Google Office vs. Government “Request”

TechCrunch is a terrific blog covering new Internet products and companies.  Edited by Michael Arrington, it’s a clearinghouse of information on ”Web 2.0” - the agglomeration of innovations that could take online life and business through their next leaps forward.

In this recent post, TechCrunch briefly assessed some concerns with Google’s office strategy.  Google has online offerings in the works that could substitute for the word processing and spreadsheet software on your computer - just like Gmail did with e-mail.

And just like Gmail, documents and information would remain on Google’s servers so they can be accessed anywhere.  This is a great convenience, but brings with it several problems, namely: 

The fact that unauthorized document access is a simple password guess or government “request” away already works against them. But the steady stream of minor security incidents we’ve seen (many very recently) can also hurt Google in the long run.

Arrington’s post goes on to highlight a series of small but significant security lapses at Google.  If Google wants companies and individuals to store sensitive data on their servers, they have to be pretty near perfect - or better than perfect.

Then there is government “request.” Arrington makes appropriate use of quotation marks to indicate irony.  Governments rarely “request” data in the true sense of that term.  Rather, they require its disclosure various ways - by warrant or subpoena, for example, by issuing “national security letters,” or by making a technical “request” that is backed by the implicit threat of more direct action or regulatory sanctions.

On resisting government demands for data, Google has been better than most - an awfully low hurdle.  It opposed a subpoena for data about users’ searches earlier this year.  But Google has a long way to go if it wants people to believe that leaving data in their hands does not provide easy (and secret) access to the government.  Indeed, thanks to the recently passed cybercrime treaty, doing so may well provide access to foreign governments, opening the door to corporate espionage and any number of other threats.

At a meeting of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee in San Francisco last July, I asked Google Associate General Counsel Nicole Wong what the company is doing about its ability to protect information from government “request,” given the sorry state of Fourth Amendment law with respect to personal information held by third parties.  Her answer, which I must summarize because the transcript is not yet online, amounted to “not much.”  (Eventually, the transcript should be linked from here.)

Google has issued a “me too” about an effort to invite regulation of itself.  That project is going nowhere, but if it did get off the ground, it would do nothing about government access to the information that Google holds for its customers. 

Government access to data is a big flaw in Google’s nascent effort to move into online productivity services.