LA officials question Google Apps plan

A Los Angeles councilman and the head of a police group are questioning the city's plan to move government e-mail and other records onto Google's hosted Web service Google Apps.

"Anytime you go to a Web-based system, that puts you just a little further out than you were before," LA City Councilman Tony Cardenas told The Associated Press. "Drug cartels would pay any sum of money to be aware of our progress on investigations."

Paul Weber, president of the LA Police Protective League, also said he is worried about the safety of sensitive police investigation records if they are moved to Google Apps.

The concerns come after sensitive Twitter documents were stolen by a hacker who gained access to a Twitter employee's Yahoo e-mail account and from there got information that allowed access to the company's data on Google Apps. Although the breach occurred in May, the severity of the situation wasn't clear until last week when the hacker fed the data to TechCrunch for public posting.

While Twitter executives noted that there was no security vulnerability in Google Apps, the linking of personal and work e-mail by the employee, re-use of passwords on multiple accounts, and easy to guess security questions allowed an outsider to steal confidential information and expose it to the world.

Washington, D.C., is the first major U.S. city to sign up for the $50 per user per year service. Seattle, meanwhile, is using Google's Postini service called Message Security.

"Government agencies at all levels - federal, state, and city - are looking to cloud computing as way to advance innovation while decreasing costs," a Google spokesperson said in a statement.

"We agree that security is a very important consideration for any organization considering cloud computing, and we've been working very closely with the City of Los Angeles to address any questions and concerns government officials or citizens might have," the statement said. "Security is at the core of how we design Google Apps, and as the City of Los Angeles' evaluation report notes, the proposed cloud computing system is an improvement over the level of security currently in place. It also provides other benefits of cloud computing -- such as increased innovation at reduced cost -- which are driving the city's request for a cloud solution to suit its IT needs."

Updated 11:35 a.m. PDT with Google comment.

[PhaseDMA]

I hate to say it, but if nothing else it does require some serious thought. If that be making positive that passwords are strong, or seeing exactly how strong the system is against brute force attacks, or any other prerequisite.

[rcrusoe]

I don't consider guessing someone's password (based on public information easily found on the web) as hacking. This was a combination of someone willing to do a little online research combined with a user that used the same password on multiple accounts.

Every kind of webmail is vulnerable to id10t exploits.

[JamesStick]

It is hacking. It's a misnomer that "hacking" requires you to write code. The security principle is 'isolation', and the issue is access.

Yes, weak passwords are an age old vulnerability and certainly aren't exclusively Google's achielles heel, but again,it's a mistake to think that simply because an innovation exists, that every conceivable type of record should use that innovation or system, or it's a dinosaur. Google (rightfully) says in their terms of use that if you're involved in aviation, critical care systems, or the nuclear industry - that you shouldn't use their services. I would add: Public Safety to that list.


Brand alligences and markting aside - not everything should be "cloud". Not because their services are neccessarily insecure, but the risk if anything goes wrong is irreperably high.

[holyreki]

When will people realize that having ONE company control this much data about everything and everyone is a very very bad idea. I can't believe our government is starting to hand over confidential national security information to web based google apps. Now, any disgruntle employee in Gvnt AND Google could cause mass hysteria and risk our lives.

Pretty soon Google apps will be housing GVNT docs for the US, EU, Canada, etc and will be more powerful than all. Talk about being too large to fail. Antichrist

[jessiethe3rd]

Hosting is not sound when you have confidential information to protect. Personally this is both a PR and cost saving move by the city of LA... for goodness sake even many of the companies I talk to refuse to go hosted because of the security and half of them are not even in a business that has a substantial amount of risk - this is just stupidity at the highest levels.

[gggg sssss]

Especially hosting at teh cloud level - where you do not know which server, with which software your stuff is on.

Fear the cloud (tm)

[citrusonic]

I think if your .org is non profit, you can play Google Apps for free

[jessiethe3rd]

Can you play Google Apps Premium (THE NORMAL PAID VERSION) for free? Does Google Apps support 128 bit encryption and https? NOPE!!!

