• On The Insider: Britney's Bikini-Clad Top 10
March 9, 2009 7:05 AM PDT

Google Docs suffers privacy glitch

by Stephen Shankland
  • Font size
  • Print
  • 16 comments

Google discovered a privacy glitch that inappropriately shared access to a small fraction of word-processing and presentation documents stored on the company's online Google Docs service.

"We've identified and fixed a bug which may have caused you to share some of your documents without your knowledge. This inadvertent sharing was limited to people with whom you, or a collaborator with sharing rights, had previously shared a document," the company said in a note, quoted at TechCrunch, that the search giant sent to affected people. "The issue only occurred if you, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and changed the sharing permissions. This issue affected documents and presentations, but not spreadsheets."

Google said in a later statement that the problem affected only 0.05 percent of documents stored at the site and that affected Google Docs users had been notified.

Though the documents were shared only with people whom the Google Docs users had already shared documents, rather than with the world at large, the problem illustrates one downside of cloud computing, in which Internet servers host software previously run on a person's own computer. The flip side of a cloud-computing advantage, that a person can get access to those documents from any Internet-connected computer or smartphone, is that technical problems or hacking attempts also can expose private information.

It should be noted, though, that housing data on a local machine has risks of its own. A lost or stolen laptop can reveal any number of secrets, as Boeing, Hewlett-Packard, the National Institutes of Health, and others have found.

(Via Google Blogoscoped.)

Stephen Shankland writes about a wide range of technology and products, but has a particular focus on browsers and digital photography. He joined CNET News in 1998 and since then also has covered Google, Yahoo, servers, supercomputing, Linux and open-source software, and science. E-mail Stephen, or follow him on Twitter at http://www.twitter.com/stshank.
Topics:

Productivity and business,

Cloud computing

Tags:

Google Docs,

privacy,

Google Apps,

cloud computing

Share:
Digg
Del.icio.us
Reddit
Add a Comment (Log in or register) (16 Comments)
  • prev
  • next
by fahdoos March 9, 2009 8:53 AM PDT
This is what worries me about sas.
Reply to this comment
by dargon19888 March 9, 2009 4:22 PM PDT
You mean saas not sas. ; -)<br /><br />And its an issue of saas done wrong. On the quick and cheap.<br /><br />With respect to google, why do you think that they provide this saas for free? ... ;-)
by BtmnHatesRbn March 9, 2009 9:00 AM PDT
Well...take that risk with keeping everything online instead of localized.
Reply to this comment
by uusirna March 9, 2009 1:24 PM PDT
You don't have to take that risk - there are companies that encrypt user data.
by billswan17 March 9, 2009 9:07 AM PDT
I am a huge proponent of cloud computing but customers need to understand that cloud vendors have people ? just like we have our own in-house IT ? that sometimes make mistakes. The difference with the cloud is that ?human error? can impact an entire service or part of it or disclose information ? but globally. <br /> <br />As long as we all eventually agree to a customer ?Cloud Bill of Rights? at least expectations can be set: <br />? The Cloud is run by people ? that can make mistakes (i.e., downtime) <br />? Human error in The Cloud can be considerably greater in its impact <br />? Trust ? With the possibility of downtime, security breaches, etc., the leading #1 ?feature? I want from my Cloud vendor is Trust.
Reply to this comment
by soluto March 9, 2009 9:12 AM PDT
Catch my CARTOON and comment on <br />http://www.pcdisorder.com/2009/03/google-leaking-like-sieve.html
Reply to this comment
by codynews March 9, 2009 9:49 AM PDT
spam much? No one cares about your cartoon or plea for comment. If you want someone to see your cartoon just post a URL to the .jpg rather than fishing for comments.
by Vegaman_Dan March 9, 2009 9:16 AM PDT
Enterprises cannot afford to have their critical and private documents on a system that exposes them in such a manner, even by mistake. <br /> <br />This sort of issue is one of the big minefields of cloud storage on anything but your own dedicated network. Sure, it sounds good, but only until you discover it's no longer your data anymore.
Reply to this comment
by EDunigan March 9, 2009 9:35 AM PDT
What if the individual who had previously shared the document with is no longer an employee of your company? It seems Google has tried to downplay the issue by saying it only applied to a small percentage of Google Docs users. <br /> <br />As an employee of a SaaS company, I don't think you can justify any breach of access as a minor issue. What caused the glitch in the first place? <br /> <br />SaaS is great for collaboration but user permissions should never be compromised that is why we have such granular permission leves at our online database.
Reply to this comment
by Vegaman_Dan March 9, 2009 10:10 AM PDT
Perhaps this will be the next criminal hacking / exploitation target of cloud systems. With browsers from all the big names fairly easy to modify, I can see cloud systems being a valid target. Forget going after desktops, go for the big shiny golden egg in the sky where one hacked browser takes advantage of a vulnerability on the cloud service. Unlike a desktop model where you have to go after all those individual systems, with a cloud service you only have to find one exploit that opens up the entire service to you- and every database/document storage on the entire system from every company that hosts with it. <br /> <br />It should get patched faster, but it seems like a bigger and easier target to go after now.
Reply to this comment
by AppleSuxLeo March 9, 2009 11:32 AM PDT
Hopefully Obama and the NSA don`t use Google Docs !
Reply to this comment
by obsydian March 9, 2009 1:15 PM PDT
I agree with many of the comments here - however we don't ned to accept the status quo - there are ways to protect documents/emails/records even credit card numbers in databases using encryption - so that even if there is an exposure whether by mistake or malicious intent, the actual souce information cannot be used. Of course this requires the integration of technology that is already out there and a seperation so that a breach in one system does not immediatly cascade into another. I think the onus is on the users to demand this of the coud service providers - like the "Bill of Rights" idea - and the cloud service providers need to integrate this type of capabiity - at the very least it will differentiate themselves.
Reply to this comment
by ferretboy88 March 9, 2009 2:23 PM PDT
Nothing about Google is private.
Reply to this comment
by aka_tripleB March 10, 2009 10:00 AM PDT
That's not entirely true. They seem to keep their hidden agenda pretty private.
by gggg sssss March 9, 2009 5:49 PM PDT
This is only teh first tip of teh iceberg. Wait till people start putting credit card and medical data up there. ROFLMAO
Reply to this comment
by forever4now March 11, 2009 5:00 AM PDT
I have read that "one in ten laptops will be stolen during their lifetime". That not only risks lost data, but the cost of a potentially expensive laptop.<br /><br />The nice thing about the netbook/cloud architecture is the netbooks are relatively inexpensive and only a small amount of data is put at risk, if/when it is stolen (since the majority of the data is in the cloud).<br /><br />As mentioned by other posters, encryption can help safeguard data. If you want to share a sensitive document, you could potentially exchange encryption keys. If an employee leaves a company, all of their encryption keys could be revoked.<br /><br />In any case, cloud services are evolving and the best technology and practices for using them will also evolve.
Reply to this comment
(16 Comments)
  • prev
  • next
advertisement
Click Here

About Webware

Say No to boxed software! The future of applications is online delivery and access. Software is passé. Webware is the new way to get things done.

Add this feed to your online news reader

Webware topics

Google's social side aims for some Buzz

Facebook and Twitter are the darlings of the social-media world, not Google--which hopes to change that with Buzz, betting it can organize your online social life.

Watching the birth of a gaming start-up

Stewart Butterfield and his friends are back at it with a new company. CNET's Daniel Terdiman was given exclusive, behind-the-scenes access as they built it from scratch.

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET