Google on data security: You can trust us, really

Google described on Tuesday how it secures the mountains of data that it handles every day, saying that it has highly automated processes and employs the best and brightest in Web security.

Douglas Merrill

(Credit: Google)

On the Official Google Blog, Douglas Merrill, a vice president of engineering, spelled out the company's philosophy, processes, and technology that the company employs for security.

He said that the company is developing its own security software, particularly to address areas such as large-scale computing and automation.

Google's processes are set up so that sensitive personal information can only be viewed by exception, Merrill said.

"We carefully manage access to confidential information of any sort, and very few Googlers have access to what we consider very sensitive data. This is in no small part because there's very little reason for us to provide that access--most of our processes are automated, and don't require much human intervention. Of course, the limited number of people who are granted access to sensitive data must have special approval," he wrote.

[JimSlik]

Trust Google? Not!

Douglas Merrill, Google Engineering VP, says we can trust Google. Mr. Merrill, together with Google, has a lot more explaining to do before I can accept that statement.

In CNET news article (TODAY):
http://www.news.com/8301-13578_3-9890761-38.html?tag=nefd.lede

we also see that "A survey CNET News.com published in February 2006 asked the major telecommunications and Internet companies this question: "Have you turned over information or opened up your networks to the NSA without being compelled by law?" AT&T, Adelphia, Google, Level 3, Verizon, and Yahoo would not answer the question; the rest said they had not.".

That needs a lot of explanation and apology.

[rcrusoe]

Why not trust Google?

After years of having Microsoft browse our hard drives at will,
trusting Google shouldn't be a problem for anyone.

--------------------------

Microsoft EULA from Windows XP Service Pack 1 and 2000
Service Pack 3:

"By using these features, you explicitly authorize Microsoft or its
designated agent to access and utilize the necessary information
for updating purposes. Microsoft may use this information solely
to improve our products or to provide customized services or
technologies to you. Microsoft may disclose this information to
others, but not in a form that personally identifies you.

The OS Product or OS Components contain components that
enable and facilitate the use of certain Internet-based services.
You acknowledge and agree that Microsoft may automatically
check the version of the OS Product and/or its components that
you are utilizing and may provide upgrades or fixes to the OS
Product that will be automatically downloaded to your
computer."

[Kimsh]

Heres why

That EULA gives very specific restrictions on what is looked at and what can be done with it. Googles response? "We have our best people looking at the problem". Googles buniness model is based, in part, on doing analysis of the information you pass through them to build a profile of you as a user. Things you like, things you don't... and you trust them to know what they are doing?
Any time I hear someone say, "we are building our own better solutions" I hear "we are cleverer than anyone else and don't need to heed their warnings". Seen it too many times in the software business and it almost always ends in tears. You know what, learning from the experience of those who have come before is pretty much a good thing.

[UITD]

Trust Google?

The key phrase: "what we consider", alone, is suspect reason enough NOT to trust. With great power comes great responsibility. Given the fact that just about everyone in power, especially these days, has screwed the public somehow - its only a matter of time that Google will.

[UITD]

Be careful about what we wish for...

People want government health care too, but then they'll ask the same thing "Why was it OK for you to come to my house and monitor my eating, drinking, smoking, sleeping, etc habits...............?"

You all watch.

[cpu007]

Define the word "those people"

This is called reification in philosophy. Those people are made up by who? Who are those people? If Google has no gut to reveal the identity of those people, I won't ever consider replacing my Microsoft Word Processor.

Besides, They "must" state their careness toward people's privacy and security, otherwise may risk being sued by consumers.

Just marketing. Anyway, back to my Word Processor.

[ihfwt]

The Human Factor Always Will Be The Weakest Link in Security

The fact that there are several people that do have access to classifed confidential user information is in fact a weakness in their "Security".

[ssidner]

But the S.E.C. still won't like their 'bots

As a public traded company, our lawyers can't see any way that we could use GMail and Google Desktop apps and meet our regulatory requirements. This is because Google's 'bot trawl through all the mail in the system.

This is the fundamental flaw in a lot of Google's strategy. Their primary driver of business intelligence is in conflict with user's need for privacy. The conflict seems like some kind of law of physics - an information Tao.

We have actually given some thought to a browser plug-in to encrypt and decrypt the message content, somewhat like PGP Desktop. We are intimidated by installation issues (probably solvable) and key distribution issues (not necessarly solvable - the old PKI problem).

MSFT Infocards probably could help...