[mbenedict]

@jessiethe3rd:

Google Apps supports HTTPS and 128-bit encryption.

[JamesStick]

@mbenedict:

Supporting HTTPS/128-bit encryption, and using by default are two different things. Google requires that you pay for that access. It's a smart, if not simply philosophy: Give away the meat, buy the potatoes. People who are silly enough not to read the fine print get stung.

[mbenedict]

@JamesStick:

Wrong. Even on the free Google Apps, the domain administrator can force SSL connections.

I.e., from Domain Settings, check "Enable SSL". This option will "Automatically enforce Secure Socket Layer (SSL) connections when your users access Gmail, Calendar, Docs, and Sites". I just checked a couple "Standard Edition" (free) domains and this option is selectable.

Google is also looking into enabling SSL for all GMail connections all the time.

[codynews]

lol@ "sensitive Twitter documents"

[Been_there_Saw_it_before]

Just because we are allowed to do it and are able to do it does not mean we should do it. Someone needs to consider just how much information is public and difficult to get verses how much information is public and available and the click of my mouse.

[JamesStick]

+1

[jessiethe3rd]

This is just a dumb dumb dumb move. PR and cost cutting are obviously at work here and to be honest, it's just about the most stupid thing you could do. Many companies I know have specialized SLAs just to have hosting with a third party for their email environment. Think about the stupidity of a city offering up private information to a company who is, by all respects, a advertising company. While Google is trying to make in roads in Enterprise and government they aren't doing it "free." They have a pay service called Google Apps Premium and it is a charge service. Add on the fact that Google doesn't support https and there goes your privacy...

The city of LA is stupid and the public needs to be really aware just what is going to be going through GoogleDocs. Even the people who use GoogleDocs free edition will tell you - they don't put their private information anywhere near the application - there is no security there on the free edition.

See here:
http://www.betanews.com/article/Google-Docs-security-hole-may-have-exposed-private-documents/1236611468

and here...
http://www.techcrunch.com/2009/03/26/more-security-loopholes-found-in-google-docs/

and here (HIPAA stands for the Healthcare Insurance Portability Accountability Act - basically means your healthcare information is secured from being shared a la - Jack has AIDS, that information should be kept private to Jack and his personal doctor.)
http://www.ihealthbeat.org/Articles/2009/4/8/Google-Microsoft-Say-HIPAA-Stimulus-Provision-Doesnt-Apply-to-Them.aspx

Seriously, why would one give all their information to a company whose universal mission is,
"to organize the world's information and make it universally accessible and useful."

Is it just me or does the statement, "universally accessible" seem the complete opposite of the word, "privacy."

[n3td3v]

Outsourcing security happens all the time, but do we consider Google a viable contractor for government and law enforcement efforts in special regard to information security? I say the government should regulate who gets to host government information and make sure all government departments and agency's are streamlined into that, so you don't get individual departments, agency's and police forces going freestyle on who hosts their information, and the security of that information.

[faceless128]

Governments outsource their data storage all the time, how is using Google any different than any other 3rd party? How does the reasoning against using Google make any sense when it's based on some guy logging in with an accurate username and password? It's not Google's fault that some random person couldn't secure their own private passwords.

[gggg sssss]

**** Have these people been sniffing the exhaust to long? Where is Arnie? Never mind hacker. Any sys admin at Google can access, delete, distribute or alter this stuff. This is absolutely insane. Use open source if you wish ( and screw yourtaxpaying software developers while you are at it) But keep your data in teh cloud? **** ****

Fear the cloud (tm)

[gggg sssss]

O M F G is banned??

[hhs2112]

But hey, at least city employees will be able to see ads related to the sensitive information LA will be giving google! After ?indexing? employee insurance claims Bob in Zoning will be grateful to see ads espousing a cure for his toenail fungus and Mary at the Police department will be thrilled to review 6-8 ?specially selected hotels? immediately upon submitting her vacation request for two weeks in Cabo...

