Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Asks 'Who Cares Where Your Data Is?'

Posted by timothy on from the dumbwaiter-for-bits dept.

mask.of.sanity writes "The chief security officer for Google Apps, Eran Feigenbaum, said popular concerns over data sovereignty in outsourced environments are unwarranted. He said businesses should worry about security and privacy of data, rather than where it is stored. The comments clash with those made by IT pros including Gartner, who said cloud providers like Google can't be trusted with sensitive data."

49 of 241 comments (clear)

  1. Encrypt it then by Anonymous Coward · · Score: 5, Insightful

    If the data is sensitive, you should be encrypting it anyway before passing it along to a third party thatr has no business looking at it. If the data isn't sensitive enough to encrypt, why do you care where Google keeps it?

    1. Re:Encrypt it then by shadowfaxcrx · · Score: 4, Insightful

      Your post fails to consider the completely reasonable choice of not handing your data off to a third party in the first place. . .

      --
      "I disagree with you" does not equal "flamebait."
    2. Re:Encrypt it then by hawguy · · Score: 4, Insightful

      But if it's sensitive, it should still be encrypted, even if it's in your datacenter.

    3. Re:Encrypt it then by 0123456 · · Score: 4, Insightful

      Your post fails to consider the completely reasonable choice of not handing your data off to a third party in the first place. . .

      That is not a reasonable choice if you're a manager who's going to get a big bonus for shipping your data off to 'The Cloud' so you can close down your own data center.

    4. Re:Encrypt it then by martin-boundary · · Score: 5, Interesting

      If the data isn't sensitive enough to encrypt, why do you care where Google keeps it?

      Sensitive or no, Google has no right to snoop on your data.

      Besides, what may not be sensitive when you've got it, can become sensitive when someone else has got it.

      For example: you and a friend both own half of a secret password. One piece alone is worthless, so you don't mind if Google knows your half. Similarly, your friend doesn't care if Google knows his half. Result: Google knows both halves.

      What's true for passwords is also true for people's information profiles in general. Company A might know where you buy diapers, company B knows what movies you watch, company C knows your address, etc.

    5. Re:Encrypt it then by hawguy · · Score: 4, Informative

      If the data is sensitive, you should be encrypting it anyway

      Sure, because if the data is encrypted, the only people who can get into it are those with gigantic server farms. (Like Google)

      Besides, who would be interested in random encrypted data? It would be cost prohibitive to decrypt data to peek at it, unless there are advances in supercomputing. (Which google is actively working on)

      The only company which would want to do that is one which has a business model built on collecting and monetizing private data (See: Google)

      Yep. I can't see any reason why people should care about where they store cloud data.

      AES256 is crackable with a complexity of 2^99.5: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

      So, if Google's advanced supercomputer can crack a billion keys/second and they have 1 billion computers at their disposal to do the cracking, it would only take them around 1 x 10^17 years to crack your data.

      Of course, now that you've figured out their plan, they're going to have to kill you, and they will surely do so within 1 x 10^2 years.

    6. Re:Encrypt it then by bruceg · · Score: 2

      If the data is sensitive, you should be encrypting it anyway before passing it along to a third party that has no business looking at it. If the data isn't sensitive enough to encrypt, why do you care where Google keeps it?

      Ayup. Fire up truecrypt, and be done with it.

    7. Re:Encrypt it then by rasmusbr · · Score: 2

      Realistically speaking, how are you going to get your employees to never use the built-in save function in their apps?

      My understanding, correct me if I'm wrong, is that the "save" button will essentially work as a button that uploads a document to the cloud. Each separate app would need its own built-in encryption and decryption if it's going to be practical from a user perspective.

    8. Re:Encrypt it then by 0123456 · · Score: 4, Interesting

      Even if the data is encrypted, if you're using a virtual server in The Cloud, then the server requires the key to decrypt it, and anyone with access to that virtual machine can then read the data.

      Encryption would only make the data safe if you're reading it back from The Cloud, processing it, and sending updates back to The Cloud. Which would seem an odd way to do things unless you want to have access to the same data from multiple sites around the world.

