/ Technology

Would you trust Google’s cloud with your personal files?

Using cloud storage to backup and remotely access your files is starting to take off. But as Google releases its own cloud, Google Drive, are there any privacy or security risks with storing our files in the cloud?

Also, is our legal ownership of material compromised when we entrust our files into the hands of cloud storage?

For many of us, cloud storage brings a welcome end to the hassle of emailing ourselves a document, or fumbling around trying to find our USB stick just to continue our work at home. With these services, we can save the file into the cloud and access it seamlessly from other devices around the world.

But the recent launch of Google Drive has provoked some to question the wider implications of using these services.

Google Drive’s terms of service

Google Drive is a new cloud storage service offered by the tech giant to rival the likes of Dropbox, Microsoft’s Skydrive and Apple’s iCloud. As such, it’s governed by Google’s new all-purpose privacy policy and terms of service that the company rolled-out in March.

On page two of Google’s terms of service, under the subheading ‘Your Content in our Services’, is the clause that’s been getting some hot under the collar with regards to Drive:

‘When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide licence to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.’

So what does this mean? If we upload something to Google Drive do we concede control of it automatically, and grant Google the licence to ‘publish’, ‘distribute’ and – shudder the thought – ‘publicly perform’ the contents at their will?

Probably not. For one thing, this clause is bookmarked by two others which pour cold water on the controversy somewhat:

‘Some of our Services allow you to submit content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.’

And also:

‘The rights that you grant in this licence are for the limited purpose of operating, promoting and improving our Services, and to develop new ones.’

These are the same terms that govern all of Google’s products, and in all likelihood are precautionary measures to legally protect Google across its myriad different offerings.

Keeping your confidential files in the cloud

Still, even though Google doesn’t claim ownership of your content, it’s fair to say that the terms are pretty confusing.

Other cloud storage providers are rather more forceful in their attempts to reassure customers of the safety of their information in the cloud. Dropbox, for example, offers the claim that ‘we won’t share your content with others, including law enforcement, for any purpose unless you direct us to’.

I think the debate does raise interesting questions about cloud storage in general. Companies boast about their security, but would you upload something truly confidential to the cloud? Are Google’s T&Cs confusing enough to put you off its new cloud storage service?


So you’re asking if I would trust my confidential files with the same company that snooped on wireless signals as their google maps cars drove round. Err simple answer , NO.

put it on a cs/dvd

Starting in 1999 I stored all my digital photos on CDs. They would last, I was told, for up to 200 years. As I hadn’t planned to live that long I thought that was OK. Ten years later I can only read one in three of these CDs. The photos are lost. It’s not the quality of the CD either – I used all types. Some of the cheapo ones can still be read; some of the ‘high quality’ ones are dead. I’m not making any case for cloud storage – any kind of storage has its drawbacks (consider the case of the American photographer who made archival prints from his photos and stored the originals in a safe deposit box in a bank vault – in the Twin Towers…). The only ‘safe’ storage is multiple storage; on Dvd, hard drive, cloud, in different places. Good luck.

I would only entrust confidential information to a company that specialised in providing a secure paid-for service and appropriate compensation in the event of a problem.

I think Wavechange makes a good point and – to be honest – I wouldn’t consider storing any files I truly considered ‘confidential’ in any cloud. However, I also think that if Dropbox can make it clear in their T&Cs that they will not share your content with others without express permission, I’m not sure why Google can’t do the same thing.

I know that, given the choice, I’ll stick with Dropbox for the time being.

I use iCloud for sharing files across Apple equipment and Dropbox for sharing files with others. Both are great.

Now that I am retired I cannot keep backups of my home computers at work and vice versa. Cloud storage is one solution but I think I will ask a friend to look after an external hard disk for me.

I remember reading somewhere that, although Dropbox say they won’t let anyone else see your content, their own servers look at your content and compare it with other customers’ content, so that they can save space by storing only one copy of identical documents. I would not back up any sensitive data except after encrypting it. One way to do this is to download TrueCrypt and create an encrypted volume hosted in a file which is kept synchronized by Dropbox. Then everything you store in the TrueCrypt volume is synchronized securely on the cloud.

