经过了数年关于Google+即将关闭的猜测后,谷歌公司将停止Google+的消费者服务。原因为何?请由本期Quiosity带你一探究竟。
the Shut Down
Google is shutting down much of its social network, Google+, after user data was left exposed.
在用户数据遭到泄露后,谷歌选择关闭其社交网络平台Google+。
It said a bug in its software meant information that people believed was private had been accessible by third parties. Google said up to 500,000 users had been affected. Shares in Google's parent company Alphabet fell by 1.23%.
谷歌表示,该平台中的一个漏洞导致用户的隐私信息被第三方所获取。它还表示,数据泄露影响了多达 50 万个账户。谷歌的母公司Alphabet的股票下跌了1.23%。
This March, as Facebook was coming under global scrutiny over the harvesting of personal data for Cambridge Analytica, Google discovered a skeleton in its own closet: a bug in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends.
今年3月,正当Facebook由于将私人信息泄露给剑桥分析公司而受到全球的监管时,谷歌也难逃家丑:Google+的API(Application Programming Interface应用程序编程接口)中的一个漏洞导致第三方应用程序被允许访问用户数据,这些数据包括已授权的用户及其好友的数据。
If that sounds familiar, it’s because it’s almost exactly the scenario that got Mark Zuckerberg dragged in front of the US Congress. The parallel was not lost on Google, and the company chose not to disclose the data leak, the Wall Street Journal revealed Monday, in order to avoid the public relations headache and potential regulatory enforcement.
这个问题听起来并不陌生,因为这几乎与马克·扎克伯格在美国国会被质问的问题一模一样。华尔街日报10月8日透露,该公司选择不披露数据泄露事故,是为了避免令人头痛的舆论压力和可能引起的监管执法。
Disclosure will likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”, Google policy and legal officials wrote in a memo obtained by the Journal. It “almost guarantees Sundar will testify before Congress”, the memo said, referring to the company’s CEO, Sundar Pichai. The disclosure would also invite “immediate regulatory interest”.
根据华尔街日报获得的一份备忘录显示,谷歌的政策与法律部门的工作人员担心,“尽管在Facebook面临剑桥分析公司数据泄漏丑闻的时候,谷歌避免成为被关注的对象,但披露这一漏洞很有可能会导致“谷歌被拿来和Facebook比较,甚至转而成为焦点”。而谷歌公司首席执行官桑德尔·皮蔡(Sundar Pichai)因此“几乎可以确定需要向国会作证”,且批露这一漏洞会“立即引发监管部门的兴趣”。
Google's Reaction
Shortly after the story was published, Google announced that it will shut down consumer access to Google+ and improve privacy protections for third-party applications.
在这一漏洞披露不久后,谷歌宣布将关闭旗下社交软件Google+的消费者访问功能,并完善针对第三方应用的隐私保护。
In a blog post about the shutdown, Google disclosed the data leak, which it said potentially affected up to 500,000 accounts. Up to 438 different third-party applications may have had access to private information due to the bug, but Google apparently has no way of knowing whether they did because it only maintains logs of API use for two weeks.
谷歌在关闭Google+的博客中公开了这一可能影响高达500000个账户的数据泄露问题。有438个第三方应用可以通过这一漏洞获取用户的私人信息,但是谷歌似乎无法判断信息是否被窃取,因为API使用日志只被保留两周。
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused,” Ben Smith, the vice-president of engineering, wrote in the blogpost.
工程副总裁本·史密斯(Ben Smith)在博客中表示“我们目前还没有发现外部开发者认识到了这一漏洞的证据,也没有发现滥用API和用户数据的情况。“
Smith defended the decision not to disclose the leak, writing: “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.”
史密斯先生为公司隐瞒隐私漏洞而辩护,他写道:“一旦用户数据可能被涉及,我们都会采取比法律要求更严格的措施,根据多项重在保护用户的标准来决定是否向公众发出警告。”
"None of the thresholds for public disclosure were met," Smith said.
"而所有公开披露漏洞的门槛都尚未达到,"史密斯先生说。
There is no federal law that obliges Google to disclose data leaks, but there are laws at a state level. In California, where Google is headquartered, companies are only required to disclose a data leak if it includes both an individual’s name and their Social Security number, ID card or driver’s license number, license plate, medical information or health insurance information.
没有联邦法律要求谷歌公开数据漏洞,但是在州际层面却有相关法律。在加利福尼亚州的谷歌总部处,公司并不被要求披露数据漏洞,除非它包含了个人的名字以及该用户的社会安全号、身份证或是驾照、牌照、医疗信息或者健康保险信息。
Google also announced a series of reforms to its privacy policies designed to give users more control on the amount of data they share with third-party app developers.
谷歌还宣布将对其针对用户隐私政策进行一系列的改革,旨在让用户对与第三方应用程序的开发人员共享的数据数量有更多的控制权。
Users will now be able to have more “fine grained” control over the various aspects of their Google accounts that they grant to third-parties (ie calendar entries v Gmail), and Google will further limit third-parties’ access to email, SMS, contacts and phone logs.
用户如今将可以对其同意授予第三方的谷歌账户的各个方面拥有更精细的控制权(如通过Gmail创建谷歌日历),同时谷歌将会进一步限制第三方访问用户的电子邮件、SMS、联系人以及通话记录。
经过了数年关于Google+即将关闭的猜测后,谷歌公司将停止Google+的消费者服务。原因为何?请由本期Quiosity带你一探究竟。
the Shut Down
Google is shutting down much of its social network, Google+, after user data was left exposed.
