informa
Commentary

How Private Is Google's Cloud? And Is It Any Of The FTC's Business?

Privacy advocacy group The Electronic Privacy Information Center has asked the Federal Trade Commission to investigate Google's security procedures and practices. Should you be more concerned about Google's lapses than you are (or should be) about any other cloud-based service?
Privacy advocacy group The Electronic Privacy Information Center has asked the Federal Trade Commission to investigate Google's security procedures and practices. Should you be more concerned about Google's lapses than you are (or should be) about any other cloud-based service?Google's drive to get you to move everything to the cloud, and particularly to Google's cloud has hit some turbulence lately.

A couple of brief, but widely publicized and annoying Gmail outages prompted reliability/availability questions (unavailable e-mail services are more than just annoyances for business.

The emergence of targeted behavioral ads based on search habits raised more privacy concerns. (To its credit, Google shows how users can opt out of the ad program.)

Raising additional hackles, and some not-small questions, Google's early March code slip-up that made some (less than 0.05% of docs stored in its cloud, Google says) Google Docs material public.

Now privacy advocacy group the Electronic Privacy Information Center (EPIC) has filed a formal request with the Federal Trade Commission (FTC) for an investigation of Google's security practices and privacy-protection procedures.

The request itself (available here) leads with both a description of the concerns

"Google does not adequately safeguard the confidential information that it obtains" and, based on findings, to take steps including, if necessary,

"enjoin Google from offering such services until safeguards are verifiably established."

Probably we have a pretty good idea of how likely that last is to happen, but we should also allow ourselves some hope that EPIC's request gets the attention it deserves.

For all of Google's explanations of the various problems (one Gmail outage may have been caused by code designed to keep European data physically in Europe) and their (relatively) minor impact, the company has become such a behemoth, and such a focal point for the possibilities of the cloud that it is of necessity a focal point for the cloud's potential problems and perils as well.

That includes the scrutiny of EPIC and other advocacy groups, it should include the scrutiny of the FTC and above all it should include your own scrutiny, both of practices such as behavioral advertising and potential privacy breaches of apps and services, but also of your own cloud practices.

How much of your most secure, confidential and proprietary information do you want to work on and store in clouds whose nature, and the nature of whose security, is still evolving?

Recommended Reading: