The Hill reports that the bi-partisan congressional Privacy Caucus sent an open letter to Google CEO Larry Page asking for clarification on Glass and the myriad of privacy issues it presents. The letter contains many of the same talking points that groups like Stop the Cyborgs have brought up in the past, but it seems to at least be giving Google the benefit of the doubt in this case.

Here’s some of the more interesting questions that many of us, including myself, would want answered:

“What proactive steps is Google taking to protect the privacy of non-users when Google Glass is in us? Are product lifecycle guidelines and frameworks, such as Privacy by Design, being implemented in connection with its product design and commercialization? For example, if a Google Glass customer/user decides to resell or to dispose of their Google Glas product, would there be any product capabilities incorporated into the device to ensure that one’s personal information remains private and secure?”

“In Google’s privacy policy, it states that the company “may reject requests that are unreasonably repetitive, require disproportionate technical effort … risk the privacy of others, or would be extremely impractical.” Please provide examples of when Google would reject requests on Google Glass that would risk the privacy of others? Would Google place limits on the technology and what type of information it can reveal about another person? If so, please explain. If not, why not?”

“Given Google Glass’ sensory and processing capabilities, has Google considered making any additions or refinements to its privacy policy? If so, please explain. If not, why not?”

There are a total of eight questions, but the above three are by far the most important. The last question is especially interesting as Google has run into complaints and threats of regulation when it changes its privacy policy. Even if Google were to change its privacy policy to reflect the the privacy implications of Glass, it’s a given that somebody would find something to complain about.

In addition to questions about its privacy policy, the Privacy Caucus drags the 3-year-old street view Wi-Fi data collection scandal into the spotlight yet again. They want to know if Google will be doing anything to prevent Glass from unintentionally collecting data. It’s somewhat of a moot point because Glass and the street view cars are very different. Even if Google Glass could store data from unprotected Wi-Fi sources, the paltry 16GB of onboard storage ensures that it wouldn’t be able to collect very much.

As for Google’s response to all of this, a spokesperson for the company told The Hill that Google is “thinking very carefully how [it] design[s] Glass because new technology always raises new issues.”

That’s about all we can ask for at the moment. It will be interesting, however, to see if Page actually responds to the letter. During his closing remarks at Google I/O on Wednesday, he raised concerns that the law wasn’t keeping pace with technology. Would he argue that privacy laws aren’t keeping up with what Google is trying to achieve with Glass?

Do you think Google Glass should be banned? Let us know in the comments.

TechDirt reports that a new We The People petition submitted on May 3, a man from Seattle, Washington is requesting that the government “Ban Google Glass from use in the USA until clear limitations are placed to prevent indecent public surveillance.” As the title suggets, those who have signed are scared of the privacy implications:

Google Glass is a new twist on technology which hasn’t had clearly stated limits on the locations in US communities where it can and cannot be used. In order to protect our communities we need limitations to prevent indecent public surveillance of our friends, children, and families.

It is hard to prevent it because the hardware gives no notification that it is recording an individual at any given time.

Aside from the admittedly weak (only 34 signatures in a week) petition, a group called Stop the Cyborgs has sprung up in recent months in protest of Google Glass. It’s not like they hate Google or Glass though. They also don’t want a ban. Instead, the group argues that they just want consumers to think about what they buy and the implications of technology:

As for its specific beef with Google Glass, the group lists a number of problems it has with the technology:

Their concerns may be legitimate as hackers with early access to Glass say its relatively easy to turn the device into a surveillance tool. The obvious first thought is that people can use Glass to spy on others, but the real threat is that hackers could use Glass to spy on the person wearing them. Jay Freeman explains:

Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer: they have control over a camera and a microphone that are attached to your head. A bugged Glass doesn’t just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do. The only thing it doesn’t know are your thoughts.

The obvious problem, of course, is that you might be using it in fairly private situations. Yesterday, Robert Scoble demonstrated on his Google+ feed that it survived being in the shower with him. Thankfully (for him, and possibly for us), this extreme dedication to around-the-clock usage of Glass also protects him from malicious attacks: good luck getting even a minute alone with his hardware ;P.