在用户数据遭到泄露后,谷歌选择关闭其社交网络平台Google+。
It said a bug in its software meant information that people believed was private had been accessible by third parties. Google said up to 500,000 users had been affected. Shares in Google's parent company Alphabet fell by 1.23%.
谷歌表示,该平台中的一个漏洞导致用户的隐私信息被第三方所获取。它还表示,数据泄露影响了多达 50 万个账户。谷歌的母公司Alphabet的股票下跌了1.23%。
This March, as Facebook was coming under global scrutiny over the harvesting of personal data for Cambridge Analytica, Google discovered a skeleton in its own closet: a bug in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends.
今年3月,正当Facebook由于将私人信息泄露给剑桥分析公司而受到全球的监管时,谷歌也难逃家丑:Google+的API(Application Programming Interface应用程序编程接口)中的一个漏洞导致第三方应用程序被允许访问用户数据,这些数据包括已授权的用户及其好友的数据。
If that sounds familiar, it’s because it’s almost exactly the scenario that got Mark Zuckerberg dragged in front of the US Congress. The parallel was not lost on Google, and the company chose not to disclose the data leak, the Wall Street Journal revealed Monday, in order to avoid the public relations headache and potential regulatory enforcement.
这个问题听起来并不陌生,因为这几乎与马克·扎克伯格在美国国会被质问的问题一模一样。华尔街日报10月8日透露,该公司选择不披露数据泄露事故,是为了避免令人头痛的舆论压力和可能引起的监管执法。
Disclosure will likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”, Google policy and legal officials wrote in a memo obtained by the Journal. It “almost guarantees Sundar will testify before Congress”, the memo said, referring to the company’s CEO, Sundar Pichai. The disclosure would also invite “immediate regulatory interest”.
根据华尔街日报获得的一份备忘录显示,谷歌的政策与法律部门的工作人员担心,“尽管在Facebook面临剑桥分析公司数据泄漏丑闻的时候,谷歌避免成为被关注的对象,但披露这一漏洞很有可能会导致“谷歌被拿来和Facebook比较,甚至转而成为焦点”。而谷歌公司首席执行官桑德尔·皮蔡(Sundar Pichai)因此“几乎可以确定需要向国会作证”,且批露这一漏洞会“立即引发监管部门的兴趣”。
Google's Reaction
Shortly after the story was published, Google announced that it will shut down consumer access to Google+ and improve privacy protections for third-party applications.
在这一漏洞披露不久后,谷歌宣布将关闭旗下社交软件Google+的消费者访问功能,并完善针对第三方应用的隐私保护。
In a blog post about the shutdown, Google disclosed the data leak, which it said potentially affected up to 500,000 accounts. Up to 438 different third-party applications may have had access to private information due to the bug, but Google apparently has no way of knowing whether they did because it only maintains logs of API use for two weeks.
谷歌在关闭Google+的博客中公开了这一可能影响高达500000个账户的数据泄露问题。有438个第三方应用可以通过这一漏洞获取用户的私人信息,但是谷歌似乎无法判断信息是否被窃取,因为API使用日志只被保留两周。
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused,” Ben Smith, the vice-president of engineering, wrote in the blogpost.
工程副总裁本·史密斯(Ben Smith)在博客中表示“我们目前还没有发现外部开发者认识到了这一漏洞的证据,也没有发现滥用API和用户数据的情况。“
Smith defended the decision not to disclose the leak, writing: “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.”
史密斯先生为公司隐瞒隐私漏洞而辩护,他写道:“一旦用户数据可能被涉及,我们都会采取比法律要求更严格的措施,根据多项重在保护用户的标准来决定是否向公众发出警告。”
"None of the thresholds for public disclosure were met," Smith said.
"而所有公开披露漏洞的门槛都尚未达到,"史密斯先生说。
There is no federal law that obliges Google to disclose data leaks, but there are laws at a state level. In California, where Google is headquartered, companies are only required to disclose a data leak if it includes both an individual’s name and their Social Security number, ID card or driver’s license number, license plate, medical information or health insurance information.
没有联邦法律要求谷歌公开数据漏洞,但是在州际层面却有相关法律。在加利福尼亚州的谷歌总部处,公司并不被要求披露数据漏洞,除非它包含了个人的名字以及该用户的社会安全号、身份证或是驾照、牌照、医疗信息或者健康保险信息。
Google also announced a series of reforms to its privacy policies designed to give users more control on the amount of data they share with third-party app developers.
谷歌还宣布将对其针对用户隐私政策进行一系列的改革,旨在让用户对与第三方应用程序的开发人员共享的数据数量有更多的控制权。
Users will now be able to have more “fine grained” control over the various aspects of their Google accounts that they grant to third-parties (ie calendar entries v Gmail), and Google will further limit third-parties’ access to email, SMS, contacts and phone logs.
用户如今将可以对其同意授予第三方的谷歌账户的各个方面拥有更精细的控制权(如通过Gmail创建谷歌日历),同时谷歌将会进一步限制第三方访问用户的电子邮件、SMS、联系人以及通话记录。
Opinions
David Carroll is a US professor who sued Cambridge Analytica earlier this year to find out what data the company had stored about him. He said that given the legal issues Facebook faces over its Cambridge Analytica cover-up, it’s not surprising Google tried to keep the leak out of the public eye.
