Risk
3/19/2009
01:42 PM
50%
50%

Feds To Shut Down Google Apps?

FTC is weighing request from privacy group that claims data stored in the cloud isn't secure.

The Federal Trade Commission is looking into the risks of cloud computing.

The FTC held a two-day meeting this week to discuss data security in the global economy. Regulators are trying to determine whether they should intervene with cloud computing to address security and privacy (PDF) concerns.

Critics, including the Electronic Privacy Information Center, argue that consumers are at greater risk of privacy breaches with cloud computing because data management practices are inconsistent.

EPIC asked the FTC for a legal injunction to stop cloud computing until the government approves it. In the unlikely event that the request is fulfilled, millions of individual and business users could be prevented from accessing data stored in the cloud.

EPIC made the request after a Google Docs breach that exposed some word processing documents. The letter specifically targets Google and urges the FTC to look into whether the company is using unfair and deceptive practices by providing products and services that aren't safe. EPIC's request applies to Google Apps, Google Calendar, Google Docs, and Gmail.

"Cloud Computing Services are rapidly becoming an integral part of the United States economy, with implications for business development, security, and privacy," EPIC explained in the letter (PDF).

It cited a September report from ComScore Media Metrix, which estimated that 26 million consumers used Google's Gmail Cloud Computing Services. The group also cited a March IDC study that predicts corporate IT spending on cloud services will reach $42 billion by 2012.

Proponents of cloud computing -- including Google -- argue that cloud computing is at least as secure as traditional computing because providers can often better protect data than their customers can.


InformationWeek Analytics has published an independent analysis of the challenges around setting business priorities for next-gen Web applications. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-1793
Published: 2014-12-25
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."

CVE-2011-1794
Published: 2014-12-25
Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified ...

CVE-2011-1795
Published: 2014-12-25
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document con...

CVE-2011-1796
Published: 2014-12-25
Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaS...

CVE-2011-1798
Published: 2014-12-25
rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown othe...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.