Simply Security - News, Views, and Opinions from Trend Micro

Posted on July 2nd, 2012 in Current News, Data Privacy by Simply Security | Be the first to comment | Tags: Data Privacy

Google's foray into the public cloud storage space has reignited data privacy debates of old.

Google unveiled its take on personal cloud storage this week to a somewhat predictable mix of fanfare from brand advocates and pointed questions from competitors and detractors. But as the dust begins to settle, industry observers have taken particular interest in the fine print of the Google Drive privacy policy.

Data privacy fears stoked once more

When a company that makes the vast majority of its revenue through targeted advertising sets up a proprietary platform to collect consumer data in droves, it should come as little surprise that anxiety levels immediately hit the redline for a number data privacy advocates. Google has also dug itself a bit of a hole in this arena after a series of run-ins with regulatory bureaus on either side of the Atlantic that ultimately resulted in landmark revisions to company policy. But while the simplicity of the new privacy statement was appreciated, the potential for loose interpretations has helped stir the pot in the latest series of consumer cloud storage debates.

“The language is not drafted nearly as tightly as we would expect from a company of Google’s size and stature,” tech industry legal expert Eric Goldman explained in a recent interview with CNET columnist Rafe Needleman.

The Google Terms of Service assures customers that “what belongs to you stays yours.” This would imply that users own the rights to any content they submit to the company. However, nearby passages in the agreement seem to muddle the implications of that conclusion when it is stated that “you give Google a worldwide license to use, host, store, reproduce, modify, create derivative works, communicate, publish, publicly perform, publicly display and distribute such content.” According to Needleman, the section in question has left itself wide open to interpretations that Google is granting itself an unrestricted license to use consumer data to inform its own advertising initiatives.

The New York Times fanned the flames of this controversy by revealing that its employees had been explicitly warned against using Google Drive or Gmail for company content until the search titan clarifies its policies. In response, Google officials have asserted that their policies were very much in line with those of competitors like Microsoft SkyDrive and Dropbox.

As more thoughtful explorations of the matter continue to emerge, there seems to be plenty of merit to that defense.

Data privacy issues aren’t restricted to Google

“Every time a company updates their terms of service – or posts a new one – users end up being shocked by the language that describes company’s rights to use your information,” Future of Privacy Forum director Jules Polonetsky told the Times. “But it does not appear that Google claims ownership of your data. This is just the annual fire alarm when users actually look at the legalese needed to describe a company’s right to host your data for you.”

In a comparison of leading consumer cloud storage utilities conducted by Verge columnist Nilay Patel, a number of interesting discoveries emerged. For instance, Dropbox’s terms of service leave plenty of areas open to interpretation as well. Although it does practice a permission-based model of data privacy protection, it’s not exactly clear what tasks Dropbox can request clearance to complete. Conversely, Google spells out any and all tasks it would complete with user data.

Patel also unearthed some fine print that could be of interest to Apple iCloud users. While it uses customer data for pretty much the same purposes as its competitors would, Apple reserves the right to remove any content that it deems to be “objectionable.” There is little additional guidance to suggest what may or may not offend the company’s sensibilities.

The clause is primarily intended to comply with the Digital Millennium Copyright Act and curb digital piracy, but it is the strongest stance taken by any consumer cloud storage provider so far. Microsoft specifies that users will be found in breach of contract if they share copyright-infringing content, but that is where the scope of its content takedown powers end.

Cloud security returns to the fore

It will be interesting to see Google’s response in the coming days and weeks, as additional revisions to privacy policy could be in order. But as it stands, Google Drive has not necessarily told us anything new about the way the company handles customer data – and the majority of its practices seem to be standard operating procedure among its competition. As that realization begins to sink in, potential customers will likely revisit older conversations concerning cloud security.

The cloud services industry still has a bit of a Wild West feel, according to Los Angeles Times, with regulatory efforts still in their formative stages. When faced with a litany of different legal scenarios at the state and federal level, the best most consumers can do is accept a certain amount of risk and make a well-educated decision on how much data to share, and with whom.

Data Security News from SimplySecurity.com by Trend Micro