Why people are happy to give away their information to corporate businesses AND pay them for doing it is beyond me.

Corporate business want the end user, ie, customers, to manage their information through “terminal” technology, instead of storing it on mediums that only the person can access.
Mobile phone browsing for example, how many people who use the internet on their phone can view and block cookies being dropped on their handset browsing?

The customer pays top whack for the latest “terminal” – handset, notepad, etc.
The customer pays top whack for business to store their information so the terminal works.
The customer takes all the risk of their information being lost, misused, etc.
The business gets access to a whole host of information that customers pay them to hold.
The business makes huge profits from this information, using it in reports, summaries, selling to other businesses, sharing it with other companies they own, etc.

The world really has gone mad, or people just don’t realise it?
Knowledge (read: your information) is power.

You can buy server space with a provider for as little as £2.99 a month, store all your files and info on there and access it from any device, anywhere in the world, whether it is your device or someone elses.
It won’t be sold on or analysed etc. No need for extensive and mind bending terms & conditions. No need to update your “terminal” every year or two at cost to your pocket.
It really is that easy to set up and use.

BarneyC says:
26 April 2012

I think it’s important to think a little bigger than the simple T&Cs.

Google is a company that makes most of it’s revenue from advertising, that advertising is facilitated (or at least better targetted) by mining the information consumers put through its services.

This has always been the case whether you have used search, gmail or docs.

To a great degree it has been possible to use services and opt out of the more targetted adverts.

Similarly it has been possible to view and manage the data that Google collects about you.

The Google Drive service is NOT the same as Skydrive or Dropbox which offer simple cloud storage for files. Drive is more about being able to store, work, share and collaborate files across multiple platforms. Sure you can use it just for storage but to be fair there are better services out there for that alone.

The T&Cs in wider context are actually very similar to those employed by many online services, Facebook I believe also grants themselves a simliar license. Why? Well without that license it is much much harder for them to provide the service as they are then open to the legal trolls looking for a class action.

The T&Cs limit the scope of how Google can utilise the data – and it is pretty specific that it is for serving up improved services (legal speak for adverts in their case).

So from that point I don’t see a major headache.

But both Jennifer and Wavechange raise a far more interesting point which is the ongoing lack of trust in cloud based services. Despite a great deal of work by a great number of organisations there is certainly a mistrust in such services within organisations; it’s a “if we don’t own the servers we scared” type of situation. Which is a little ironic given that at an individual level people have shown that they are more than willing to trust some of their most precious things to cloud services – family photos, locations, contact books etc…

The truly interesting point from Wavechange is the notion of liability, and for me this is one of the great stumbling blocks cloud services have to overcome to be truly accepted. Corporate grade cloud services can and in some cases do have liability and QoS terms applied but it needs to be simple, explicit and easily accessible.

IMO that is. ;o)

Google Docs appears to have become Google Drive on my Android phone. Nobody told me this was going to happen – it just started downloading itself, then Docs was no longer accessible. Did I miss something, or has their communication with users been that limited?

Hi Jo, Google Docs functionality in Drive will basically be the same (but better). It also retains exactly the same terms as before. I’m not sure whether Google needed to tell users, though transparency is always a good thing. Similar to how the Android Marketplace to the Google Play Store

Seems like the contradicting terms mean “if we want to use your stuff, we will, if we don’t then it’s yours”.

So no, I certainly won’t be using any of these services. I already use dropbox to send recordings of my music to my fellow musicians and so their t’s & c’s make a lot more sense.

I’m suspicious about all of Google’s new business ideas, Google Drive continues in that vein

Phil says:
26 April 2012

Store my personal correspondence, images and other information in a remote facility which could be anywhere, probably vulnerable to hackers and accessible by God knows who?

No thanks.

To me it is simple – I have two 1 terra byte Hard Disks that I use for dynamic backup – and DVDs for Archival Backup. That is in addition to the two 500 Mb Hard drives for normal use. Why would I want to use a third party back up system that I don’t trust in any way shape or form??

