GDrive: Is Trust Enough?

So the rumors over Google's online storage ambitions continue to swirl, stirred this time by a report in the Wall Street Journal that cites its sources as "people familiar with the matter." You sort of get the impression that WSJ reporters had to meet their shadowy sources in a darkened Silicon Valley parking garage in order to glean this bit of news.

Questionable sources aside, I don't need much convincing that Google is planning some sort of "GDrive" to compete with the online personal data storage currently offered by Microsoft, AOL, Apple and others. It's a logical move if your ambition is to move the bulk of users' computing experience onto the web. I have no doubt Google could do it well -- probably better than anyone else, actually.

But wow, do you have to have a high level of trust in any organization if you're going to start storing your personal files en masse on someone else's servers, especially when part of the infrastructure of said system includes a file-sharing capability, and when those files are going to be potentially read by an indexing program to make them searchable (one hopes, only to you).

I'm sure Google plans to lock this down as tight as they possibly can. I can also hear a chorus of "online data storage is the future, man -- get used to it" building in the world of tech punditry. But color me reluctant. I've used Google Docs and Spreadsheets almost since the day it was introduced (I was a JotSpot user before Google bought it), but never have I put any information up that could get me in trouble or allow someone access to my personal information. If I were to start using an online service to replace some of the need for my hard drive, I would necessarily start being more indiscriminate about what got stored there. Even if you try to be careful, your sensitive data will begin to migrate online the more you depend on such storage.

Can that data be secured as well as it can on your hard drive? I just don't think it can. It's going to make a tempting target for hackers: all that juicy personal data hanging from Google's tree of knowledge, waiting to be plucked. Whereas my hard drive is pretty hard to get to: It rarely leaves my house, and it's secured on a machine that offers no file sharing services, listens on no ports, and is itself hidden away behind a pretty tight network firewall. Furthermore, my drive is just one person's information. If someone cracks the Google system, they're potentially able to access the data of thousands or millions of people.

At some point we have to ask ourselves just how good our security technology can ever be. At best, we can stay one step ahead of data thieves. We're all just one slip-up away from a break-in. So maybe sometimes the question we should be asking is not "How can we secure this data?" but instead "Do I really need to expose this data to risk?".

Even Google's own internal information doesn't always stay secure. The last paragraph of the WSJ story claims, with no apparent awareness of irony, that:

A document Google inadvertently released on the Web in March 2006 said it was moving toward being able to "store 100% of user data," citing "emails, Web history, pictures, bookmarks" as a few examples.

"Inadvertently"? As in "unintentionally"? The point being that Google is an organization made up of flawed humans who will someday, inevitably, spill the contents of your hard drive onto a public sidewalk.

Posted by Kevin Carlson at 12:04 PM  Permalink