However, a more subtle issue is that, in a way, it also hacks into every device you interact with. It knows all your passwords, for example, as it can watch you type them. It even manages to monitor your usage of otherwise safe, old-fashioned technology: it watches you enter door codes, it takes pictures of your keys, and it records what you write using a pen and paper. Nothing is safe once your Glass has been hacked.

Do you think fears of Google Glass are overblown? Or do you think hackers could wreak havoc on those who choose to wear Glass? Let us know in the comments.

I think most can agree that hardware like Glass shouldn’t be allowed in certain places. It’s totally reasonable to ban its use at bars, strip clubs and other places that respect client confidentiality. It should also probably be banned from the workplace or other locations that handle sensitive data.

That being said, the consumer version of Glass is at least a year away. That gives Google and developers enough time to ensure that Glass respects privacy while potentially ushering in a new era of wearable computing.

Despite all of the fear circulating around Google Glass, you probably won’t have to worry about people abusing the technology. Those who use Glass will either be too busy taking selfies in the shower or being punched in the face.

Is Google Glass a revolution in wearable computing? Or is it a surveillance nightmare? Let us know in the comments.

Droid Life reports that Google will be updating the Google Wallet commerce site in the coming weeks that will remove any personally identifiable information from transactions. Before the update, all transactions would return a customer’s name, email address and other information. The new Google Wallet only returns the general location of the customer at time of purchase for tax purposes.

So, why did it take Google this long to implement these changes? Google could have just removed the personal information and called it a day, but it seems that the company is completely rebuilding the Google Wallet commerce site to be more developer friendly as well. There’s been a number of UI changes that clean up the site.

Here’s what the new Google Wallet commerce site looks like compared to the old, courtesy of Droid Life:

The Google Wallet fiasco was just one of many privacy challenges that Google is facing. It’s nice to see the company working quickly to address this particular problem, but it has many more to go. In fact, it only just recently settled a years-old Wi-Fi snooping case in Germany. It also has to contend with European regulators as they question Google’s new privacy policy.

This morning, Bloomberg reports that a German regulator has fined the company 145,000 euros ($189,230) over the debacle. From Bloomberg’s Karin Matussek:

Hamburg data regulator Johannes Caspar said in an e- mailed statement today. He had reopened the probe after prosecutors dropped a related criminal case last year.

“In my view, this is one of the biggest data protection rules violations known,” said Caspar. Google’s “internal control mechanisms must have severely failed.”

In 2011, France fined Google $142,000.

Last year, Google was fined $25,000 by the FCC for obstructing an investigation into its related practices, though the Commission ended up dropping the investigation.

Last month, Google settled with 38 states in the U.S. over the issue.

Google first announced the Mapathon back in February, saying that they were trying to create better maps for India, “a country where even paper maps have historically lacked in details.” Google offered prizes to participants – including Android tablets, phones, and various bits of Google swag. All Google asked people to do was add location details via Google Map Maker.

The Mapathon officially began on February 12th and was over by March 25th.

According to Google India, the Mapathon was a huge success. They reported new information on 32,000 emergency locations like hospitals, 82,000 food updates, and 42,000 map updates on places of worship. None of the information collected via Map Maker had anything to do with “sensitive places,” according to Google.

But the Indian Survey agency wasn’t too happy about it, and they asked Google to cease the promotion as it was “likely to jeopardize national security interest and violates National Map Policy.”

The Indian federal survey and mapping agency has filed an official complaint, and the head of the agency says that they plan to take the issue to Parliament later this month. Apparently, local law says that companies must obtain expressed permission from the proper authorities in order to operate a map project like the one Google sponsored. Failure to do so opens up such companies to local prosecution.

But Google India spokesperson Roy Chowdhury says that Google did in fact informed local officials of its mapping project, and that it complied with all local regulations.

“We take security and national regulations very seriously, and we’re open to discussing specific concerns with public authorities and officials,” said Chowdhury.

[Wall Street Journal (paywall) via Search Engine Land]

National Security Letters (NSL) are a form of a demand letter that are used by the U.S. Government (mostly the FBI) to extract information from an organization in the name of national security. The kind of info requested in NSLs includes stuff like transactions, phone numbers, and email addresses.

And it shouldn’t surprise you that a company like Google finds itself at the receiving end of many of these letters.

But according to a report, Google is fighting back against them in court.