[BIGELLOW]

They can just turn these ads off.

[Vegaman_Dan]

This could be either a fantastic move or a stellar fumble on LA's part. I know if I was a lawyer in LA, I would be loving this opportunity as any court record stored on the system would become suspect and possibly compromised if *any* part of Google's system is compromised *anywhere* and that includes non- city sites. Breach one part of the system and you cannot 100% guarantee that the rest is secure. Do that and court cases will have to be tossed out accordingly.

The risk of information theft is simply too high in my opinion. Companies have internal servers for liability and chain of custody reason for this very issue.

But let's see what happens. Just don't live in LA. :)

[wshwe]

Data on LA servers may not be any more secure than on Google servers. Data is only as secure as the IT staff and users make it regardless of where the data resides. San Francisco's troubles are a good example.

[gggg sssss]

But at least local IT staff can be vetted, even if not perfectly. How do you know some google sys admin in germany is not loking at the data stored on a server in the US and selling the results to some Korean car company? Or chinese computer company

[X-C3PO]

.... Most of Stupid thing for security

[yokocar1]

Where are you folks getting your info that Google Apps is not 128-bit SSL? 100% false.

As WSHWE said, it's not about where it's stored...it's about how the IT staff secure it. What would you be saying if the in-house hosted infrastructure is hacked? If someone wants in, eventually they will find a way...it doesn't matter who hosts the data. Password policies and user education need to be enforced as this is the weakest link.

Want to test? Admins: Ask a user for their password to any system for "troubleshooting purposes". If they give it to you, there's your weak link.

[gggg sssss]

But the data on the server itself just is plain old 7 bit ascii LOL

[BIGELLOW]

Sounds to me that a lot of clueless people are commenting on this. They suggest that open source software would be more secure. Yes, open source software is more secure than closed source software. However, an incompetent IT department could run an open source solution and fail to secure it properly.

The real question is... which organization would be better at implementing and maintaining security? Google's IT department or LA's IT department? My bets are on Google.

Also, many people seem to be assuming that because the data in Google Apps is hosted on Google servers, that every Google employee just automatically has access to everyone's account. This isn't the case. They secure all data from all employees. The only employees who have access to the data are those who are on a need-to-have basis, and even then the data is encrypted, aggregated, and anatomized. If you need assistance from a Google employee over a particular file, they will not be able to gain access to it unless 1) you give them your login credentials [which they would never ask for] or 2) you use the collaboration tools to share the data with them.

As for HTTPS... this is supported by all versions of Google Apps (free and paid) and should be properly enabled by the administrator for the domain. Hopefully LA will at least keep a competent enough IT professional to manage the Google Apps account to make sure such things are kept in check.

Also, people automatically assume that "in the cloud" means "out there"... but hosted by LA's IT staff means "closed up somewhere". The reality is, LA's IT department uses VPN software to allow access from the outside. You just don't know the URL. If someone posted the URL everywhere, then eventually some hacker might get through. Some "hacking" techniques don't involve computers at all, but are social engineering techniques. For instance, someone could call a lowly LA staff person and sound like they are from the IT department and ask for their credentials. They can call 20 different people and eventually one would be duped into giving up the info. Then, they'd be in... not by bypassing technical security, but bypassing common sense.

So, the only difference between using an "internal" solution for LA... or using Google Apps... is the hardware will sit in a server room in LA instead of one of Google's server rooms. It's just physical space. It all boils down to which one is more secure... which one has more funds going into security. Again, in this area, my bets are on Google.

The Twitter incident was an act of social engineering. It would be no different than if one of LA's employees gave the URL to their VPN and their login info to a random person. Using Google Apps to protect against social engineering would be no better than using anything else. When it comes to physical security, however, I would expect Google's security engineers to have a leg up on any smaller IT department.

[gggg sssss]

but everybody knows teh google URL. And 1000 hits from china on a coroprate server will set intrusion alarm bell off. 1,000,000 hits on google is just a slow minute.