    9. Re:Encrypt it then by shadowfaxcrx · · Score: 3, Insightful

      Just because the people in charge of your bonus are unreasonable does not suddenly mean that shipping the data off is suddenly reasonable. You might choose to make an unreasonable choice for personal financial gain, but from a data security standpoint, it's still unreasonable.

      --
      "I disagree with you" does not equal "flamebait."
    10. Re:Encrypt it then by Obfuscant · · Score: 2

      i.e. you can perform analysis on the encrypted data without decrypting it first.

      About the only analysis I can think of that you can do on properly encrypted data is cryptanalysis.

      Trends in financial data, order status, anything I can think of that's useful would be obscured by the encryption. Which is, after all, the reason one encrypts the data in the first place.

      Got any examples?

    11. Re:Encrypt it then by node+3 · · Score: 2

      Your post fails to consider the completely reasonable choice of not handing your data off to a third party in the first place. . .

      Your post fails to consider the value in having the "best of both worlds".

      The cloud provides a real value. Staying away from it unnecessarily doesn't seem very rational. Encryption addresses the specific issue being brought up here.

    12. Re:Encrypt it then by Luckyo · · Score: 2

      The OP addresses the reality. You're addressing a fantasy where managers are knowledgeable about IT security.

    13. Re:Encrypt it then by geekmux · · Score: 3, Insightful

      Sensitive or no, Google has no right to snoop on your data.

      Yes, you're right, Google has no right, and Google doesn't snoop on your data...

      Google will just hand it over to any Federal agency, pretty much on a whim, because said agency heard a rumor that your farts smell like a terrorists, and they will snoop on your data. Spank you very much Patriot act.

      And all this talk of encryption is laughable for the same reason(like THEY don't have the keys to the commercial encryption "castle"?), unless you are willing to go well above and beyond any semi-standard keylength (like 4096+) to at least offer some level of difficulty.

    14. Re:Encrypt it then by ajs · · Score: 2

      If the data is sensitive, you should be encrypting it anyway

      Sure, because if the data is encrypted, the only people who can get into it are those with gigantic server farms. (Like Google)

      This is a classic failure to perform risk analysis. There are risks associated with any data management plan. Storing the data on hosts maintained by your company can be extremely dangerous, especially if maintaining that environment isn't part of your company's core competency. All too often, companies find out that what they thought was a knowledgeable CTO was really just winging it, and hoping the IT staff they hired knew more than they did.

      It doesn't matter, however. Cloud services aren't a fad. The fact of the matter is that the vast majority of new, non-technical startups will all be forced into the cloud because the economics of supporting internal infrastructure for the typical business will become a competitive disadvantage. In fact, that's probably already the case. Once that happens, even technical businesses will be hard-pressed to continue to claim that having hard drives in your own hands represents some sort of critical benefit.

      In-house IT staffs that sucked down 1/8th to 1/3rd of an organization's budget made sense for a brief window, there, but we had to know that we couldn't keep going on like that.

    15. Re:Encrypt it then by dudpixel · · Score: 2

      People have been criticizing Google based on "what if" scenarios for years now.

      But the reality is that it would only take 1 single case of Google digging into someone's private data (ie. unencrypting private data) and the media would jump on it and google would lose 90% of its business almost overnight.

      That doesn't make them safe, but I really cant see why Google would want to take that risk.

      People know that Google use their data for the purposes of profiling them and re-using the data in targetted advertising, and most people are ok with that part.

      Google are a marketing company and they wouldn't have the customer-base they have if they weren't trustworthy. Like I said, it only takes one breach of trust for Google to lose everything they have. If they act within their T&C's and privacy policy, then that does not constitute a breach of trust, since the privacy policy IS the trust agreement.