美国教授大卫·卡罗尔(David Carroll)为查明剑桥分析公司(Cambridge Analytica)存有的关于他的数据,于今年早期起诉了这家公司。他说,鉴于剑桥分析公司的掩盖行为给脸书带来的法律问题,谷歌试图向公众隐瞒此次数据泄露事件的举动并不奇怪。
“Google is right to be concerned and the shutdown of Google+ shows how disposable things really are in the face of accountability,” he said.
谷歌的担心是对的。关闭Google+这一举措也说明,在承担数据泄露的重大责任面前,其他都是可以舍弃的。
For others, the leak was further evidence that the large technology platforms need more regulatory oversight.
同时,泄露事件也进一步说明大型技术平台需要更多的管理和监督。
“Monopolistic internet platforms like Google and Facebook are probably ‘too big to secure’ and are certainly ‘too big to trust’ blindly,” said Jeff Hauser, from the Centre for Economic and Policy Research.
经济和政治研究中心的杰夫·霍瑟(Jeff Hauser)说:“像谷歌和脸书这样垄断的网络平台也许‘过大而难以确保安全’,并且注定因为‘过大而不能盲目地相信’”。
He argued that the US Federal Trade Commission should move toward “breaking these platforms up”.
他表示,美国联邦贸易委员会(FTC)应当朝“打破平台垄断”的方向努力。
“In the interim, since we cannot trust that we know much or even most of what ought to concern the public, the FTC should install public-minded privacy monitors into the firms as an element of accountability.”
“在过渡时期,由于我们不能相信我们已经充分甚至较大程度地了解与公众密切相关的事件,美国联邦贸易委员会(FTC)应当将公众隐私的监督作为责任的一部分落实到这些公司。”
Related Reading
Google+:Failed venture
Google+ was launched in 2011, quickly becoming known as a failed attempt to compete with Facebook.
Google+推出于2011年,但很快成为与脸书竞争的一个失败的尝试。
Now, after several years of speculation that it was going to be shut down, Google is bringing Google+ for consumers to an end.
如今,在经过了数年关于Google+即将关闭的猜测后,谷歌公司将停止Google+的消费者服务。
Google said it would continue to offer private Google+ powered networks for businesses currently using the software.
谷歌称将为仍在使用这款软件的商户继续提供私有Google+网络服务。
"It has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps," wrote Ben Smith, Google's vice president of engineering, in a blog post on Monday.
谷歌公司工程副总裁本·史密斯在他周一的博客中写道:“(这款软件)并没有赢得广阔的消费者群体抑或是开发者群体,并且用户与应用平台的交互也很有限。”
In the past, the company had been reluctant to share data on how often Google+ was used, but now, facing the fall out of exposed data, the firm appears keen to play down its importance.
过去谷歌公司不愿意对外展示Google+的使用率,但是面对数据泄露事件的发生,谷歌似乎正热衷于淡化其重要性。
"The consumer version of Google+ currently has low usage and engagement: 90% of Google+ user sessions are less than five seconds."
“Google+消费者版本的使用率较低,参与度也不高:在该软件中,90%的用户会话时长少于五秒钟。”
Facebook’s data scandal
The Facebook–Cambridge Analytica data scandal was a major political scandal in early 2018 when it was revealed Cambridge Analytica, a company that had worked on Donald Trump's US presidential election campaign, had harvested the personal data of millions of people's Facebook profiles without their consent and used it for political purposes. It has been described as a watershed moment in the public understanding of personal data and precipitated a massive fall in Facebook's stock price and calls for tighter regulation of tech companies' use of data.
“Facebook-剑桥数据分析公司”的数据丑闻是2018年年初重要的政治丑闻。据披露,在为唐纳德·特朗普竞选美国总统服务期间,剑桥数据分析公司曾在未经百万Facebook用户同意的情况下窃取他们的个人档案数据,并将它们付之政治用途。这一事件被认为是公众对个人信息数据理解的转折点,并引发了Facebook股价的大规模下跌以及关于加强科技公司数据使用规范的强烈呼声。
Sources:BBC news The Guardian
编译|刘与晨 杨二一 产雨欣 郑可意 邱思怡
排版|邱思怡
经过了数年关于Google+即将关闭的猜测后,谷歌公司将停止Google+的消费者服务。原因为何?请由本期Quiosity带你一探究竟。
the Shut Down
Google is shutting down much of its social network, Google+, after user data was left exposed.
在用户数据遭到泄露后,谷歌选择关闭其社交网络平台Google+。
It said a bug in its software meant information that people believed was private had been accessible by third parties. Google said up to 500,000 users had been affected. Shares in Google's parent company Alphabet fell by 1.23%.
谷歌表示,该平台中的一个漏洞导致用户的隐私信息被第三方所获取。它还表示,数据泄露影响了多达 50 万个账户。谷歌的母公司Alphabet的股票下跌了1.23%。
This March, as Facebook was coming under global scrutiny over the harvesting of personal data for Cambridge Analytica, Google discovered a skeleton in its own closet: a bug in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends.
今年3月,正当Facebook由于将私人信息泄露给剑桥分析公司而受到全球的监管时,谷歌也难逃家丑:Google+的API(Application Programming Interface应用程序编程接口)中的一个漏洞导致第三方应用程序被允许访问用户数据,这些数据包括已授权的用户及其好友的数据。
If that sounds familiar, it’s because it’s almost exactly the scenario that got Mark Zuckerberg dragged in front of the US Congress. The parallel was not lost on Google, and the company chose not to disclose the data leak, the Wall Street Journal revealed Monday, in order to avoid the public relations headache and potential regulatory enforcement.
