Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Asks 'Who Cares Where Your Data Is?'

Posted by timothy on from the dumbwaiter-for-bits dept.

mask.of.sanity writes "The chief security officer for Google Apps, Eran Feigenbaum, said popular concerns over data sovereignty in outsourced environments are unwarranted. He said businesses should worry about security and privacy of data, rather than where it is stored. The comments clash with those made by IT pros including Gartner, who said cloud providers like Google can't be trusted with sensitive data."

6 of 241 comments (clear)

  1. Encrypt it then by Anonymous Coward · · Score: 5, Insightful

    If the data is sensitive, you should be encrypting it anyway before passing it along to a third party thatr has no business looking at it. If the data isn't sensitive enough to encrypt, why do you care where Google keeps it?

    1. Re:Encrypt it then by martin-boundary · · Score: 5, Interesting

      If the data isn't sensitive enough to encrypt, why do you care where Google keeps it?

      Sensitive or no, Google has no right to snoop on your data.

      Besides, what may not be sensitive when you've got it, can become sensitive when someone else has got it.

      For example: you and a friend both own half of a secret password. One piece alone is worthless, so you don't mind if Google knows your half. Similarly, your friend doesn't care if Google knows his half. Result: Google knows both halves.

      What's true for passwords is also true for people's information profiles in general. Company A might know where you buy diapers, company B knows what movies you watch, company C knows your address, etc.

  2. Either or? by eepok · · Score: 5, Insightful

    Why should we be concerned only with security/privacy of data OR the actual location of the storage? Can't we care about both?

  3. They don't believe it themselves by mrjatsun · · Score: 5, Insightful

    How much are they willing to compensate me if they lose my data? What, they won't? Don't trust themselves?

  4. PATRIOT ACT by Anonymous Coward · · Score: 5, Insightful

    I care because I'm Canadian. If I keep my data up here it's not subjected to the almighty Patriot Act. Case Closed.

  5. Why this "story" is terrible by traindirector · · Score: 5, Insightful

    *sigh*. Okay. I thought it was obvious why this "story" is not quality discussion material, but I'll explain.

    The article is presented as if its subject is Eran Feigenbaum's claim that "Professionals should worry about security and privacy of data, rather than where it is stored." But instead the article is a potpourri of quotations and facts unrelated to the main problem with the claim, which the article totally ignores. Any article on the subject of this claim needs to in some way establish that security and privacy can make location irrelevant, and I would expect the supporting statements of the article to do this, but nothing in the story even approaches this basic aspect of the claim. Instead, it is filled with a number of superficially-seemingly-related-but-ultimately-off-topic anecdotes.

    After presenting Feigenbaum's main claim, the article presents a "supporting argument" by Feigenbaum: "He cited a meeting in Europe where he had tracked an email sent within an office as it bounced through five countries. In this circumstance, Feigenbaum said, security trumps data sovereignty." So email currently goes through a lot of countries when it is sent from one person in an office to another, where it is likely in plain text and can be read by any number of corporate and government entities. The only way this could possibly be construed as supportive of Feigenbaum's point is if read as "Email currently goes through many nations and it is secure enough". If read with any understanding of how the email system works, it undermines Feigenbaum's point.

    Then the article has Michael Cloppert "support" the argument with the same type of claim: "I'm not convinced that the data location issue is a problem - after all, packets are routinely routed around the world irrespective of the export status of their content". Again, the argument is "this is what we're doing now, therefore it is secure enough". Actual security of information going through various nations is not addressed.

    Then it presents the "other side" of the argument: There is no way you can know how Google is handling your data even though they assure you they are doing it well. And their contracts have lots of language that could excuse them from legal liability if that is not the case.

    Then we go back the argument supporting Feigenbaum's main point. "He said customer data can only be accessed on a need-to-know basis". This does not support 5he argument that privacy and security make location irrelevant. "[L]ess than two per cent of Google staff had entered its top secret data centres". This does not support the argument that privacy and security make location irrelevant. "Google also stamped each hard drive with unique barcodes that allowed the company to track the lifecycle of data stored on each disk." This does not support the argument that privacy and security make location irrelevant.

    Then we are presented with this: "But it did not encrypt data at rest, and had no immediate plans to introduce the protection." This makes it sound like location is very important to security and privacy--that someone could entire a facility by force and read the data.

    The article acheives nothing other than quoting a single-sentence, questionable claim. It presents the claim, then a number of partially related statements that are presented as "discussion" of the claim but that actually have very little to do with it. I wouldn't be surprised if the article twists what Feigenbaum actually said for sensationalistic purposes.

    This article represents the worst type of "journalism".