Privacy group to FTC: Google's cloud is unsafe

Privacy group to FTC: Google's cloud is unsafe

Summary: A Washington-based privacy group wants the Federal Trade Commission to launch an investigation of the cloud-computing services offered by Google - including Gmail, Google Docs, Google Calendar and others - to ensure that they are as secure as Google promises they will be.Specifically, the matters stems from reports earlier this month that a software bug in Google Docs publicly exposed documents believed to be private.

SHARE:
TOPICS: Cloud, Google, Legal, Security
25

A Washington-based privacy group wants the Federal Trade Commission to launch an investigation of the cloud-computing services offered by Google - including Gmail, Google Docs, Google Calendar and others - to ensure that they are as secure as Google promises they will be.

Specifically, the matters stems from reports earlier this month that a software bug in Google Docs publicly exposed documents believed to be private. The company said the glitch affected one-half of one percent of the documents stored online.

The Electronic Privacy Information Center pointed out in its petition to the FTC that Google uses language in its marketing statements that suggest to users that their documents are safe and secure and that users can "rest assured that your documents, spreadsheets and presentations will remain private unless you publish them to the Web or invite collaborators and/or viewers."

The group cites other security breach incidents involving Google, though none since January 2007, when a security flaw involving Google Desktop was found. The group notes that the matter becomes critical because cloud computing services are growing in popularity among both consumers and businesses, greatly increasing the potential for risk.

Google said the Google Docs problem earlier this month occurred in cases where people had chosen to collaborate on multiple documents and adjusted settings to allow access to others. Collaborators were unintentionally given permission to access documents aside from the ones intended.

Topics: Cloud, Google, Legal, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

25 comments
Log in or register to join the discussion
  • It's still a long long way...

    ...before cloud computing will become the norm. Issues like this illustrate one reason why. It can be hard enough to get a closed network totally secure enough to completely trust it. To get any big enterprize to trust a big server in the sky with your documents and data, and then leaving the security to them sounds nice in some respects if it works but right now it requires a lot more trust than it currently deserves.
    Cayble
  • RE: Privacy group to FTC: Google's cloud is unsafe

    Cayble is green.
    paulius1
  • If the Electronic Privacy Information Center is so worried...

    why don't they:
    (a) not use Google cloud services; or
    (b) look into it with their own money, not
    ours.

    Nobody forces people to use Google mostly's
    FREE
    services, and nobody has a right to expect them
    to be
    perfect.

    Why should the government stick its nose in
    Google's
    business and waste taxpayer money figuring out
    how
    good or not good the services are?

    Let people read a couple of blogs or try out
    the
    services and decide for themselves.

    Maybe someone should investigate the Electronic
    Privacy Yenta Center regarding why they are
    invading
    Google's privacy and wasting taxpayer money.
    Who are
    these (probably tax funded) malcontents? Don't
    we
    have enough real things to deal with in life?
    davagain
    • While this seems targeted I disagree in general....

      This is what I pay tax dollars for....not for someone to sit on their butts and let the country run itself.

      Laissez-faire isn't going to work. Reading a couple of blogs and trying out the services is not going to tell you whats actually happening in the background. And if no one if enforcing any rules on your behalf they WILL do what ever makes the most money for them.

      I just can't understand how many times companies have to get caught doing stuff like selling rotten meat treated with carbon monoxide before people catch on to the fact that the individual is actually powerless. People always THINK they are shopping "smart" and are so informed but honestly don't know the half of it. I guess were doomed to being poisoned by the Chinese smh.
      storm14k
      • Government oversight? pffffft!

        Next best thing to useless.

        Example: The public, and the government, became concerned about MSG a few years back. So, the industry came up with a few dozen other names for the same stuff, stuck them on the label, some even claiming "No MSG", and actually increased the quantity of MSG in processed foods.

