Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Google Drive Privacy: 4 Misunderstood Facts

Privacy and security questions have bedeviled the launch of Google's new online file-storage service. Ignore the hype and consider these four key facts.

Oracle v. Google: Tour The Evidence
Oracle v. Google: Tour The Evidence
(click image for larger view and for slideshow)
When people upload a file to the new Google Drive online file-storage service, who owns the file?

For answers, one might turn to the unified terms of service that cover all Google products: "When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations, or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display, and distribute such content."

In other words, Google appears to reserve the right to do anything it pleases with uploaded data. Or does it?

With such questions now bedeviling Google Drive, here are four privacy--and file-ownership--facts about the new service.

[ Is proposed Cyber Intelligence Sharing and Protection Act (CISPA) a threat to your privacy? Read CISPA Bill: 5 Main Privacy Worries. ]

1. Google's All-In-One Privacy Policy Creeps People Out

Google's terms of service--which applies to all of the company's "Services"--seems quite wide-reaching. So, does that mean that Google would actually take people's content and reuse it? "I'm sure that the assertion of perpetual, worldwide rights over their customers' intellectual property and the use cases of promoting, improving, or developing new services based on that content is just the result of over-zealous lawyers attempting to head any potential future lawsuit off at the proverbial pass, rather than an outright attempt to go against their in formal motto, 'Don't be evil,'" said Rik Ferguson, director of security research and communication at Trend Micro, in a blog post.

2. Google Doesn't Own People's Files

With such comments accompanying the launch of Google Drive, the company moved quickly to issue a statement clarifying what its terms of service means. "As our Terms of Service make clear, 'what belongs to you stays yours,'" according to the statement. "You own your files and control their sharing, plain and simple. Our Terms of Service enable us to give you the services you want--so if you decide to share a document with someone, or open it on a different device, you can."

3. Competing Services Offer Similar Privacy Policies

Services such as Dropbox, Apple's iCloud, and Microsoft's SkyDrive differ in that they only detail the terms of service for a single service, as opposed to Google, which uses a single privacy policy to cover everything from Gmail, Google+, Google Docs, and in the future, even the merger between Google Drive and Chrome OS.

But in a close reading of Google Drive competitors' privacy policies, The Verge found that they essentially reserve the same types of rights for themselves--only "they just use slightly more artful language to communicate them." Or as the Microsoft SkyDrive terms of service put it: "Your content remains your content."

4. Files Hosted In Cloud Face Certain Security Risks

Are fears over what Google might do with people's Drive files overblown? From a privacy standpoint, the Electronic Frontier Foundation's media relations director and digital rights analyst, Rebecca Jeschke, told Ars Technica that many users of cloud-based file storage and sharing services would do well to remember past cyberlocker takedowns. "In light of Megaupload, it's possible that users are worried about the wrong thing," she said. Notably, uploaded files might get lost, stolen, exposed, made irretrievable, or even obtained directly from the service provider with a court order, perhaps without the owner's knowledge.

In other words, would-be users of online file storage services should weigh more than just Google's privacy policy before trusting their files to the cloud. And in the words of the Microsoft SkyDrive terms of service: "If you don't agree, don't use the service. Thanks."

InformationWeek is conducting a survey to determine where enterprises stand on their IPv6 deployments, with a focus on security, training, budget, and readiness. Upon completion of our survey, you will be eligible to enter a drawing to receive a 16-GB Apple iPad. Take our D-Day for IPv6 Survey now. Survey ends May 11.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
paperlessme
50%
50%
paperlessme,
User Rank: Apprentice
4/29/2012 | 2:46:10 PM
re: Google Drive Privacy: 4 Misunderstood Facts
Forget about privacy today. Everyone is tracking you in this connected world, not just your friends. Still, it remains simple to lock the door when we use public restrooms and have some privacy. Just as easy it is to encrypt your private data when placing it in the public domain. There are plenty of free tools to help us along - check out "Google docs encrypt file"
gws-tex
50%
50%
gws-tex,
User Rank: Apprentice
4/28/2012 | 2:15:38 PM
re: Google Drive Privacy: 4 Misunderstood Facts
Privacy policies are very simple. If you do not want it shared, comprimised, stolen, or published for your (spouse, boss, future boss, hacker, etc.) to see, then don't put it out there. While you must agree to the terms of service to use, no one is forcing you to put embarassing, personal or financial information you do not want comprimised on a public server. Don't put a quart of milk on the front porch in the summer and try to sue the dairy when it sours. If you need access to those type of files, leave your computer on and use a service like laplink to create an encrypted connection to your data.
<<   <   Page 2 / 2
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27187
PUBLISHED: 2020-10-26
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related command...
CVE-2020-7752
PUBLISHED: 2020-10-26
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
CVE-2020-7127
PUBLISHED: 2020-10-26
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVE-2020-7196
PUBLISHED: 2020-10-26
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the ur...
CVE-2020-7197
PUBLISHED: 2020-10-26
SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* U...