Michael Chertoff on Google's Safari Hack

In the cyber age, privacy and security are two sides of the same coin. Digital privacy concerns can't be separated from security ones, and vice versa. That's why the government's response to "Safarigate"—in which Google hacked a popular Web browser, changing users' settings without their knowledge—is troubling. In announcing recently that it would settle claims against Google in the case, the Federal Trade Commission (FTC) addressed concerns about consumer privacy. But it failed to recognize the deeper problem that an invasion of privacy is often a security breach. Users of the Safari Web browser (an Apple product) know that its default security settings allow users to keep their browsing history secret and maintain their personal privacy, if they wish. By blocking the digital records known as "cookies," Safari allows users to limit others' ability to track their activities in cyberspace. Google is charged with having surreptitiously changed those settings. According to public reports, Google ran code from inside its online ads that changed Safari's security settings when users accessed the Google site. This enabled cookies to track people's browsing without their knowledge, which Google then used to collect data.