Senate Republicans demand Google hand over memo advising it to hide data vulnerability

Senate Republicans demand Google hand over memo advising it to hide data vulnerability
© Getty Images

A trio of top Senate Republicans is demanding that Google hand over an internal memo that reportedly advised the company not to disclose a vulnerability that exposed hundreds of thousands of Google Plus users because it would draw attention from regulators.

The Wall Street Journal reported the existence of the memo on Monday shortly before Google revealed the software bug that exposed the private information of up to 500,000 users of its social media platform to third-party developers.

The memo from Google’s legal and policy staff advised the company’s leadership that going public about the vulnerability would invite “immediate regulatory interest” at a time when fellow tech giant Facebook is facing a firestorm over its Cambridge Analytica scandal.

On Thursday, Senate Commerce Committee Chairman John ThuneJohn Randolph ThuneWill Trump sign the border deal? Here's what we know Key GOP senator pitches Trump: Funding deal a 'down payment' on wall Hillicon Valley: House panel takes on election security | DOJ watchdog eyes employee texts | Senate Dems urge regulators to block T-Mobile, Sprint deal | 'Romance scams' cost victims 3M in 2018 MORE (R-S.D.) sent a letter to Google demanding answers.

“At the same time that Facebook was learning the important lesson that tech firms must be forthright with the public about privacy issues, Google apparently elected to withhold information about a relevant vulnerability for fear of public scrutiny,” the letter reads. “We are especially disappointed given that Google’s chief privacy officer testified before the Senate Commerce Committee on the issue of privacy on September 26, 2018—just two weeks ago—and did not take the opportunity to provide information regarding this very relevant issue to the Committee.”

The letter was also signed by two Republicans chairman of subcommittees with oversight of technology companies, Sens. Jerry MoranGerald (Jerry) MoranSenators optimistic about reaching funding deal GOP senators read Pence riot act before shutdown votes On The Money: Shutdown Day 26 | Pelosi calls on Trump to delay State of the Union | Cites 'security concerns' | DHS chief says they can handle security | Waters lays out agenda | Senate rejects effort to block Trump on Russia sanctions MORE (Kan.) and Roger WickerRoger Frederick WickerTrump signs executive order to boost AI technology Hillicon Valley: Feds looking into Bezos claims about National Enquirer | Amazon reconsidering New York City HQ2 move | Sprint sues AT&T over 5G marketing claims Senate to hold hearing on potential privacy bill MORE (Miss.).

A spokeswoman for Google did not immediately respond when asked for comment by The Hill.

The company has said that it didn’t immediately disclose the incident because it couldn’t determine the extent of the exposure. It has also announced that it will shut down Google Plus.

Lawmakers have been lashing out at Google since the vulnerability and the delayed disclosure were revealed this week. The internet search giant is required by a 2011 settlement with the Federal Trade Commission (FTC) to submit to independent audits of its privacy program every two years.

The Hill reported this week that the latest privacy audit by the accounting firm Ernst and Young cleared Google’s privacy practices. Though it’s heavily redacted, the document appears to make no mention of the incident.

In his letter, Thune asked if Google had disclosed the vulnerability to Ernst and Young and, if it hadn’t, to explain the decision to withhold the information.

“As the Senate Commerce Committee works toward legislation that establishes a nationwide privacy framework to protect consumer data, improving transparency will be an essential pillar of the effort to restore Americans’ faith in the services they use,” the letter reads. “It is for this reason that the reported contents of Google’s internal memo are so troubling.”