If you have something to hide from the government, don't use Google Drive

Just as with Dropbox, SkyDrive, or any other cloud service provider, if you have something to hide from the government, don't put it in the cloud. Here's why.
Written by Zack Whittaker, Contributor

Google Drive arrived at long last this afternoon, and unlike its social networking project, it hasn't needed any publicity from the press to generate excitement.

But what happens when a European citizen, or non-U.S. citizen, uploads sensitive data or personal information --- or even those photos from a family vacation a few months back --- to a service where its datacenters are outside of your own legal jurisdiction?

Whose laws apply, and do you have any legal protection while your files are stored in a U.S. server, as you sit at your office desk in London or Brussels, or Sydney or Tokyo?


Don't think for one minute this problem is limited to Google Drive. Just like any other cloud service, such as Dropbox, Microsoft's SkyDrive, or Box.net, which is hosted within the United States --- even if it has European or non-U.S. datacenters --- where your documents actually reside remains an important and contentious topic.

This isn't new. U.S. law allows law enforcement to search until they are blue in the face. It's just the way it goes, and has been the case for over a decade at least. The UK authorities are the same, and so are the Germans, the Australians, and most other economically developed countries in the world.

But because the technology world revolves around Silicon Valley based companies, we are more concerned and focused on U.S. law, as it's the only one that really applies.

In the case of Google Drive, the search giant makes it clear that it can transfer your data outside Europe to the U.S. for any purpose:

"As part of providing the Services, Google may transfer, store and process Customer Data in the United States or any other country in which Google or its agents maintain facilities. By using the Services, Customer consents to this transfer, processing and storage of Customer Data."

Because all of these companies are U.S.-based, they have to comply with the laws of the United States, but also comply with foreign laws in some cases --- such as the European Union --- particularly if the company markets itself as an international company, or targets users outside the United States.

With this, a conflict emerges. Whose law should the company follow if there is a conflict? If Europe says, "you can't take data outside of your European datacenter," but the U.S. government requests a users' files in that datacenter, there is a problem that frankly nobody knows the answer to.

Not yet. Despite it reaching the European Parliament, the Commission denies there is a problem, but has stonewalled its own Parliament over questions, and continues to miss the damn point.

But the same applies in reverse. Any UK wholly-owned cloud computing company, with datacenters and its operations center both within the borders, means the UK government can access such data under similar Patriot Act-like laws. The UK has intelligence sharing agreements with the U.S. anyway, so that data could easily be handed back to base for further snooping.

While the cloud is a fantastic way of keeping your employees, staff, students or anyone else for that matter connected to the files and content when they need it, it should not be a compromise for document or corporate security.

Simply put: don't put anything in the cloud --- whether it be Google Drive, Dropbox, SkyDrive, or any other service --- that you would not want anyone seeing. Because at least if the feds come knocking at your door, at least you know what they're after, and why they're after it.

"If you have something to hide [from the government or otherwise], don't use the cloud". It really is as simple as that.

With the cloud, there's no way of knowing for sure that your data isn't going elsewhere. At least in your own private cloud, you can control who has it and where it goes. For a start, someone from the government has to physically knock on your office door to request the documents, whereas in the cloud, they can take what they like and prevent the cloud provider from saying anything.

Enough screaming into the wind. It's enough to say: "don't use the cloud for mission-critical or sensitive documents." It's as obvious as telling someone to wrap up before they go out because it's chilly outside, or telling someone not to put their hand in that white-hot fire.

But on days like today, it's easy to get wrapped up in the "shiny, shiny," and forget there is an actual world of politics out there.

Image credit: Google/ZDNet.


Editorial standards