        Dr. John
        • example

          Where are the actual examples - names of the products, companies, etc?
          pupkin_z
  • RE: Privacy group to FTC: Google's cloud is unsafe

    Sounds a little unfair to say "Google's cloud is unsafe." When someone mistakenly configures it to share more than they intend, it's either a training issue or maybe Google needs to make the settings more clearly understood. It would be different if someone gained access in spite of the configuration ...
    dennis@...
  • RE: Privacy group to FTC: Google's cloud is unsafe

    Its not worried about its security. Its worried about everyone's security. If Google says it's giving FREE and so can play with security, ask them to tell that in privacy statement and everyone uses their own in that case.
    mythrikiran
  • RE: Privacy group to FTC: Google's cloud is unsafe

    The question really is in part how safe will Google Health records be...
    Conmergence
  • RE: Privacy group to FTC: Google's cloud is unsafe

    I didn't need a privacy group to tell me this. Most of us knew this already given Google's past history.
    Loverock Davidson
    • Aw c'mon, there have only been a few security breaches (reported)...

      and a few service failures and poor QoS and...
      B.O.F.H.
      • That may only be the tip of the iceberg

        Frankly I don't trust any online service to secure my data until they prove that they can do so. Google Cloud is aimed at businesses to allow them to have their employees from multiple locations work on the same projects. But really if the service is free, would you trust them with your business data with all the corporate piracy going on these days. Technology only serves to make it easier for the thieves to steal from those who are trying to work hard at making a living. Out sourcing may save money, but can anyone prove that it's really secure?
        dgc49
    • Don't forget...

      The rest of the companies who have an online presence who don't have a perfect security record, starting with the banks on to the federal government with people like Google, Adobe, Microsoft, Cisco, Sun, Apple, and even Pixar and Dreamworks who've had online security lapses where privacy has been breached.

      Who knows, maybe it's time government here and elsewhere in the world put consequences for companies (and themselves) in place for security lapses/breaches etc. I for one would feel a little happier if a company who let my data out into the wild had something to "look forward to" in terms of a penalty/compensation etc.
      zkiwi
  • Common sense to EPIC, "Well, duh!"

    A free service may have less-than-perfect software ... who is shocked by that?

    Storing your confidential data on *someone else's* servers isn't safe? Who would have suspected that?

    Oh, yeah, everybody.

    Come on EPIC, catch up with common sense. If you post it on-line, it's no longer private and there isn't any possible way that Google (or *anyone* else) can make it so.

    If EPIC wants to b*tch about something, how about all that TJ Max customer credit card data that got stolen and that TJM hasn't done anything about?

    There have been lots of high-impact high-dollar-volume transgressions to complain about ... and somehow GoogleDocs just doesn't worry me as much.

    Regards,
    Jon
    JonathonDoe
  • RE: Privacy group to FTC: Google's cloud is unsafe

    I agree with most of the comments, and think there are more important Internet issues than the safety of google cloud, which I see hardly used in a professional environment or for highly sensitive stuff.
    Thank you, Google, for a magnificent concept and business idea!
    Robert Tjon
    robert_tjon2003@...
  • Will be? Why bother? What about others????!!!!

    OK, first, this is a "will be", not an "is now". I
    could care less about "will be". What about
    Microsoft's cloud? or Adobe's?

    Seems this is done by a competitor, and being pushed
    for bad reasons.
    Narg
  • Don't berate Google for stupid users!

    If people can't control their sharing properly, that
    is really not Google's issue. We don't want public
    computing reduced to the lowest common ability.

    Here in the UK the government and their contractors
    regularly lose sensitive personal data files in
    accessible forms, and I bet this goes on in the
    'States too.

    Nothing is perfect, especially when it is changing.
    But Google tries hard. Do no evil.


    bingham@...
    • Stupid users?

      First, if you're referring to the last paragraph, it's unclear as to whether or not the error was caused by Google or the user.

      Second, your argument for data loss being allowable is a non-sequitur: my country has crappy security thus Google should be allowed to as well.

      Thirdly, the last I checked "tries hard" isn't quite the same as "executes well". Trying to do no evil isn't the same as doing no evil.

      Lastly, blaming "stupid users" is the first excuse of poor software development. It also doesn't work very well when all your users are "stupid": something which is very likely to be the case when making a public application.
      mtan
  • What a bunch of boneheads!

    Nothing is secure, every, at any time, under any circumstances. Fate can always intervene.

    That is why pirates used to say, "Dead men tell no tales."
    mikifinaz1@...
  • I repeat

    The very worst problem of Google (and hence the security of Google) is that Google is a support-less company. If the service runs fine then its ok but if fails then you are on you own, and most likely you must turn to other service provider.

    For example, if i found a critical vulnerability in Google, then the best chance to be fixed is to made the vulnerability public and create a mess about it.
    magallanes