An independent auditing firm signed off on Google's privacy practices earlier this year after the internet giant had discovered a software bug that exposed private information on potentially hundreds of thousands of users.

The Hill obtained a redacted copy of the assessment conducted by the accounting firm Ernst and Young through a Freedom of Information Act request. The report concluded that Google had comprehensive privacy protections in place and that it was in compliance with a 2011 privacy settlement with the Federal Trade Commission (FTC).

The latest audit was submitted to the FTC in June and covered a two-year period: April 2016 through April.

“[Google’s] privacy controls are operating with sufficient effectiveness to provide reasonable assurance to protect the privacy of covered information and have so operated throughout the Reporting Period,” Ernst and Young wrote in the audit.

On Monday, Google disclosed that it had discovered a security flaw in March, during the period covered by the audit. That security flaw gave third-party developers access to data on as many as 500,000 users of Google Plus, the company's social media app.

Google said part of the reason it decided not to reveal the incident in March was because it could not determine the full effect of the exposure.

“Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response,” Ben Smith, Google’s vice president of engineering, said Monday in a blog post. "None of these thresholds were met in this instance.”

The audit is likely to raise new questions about how Google handled the potential breach and the criteria auditors are using to assess companies' privacy policies.

Google agreed in 2011 to submit to independent privacy assessments every two years as part of a settlement with the FTC over charges that it had deceived users about its privacy practices.

Because much of Ernst and Young’s audit is redacted, it’s not entirely clear if Google disclosed the incident to the firm. But it appears that the auditors didn’t find any potential issues that would have raised red flags for them. The criteria that the firm used to assess Google’s privacy policies were redacted from the document.

Ernst and Young did not immediately respond to a request for comment from The Hill.

More Here:

https://thehill.com/policy/technology/410568-exclusive-privacy-audit-failed-to-mention-of-google-plus-security-flaw

https://www.politico.com/story/2018/10/09/trump-federal-reserve-interest-rates-885942

Trying to get tens of thousands of voter registration errors under control, California Secretary of State Alex Padilla may temporarily halt a program that automatically registers voters through the Department of Motor Vehicles.

A freeze to the state’s Motor Voter program is “certainly on the table,” Padilla said at a news conference on Tuesday.

“We’re doing the homework as we speak of what does that mean and what it would take,” Padilla said. “These mistakes from the DMV are absolutely unacceptable.”

California launched the Motor Voter program on April 23, which automatically registers and pre-registers eligible voters when they go into a DMV office to complete a driver’s license, state ID or address change transaction.

The DMV reported last month that it made 23,000 voter registration errors resulting from technicians toggling between multiple screens and having registration information improperly merged. In May, the Los Angeles Times reported that a software error affected 77,000 voter records generated at the DMV.

On Monday, the DMV said about 1,500 people were improperly registered to vote, some of whom may not be citizens. Padilla said his office immediately removed all 1,500 people from the voter rolls. In a letter to the DMV, he called for the agency to hire an independent third-party to conduct an audit.

In light of the recent struggles, the California Department of Finance said its ongoing performance audit into the DMV will now include an expanded component regarding the Motor Voter program.

It’s unclear how Motor Voter would be frozen before the upcoming November election. The Secretary of State’s Office declined to comment further on how such an action could be possible.

Assemblyman Jim Patterson, a Fresno Republican who has been a sharp critic of the DMV, wants a complete shutdown of the Motor Voter operation until a thorough investigation is conducted. While a freeze could be done when lawmakers return to the Capitol next year, he pressed for Gov. Jerry Brown to take executive action in the meantime.

“The governor could do it with an executive decision to suspend things of this nature under what would be his emergency authority,” Patterson said. “If this isn’t an emergency with regard to the sanctity of our voter rolls, I don’t know what it is.”

Brown’s office responded with a statement saying it is committed to addressing ongoing concerns through an audit Brown ordered last month.

“We share an interest in addressing these issues, which is why a Department of Finance audit is underway,” said a statement from Brian Ferguson, a spokesman for the governor.

https://www.sacbee.com/news/politics-government/capitol-alert/article219739930.html#storylink=mainstage