这个问题听起来并不陌生,因为这几乎与马克·扎克伯格在美国国会被质问的问题一模一样。华尔街日报10月8日透露,该公司选择不披露数据泄露事故,是为了避免令人头痛的舆论压力和可能引起的监管执法。
Disclosure will likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”, Google policy and legal officials wrote in a memo obtained by the Journal. It “almost guarantees Sundar will testify before Congress”, the memo said, referring to the company’s CEO, Sundar Pichai. The disclosure would also invite “immediate regulatory interest”.
根据华尔街日报获得的一份备忘录显示,谷歌的政策与法律部门的工作人员担心,“尽管在Facebook面临剑桥分析公司数据泄漏丑闻的时候,谷歌避免成为被关注的对象,但披露这一漏洞很有可能会导致“谷歌被拿来和Facebook比较,甚至转而成为焦点”。而谷歌公司首席执行官桑德尔·皮蔡(Sundar Pichai)因此“几乎可以确定需要向国会作证”,且批露这一漏洞会“立即引发监管部门的兴趣”。
Google's Reaction
Shortly after the story was published, Google announced that it will shut down consumer access to Google+ and improve privacy protections for third-party applications.
在这一漏洞披露不久后,谷歌宣布将关闭旗下社交软件Google+的消费者访问功能,并完善针对第三方应用的隐私保护。
In a blog post about the shutdown, Google disclosed the data leak, which it said potentially affected up to 500,000 accounts. Up to 438 different third-party applications may have had access to private information due to the bug, but Google apparently has no way of knowing whether they did because it only maintains logs of API use for two weeks.
谷歌在关闭Google+的博客中公开了这一可能影响高达500000个账户的数据泄露问题。有438个第三方应用可以通过这一漏洞获取用户的私人信息,但是谷歌似乎无法判断信息是否被窃取,因为API使用日志只被保留两周。
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused,” Ben Smith, the vice-president of engineering, wrote in the blogpost.
工程副总裁本·史密斯(Ben Smith)在博客中表示“我们目前还没有发现外部开发者认识到了这一漏洞的证据,也没有发现滥用API和用户数据的情况。“
Smith defended the decision not to disclose the leak, writing: “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.”
史密斯先生为公司隐瞒隐私漏洞而辩护,他写道:“一旦用户数据可能被涉及,我们都会采取比法律要求更严格的措施,根据多项重在保护用户的标准来决定是否向公众发出警告。”
"None of the thresholds for public disclosure were met," Smith said.
"而所有公开披露漏洞的门槛都尚未达到,"史密斯先生说。
There is no federal law that obliges Google to disclose data leaks, but there are laws at a state level. In California, where Google is headquartered, companies are only required to disclose a data leak if it includes both an individual’s name and their Social Security number, ID card or driver’s license number, license plate, medical information or health insurance information.
没有联邦法律要求谷歌公开数据漏洞,但是在州际层面却有相关法律。在加利福尼亚州的谷歌总部处,公司并不被要求披露数据漏洞,除非它包含了个人的名字以及该用户的社会安全号、身份证或是驾照、牌照、医疗信息或者健康保险信息。
Google also announced a series of reforms to its privacy policies designed to give users more control on the amount of data they share with third-party app developers.
谷歌还宣布将对其针对用户隐私政策进行一系列的改革,旨在让用户对与第三方应用程序的开发人员共享的数据数量有更多的控制权。
Users will now be able to have more “fine grained” control over the various aspects of their Google accounts that they grant to third-parties (ie calendar entries v Gmail), and Google will further limit third-parties’ access to email, SMS, contacts and phone logs.
用户如今将可以对其同意授予第三方的谷歌账户的各个方面拥有更精细的控制权(如通过Gmail创建谷歌日历),同时谷歌将会进一步限制第三方访问用户的电子邮件、SMS、联系人以及通话记录。
Opinions
David Carroll is a US professor who sued Cambridge Analytica earlier this year to find out what data the company had stored about him. He said that given the legal issues Facebook faces over its Cambridge Analytica cover-up, it’s not surprising Google tried to keep the leak out of the public eye.
美国教授大卫·卡罗尔(David Carroll)为查明剑桥分析公司(Cambridge Analytica)存有的关于他的数据,于今年早期起诉了这家公司。他说,鉴于剑桥分析公司的掩盖行为给脸书带来的法律问题,谷歌试图向公众隐瞒此次数据泄露事件的举动并不奇怪。
“Google is right to be concerned and the shutdown of Google+ shows how disposable things really are in the face of accountability,” he said.
谷歌的担心是对的。关闭Google+这一举措也说明,在承担数据泄露的重大责任面前,其他都是可以舍弃的。
For others, the leak was further evidence that the large technology platforms need more regulatory oversight.
同时,泄露事件也进一步说明大型技术平台需要更多的管理和监督。
“Monopolistic internet platforms like Google and Facebook are probably ‘too big to secure’ and are certainly ‘too big to trust’ blindly,” said Jeff Hauser, from the Centre for Economic and Policy Research.
经济和政治研究中心的杰夫·霍瑟(Jeff Hauser)说:“像谷歌和脸书这样垄断的网络平台也许‘过大而难以确保安全’,并且注定因为‘过大而不能盲目地相信’”。
He argued that the US Federal Trade Commission should move toward “breaking these platforms up”.
他表示,美国联邦贸易委员会(FTC)应当朝“打破平台垄断”的方向努力。
“In the interim, since we cannot trust that we know much or even most of what ought to concern the public, the FTC should install public-minded privacy monitors into the firms as an element of accountability.”
