Senate Republicans demand Google hand over memo advising it to hide data vulnerability

Senate Republicans demand Google hand over memo advising it to hide data vulnerability
© Getty Images

A trio of top Senate Republicans is demanding that Google hand over an internal memo that reportedly advised the company not to disclose a vulnerability that exposed hundreds of thousands of Google Plus users because it would draw attention from regulators.

The Wall Street Journal reported the existence of the memo on Monday shortly before Google revealed the software bug that exposed the private information of up to 500,000 users of its social media platform to third-party developers.

The memo from Google’s legal and policy staff advised the company’s leadership that going public about the vulnerability would invite “immediate regulatory interest” at a time when fellow tech giant Facebook is facing a firestorm over its Cambridge Analytica scandal.

ADVERTISEMENT
On Thursday, Senate Commerce Committee Chairman John ThuneJohn Randolph ThuneOn The Money: Trump, Dems battle over border wall before cameras | Clash ups odds of shutdown | Senators stunned by Trump's shutdown threat | Pelosi calls wall 'a manhood thing' for Trump Senators dumbfounded by Trump vow to shut down government The Hill's Morning Report — Trump shakes up staff with eye on 2020, Mueller probe MORE (R-S.D.) sent a letter to Google demanding answers.

“At the same time that Facebook was learning the important lesson that tech firms must be forthright with the public about privacy issues, Google apparently elected to withhold information about a relevant vulnerability for fear of public scrutiny,” the letter reads. “We are especially disappointed given that Google’s chief privacy officer testified before the Senate Commerce Committee on the issue of privacy on September 26, 2018—just two weeks ago—and did not take the opportunity to provide information regarding this very relevant issue to the Committee.”

The letter was also signed by two Republicans chairman of subcommittees with oversight of technology companies, Sens. Jerry MoranGerald (Jerry) MoranSenators want assurances from attorney general pick on fate of Mueller probe Overnight Defense: Senate rebukes Trump with Yemen vote | Mattis, Pompeo briefing fails to quell Senate concerns with Saudis | Graham demands CIA briefing on Khashoggi | Pentagon identifies three troops killed in Afghanistan McConnell, Flake clash over protecting Mueller probe MORE (Kan.) and Roger WickerRoger Frederick WickerAlmost half of US residents don't use broadband internet: study Afghanistan war at a stalemate, top general tells lawmakers Grassley open to legislation making it tougher for Trump to impose tariffs on national security grounds MORE (Miss.).

A spokeswoman for Google did not immediately respond when asked for comment by The Hill.

The company has said that it didn’t immediately disclose the incident because it couldn’t determine the extent of the exposure. It has also announced that it will shut down Google Plus.

Lawmakers have been lashing out at Google since the vulnerability and the delayed disclosure were revealed this week. The internet search giant is required by a 2011 settlement with the Federal Trade Commission (FTC) to submit to independent audits of its privacy program every two years.

The Hill reported this week that the latest privacy audit by the accounting firm Ernst and Young cleared Google’s privacy practices. Though it’s heavily redacted, the document appears to make no mention of the incident.

In his letter, Thune asked if Google had disclosed the vulnerability to Ernst and Young and, if it hadn’t, to explain the decision to withhold the information.

“As the Senate Commerce Committee works toward legislation that establishes a nationwide privacy framework to protect consumer data, improving transparency will be an essential pillar of the effort to restore Americans’ faith in the services they use,” the letter reads. “It is for this reason that the reported contents of Google’s internal memo are so troubling.”