Senate Republicans demand Google hand over memo advising it to hide data vulnerability

Senate Republicans demand Google hand over memo advising it to hide data vulnerability
© Getty Images

A trio of top Senate Republicans is demanding that Google hand over an internal memo that reportedly advised the company not to disclose a vulnerability that exposed hundreds of thousands of Google Plus users because it would draw attention from regulators.

The Wall Street Journal reported the existence of the memo on Monday shortly before Google revealed the software bug that exposed the private information of up to 500,000 users of its social media platform to third-party developers.

The memo from Google’s legal and policy staff advised the company’s leadership that going public about the vulnerability would invite “immediate regulatory interest” at a time when fellow tech giant Facebook is facing a firestorm over its Cambridge Analytica scandal.

On Thursday, Senate Commerce Committee Chairman John ThuneJohn Randolph ThuneSchumer blasts 'red flag' gun legislation as 'ineffective cop out' Lawmakers jump-start talks on privacy bill Trump border fight throws curveball into shutdown prospects MORE (R-S.D.) sent a letter to Google demanding answers.

“At the same time that Facebook was learning the important lesson that tech firms must be forthright with the public about privacy issues, Google apparently elected to withhold information about a relevant vulnerability for fear of public scrutiny,” the letter reads. “We are especially disappointed given that Google’s chief privacy officer testified before the Senate Commerce Committee on the issue of privacy on September 26, 2018—just two weeks ago—and did not take the opportunity to provide information regarding this very relevant issue to the Committee.”

The letter was also signed by two Republicans chairman of subcommittees with oversight of technology companies, Sens. Jerry MoranGerald (Jerry) MoranSenators introduce bill aimed at protecting Olympic athletes in response to abuse scandals Overnight Defense: Senate fails to override Trump veto on Saudi arms sales | Two US troops killed in Afghanistan | Senators tee up nominations, budget deal ahead of recess Senate fails to override Trump veto on Saudi arms sale MORE (Kan.) and Roger WickerRoger Frederick WickerHillicon Valley: Trump reportedly weighing executive action on alleged tech bias | WH to convene summit on online extremism | Federal agencies banned from buying Huawei equipment | Lawmakers jump start privacy talks The Hill's Morning Report - How will Trump be received in Dayton and El Paso? Lawmakers jump-start talks on privacy bill MORE (Miss.).

A spokeswoman for Google did not immediately respond when asked for comment by The Hill.

The company has said that it didn’t immediately disclose the incident because it couldn’t determine the extent of the exposure. It has also announced that it will shut down Google Plus.

Lawmakers have been lashing out at Google since the vulnerability and the delayed disclosure were revealed this week. The internet search giant is required by a 2011 settlement with the Federal Trade Commission (FTC) to submit to independent audits of its privacy program every two years.

The Hill reported this week that the latest privacy audit by the accounting firm Ernst and Young cleared Google’s privacy practices. Though it’s heavily redacted, the document appears to make no mention of the incident.

In his letter, Thune asked if Google had disclosed the vulnerability to Ernst and Young and, if it hadn’t, to explain the decision to withhold the information.

“As the Senate Commerce Committee works toward legislation that establishes a nationwide privacy framework to protect consumer data, improving transparency will be an essential pillar of the effort to restore Americans’ faith in the services they use,” the letter reads. “It is for this reason that the reported contents of Google’s internal memo are so troubling.”