Senate Republican leaders want Google to hand over an internal memo that appeared to show the company factored politics and optics into a decision not to inform users of a security vulnerability in its Google+ social network platform potentially affecting a half-million people.
That came in a letter to the company following up on a story in the Wall Street Journal about the vulnerability. The story cited an internal memo that talked about the "immediate regulatory interest" disclosure could draw and which could bring Google "into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal" and "almost [guarantee] Sunday will testify before Congress."
Google CEO is Sundar Pichai, to whom the senators addressed their letter.
The senators conceded that the company was reportedly also opted not to disclose the issue at the time in part because it had not determined whether the vulnerability, which it fixed, had in fact been exploited by any app developer or, if so, which users were affected.
But it was the political calculation that did not sit well with Sens. John Thune (S.D.), chairman of the Commerce Committee; Roger Wicker (Miss.), chairman of the Communications Subcommittee; and Jerry Moran (Kan.), chairman of the Consumer Protection Subcommittee.
They said the report was troubling because at the same time Facebook was having to face the D.C. music and learn "the important lesson" that tech firms have to be forthright with the public on privacy, Google "apparently elected to withhold information about a relevant vulnerability for fear of public scrutiny."
Some other legislators might take issue with how much of a lesson Facebook had learned.
Thune and company also said they were unhappy that Google's chief privacy officer testified two weeks ago and failed to provide info on the vulnerability.
In addition to a copy of the memo, they want answers to a bunch of questions by Oct. 30, including when and how Google became aware of the security issue; why it chose not to disclose to the committee or public; whether it disclosed it to any federal agencies; and whether there are similar, unreported incidents.