“在过渡时期,由于我们不能相信我们已经充分甚至较大程度地了解与公众密切相关的事件,美国联邦贸易委员会(FTC)应当将公众隐私的监督作为责任的一部分落实到这些公司。”
Related Reading
Google+:Failed venture
Google+ was launched in 2011, quickly becoming known as a failed attempt to compete with Facebook.
Google+推出于2011年,但很快成为与脸书竞争的一个失败的尝试。
Now, after several years of speculation that it was going to be shut down, Google is bringing Google+ for consumers to an end.
如今,在经过了数年关于Google+即将关闭的猜测后,谷歌公司将停止Google+的消费者服务。
Google said it would continue to offer private Google+ powered networks for businesses currently using the software.
谷歌称将为仍在使用这款软件的商户继续提供私有Google+网络服务。
"It has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps," wrote Ben Smith, Google's vice president of engineering, in a blog post on Monday.
谷歌公司工程副总裁本·史密斯在他周一的博客中写道:“(这款软件)并没有赢得广阔的消费者群体抑或是开发者群体,并且用户与应用平台的交互也很有限。”
In the past, the company had been reluctant to share data on how often Google+ was used, but now, facing the fall out of exposed data, the firm appears keen to play down its importance.
过去谷歌公司不愿意对外展示Google+的使用率,但是面对数据泄露事件的发生,谷歌似乎正热衷于淡化其重要性。
"The consumer version of Google+ currently has low usage and engagement: 90% of Google+ user sessions are less than five seconds."
“Google+消费者版本的使用率较低,参与度也不高:在该软件中,90%的用户会话时长少于五秒钟。”
Facebook’s data scandal
The Facebook–Cambridge Analytica data scandal was a major political scandal in early 2018 when it was revealed Cambridge Analytica, a company that had worked on Donald Trump's US presidential election campaign, had harvested the personal data of millions of people's Facebook profiles without their consent and used it for political purposes. It has been described as a watershed moment in the public understanding of personal data and precipitated a massive fall in Facebook's stock price and calls for tighter regulation of tech companies' use of data.
“Facebook-剑桥数据分析公司”的数据丑闻是2018年年初重要的政治丑闻。据披露,在为唐纳德·特朗普竞选美国总统服务期间,剑桥数据分析公司曾在未经百万Facebook用户同意的情况下窃取他们的个人档案数据,并将它们付之政治用途。这一事件被认为是公众对个人信息数据理解的转折点,并引发了Facebook股价的大规模下跌以及关于加强科技公司数据使用规范的强烈呼声。
Sources:BBC news The Guardian
编译|刘与晨 杨二一 产雨欣 郑可意 邱思怡
排版|邱思怡
经过了数年关于Google+即将关闭的猜测后,谷歌公司将停止Google+的消费者服务。原因为何?请由本期Quiosity带你一探究竟。
the Shut Down
Google is shutting down much of its social network, Google+, after user data was left exposed.
在用户数据遭到泄露后,谷歌选择关闭其社交网络平台Google+。
It said a bug in its software meant information that people believed was private had been accessible by third parties. Google said up to 500,000 users had been affected. Shares in Google's parent company Alphabet fell by 1.23%.
谷歌表示,该平台中的一个漏洞导致用户的隐私信息被第三方所获取。它还表示,数据泄露影响了多达 50 万个账户。谷歌的母公司Alphabet的股票下跌了1.23%。
This March, as Facebook was coming under global scrutiny over the harvesting of personal data for Cambridge Analytica, Google discovered a skeleton in its own closet: a bug in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends.
今年3月,正当Facebook由于将私人信息泄露给剑桥分析公司而受到全球的监管时,谷歌也难逃家丑:Google+的API(Application Programming Interface应用程序编程接口)中的一个漏洞导致第三方应用程序被允许访问用户数据,这些数据包括已授权的用户及其好友的数据。
If that sounds familiar, it’s because it’s almost exactly the scenario that got Mark Zuckerberg dragged in front of the US Congress. The parallel was not lost on Google, and the company chose not to disclose the data leak, the Wall Street Journal revealed Monday, in order to avoid the public relations headache and potential regulatory enforcement.
这个问题听起来并不陌生,因为这几乎与马克·扎克伯格在美国国会被质问的问题一模一样。华尔街日报10月8日透露,该公司选择不披露数据泄露事故,是为了避免令人头痛的舆论压力和可能引起的监管执法。
Disclosure will likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”, Google policy and legal officials wrote in a memo obtained by the Journal. It “almost guarantees Sundar will testify before Congress”, the memo said, referring to the company’s CEO, Sundar Pichai. The disclosure would also invite “immediate regulatory interest”.
根据华尔街日报获得的一份备忘录显示,谷歌的政策与法律部门的工作人员担心,“尽管在Facebook面临剑桥分析公司数据泄漏丑闻的时候,谷歌避免成为被关注的对象,但披露这一漏洞很有可能会导致“谷歌被拿来和Facebook比较,甚至转而成为焦点”。而谷歌公司首席执行官桑德尔·皮蔡(Sundar Pichai)因此“几乎可以确定需要向国会作证”,且批露这一漏洞会“立即引发监管部门的兴趣”。
Google's Reaction
Shortly after the story was published, Google announced that it will shut down consumer access to Google+ and improve privacy protections for third-party applications.
在这一漏洞披露不久后,谷歌宣布将关闭旗下社交软件Google+的消费者访问功能,并完善针对第三方应用的隐私保护。
In a blog post about the shutdown, Google disclosed the data leak, which it said potentially affected up to 500,000 accounts. Up to 438 different third-party applications may have had access to private information due to the bug, but Google apparently has no way of knowing whether they did because it only maintains logs of API use for two weeks.