Last week, Google filed papers in the case In Re Google Inc. Petition to set aside Legal Process. Although most of the documents are sealed, Bloomberg reports that Google is in fact challenging Section 2709 of Titles 18, which deals with National Security Letters. Section 2079 gives the FBI the ability to issue NSLs that force services like Google to give up user info that “relevant to an investigation” into national security issues.

The law also allows NSLs to come complete with gag orders, barring the recipients from even discussing them with their users.

The case is in front of US District Judge Susan Illston, who just a couple of weeks ago ruled NSLs unconstitutional.

Last month, Google began to include National Security Letter requests (demands?) in its Transparency Report, which also discloses users data requests made by governments using search warrants and subpoenas, as well as content removal requests. The NSL info is vague – Google reported somewhere between 0 and 999 NSLs affecting between 1000 and 1999 users last year. This info is vague because of the laws concerning NSLs and their inherent secrecy.

Google said that they worked with the FBI to lossen this secrecy ever so slightly to allow for their inclusion in the Transparency Report.

“You’ll notice that we’re reporting numerical ranges rather than exact numbers. This is to address concerns raised by the FBI, Justice Department and other agencies that releasing exact numbers might reveal information about investigations,” said Google.

But it appears that Google is now actually fighting the NSLs in court.

“The people who are in the best position to challenge the practice are people like Google,” said EFF attorney Matt Zimmerman. “So far no one has really stood up for their users.”

Google has declined to comment.

The Hill reports that Rep. Hank Jonhson sent a letter to Google CEO Larry Page this week demanding answers in regards to Google Play’s apparent privacy issues. You may remember Hank Johnson from last year’s AppRights movement that sought to regulate how much information apps could take from users.

In the letter, Johnson says that Google’s sharing of consumers’ personal information with developers could have a number of negative consequences. Here’s the three he lists:

First, sharing certain personal information like a physical address may harm consumers. In the past, unscrupulous sellers have used physical addresses to threaten consumers who posted negative reviews of products or services online. According to an article in the New York Times in 2010, an online vendor of physical items used consumer information to threaten women who complained about overcharges and abusive customer service. In one instance, the vendor sent a photograph of the woman’s apartment with an email that warned “I AM WATCHING YOU!” to discourage further complaints. Although that instance involved a clear and present threat, the mere knowledge that criticizing an app is potentially harmful is also a threat to free and unencumbered speech. The harms of this chilling effect go beyond consumers. Developers use criticism and comments to improve products, resolve disputes, and grow as a company as they tinker with apps to improve them.

Second, sharing physical addresses may endanger the safety of children online. Many parents allow young children to use their parents’ mobile device for safety or financial reasons. It may concern or surprise these families to discover their child’s purchase of an app aimed to children also provides the child’s address. Beyond eclipsing parents’ expectations for children’s privacy on mobile device, these circumstances could also give rise to devastating harms.

Finally, over-sharing personal data may pose security risks. A third party may use paid apps that are purchasable through Google Play to cull personal data – physical location or otherwise – for identity theft. Just as a consumer has notice when app uses their geolocation, they should also have notice when their address is shared.

Now, Johnson doesn’t think developers are using consumers’ personal data in nefarious ways. He’s more or less curious as to why Google allows the sharing of this information in the first place. As such, he has posed a number of questions to Page in regards to the policy.

(1) Unlike some competitors in the mobile app ecosystem, Google acts as a marketplace for developers to exchange goods and services with consumers.
a. Please describe how an open marketplace benefits consumers.
b. How does a consumer’s experience on Google Play via a mobile device compare with their experience purchasing goods in other marketplaces?

(2) Please discuss the types of information shared with developers through Google Wallet.
a. How is this information necessary for developers to process transactions?
b. What other purposes does sharing this information serve?
c. How is the breadth of information shared proportionate to Google’s need to share it?
d. Have any harms or breaches of trust occurred because of this sharing?

(3) The Google Wallet Privacy Policy states that it only shares information with third parties like developers as permitted until the Google Privacy Policy or as necessary for transactions.
a. What is the process for the consumer to obtain notice in this statement or in the Google Privacy Policy?
b. Is there a moment during purchasing an app where they learn that their address is disclosed as part of purchasing an app through Google Play?
c. Was this also the policy for payment processing before Google Play?