      --
      This seemed like a reasonable sig at the time.
    16. Re:Encrypt it then by phantomfive · · Score: 2

      To the average person, sending it off to a third party is as secure, if not more, than on their own personal computer. It is more likely to have backups, and the if it's a reputable third party, they will only use your data for advertising, not for emptying your bank account, which is what might happen if you get a keylogger on your computer.

      Really. There is a surprising number of people who don't have backups.

      --
      "First they came for the slanderers and i said nothing."
    17. Re:Encrypt it then by c0lo · · Score: 2

      I can't control the sender (can't ask all of them to send the emails exclusively in encrypted form) and there's no warranty that the message is not intercepted while in transit (actually, with this crazy ISP data retention laws popping up everywhere, high chances that the messages are actually intercepted).

      --
      Questions raise, answers kill. Raise questions to stay alive.
    18. Re:Encrypt it then by Savantissimo · · Score: 3, Insightful

      Even Google doesn't believe that it doesn't matter where the data is. When Kazakhstan said all .kz domains had to be hosted in that country, Google just walked away from providing Kazakh-tailored search. "If we were to operate google.kz only via servers located inside Kazakhstan, we would be helping to create a fractured Internet," said Google senior vice president for engineering Bill Coughran.

      I hesitate to agree with Gartner about anything, but you can't trust that Google won't not only turn over your data to any jurisdiction that asks, but will likely cooperate with and not try to contest virtually any sort of court order or even law enforcement request. With a government-agency level of threat model, though, you shouldn't be storing information on computers that are ever hooked to the internet.

      --
      "Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery?" - Patrick Henry
    19. Re:Encrypt it then by JasterBobaMereel · · Score: 3, Informative

      I live in the UK, If my data is with Google they can get the data fairly easily, if it is on my hard drive, they can stay the hell out of my life ....

      --
      Puteulanus fenestra mortis
    20. Re:Encrypt it then by mwvdlee · · Score: 3, Funny

      Which is why I always use "zzzzzzzz" as my password; it'll be the last one any bruteforce method guesses. ;)

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    21. Re:Encrypt it then by the_real_nugator · · Score: 3, Funny

      That's why I use "öööööööö" as my password since the brute forcers don't know about other alphabets than the English.

  2. Obligatory XKCD by RDW · · Score: 2, Insightful

    http://xkcd.com/908/

    1. Re:Obligatory XKCD by Anonymous Coward · · Score: 3, Insightful

      Yeah, but this time I think it is relevant.

      I very much care if my data is in Hat Guy's living room.

  3. Gartner says this? by waddgodd · · Score: 2, Insightful

    I'm sorry, but on the trust scale, Google, who has yet to lie to me, wins big over Gartner, who lies through their teeth every time they review a product. I still recall Gartner recommending WinME. 'Nuff said there....

    --
    Just because you're paranoid doesn't mean they aren't out to get you
    1. Re:Gartner says this? by Bloodwine77 · · Score: 3, Insightful

      I don't trust Google with my sensitive data because I assume it will be analyzed, packaged, and sold to marketers and advertisers. I have some faith that it is anonymized first, but even still I don't like it and you have to wonder how anonymous the data actually is.

      I would rather retain 100% control of access to my data.

    2. Re:Gartner says this? by fuzzyfuzzyfungus · · Score: 4, Insightful

      The problem here is that, while Gartner is indeed utterly useless, their opinion is also unnecessary to determine that Google is oozing nonsense.

      Different jurisdictions have different laws on the books about what data are considered specially protected, what data are an open book for the local feds, and what data require some sort of judicial approval(and to what degree that approval is a serious consideration or a simple rubber-stamp). Therefore, the jurisdiction in which your data are located(or where your outsourcing partner has offices large enough that the local feds can motivate them to comply) is part of rather than opposed to worrying about the privacy and security of your data.

      Google certainly doesn't seem to be the worst when it comes to rolling over and wagging their tail for any jackboots who come calling; but anybody who thinks that they put up extra-legal resistance to any of the major powers in which they operate is, shall we say, under the influence of excessive optimism...

