Dear Google, I really want to like you...

With consumer confidence waning and pressure from stakeholders mounting over privacy concerns, Google has established privacy policies which are easily found on its Web site.  However, they go a step further.  In January 2010 they launched a vulnerability rewards program as a way to engage consumers in a very customer-centric, very proactive way. (Security, n.d.). It encourages consumers to look for weaknesses in the security in a variety of Google applications including any of the following: .google, .blogger, .youtube, or .orkut.  These categories of bugs are definitively excluded:

• attacks against Google’s corporate infrastructure
• social engineering and physical attacks
• denial of service bugs
• non-web application vulnerabilities, including vulnerabilities in client applications
• SEO blackhat techniques
• vulnerabilities in Google-branded websites hosted by third parties
• bugs in technologies recently acquired by Google

The tester or researcher is only permitted to test their own page or a test page.  If they find any areas to be vulnerable or susceptible to potential security breaches or privacy issues, they report their findings to Google.  Google then pays the individual $500.  If the rewards panel finds a particular bug to be severe or unusually clever, rewards of up to $3,133.7 may be issued. Recognizing that some researchers are not interested the monetary gain, Google gives (the researcher) the option of donating the money to charity.  If the researcher chooses this option, Google will match the donation.  The vulnerability rewards program is a unique public relations solution to the very challenging issue of privacy.

While this is an awesome program, I believe it is not enough.  Google is relatively quiet when it comes to PR and promoting general goodwill efforts, especially when it comes to privacy issues.  Google came under fire in 2010 for having "private discussions" with Verizon over net neutrality, which is is a leading issues debate about consumer and corporate access to electronic data traffic networks, and to what degree network providers can play traffic cop legally in this arena. (Praecere.com, 2010). According to an article that appeared in The New York Times, it has been the center of a debate over whether those companies can give preferential treatment to content providers who pay for faster transmission, or to their own content..." (NYTimes.com, 2010).  What this means for Verizon is that Google, whose Android operating system powers many Verizon wireless phones, would agree not to challenge Verizon’s ability to manage its broadband Internet network as it pleased. (Wyatt, 2010). 

Google should be more open about these issues and speak openly to the public and its shareholders when they are considering making such changes or embarking on the very controversial issue of net neutrality.  So, does the vulnerability rewards program negate this debate or are they two separate issues?  To me, both issues should be handled with care and with a well-crafted proactive public relations campaign. 


*Note: I try to cite sources whenever possible.  

No comments:

Post a Comment