The short answer is no.
First we install cctv cameras on our computers in our homes & leave them online, not knowing these can be activated remotely.
Then we put all of our personal & social info online for all the world to see [facebook]
Then we microchip ourselves, carry personal trackers around and let all our personal communications be seen, by those who ‘watch over us’ [smartphones].
Now we entrust all our data to a remote server run by god knows who; contrary to the spin our data will not be held in a ethereal form drifting though the sky, but on someone equipment, and yes they will be able to access it.
This tech’ is unnecessary and relies on our search for the quickest easiest solution [laziness], and our alarming disregard for security and personal safety.

And remember the govt’ [of which ever country the cloud server is physically located in] can demand access whenever they want.

Can you hear Gearge Orwell screaming from beyond, I tried to warn you……

Robbie says:
27 April 2012

I agree with the arguments that it does make it easier and quicker to share with others but I would be very hesitant to put anything confidential into a online cloud.
In response to the question would you feel more comfortable should there be guarantees and compensation, this will mean very little to google who can easily compensate any individual with no real financial implications for itself.
In brief it seems like a strong idea for the sharing/storage of trivial information but as soon as the question of personal or confidential information being on the cloud would lead me to be reluctant to use the service.

The problem is that guarantees and compensation are, as past experience in all areas has shown, to be nothing more than a smokescreen.
Only yesterday the ICO released information on the fines it has metered out over the past 11 months (forced to by a freedom of information request)
Private business fines for data breaches totalled just 1% of the overall total.

We can never know what companies are doing with our information and how they retrieve it from us now, let alone in the future. Why put all that info in the hands of business and make it easy for them?
Guarantees are worthless, business will always find a work around any protection and guarantee.
“We won’t sell your information to any 3rd party” – but they can sell analysis of your information, use it in reports and sell that, etc.
Third party wouldn’t stop the company passing analysis to another company within their group.

Compensation is equally misleading – if it is a fine, then this is given to the government with the costs being loaded on to prices for the service.
If the customer gets any, the individual would have to prove how much compesation they were to claim, an almost impossible task. Factor in the time and resources it would take to investigate each case, identifying which customer’s data was lost or stolen, etc, a huge can of worms.

The customer would be left with increased prices for any action taken, time wise the customer would have to run around and prove their case, etc.

Snowdin says:
27 April 2012

I like, and after 2 years, have had no problems with Dropbox. I find it really useful for holiday documents, insurance stuff and camera manuals etc. sync’d to my Ipad.

I am happy to use it for basic additional storage for the odd document/ photos that it might be useful to share with friends or share between my work and home PC’s but I would never trust this technology with all my really personal data. I want to remain responsible for that and that’s why I have ample external Hard drives in my home. I also minimise the risk of my details being hacked into by unscrupulous persons/governments that will constantly attempt to try and access such a big companies system just because of who they are. Its my data I am responsible for it and therefore just to submit yourself to using cloud technology and not be responsible for your own data is in my view foolhardy. Of course if I got burgled or the house caught fire I might eat my words and wish I had used cloud technology but that’s the risk I choose to take.

Joff Day says:
30 April 2012

Today I have unlimited online storage with BitCasa as a beta user. When they go public it wil cost $10 a month and they do not have anything like the Google T&Cs. All data is encryted so they do not even see ‘files’ to play with.

I’ll stick with Dropbox thanks. It its an excellent place to park and/or share files.

I’m not so sure about the Dropbox app for the iPad. It keeps quitting and there are others who have experienced the same problem.

hilary sheppard says:
18 May 2012

It all sounds a bit scarey, also feel its not very secure, feel its just a way for them to make money like to stay where i am, won’t change

Just to prove a point on how little I would trust google. I’ve just looked at the address my nan used to live when she was alive on google maps and after 30 years the place is still there. What I wasn’t expecting to see was a very clear car number plate and 2 school aged kids faces looking down from upstairs balconys. I was sure they said they would remove that sort of stuff. And yes I know there’s a lot of data to hide but surely if you can’t be 100% secure that you should do it. Or at the very least make it easy for the user to report issues. There’s no report a problem button to be seen. Seems like google’s business philospy is its easier to seek forgive after the event than to ask for permission before.