    3. Re:Gartner says this? by mellon · · Score: 4, Insightful

      Um, but Google *is* definitely lying to you. You don't need to compare reputations. What Google is saying is simply, obviously wrong: that you can trust them with read/write access to your data. Sure, if your data is something that would be of minimal value, there's no harm in it leaking. But if your data is sensitive, then unless Google is willing to indemnify you for whatever damages you'll be liable for if the data leaks, you have a fiduciary responsibility not to store your data on a Google server. And as far as I understand it, Google is not willing to indemnify you for that (realistically, how could they?).

      So independent of anything Gartner says, what Google is saying is at the very least misleading for the application they are talking about. The sense in which Google is right is that if you aren't taking any precautions to protect the security of your data, either because you can't afford to or because you don't know how to, then it may well be no *worse* for you to store your data on a Google server. But if that's the case, you don't care about security anyway, so Google's entire claim is moot.

    4. Re:Gartner says this? by SuperQ · · Score: 2

      Not how it works, sorry. Have you ever heard of any "marketers and advertisers" getting data from google? It doesn't happen. People buy ads for keywords and Google does the matching bits.

      If it were true that "marketers and advertisers" could get your data, even anonymized, I could go and buy it through the sale service right now.

    5. Re:Gartner says this? by qubezz · · Score: 2

      I found the article. For further reading on how every nerd article quote you read is created for your consumption: Please Quote Me on That - How Forrester Research and Jupiter Communications vie for ink (1997).. It was hard to find because Wired themselves has become swamped with "research", so doing a site search for any of these company names will get you analyst quotes in hundreds of articles.

      For reference, Gartner Group bought 1/3 of Jupiter a month after publication of this article. Jupiter was founded in 1986 by lucky wackjob Josh Harris as Jupiter Communications, going public in 1999, merging with Media Metrix in 2000, selling its syndicated research business to INT Media Group in 2002, a split and rename to Jupiter Research, being acquired by MCG Capital in 2006 and being http://web2.forrester.com/ER/Press/Release/0,1769,1220,00.html">acquired by Forrester in 2008. International Data Group (IDG) acquired Forrester Research, Inc in 2010. Feel free to investigate the acquisition history of any of those other companies I mentioned for a tangled web of ownership.

      This is an immense business, providing "expert opinion" to print media, seminars, CEOs, and changing corporation names to hide corporation games.

  4. What! by traindirector · · Score: 3, Insightful
    1. 1. Article is worthless.
    2. 2. Security and privacy of data are affected by where the data is stored.
    3. 3. Article is worthless.
  5. Ummm... What? by fuzzyfuzzyfungus · · Score: 3, Insightful

    Obviously, it is Feigenbaum's job to exude nonsense where required; but the notion that worrying about where something is stored isn't part of(much less opposed to) "worry[ing] about security and privacy of data" is transparent absurdity.

    Where data are, in part, determines what laws(and de-facto uses and abuses of power) they are subject to or subject to the protection of. In a number of cases(including the not-exactly-economically-insignificant case of EU businesses working with American cloud entities...) it might even turn out that storing certain sorts of data in some jurisdictions means that a given entity is in violation of data protection laws at home because the data protection laws are insufficiently strong where they are storing data.

    Things like whether or not you are getting hacked by lulzsec are, of course, also important; but(until Google transforms itself into a cypherpunk utopia or sprouts a formidable nuclear deterrent), location is right up there with hackers in determining how likely your data are to be absconded with against your wishes. And(unlike hackers) you can't really code your way past the feds...

  6. Oh Please! by Anonymous Coward · · Score: 2, Insightful

    I didn't hear anything about Sony having their data outsourced. It didn't seem to do any good to keep sensitive data on their own servers. I think the lesson here is that all data on any networked device is at risk.

  7. Either or? by eepok · · Score: 5, Insightful

    Why should we be concerned only with security/privacy of data OR the actual location of the storage? Can't we care about both?

  8. It all comes down to TOS. by Infernal+Device · · Score: 3, Interesting

    I'm not comfortable keeping data entrusted to me on a provider who can walk away from a data loss with no penalties due to the Terms of Service.

