ProPublica

Journalism in the Public Interest

Cancel

Announcing $22.5 Million Fine, FTC Says It Investigated Google’s Internet Tracking Early On

The trade commission now says it was looking into Google “well before” the company was outed by published reports saying the company secretly tracked Internet users.

.

In a phone call with reporters today, senior FTC official David Vladeck, above, said the trade commission was investigating Google "well before" the company was outed by published reports saying the company secretly tracked Internet users. (Alex Brandon/AP Photo)

The Federal Trade Commission today announced a $22.5 million fine against Google for circumventing settings on Safari Internet browsers and planting advertising cookies without user consent — a subject we wrote about in June.

The size of the fine — a record amount for an FTC privacy case — had been reported earlier by The Wall Street Journal, so the settlement was no surprise. But in a conference call with reporters, senior FTC official David Vladeck once again criticized our story, which was co-published with Wired and focused on whether the agency had adequate means to aggressively police online privacy.

"There was almost nothing in the Wired article that was correct," Vladeck said. The FTC did not take our questions during the call; we already have addressed the agency's specific criticisms at length.

Among other things, our story reported that Stanford researcher Jonathan Mayer had scooped the FTC by discovering how the Google cookies worked, then publishing the findings on his blog the same day — Feb. 17 — on which The Wall Street Journal wrote that Mayer had spotted them.

The FTC disputed that it had been scooped, but the agency declined to say what it knew before Mayer. Officials previously said they were unable to comment because that might reveal whether there was an investigation.

Today, Vladeck said, "We were investigating this well before there was any publication in The Wall Street Journal or otherwise." Separately, the FTC pointed to a blog post today by Ed Felten, the agency's outgoing chief technologist. Felten wrote that in mid-December of 2011, he recorded a Google file that could override a Safari user's controls.

(Cookies are small files used by online advertisers to track browsing activity and send targeted ads to consumers.)

After Vladeck's remarks today, we again asked the FTC about the timing and source of its discovery of the Google cookies. They declined to answer all our questions (see below), including how they learned about the cookies and when they heard from Mayer about them. Instead, the FTC suggested filing a Freedom of Information Act request:

From: Peter Maass
Sent: Thursday, August 09, 2012 12:40 PM
To: Farrell, Claudia B.; Prewett, Cecelia
Subject: Questions

August 9, 2012

Dear Cecilia and Claudia,

I participated in the media conference call this morning and tried to ask a question (as did a colleague at ProPublica) but unfortunately we weren't given the opportunity to do so.

In light of David Vladeck saying the FTC knew of the Google cookies before the Wall Street Journal published its story, I would like to ask the following:

1) On what date did the FTC first learn about the Google cookies?
2) From whom did the FTC first learn about them?
3) On what date did the FTC — anyone at the FTC, including Ed Felten — first hear from Jonathan Mayer about the Google cookies?
4) On what date did the FTC officially open its investigation into the Google cookies?

As Mr. Vladeck has now spoken publicly about the issue of timing, we look forward to the FTC providing more information on the issue.

As this is a breaking news story, I would be very grateful if you could respond this afternoon.

Respectfully,

Peter Maass

----

From: Farrell, Claudia B.
Date: August 9, 2012 1:32:07 PM EDT
To: Peter Maass, Prewett, Cecelia
Subject: RE: Questions

Peter, It will accelerate our ability to respond to your questions if you will use the FOIA request form on the FTC home page at FTC.gov. If you have trouble finding it, let me know. I'll send you a link.

Claudia

-----

From: Peter Maass
Date: August 9, 2012 3:35:51 PM EDT
To: Farrell, Claudia B
Subject: Re: Questions

August 9, 2012

Dear Claudia,

The Freedom of Information Act has proved a valuable tool for journalists to obtain government emails and other documents. We have used it many times and we will do so in this case.

That said, we find it unusual that our modest questions would require a FOIA request. For example, on Twitter this afternoon the FTC said it found out about the Google cookies before media reports, and David Vladeck said much the same in his media conference call this morning. Thus, the issue of timing has already been discussed publicly by the FTC.

If you continue to refuse to answer our questions, we would appreciate an explanation of why a FOIA request is necessary to obtain the answers. As we plan to publish a story this afternoon, we would appreciate a response as soon as possible, so that we can include it.

Respectfully,

Peter Maass

-----

On Aug 9, 2012, at 4:40 PM, Farrell, Claudia B. wrote:

"I recorded this file in mid-December, 2011."

http://techatftc.wordpress.com/2012/08/09/google/

-----

From: Peter Maass
Sent: Thursday, August 09, 2012 5:22 PM
To: Farrell, Claudia B.
Subject: Re: FTC Settles with Google over Cookie Control Override | Tech @ FTC

August 9, 2012

Claudia, thank you for this. This seems to answer my first question. Could you now answer the other questions--

--From whom did the FTC first learn about the cookies?
--On what date did the FTC — anyone at the FTC, including Ed Felten — first hear from Jonathan Mayer about the Google cookies?
--On what date did the FTC officially open its investigation into the Google cookies?

Also, with the investigation completed and the settlement announced, I would like to interview Ed Felten as soon as possible. Could you please arrange this?

Respectfully,

Peter Maass

-----

Begin forwarded message:
From: "Farrell, Claudia B."
Date: August 9, 2012 5:51:56 PM EDT
To: Peter Maass
Subject: RE: FTC Settles with Google over Cookie Control Override | Tech @ FTC

You'll have to FOIA that.

It’s good that the FTC investigated, but what is the point of the $22.5 million fine?  Google averaged net earnings of $31 million/day during the last quarter.  And depending on the exact wording of this settlement, the fine could even be tax deductible!

Regulatory agencies and lawmakers seem to see fines as the ultimate punishment for businesses.  But fines are totally arbitrary and can be devastating to one business while being just another cost centre to another.

Fining individuals for business decisions may seem like the way to go, but the businesses end up paying the fines.

People need to feel the penalties when they are in charge of companies that break the law.  Jail, community service, restriction of freedoms, should all be options in this kind of situation.  Actually punish the perpetrator and not just the shareholder.

OK, Google got a slap on the wrist.

Now what about Apple, with their well-publicized facility for apps to download your address book, which everybody considered “standard practice” before it was in the news.  Is that even on the charts?  Nobody at the FTC cares that they didn’t bother with security?  Nobody cares that so many app developers thought this was acceptable behavior?

What about Facebook tracking everybody who sees one of those “share” or “like” buttons, and trying to associate it with the user’s profile?

I’m sure we could go on with the list.  Google has become a royal pain since the IPO, but in comparison to a lot of the other companies out there, they might as well be saints.  I don’t mean that they should get off—the settlement is a joke.  But is this just the start, or is the FTC going back to sleep now?

Philip de Louraille

Aug. 10, 2012, 4:19 p.m.

Ah, if only the government would go after the banks and other financial institutions like they are going after privacy. Oh. I see… Google has not yet contributed enough with members of Congress…

{(Cookies are small files used by online advertisers to track browsing activity and send targeted ads to consumers.)}

It should be noted that nobody need receive targeted advertising if they have a browser add-on that prevents its reception. All major browsers offer such an add-on.

So, why the hullaballoo?

@lafayette

Read the first paragraph of the article: “for circumventing settings on Safari Internet browsers and planting advertising cookies without user consent”