谷歌在关闭Google+的博客中公开了这一可能影响高达500000个账户的数据泄露问题。有438个第三方应用可以通过这一漏洞获取用户的私人信息,但是谷歌似乎无法判断信息是否被窃取,因为API使用日志只被保留两周。
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused,” Ben Smith, the vice-president of engineering, wrote in the blogpost.
工程副总裁本·史密斯(Ben Smith)在博客中表示“我们目前还没有发现外部开发者认识到了这一漏洞的证据,也没有发现滥用API和用户数据的情况。“
Smith defended the decision not to disclose the leak, writing: “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.”
史密斯先生为公司隐瞒隐私漏洞而辩护,他写道:“一旦用户数据可能被涉及,我们都会采取比法律要求更严格的措施,根据多项重在保护用户的标准来决定是否向公众发出警告。”
"None of the thresholds for public disclosure were met," Smith said.
"而所有公开披露漏洞的门槛都尚未达到,"史密斯先生说。
There is no federal law that obliges Google to disclose data leaks, but there are laws at a state level. In California, where Google is headquartered, companies are only required to disclose a data leak if it includes both an individual’s name and their Social Security number, ID card or driver’s license number, license plate, medical information or health insurance information.
没有联邦法律要求谷歌公开数据漏洞,但是在州际层面却有相关法律。在加利福尼亚州的谷歌总部处,公司并不被要求披露数据漏洞,除非它包含了个人的名字以及该用户的社会安全号、身份证或是驾照、牌照、医疗信息或者健康保险信息。
Google also announced a series of reforms to its privacy policies designed to give users more control on the amount of data they share with third-party app developers.
谷歌还宣布将对其针对用户隐私政策进行一系列的改革,旨在让用户对与第三方应用程序的开发人员共享的数据数量有更多的控制权。
Users will now be able to have more “fine grained” control over the various aspects of their Google accounts that they grant to third-parties (ie calendar entries v Gmail), and Google will further limit third-parties’ access to email, SMS, contacts and phone logs.
用户如今将可以对其同意授予第三方的谷歌账户的各个方面拥有更精细的控制权(如通过Gmail创建谷歌日历),同时谷歌将会进一步限制第三方访问用户的电子邮件、SMS、联系人以及通话记录。
Opinions
David Carroll is a US professor who sued Cambridge Analytica earlier this year to find out what data the company had stored about him. He said that given the legal issues Facebook faces over its Cambridge Analytica cover-up, it’s not surprising Google tried to keep the leak out of the public eye.
美国教授大卫·卡罗尔(David Carroll)为查明剑桥分析公司(Cambridge Analytica)存有的关于他的数据,于今年早期起诉了这家公司。他说,鉴于剑桥分析公司的掩盖行为给脸书带来的法律问题,谷歌试图向公众隐瞒此次数据泄露事件的举动并不奇怪。
“Google is right to be concerned and the shutdown of Google+ shows how disposable things really are in the face of accountability,” he said.
谷歌的担心是对的。关闭Google+这一举措也说明,在承担数据泄露的重大责任面前,其他都是可以舍弃的。
For others, the leak was further evidence that the large technology platforms need more regulatory oversight.
同时,泄露事件也进一步说明大型技术平台需要更多的管理和监督。
“Monopolistic internet platforms like Google and Facebook are probably ‘too big to secure’ and are certainly ‘too big to trust’ blindly,” said Jeff Hauser, from the Centre for Economic and Policy Research.
经济和政治研究中心的杰夫·霍瑟(Jeff Hauser)说:“像谷歌和脸书这样垄断的网络平台也许‘过大而难以确保安全’,并且注定因为‘过大而不能盲目地相信’”。
He argued that the US Federal Trade Commission should move toward “breaking these platforms up”.
他表示,美国联邦贸易委员会(FTC)应当朝“打破平台垄断”的方向努力。
“In the interim, since we cannot trust that we know much or even most of what ought to concern the public, the FTC should install public-minded privacy monitors into the firms as an element of accountability.”
“在过渡时期,由于我们不能相信我们已经充分甚至较大程度地了解与公众密切相关的事件,美国联邦贸易委员会(FTC)应当将公众隐私的监督作为责任的一部分落实到这些公司。”
Related Reading
Google+:Failed venture
Google+ was launched in 2011, quickly becoming known as a failed attempt to compete with Facebook.
Google+推出于2011年,但很快成为与脸书竞争的一个失败的尝试。
Now, after several years of speculation that it was going to be shut down, Google is bringing Google+ for consumers to an end.
如今,在经过了数年关于Google+即将关闭的猜测后,谷歌公司将停止Google+的消费者服务。
Google said it would continue to offer private Google+ powered networks for businesses currently using the software.
谷歌称将为仍在使用这款软件的商户继续提供私有Google+网络服务。
"It has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps," wrote Ben Smith, Google's vice president of engineering, in a blog post on Monday.
谷歌公司工程副总裁本·史密斯在他周一的博客中写道:“(这款软件)并没有赢得广阔的消费者群体抑或是开发者群体,并且用户与应用平台的交互也很有限。”
In the past, the company had been reluctant to share data on how often Google+ was used, but now, facing the fall out of exposed data, the firm appears keen to play down its importance.
过去谷歌公司不愿意对外展示Google+的使用率,但是面对数据泄露事件的发生,谷歌似乎正热衷于淡化其重要性。
"The consumer version of Google+ currently has low usage and engagement: 90% of Google+ user sessions are less than five seconds."
“Google+消费者版本的使用率较低,参与度也不高:在该软件中,90%的用户会话时长少于五秒钟。”
Facebook’s data scandal
The Facebook–Cambridge Analytica data scandal was a major political scandal in early 2018 when it was revealed Cambridge Analytica, a company that had worked on Donald Trump's US presidential election campaign, had harvested the personal data of millions of people's Facebook profiles without their consent and used it for political purposes. It has been described as a watershed moment in the public understanding of personal data and precipitated a massive fall in Facebook's stock price and calls for tighter regulation of tech companies' use of data.
“Facebook-剑桥数据分析公司”的数据丑闻是2018年年初重要的政治丑闻。据披露,在为唐纳德·特朗普竞选美国总统服务期间,剑桥数据分析公司曾在未经百万Facebook用户同意的情况下窃取他们的个人档案数据,并将它们付之政治用途。这一事件被认为是公众对个人信息数据理解的转折点,并引发了Facebook股价的大规模下跌以及关于加强科技公司数据使用规范的强烈呼声。
Sources:BBC news The Guardian
编译|刘与晨 杨二一 产雨欣 郑可意 邱思怡
排版|邱思怡
经过了数年关于Google+即将关闭的猜测后,谷歌公司将停止Google+的消费者服务。原因为何?请由本期Quiosity带你一探究竟。
the Shut Down
Google is shutting down much of its social network, Google+, after user data was left exposed.
在用户数据遭到泄露后,谷歌选择关闭其社交网络平台Google+。
It said a bug in its software meant information that people believed was private had been accessible by third parties. Google said up to 500,000 users had been affected. Shares in Google's parent company Alphabet fell by 1.23%.
谷歌表示,该平台中的一个漏洞导致用户的隐私信息被第三方所获取。它还表示,数据泄露影响了多达 50 万个账户。谷歌的母公司Alphabet的股票下跌了1.23%。
This March, as Facebook was coming under global scrutiny over the harvesting of personal data for Cambridge Analytica, Google discovered a skeleton in its own closet: a bug in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends.
今年3月,正当Facebook由于将私人信息泄露给剑桥分析公司而受到全球的监管时,谷歌也难逃家丑:Google+的API(Application Programming Interface应用程序编程接口)中的一个漏洞导致第三方应用程序被允许访问用户数据,这些数据包括已授权的用户及其好友的数据。
If that sounds familiar, it’s because it’s almost exactly the scenario that got Mark Zuckerberg dragged in front of the US Congress. The parallel was not lost on Google, and the company chose not to disclose the data leak, the Wall Street Journal revealed Monday, in order to avoid the public relations headache and potential regulatory enforcement.
这个问题听起来并不陌生,因为这几乎与马克·扎克伯格在美国国会被质问的问题一模一样。华尔街日报10月8日透露,该公司选择不披露数据泄露事故,是为了避免令人头痛的舆论压力和可能引起的监管执法。
Disclosure will likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”, Google policy and legal officials wrote in a memo obtained by the Journal. It “almost guarantees Sundar will testify before Congress”, the memo said, referring to the company’s CEO, Sundar Pichai. The disclosure would also invite “immediate regulatory interest”.
根据华尔街日报获得的一份备忘录显示,谷歌的政策与法律部门的工作人员担心,“尽管在Facebook面临剑桥分析公司数据泄漏丑闻的时候,谷歌避免成为被关注的对象,但披露这一漏洞很有可能会导致“谷歌被拿来和Facebook比较,甚至转而成为焦点”。而谷歌公司首席执行官桑德尔·皮蔡(Sundar Pichai)因此“几乎可以确定需要向国会作证”,且批露这一漏洞会“立即引发监管部门的兴趣”。
Google's Reaction
Shortly after the story was published, Google announced that it will shut down consumer access to Google+ and improve privacy protections for third-party applications.
在这一漏洞披露不久后,谷歌宣布将关闭旗下社交软件Google+的消费者访问功能,并完善针对第三方应用的隐私保护。
In a blog post about the shutdown, Google disclosed the data leak, which it said potentially affected up to 500,000 accounts. Up to 438 different third-party applications may have had access to private information due to the bug, but Google apparently has no way of knowing whether they did because it only maintains logs of API use for two weeks.
谷歌在关闭Google+的博客中公开了这一可能影响高达500000个账户的数据泄露问题。有438个第三方应用可以通过这一漏洞获取用户的私人信息,但是谷歌似乎无法判断信息是否被窃取,因为API使用日志只被保留两周。
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused,” Ben Smith, the vice-president of engineering, wrote in the blogpost.
工程副总裁本·史密斯(Ben Smith)在博客中表示“我们目前还没有发现外部开发者认识到了这一漏洞的证据,也没有发现滥用API和用户数据的情况。“
Smith defended the decision not to disclose the leak, writing: “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.”
史密斯先生为公司隐瞒隐私漏洞而辩护,他写道:“一旦用户数据可能被涉及,我们都会采取比法律要求更严格的措施,根据多项重在保护用户的标准来决定是否向公众发出警告。”
"None of the thresholds for public disclosure were met," Smith said.
"而所有公开披露漏洞的门槛都尚未达到,"史密斯先生说。
There is no federal law that obliges Google to disclose data leaks, but there are laws at a state level. In California, where Google is headquartered, companies are only required to disclose a data leak if it includes both an individual’s name and their Social Security number, ID card or driver’s license number, license plate, medical information or health insurance information.