    At least when it's on my systems, someone is going to take a fall for data loss, even if it's me. And I'm OK with that.

    --
    "My God...it's full of trolls!"
  9. They don't believe it themselves by mrjatsun · · Score: 5, Insightful

    How much are they willing to compensate me if they lose my data? What, they won't? Don't trust themselves?

  10. Re:With Google by hawguy · · Score: 2

    I know where your data is. I know it's located in a few data centers. I can kill those data centers and your business is dead.

    If you have the power to kill a few Google datacenters, why don't you just use that power to kill the business directly?

  11. That's Google for you. by BLToday · · Score: 2

    If that's the case why doesn't Google store its data with Amazon or Microsoft? I'm sure both Amazon and Microsoft will give Google a deal on data storage.

  12. Google seems to be ignorant of the law by gweihir · · Score: 4, Insightful

    First, it may actually be a legal requirement keeping the date in a certain jurisdiction. And second, any law enforcement or TLA access to the data will be governed by the laws of the place the date is physically stored. If the Google people do not understand that, one more reason to not hand your data to them.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Google seems to be ignorant of the law by celesteh · · Score: 2

      Indeed, under UK data protection laws, you need the permission of users to host their data outside of the EU. If Google doesn't understand that, then they're writing off EU customers.

  13. PATRIOT ACT by Anonymous Coward · · Score: 5, Insightful

    I care because I'm Canadian. If I keep my data up here it's not subjected to the almighty Patriot Act. Case Closed.

    1. Re:PATRIOT ACT by Lieutenant_Dan · · Score: 2

      Seconded. In healthcare and in Ontario, we need to make sure we have at least a copy of our data in our province.

      --
      Wearing pants should always be optional.
  14. IP = Value by Wolfling1 · · Score: 2

    Its not about securing data. Its not even about Google mis-using demographics.

    Its about privacy and business value.

    Most businesses are valued based on their assets, stock on hand and good will. Good will is a measure of the number of customers who continue to use the business regularly.

    Good will is typically measured by looking at the CRMs and counting the number of client files that are active. Take that away, and you can no longer measure good will.

    So, why does Cloud computing threaten good will? I'm glad you asked. Many consumers continue to conduct business with a particular company because 'they have my records'. Its not some kind of corporate blackmail. Its easy for the customer to continue to do business with the people that know them. This customer knowledge is held in corporate CRMs.

    As soon as it becomes widely known that all CRM data is in the Cloud, there will be a gradual transition (thanks to FOI laws) of the ownership of the data moving back to the individuals instead of residing with the companies. Microsoft's HealthVault is case in point. When my medical records are owned by ME instead of owned by my doctor, I can choose to get healthcare anywhere.

    There are great arguments in favour of the concept. Client service will improve out of sight when it is the yardstick for comparing companies (instead of possession of CRM data). However, show me one businessman who is prepared to give his goodwill into Google's custody, and I'll show you a big risk-taker.

  15. Strawman argument by codegen · · Score: 2

    Googles example of an intraoffice message being routed around the world is a classic strawman argument. It's not the individual intraoffice messages that might bounce outside the data centre (possible due to a .forward on an individual account) that worries me. That's a needle in a haystack (although the searching algs are getting much better). It is the fact that the entire storage of read and unread (i.e. webmail,imap) ends up on a server that may be in a different legal jurisdiction (and for my University, it is a different legal jurisdiction). Or, if you adopt google docs, all of your documents are stored in google's servers (and without encryption to boot!!). One US court subpoena, warrant or NSL, and all your data is vacuumed. Even though some recent cases have strengthened the notification requirement, you have to fight the subpoena or warrant in a US court under US law.

    If you are just using google as a disk drive, then you can encrypt your data, but if you are actually using the google services, forget it.

    --
    Atlas stands on the earth and carries the celestial sphere on his shoulders.
  16. Why this "story" is terrible by traindirector · · Score: 5, Insightful

    *sigh*. Okay. I thought it was obvious why this "story" is not quality discussion material, but I'll explain.

