Don't be evil
Third party data dangers
A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators (pdf).
I have been playing around recently with Google's Documents and Spreadsheets. What Google documents and spreadsheets allows you to do is to create documents or spreadsheets (and soon probably presentations) completely online using no software other than a browser and an internet connection. No Microsoft Word, no WordPerfect, no Excel, nothing. All well and good. AFTER you create the document, however, you are supposed to store it on a Google server. Indeed, with virtually unlimited storage, a company could theoretically store all of its documents on Google's servers - all with nothing more than a GMail user ID and password for security. What is even better, all of your documents and spreadsheets would be automatically indexed using Google's software, making it easy for you to locate your documents no matter where you are - as long as you have an Internet connection and can remember your GMail password. Very convenient, but would you do it?
Put aside the security aspects of remote storage of documents. Remember, irrespective of the amount of physical and logical security on the Google servers, ultimately your documents are going to be only as secure as your GMail password - and if you store your password somewhere, maybe not even that secure. I am not even sure that you can encrypt the documents you create on Google documents and spreadsheets - at least not with the software provided by Google - and encryption kind of defeats the purpose of indexing and quickly finding relevant documents.
Add to the security issues the host of legal issues raised by remote storage generally. Whenever records or other evidence is housed with a third party, you have not only increased the likelihood of data access, you have created a new entity with physical or logical possession of your records. Who "owns" your records? Who has a right to access them? Who has "possession" of them? Who has "control" over them? Who must produce them if there is a subpoena, search warrant or other court order? Suffice it to say, when you lose "possession" of the documents, you lose control over what happens to them.
Possession, Custody and Control
One of the biggest problems in the area of computer security is the fact that the law doesn't really distinguish between physical property and intellectual property. The same law which relates to, for example the possession of the murder weapon, also relates to the possession of information about the murderer. Intellectual property is just property. If you "have" it, you can be compelled - through various legal processes - to give it up, both in civil litigation, criminal investigations, administrative hearings, internal reviews, etc. Thus, the same law that allows law enforcement agents to get information about you with a court order or subpoena would allow a husband or wife to get the same information in divorce litigation. Unless the information is privileged (and in many cases even if it is) the entity that "holds" the information must pony it up. The law recognizes that an entity has a legal obligation to produce any materials within its "possession, custody or control." Such possession, custody or control can be physical possession (the gun in the footlocker), legal authority to produce, or in this case, "virtual" possession.
So whenever you entrust your information to some third party, you give up control over the information, and give up to some extent "possession" of that information. For some kinds of records this loss of control is inevitable. When you surf the web, you must transmit information about yourself through your browser to the web. When you send or receive e-mail, the information necessarily travels through some Internet Service Provider somewhere. Sure you can encrypt some information - you can use anonymizers to try to hide what you are doing, but in any event the information necessarily travels outside of your control. The anonymizer or "holder" of the information can be compelled to give up the information in the face of a subpoena or court order.
There is nothing fundamentally new about any of this. What is new is the fact that there is so much information about us held in the hands of third parties which never existed before. I am not talking about weblogs or Myspace postings that I voluntarily put out. Every book I read online, every song I download, every video or radio show I stream, every article I peruse creates a third party record which can be discovered.
How important is security?
While security is an important issue, for all of the documents that I or my company create on Google Docs and Spreadsheets, I'm not really worried if someone else sees them.
The three main cases in which they can be seen is if
(a) someone gets my password (I take care over where I type this in, and it's a random alphanumeric string that only I know),
(b) if a Google employee decides to have a look (I think that they have better things to do with their time, and I'm sure there's a lot more interesting Google Docs out there) or
(c) if Google are ordered to part with the info by law (if it comes to this, I probably have more pressing problems, and "I've got nothing to hide" etc).
I think that it would be difficult for malicious outsiders to get hold of the info if you're careful about passwords, ownership etc and for me at least, the benefits (proper concurrent spreadsheets and docs) outweigh the fairly small risks. I think that the majority of users will be in the same boat as me. For some, any risk is unacceptable, and these users will naturally have to fall back on more secure and less accessible options.
Host your own Google-ish apps?
I love the convenience of Google apps, but maybe it would work better to host such things on my own home server. Does anyone out there have such software, or are they developing it?
Store sensitive documents on Google?
Storing sensitive or personal documents on Google, or any other online storage facility, come to that, is asking for trouble. That said, Google Documents does have a useful role. I store basic document letterheads, spreadsheet templates, etc. just in case I need them urgently and have no other way of accessing them - a catastrophic failure of my laptop, for instance. I can then use my templates on a client's or colleague's machine, save the completed document to removable media and shred the original. I cannot see that storing sensitive documents online is any less incompetent than leaving a laptop in a taxi or failing to securely delete data from a no longer required hard drive. In security matters one should always consider the internet a leaking sieve.