Dirty little secrets
I recently read an article that carried comments from Google’s CEO, Eric Schmidt, that frankly I thought were pretty dismissive towards those who are concerned about online privacy. He said: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place“. Mmmm…and this is from the man who whacked CNet over the head and banned them for a year after the site published information about him it had discovered on ahem, Google. (This is a bit like Facebook’s CEO, Mark Zuckerberg, being caught by Facebook’s new privacy settings. Candid shots of him were splashed over the Internet before he locked his profile to allowing access to “friends of friends”. My personal favourite shot is the teddy bear one).
BTW: be aware that the new privacy settings on Facebook mean that the default settings make most of your content accessible to “everyone” (ie the whole planet, the whole universe, EVERYONE). All your personal information – your name, profile picture, where you live, gender, networks and friends, and the pages that you are a fan of – will be treated as publicly available information. You want that? If so, good luck.
You have to wonder why Zuckerberg suddenly locked down all his personal stuff. Gawker quipped: “Facebook’s own chief executive is illustrating that his privacy settings are so baffling that even he himself doesn’t grasp their full implications“. LOL.
But back to Schmidt. His comment is a bit like saying “you got dirty little secrets? then don’t use any Google applications, because search engines, including Google, retain your info”. So the really important question is: should you choose to use Google Docs or other Google apps that require you to use your Google sign-on, to what extent are you subject to the US Patriot Act? If you’re living in Australia, or Holland, or Canada or South Africa – are you subject to this Act? I started wondering about this when I read Schmidt’s comments and when Facebook tinkered around with its privacy settings yet again. So let’s find out.
Well, there is one glaring case study we can examine. Canada’s LakeHead University decided to replace its ageing infrastructure by adopting Google email and collaboration tools. Good idea you’d think because it saved the Uni hundreds of thousands of dollars. But it meant that emails and documents sent by email to the US from Canadian university staff became subject to the US Patriot Act, which basically gives the US Government the right to access or search virtually any data hosted by US companies (and this of course includes Google, a company based in Mountain View, California). And the U.S. Justice Department can subpoena search records. This is all at odds with Canada’s very strict privacy laws.
Section 215 of the Patriot Act allows the US FBI to issue a national security letter, which compels a third-party, such as ISPs, financial institutions and telecommunications firms, to disclose customer information. And Section 215 includes a “gag order”, meaning the third-party cannot reveal to any other party that it has been served with a national security letter. So if a Canadian company is a subsidiary of a US company and the US parent is whacked with the national security letter, any information held in subsidiary locations would have to be coughed up. No warrant is required. (This is my understanding from reading Section 215). This would apply I presume to firms based in Australia with a US parent. Think of it this way: information crossing the US border in a fiber-optic cable is treated the same way as papers carried in a briefcase. Canada has done a huge amount of work in sorting out the implications of trans-border data flows. Go here for FAQs on the Patriot Act.
And I think the US Patriot Act has tremendous impact on cloud security. So if cloud service providers have data centres in the US, the information is in danger of being exposed. Should you choose to store your personal data in the cloud (business records and sensitive corporate documents, emails etc) then I think you will have inadequate legal protection over your own data.
This prompted me to find out where the heck Google data centres are located and I came across the map below. Also read this Data Center Knowledge FAQ, which covers in detail Google’s servers and data centres.
Australia doesn’t appear to have a data centre or server (although there were rumblings earlier in 2009 that Google would build one in Oz. This seems to be on hold until the Federal Government sorts out the broadband network). So if there’s no local data centre or server, then where is the personal financial document you stored in Google Docs actually held? The Patriot Act makes all data stored on US shores liable to inspection – this would contravene the EU’s Data Protection Act I would think (ie cause a huge cat fight) although I’m presuming the EU-US Safe Harbor program also provides protection. I’m not so sure what protects Australians. I’m looking into it – leave a comment if you know more.
The point is we are increasingly seduced by Google. It’s a clever company with clever apps. Just think about your online privacy protection. I need to come up to speed with the Patriot Act. Several provisions of the Patriot Act are due to expire December 31 2009 unless renewed by Congress but Obama is seeking to extend its spying provisions.