Secret Life of Files
Google's online trove of sensitive personal and business data is proving attractive to law enforcement agencies, a fact not lost on the company: Last year it successfully warded off a Department of Justice subpoena demanding millions of search queries. (This request, the company countered, was excessive and an invasion of user privacy.)
The search giant also recently announced that it would begin deleting IP address information--which can be used to identify users--from its logs after 18 months. However, these steps may not be enough to reassure the most security-conscious users of Google applications.
"Even if you trust the service to do the right thing with the data, which I tend to do in the case of Google," says Lauren Weinstein, cofounder of People for Internet Responsibility, "it doesn't mean that someone won't come along and make demands for access to that data that wouldn't occur if the data was on your own machine."
Weinstein worries that if companies such as Google don't take a stronger role in protecting user privacy, less-savvy groups, including legislators, judges, and federal government agencies, may feel obliged to step in with solutions that could hamper all online services. "Not being evil is good, but it's not good enough," Weinstein says.
"What you really need to do is not only not be evil, but you've got to try to keep other people from doing evil with your magic. And that's a harder step to take."