Google Docs suffers privacy glitch
Google discovered a privacy glitch that inappropriately shared access to a small fraction of word-processing and presentation documents stored on the company's online Google Docs service.
"We've identified and fixed a bug which may have caused you to share some of your documents without your knowledge. This inadvertent sharing was limited to people with whom you, or a collaborator with sharing rights, had previously shared a document," the company said in a note, quoted at TechCrunch, that the search giant sent to affected people. "The issue only occurred if you, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and changed the sharing permissions. This issue affected documents and presentations, but not spreadsheets."
Google said in a later statement that the problem affected only 0.05 percent of documents stored at the site and that affected Google Docs users had been notified.
Though the documents were shared only with people whom the Google Docs users had already shared documents, rather than with the world at large, the problem illustrates one downside of cloud computing, in which Internet servers host software previously run on a person's own computer. The flip side of a cloud-computing advantage, that a person can get access to those documents from any Internet-connected computer or smartphone, is that technical problems or hacking attempts also can expose private information.
It should be noted, though, that housing data on a local machine has risks of its own. A lost or stolen laptop can reveal any number of secrets, as Boeing, Hewlett-Packard, the National Institutes of Health, and others have found.
(Via Google Blogoscoped.)
Stephen Shankland writes about a wide range of technology and products, but has a particular focus on browsers and digital photography. He joined CNET News in 1998 and since then also has covered Google, Yahoo, servers, supercomputing, Linux and open-source software, and science. E-mail Stephen, or follow him on Twitter at http://www.twitter.com/stshank. 
And its an issue of saas done wrong. On the quick and cheap.
With respect to google, why do you think that they provide this saas for free? ... ;-)
As long as we all eventually agree to a customer ?Cloud Bill of Rights? at least expectations can be set:
? The Cloud is run by people ? that can make mistakes (i.e., downtime)
? Human error in The Cloud can be considerably greater in its impact
? Trust ? With the possibility of downtime, security breaches, etc., the leading #1 ?feature? I want from my Cloud vendor is Trust.
http://www.pcdisorder.com/2009/03/google-leaking-like-sieve.html
This sort of issue is one of the big minefields of cloud storage on anything but your own dedicated network. Sure, it sounds good, but only until you discover it's no longer your data anymore.
As an employee of a SaaS company, I don't think you can justify any breach of access as a minor issue. What caused the glitch in the first place?
SaaS is great for collaboration but user permissions should never be compromised that is why we have such granular permission leves at our online database.
It should get patched faster, but it seems like a bigger and easier target to go after now.
- by forever4now March 11, 2009 5:00 AM PDT
- I have read that "one in ten laptops will be stolen during their lifetime". That not only risks lost data, but the cost of a potentially expensive laptop.
- Reply to this comment
-
(16 Comments)The nice thing about the netbook/cloud architecture is the netbooks are relatively inexpensive and only a small amount of data is put at risk, if/when it is stolen (since the majority of the data is in the cloud).
As mentioned by other posters, encryption can help safeguard data. If you want to share a sensitive document, you could potentially exchange encryption keys. If an employee leaves a company, all of their encryption keys could be revoked.
In any case, cloud services are evolving and the best technology and practices for using them will also evolve.