March 18, 2009

Google slammed over security of cloud services

Privacy group calls for action from US regulators

By Jeremy Kirk, IDG News Service

---

The Electronic Privacy Information Centre is calling on the US Federal Trade Commission to investigate whether Google is making deceptive claims over the security of data stored in cloud-computing services such as Gmail and Google Docs.

EPIC, an online privacy group, filed a 15-page complaint, asking the FTC to force Google to stop offering online services that collect data until the presence of adequate privacy safeguards is verified. EPIC also wants Google to disclose all data loss or breach incidents.

Google has not reviewed the complaint in detail but has policies in place to ensure data is protected, it said in a statement Wednesday.

"Cloud computing can be more secure than storing information on your own hard drive," the statement said. "We are highly aware of how important our users' data is to them and take our responsibility very seriously."

Cloud-computing services offer several advantages for users since many are accessed through a Web browser and do not require other software to be installed on a computer.

Software updates are integrated automatically into the service, another maintenance advantage. But the safety and security of the data is in the hands of the company providing the service, and access to it depends on network availability.

The popularity of cloud computing services continues to rise. Figures from ComScore in September 2008 showed that 26 million people are using Google's Gmail service, EPIC wrote in its complaint.

EPIC cites several incidents where data held by Google was at risk, the most recent of which occurred earlier this month with its Google Docs office productivity service.

An error in the service caused some documents to be exposed to other users without proper permission. Google said the error occurred between users who had already shared documents before and amounted to less than 0.5 percent of documents held in the service. EPIC also listed other security flaws in Gmail as well as Google Desktop, a desktop indexing program.

EPIC contends that Google assures users that data is stored securely, but the company's terms of service say it holds no liability for harm.

Google Docs would be more secure if personal data was encrypted rather than stored in clear text, which is a commonsense security practice, EPIC argued in its complaint.

"Google made material representations that misled consumers regarding its security practices, and users reasonably relied on Google's promises," the complaint said.

EPIC also wants Google to revise its terms of service concerning how it handles data. It also would like the company to donate $5 million to a public fund that will support research into technologies such as encryption, data anonymisation and mobile location privacy.

Newsletters

Our Daily & Weekly Newsletters highlight breaking news, vital issues, expert analysis and solutions to help you stay ahead of developments in the industry.