没有联邦法律要求谷歌公开数据漏洞,但是在州际层面却有相关法律。在加利福尼亚州的谷歌总部处,公司并不被要求披露数据漏洞,除非它包含了个人的名字以及该用户的社会安全号、身份证或是驾照、牌照、医疗信息或者健康保险信息。
Google also announced a series of reforms to its privacy policies designed to give users more control on the amount of data they share with third-party app developers.
谷歌还宣布将对其针对用户隐私政策进行一系列的改革,旨在让用户对与第三方应用程序的开发人员共享的数据数量有更多的控制权。
Users will now be able to have more “fine grained” control over the various aspects of their Google accounts that they grant to third-parties (ie calendar entries v Gmail), and Google will further limit third-parties’ access to email, SMS, contacts and phone logs.
用户如今将可以对其同意授予第三方的谷歌账户的各个方面拥有更精细的控制权(如通过Gmail创建谷歌日历),同时谷歌将会进一步限制第三方访问用户的电子邮件、SMS、联系人以及通话记录。
Opinions
David Carroll is a US professor who sued Cambridge Analytica earlier this year to find out what data the company had stored about him. He said that given the legal issues Facebook faces over its Cambridge Analytica cover-up, it’s not surprising Google tried to keep the leak out of the public eye.
美国教授大卫·卡罗尔(David Carroll)为查明剑桥分析公司(Cambridge Analytica)存有的关于他的数据,于今年早期起诉了这家公司。他说,鉴于剑桥分析公司的掩盖行为给脸书带来的法律问题,谷歌试图向公众隐瞒此次数据泄露事件的举动并不奇怪。
“Google is right to be concerned and the shutdown of Google+ shows how disposable things really are in the face of accountability,” he said.
谷歌的担心是对的。关闭Google+这一举措也说明,在承担数据泄露的重大责任面前,其他都是可以舍弃的。
For others, the leak was further evidence that the large technology platforms need more regulatory oversight.
同时,泄露事件也进一步说明大型技术平台需要更多的管理和监督。
“Monopolistic internet platforms like Google and Facebook are probably ‘too big to secure’ and are certainly ‘too big to trust’ blindly,” said Jeff Hauser, from the Centre for Economic and Policy Research.
经济和政治研究中心的杰夫·霍瑟(Jeff Hauser)说:“像谷歌和脸书这样垄断的网络平台也许‘过大而难以确保安全’,并且注定因为‘过大而不能盲目地相信’”。
He argued that the US Federal Trade Commission should move toward “breaking these platforms up”.
他表示,美国联邦贸易委员会(FTC)应当朝“打破平台垄断”的方向努力。
“In the interim, since we cannot trust that we know much or even most of what ought to concern the public, the FTC should install public-minded privacy monitors into the firms as an element of accountability.”
“在过渡时期,由于我们不能相信我们已经充分甚至较大程度地了解与公众密切相关的事件,美国联邦贸易委员会(FTC)应当将公众隐私的监督作为责任的一部分落实到这些公司。”
Related Reading
Google+:Failed venture
Google+ was launched in 2011, quickly becoming known as a failed attempt to compete with Facebook.
Google+推出于2011年,但很快成为与脸书竞争的一个失败的尝试。
Now, after several years of speculation that it was going to be shut down, Google is bringing Google+ for consumers to an end.
如今,在经过了数年关于Google+即将关闭的猜测后,谷歌公司将停止Google+的消费者服务。
Google said it would continue to offer private Google+ powered networks for businesses currently using the software.
谷歌称将为仍在使用这款软件的商户继续提供私有Google+网络服务。
"It has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps," wrote Ben Smith, Google's vice president of engineering, in a blog post on Monday.
谷歌公司工程副总裁本·史密斯在他周一的博客中写道:“(这款软件)并没有赢得广阔的消费者群体抑或是开发者群体,并且用户与应用平台的交互也很有限。”
In the past, the company had been reluctant to share data on how often Google+ was used, but now, facing the fall out of exposed data, the firm appears keen to play down its importance.
过去谷歌公司不愿意对外展示Google+的使用率,但是面对数据泄露事件的发生,谷歌似乎正热衷于淡化其重要性。
"The consumer version of Google+ currently has low usage and engagement: 90% of Google+ user sessions are less than five seconds."
“Google+消费者版本的使用率较低,参与度也不高:在该软件中,90%的用户会话时长少于五秒钟。”
Facebook’s data scandal
The Facebook–Cambridge Analytica data scandal was a major political scandal in early 2018 when it was revealed Cambridge Analytica, a company that had worked on Donald Trump's US presidential election campaign, had harvested the personal data of millions of people's Facebook profiles without their consent and used it for political purposes. It has been described as a watershed moment in the public understanding of personal data and precipitated a massive fall in Facebook's stock price and calls for tighter regulation of tech companies' use of data.
“Facebook-剑桥数据分析公司”的数据丑闻是2018年年初重要的政治丑闻。据披露,在为唐纳德·特朗普竞选美国总统服务期间,剑桥数据分析公司曾在未经百万Facebook用户同意的情况下窃取他们的个人档案数据,并将它们付之政治用途。这一事件被认为是公众对个人信息数据理解的转折点,并引发了Facebook股价的大规模下跌以及关于加强科技公司数据使用规范的强烈呼声。
Sources:BBC news The Guardian
编译|刘与晨 杨二一 产雨欣 郑可意 邱思怡
排版|邱思怡
