The U.S. Committee on Commerce, Science, and Transportation sent a strongly worded letter to Google CEO Sundar Pichai. The senators question what the company has done to protect 500,00 users whose profile information was stolen in 2015. Their anger stems from knowledge of an internal memo, cited in a Wall Street Journal article, discouraging disclosure because of fear of “immediate regulatory interest” and the requirement for Pichai to testify before Congress.
In the letter, the senators compare Google’s response to Facebook’s in light of the Cambridge Analytica breach:
“At the same time that Facebook was learning the important lesson that tech firms must be forthright with the public about privacy issues, Google apparently elected to withhold information about a relevant vulnerability for fear of public scrutiny.”
The senators then list specific information about vulnerabilities for Google to provide by October 30.
Read the Wall Street Journal article for more background information. Did the senators respond appropriately? Why or why not?
What is Google’s accountability in this situation? What is the committee’s accountability?
In addition to responding to the senators’ requests, what, if anything, should Google communicate to the public at this point?
Google may have been avoiding its own vulnerability.