(4) The Google Wallet Privacy Policy states that Google is not responsible for how developers or other third parties choose to use or share consumer information.
a. What precautions does Google take to avoid harmful uses of consumer’s data by third parties?
b. Are there any mechanisms in place to mitigate the exploitation of data by third parties?

Google has until February 28 to provide an answer. Knowing the company, it will probably address some of the questions posed by Johnson, but not all.

A study from the Ponemon Institute found that Mozilla was the most trusted Internet company for privacy in 2012. The non-profit ranked number one in the Internet & Social Media category and number 20 overall. The study doesn’t detail the competition, but we can assume that Mozilla beat out the likes of Google, Facebook and Twitter.

In accepting the award, Mozilla says that it doesn’t strive to win awards when it comes to its users’ privacy:

This is certainly quite a distinction and the product of a user-centric philosophy implemented by contributors to the Mozilla project over the past decade. Engineers, UX designers, security, engagement, IT and privacy folks have made thousands of small decisions over the years that have collectively created the user trust reflected by this survey. This recognition is not something we sought, as we don’t view privacy as an end unto itself, but it’s greatly appreciated given all the complexities and nuances associated with privacy and security today.

That being said, Mozilla finds that the rankings only detail the inherent distrust consumers have for online services. It hopes that itself and others can fix that perception going forward:

The rankings have another implication. It means we as an industry all have a lot more work to do. It’s unfortunate that users largely distrust the ecosystem of online service and application providers. What we really want is an environment where those of us developing Internet and social media services and applications deepen trust in a way that empowers and protects users and engenders confidence. We all have to continue our efforts — both big and small — to create a more trustworthy environment of online products that seamlessly integrate ease of use, transparency, and user choice.

Speaking of other companies, Google and Facebook both detailed new privacy initiatives today to coincide with Data Privacy Day. Google says that it requires search warrants whenever law enforcement requests a user’s information. It also notifies users when their information is being requested. As for Facebook, the company’s Chief Privacy Officer, Erin Egan, will be accepting questions from users to keep the privacy dialog transparent and accessible to all.

Now, iPhone users in the UK are getting together to sue Google over the debacle. The Guardian reports:

At least 10 British iPhone users have started legal proceedings and dozens more are being lined up, according to Dan Tench, the lawyer behind the action at the London-based firm Olswang.

“This is the first time Google has been threatened with a group claim over privacy in the UK,” he said. “It is particularly concerning how Google circumvented security settings to snoop on its users. One of the things about Google is that it is so ubiquitous in our lives and if that’s its approach then it’s quite concerning.”

There is a Facebook Group called “Safari Users Against Google’s Secret Tracking,” which has been set up by the law firm in connection with the users who are going after Google. In the “About” section, the description says:

This group has been set up to provide information for anyone who used the Safari internet browser between September 2011 and February 2012, and who was illegally tracked by Google.

If you have concerns or want to join the action, contact us via this group and we will share your views or put you in touch with the legal team.

It will be interesting to see how many users get on board with this, and what it ends up meaning for Google. A press release from Olswang has more on the case.

“First, for several years we have advocated for updating laws like the U.S. Electronic Communications Privacy Act, so the same protections that apply to your personal documents that you keep in your home also apply to your email and online documents. We’ll continue this effort strongly in 2013 through our membership in the Digital Due Process coalition and other initiatives,” says Google SVP and Chief Legal Officer, David Drummond. “Second, we’ll continue our long-standing strict process for handling these kinds of requests. When government agencies ask for our users’ personal information—like what you provide when you sign up for a Google Account, or the contents of an email—our team does several things.”

These include: scrutinizing requests to make sure they satisfy the law and Google’s policies, evaluating the scope of the request, notifying users about legal demands “when appropriate,” and requiring government agencies conducting criminal investigations to use a search warrant before Google will provide a user’s search query info and private content from Google accounts.

Drummond elaborates on each of these things here.

As part of the third initiative, Google has added a new section to its transparency report which answers a variety of questions users might have about the legal process.

Last week, Google released the latest update to its Transparency Report, as it does every six months. More on what was included in that here. Hint: government requests for user data have been increasing in the U.S. and around the world.