Recently, the European Commission (EC) announced two significant antitrust actions against Google. The first focused on formal charges being brought to address the company’s abuse of dominance in the online search marketplace; the second focused on a formal investigation being initiated around Android, Google’s ad-subsidized mobile platform.
As the announcement stated, “The [Android] investigation will focus on whether Google has entered into anti-competitive agreements or abused a possible dominant position in the field of operating systems, applications and services for smart mobile devices.”
The two announcements mark a critical moment, not only for the EC and customers in Europe, but for public sector and enterprise users globally. As we’ve seen in the headlines since the April 15 announcement, a great deal has already been written about the charges. My goal here is not to rehash what has already been stated, but instead focus on Android and the underlying, lesser-known issues at play for government users.
It is important to consider the implications this series of events has on public sector entities. Vendor practices are particularly important for federal CIOs while procuring goods and services, in particular as it relates to “bring-your-own-device” (BYOD) policies. Considering Android’s prevalence in the public sector, the EC’s decision to investigate raises serious concerns regarding the due diligence a government CIO should conduct prior to procuring IT services or deploying BYOD within a federal agency. It is easy to lose sight of the fact that all mobile devices, Android included, serve another purpose in addition to their use as phones, maps and Web browsers. They are data-gathering tools, capable of amassing volumes of information about their users.
Last year, I co-authored a white paper discussing different ways in which federal CIOs can strengthen their contracts with IT vendors via improved data security. The paper concluded that cloud vendors need to be more transparent with regard to how they store, use, and monetize public sector data – especially vendors whose business models depend on advertising and the monetization of user data.
Agencies must be more explicit in their contracts concerning data-mining practices and data use outside of the stated, intended purpose. This is the responsibility not only of the federal CIOs but of vendors as well. Given these recent announcements, the need for transparency could not be more appropriate and timely. Government entities need to ensure their contracts include the proper terms and conditions which can be validated and enforced to meet the federal policies and procedures regarding data management and data use. This is increasingly important as government employees more frequently use their own devices at work and the boundaries for security and privacy become blurred.
It is the federal CIOs’ job to ensure the procurement process protects agencies from entering into agreements that jeopardize both internal and public data. Moving forward, CIOs must take the lead on these issues and work with their colleagues, including inspectors general, to push Google and other vendors for more transparency across platforms, including Android, as their use becomes more common within the federal government.
Karen Evans worked for the government for 27 years, including her last six as the administrator in the Office of E-Government and IT in the Office of Management and Budget. She now is the national director of the U.S. Cyber Challenge.