 30 October) and set up a staff meeting.
It comes off a bit like Thune and company are trying to give Google extra homework for breaking the rules, but the existence of the memo could be perceived as an attempt to subjugate regulatory efforts during a high-profile period for big tech.
Google says it had no legal obligation to disclose the glitch.
This latest kerfuffle for Google isn’t the first time this year it’s been in poor graces with members of Congress. Sundar Pichai’s refusal to join Facebook CEO Mark Zuckerberg and Twitter’s Jack Dorsey for a hearing last month raised the ire of Capitol Hill. Now Pichai runs the risk of Congress ordering one that focuses solely on Google.
The company appears to be struggling to find its identity under Pichai’s leadership. This year alone it suffered employee protests over its involvement in developing AI for the military and for building a censored Search engine for the Chinese government. The latter of which earned it yet another rebuking from the US government when Vice President Mike Pence personally requested Google immediately stop working on it.
It can’t be a good thing for Google to be on the US government’s bad side — especially considering AI regulation is almost certainly coming to the US.
Perhaps Google’s parent company, Alphabet, should consider putting someone in charge who doesn’t, allegedly, need to be protected from testifying in front of Congress.
Update 5:00 PM CST 10/12: Removed references calling the issue a “breach,” to more accurately reflect that the Google+ security flaw was a “glitch” or “bug” which could have potentially resulted in a breach.