    The article is presented as if its subject is Eran Feigenbaum's claim that "Professionals should worry about security and privacy of data, rather than where it is stored." But instead the article is a potpourri of quotations and facts unrelated to the main problem with the claim, which the article totally ignores. Any article on the subject of this claim needs to in some way establish that security and privacy can make location irrelevant, and I would expect the supporting statements of the article to do this, but nothing in the story even approaches this basic aspect of the claim. Instead, it is filled with a number of superficially-seemingly-related-but-ultimately-off-topic anecdotes.

    After presenting Feigenbaum's main claim, the article presents a "supporting argument" by Feigenbaum: "He cited a meeting in Europe where he had tracked an email sent within an office as it bounced through five countries. In this circumstance, Feigenbaum said, security trumps data sovereignty." So email currently goes through a lot of countries when it is sent from one person in an office to another, where it is likely in plain text and can be read by any number of corporate and government entities. The only way this could possibly be construed as supportive of Feigenbaum's point is if read as "Email currently goes through many nations and it is secure enough". If read with any understanding of how the email system works, it undermines Feigenbaum's point.

    Then the article has Michael Cloppert "support" the argument with the same type of claim: "I'm not convinced that the data location issue is a problem - after all, packets are routinely routed around the world irrespective of the export status of their content". Again, the argument is "this is what we're doing now, therefore it is secure enough". Actual security of information going through various nations is not addressed.

    Then it presents the "other side" of the argument: There is no way you can know how Google is handling your data even though they assure you they are doing it well. And their contracts have lots of language that could excuse them from legal liability if that is not the case.

    Then we go back the argument supporting Feigenbaum's main point. "He said customer data can only be accessed on a need-to-know basis". This does not support 5he argument that privacy and security make location irrelevant. "[L]ess than two per cent of Google staff had entered its top secret data centres". This does not support the argument that privacy and security make location irrelevant. "Google also stamped each hard drive with unique barcodes that allowed the company to track the lifecycle of data stored on each disk." This does not support the argument that privacy and security make location irrelevant.

    Then we are presented with this: "But it did not encrypt data at rest, and had no immediate plans to introduce the protection." This makes it sound like location is very important to security and privacy--that someone could entire a facility by force and read the data.

    The article acheives nothing other than quoting a single-sentence, questionable claim. It presents the claim, then a number of partially related statements that are presented as "discussion" of the claim but that actually have very little to do with it. I wouldn't be surprised if the article twists what Feigenbaum actually said for sensationalistic purposes.

    This article represents the worst type of "journalism".

  17. I care where my data is. by FatSean · · Score: 2

    Until we have one world government, differing laws on data privacy mean you have added considerable complexity for the savings of using their cloud. Maybe it is a worthwhile trade-off, maybe not. But he is silly making such a blanket statement. If you work for a company that contracts with the US Government you may be aware of ITAR and the various rules about where data can be stored.

    In general, to me, the cost savings is far over shadowed by the increased risk. Even if you mitigate the risk by doing your homework and picking a state with laws that you agree with...you've just spent quite some time and money on that research.

    --
    Blar.
  18. when using Data\Document Classification methods... by cjacobs001 · · Score: 2

    As it does become costlier to 'keep all data', regarding business data, when using a data or document 'classification' method which identifies data that poses greater risks for the organization, regulatory and\or legal, or in unnecessary costs, once the data can be moved from 'riskiest' to 'least risky', maybe then it becomes acceptable to introduce the 'unknown' of 'where' the data is located, (if you keep it, at all), but surely not while the data is classified as 'risky'.

    --
    cjacobs001
  19. Does not compute by Draaglom · · Score: 2

    businesses should worry about security and privacy of data, rather than where it is stored.

    But the place your data is stored is directly relevant to its security and privacy...

    --
    "What sane person could live in this world and not be crazy?"
  20. Answer: by drb226 · · Score: 2

    RMS cares.