washingtonpost.com
Is Google Too Big?
With its empire expanding, the search giant can have an unprecedented breadth of knowledge about you. Can we trust it with so much data?

Scott Spanbauer
PC World
Tuesday, June 19, 2007 4:32 AM

From search to e-mail, from calendars to spreadsheets and text documents, more and more of what PC users read and create flows through one firm: Google.

Google's pending purchase of online advertising giant DoubleClick (the deal awaited Federal Trade Commission approval as we went to press) will give it access to yet more information: the Web browsing histories collected by millions of DoubleClick cookies. Combine that data with what Google already knows through its homegrown services--Google Apps, Gmail, Google Calendar, Google Maps, Google Desktop, and many others--and the company has the potential to know more about you than any one entity ever has. (See the chart, " What Google Knows About You.")

The question is, can you trust Google with all that information about you? And even if you trust Google, what about other groups that may try to access all that information--government agencies, hackers, and rival businesses, to name a few? Privacy and security experts say that the risk is significant, even if Google sticks to its famous "Don't Be Evil" motto.

According to Harvard Business School assistant professor and researcher Ben Edelman, companies face many risks when they use online software services such as Google's, namely loss of privacy, lack of physical data security, and lack of control over data retention. Who can access your Google-hosted data, and when, and under what circumstances? Google itself has full access to your files, which are unencrypted. In fact, searching and indexing stored data are essential if Google is to continue serving its contextual advertising.

Doubleclick Deal

Should Google receive approval for its acquisition of DoubleClick, it could become the single largest custodian of Internet user search and browsing histories, with few legal restrictions on using that data or sharing it with third parties. The Electronic Privacy Information Center filed a complaint with the FTC, which must approve the deal, asking it to investigate the ability of Google to record and profile the activities of Internet users, whether they are personally identifiable or not.

The FTC appears to be taking the matter seriously, requesting additional information from both Google and DoubleClick. The European Union's privacy agency and the New York State Consumer Protection Board are also concerned about the purchase's effect on browsing privacy.

A Google FAQ page, however, insists that the acquisition, far from endangering privacy, will improve it, and that the company remains committed to respecting users' privacy preferences.

Another danger in switching to hosted services like Google Docs and Spreadsheets and Google Calendar is that of losing access to your data. What happens when the office DSL connection goes down? And how would you make last-minute changes to, say, a critical spreadsheet while you're flying coast-to-coast? The recent launch of Google Gears, which will let you use online apps from Google and other companies without an Internet connection, promises to overcome this limitation, but the service likely won't become widely available for several months. Until then, your data is off limits when you're offline.

"You're accepting dramatically increased [file management] complexity--maybe for good reason--in order to get the benefit of having Google engineers keep everything running for you," observes Edelman. He says that businesses need to consider not only the benefits of outsourcing server management but also the drawbacks of having to keep local versions of documents synchronized with the Google-hosted versions.

Despite the uncertainty of Google's plans for your personal data, the company itself is probably the least of your worries. Instead, warns Edelman, hackers or your business's competitors could try to infiltrate your Google accounts via forged documents or other illegal methods.

Warrant Search

The government, too, might like to see what's in your Gmail inbox and your Docs and Spreadsheets files, including when you created, accessed, or deleted the data. Since you identify yourself whenever you sign in to your account, Google could use logs for the originating IP address of account activity, combined with ISP logs, to help confirm that it really was you who updated that spreadsheet or wrote that e-mail.

Google must comply with search warrants and subpoenas in civil or criminal cases that target your data, just as you would if you stored your data on your own servers. The difference, however, is that Google has no obligation to inform you that it has received such a warrant and has turned over your files to the authorities. "You lose both factual and legal control over your documents if you use an online service like Google," says former Department of Justice computer crime unit head Mark Rasch, current managing director of technology for forensic consulting firm FTI in Washington, D.C.

"Google Apps makes [the situation] even worse," Rasch adds, explaining: "This is not just communications, it's all my documents and spreadsheets that are subject to subpoena, search warrant, or civil discovery. The hard part is that Google is under no legal obligation to notify me, and in particular kinds of investigations, they're going to be prohibited from notifying me."

Being left in the dark about these types of searches can also result in serious liabilities should your files contain sensitive client data and communications. "Let's say I'm a lawyer, and I've got privileged information that I store using a Gmail account," Rasch continues. "The government seizes that Gmail account and reads my files. Under the law, I must assert the attorney-Client privilege, or I have waived it," he explains.

In short, if Google chooses not to inform you of such searches, you have waived that privilege. Only strong encryption--a technology Google currently does not support--offers real privacy protection for documents kept online, according to Rasch.

Harvard's Edelman recommends using Google services just for specific business documents in which collaboration among geographically dispersed teams is unusually important. "I wouldn't move my whole business onto Google Apps," he counsels.

Google Apps and similar Web services certainly have appeal for many small and medium-size businesses. When San Francisco's SFBay Pediatrics, a midsize practice, went looking for an interoffice communications, scheduling, and calendaring system, CIO Andrew Johnson considered "a slew" of products, including Microsoft Exchange and other systems that he would have to install and maintain in-house.

He selected Google Apps Premier Edition (the ad-free commercial version of Google Apps) because of Google's good reputation and his staff's familiarity with Gmail. Also, the Google services free the practice from setting up a significant IT structure. "We don't want to spend the time tracking down server issues, maintaining servers, and paying up-front costs," Johnson says.

So far, SFBay has had a positive experience with Google Apps, which it uses for such tools as a shared phone-call log that receptionists, nurses, and physicians can view and update. Though core features are still being rolled out, Johnson has configured SFBay's Google Apps account to comply with the privacy rules of the Department of Health and Human Services's Health Insurance Portability and Accountability (HIPAA) regulations. "We're taking it in little baby steps," Johnson adds.

Secret Life of Files

Google's online trove of sensitive personal and business data is proving attractive to law enforcement agencies, a fact not lost on the company: Last year it successfully warded off a Department of Justice subpoena demanding millions of search queries. (This request, the company countered, was excessive and an invasion of user privacy.)

The search giant also recently announced that it would begin deleting IP address information--which can be used to identify users--from its logs after 18 months. However, these steps may not be enough to reassure the most security-conscious users of Google applications.

"Even if you trust the service to do the right thing with the data, which I tend to do in the case of Google," says Lauren Weinstein, cofounder of People for Internet Responsibility, "it doesn't mean that someone won't come along and make demands for access to that data that wouldn't occur if the data was on your own machine."

Weinstein worries that if companies such as Google don't take a stronger role in protecting user privacy, less-savvy groups, including legislators, judges, and federal government agencies, may feel obliged to step in with solutions that could hamper all online services. "Not being evil is good, but it's not good enough," Weinstein says.

"What you really need to do is not only not be evil, but you've got to try to keep other people from doing evil with your magic. And that's a harder step to take."

What Google Knows About You

Relying on Google's free services can boost your productivity, but they may also put your privacy on the line, your business at risk, and your data out of reach. Click on the icon below to see our chart of Google services and their potential risks.

© 2007 PC World Communications, Inc. All rights reserved