Google Opens Up About How Its Cloud Stores Your Secrets

Urs Holzle, Senior Vice President for Technical Infrastructure at Google, speaks on the Google Cloud Platform during the Google I/O Developers Conference
Urs Holzle, Senior Vice President for Technical Infrastructure at Google, speaks on the Google Cloud Platform during the Google I/O Developers Conference
Photo: Stephen Lam (Getty)

Google Cloud has a whopping 20 new product announcements out today, most of them aimed at enterprise customers—which means they probably won’t matter much to you unless you’re in the position to make IT decisions for a company.

Advertisement

But we lowly consumers sometimes get the trickle-down effect from good privacy decisions at the enterprise Cloud level, and there are some bits and pieces in this announcement that will have a positive impact for regular old users—especially if you use products or services that are hosted in Google Cloud. And because Google counts the likes of Spotify, Walgreens, and even Apple among its Cloud customers, it’s holding a lot more of your data than you probably realize.

All of Google’s announcements today focus on trust. Of course, any cloud provider needs its users to trust it enough to hand over their data. But Google’s approach is a little different—it’s trying to build the most trustworthy cloud it can, but Google is also giving customers ways to verify what it’s up to in case they don’t trust Google enough to take the company at its word.

Advertisement

For instance, Google is expanding Access Transparency by offering customers a real-time log of any accesses to their data by Google’s own engineers and support staff, as well as justifications for that access. In doing so, Google is giving enterprise customers a way to make sure that its employees aren’t poking around when they shouldn’t be.

“We want to be as open and transparent as possible, allowing customers to see what happens to their data,” said Jennifer Lin, Cloud’s product management director for security and privacy.

Google is also giving consumers more visibility of security threats, with the same tools it uses to protect its own products. Its Cloud Security Command Center will highlight botnets, cryptocurrency mining, and other threats using the Google Security team’s own tools as well as vendor data from security companies like Cloudflare, CrowdStrike, Dome9, RedLock, Palo Alto Networks, and Qualys.

Kate Conger is a senior reporter at Gizmodo.

Share This Story

Get our newsletter

DISCUSSION

Its important to remember that if you’re paying for a service, you are the customer. If you have a financial and contractual relationship with Google, you are far better off than someone who just uses free gmail.

And it is possible to pay for things such that you recieve privacy that others who do not pay for those things do not recieve. And this is a very important difference between the facebook model and the models of other organizations and businesses such as google. Some of google’s privacy and security WILL make it down the line - and if you’re paying for a personal backup drive space, you can be fairly confident that you’ll have a protected data location in their cloud (assuming you do your diligence and protect it properly). And you have a contract detailing your rights and Google’s rights - because you are a customer.

Facebook’s customers are the people who approach them for the mined data that they gather from the people who use their free services or people looking to achieve an impact based on injecting information to certain groups at certain points to achieve certain effects. Facebook was never about communicating between people, uniting places or ensuring the continuity of information. It was always about gathering information, subtle manipulation of communications, and injecting for-pay content on behalf of hidden actors who pony up the cash.

If you chose to sell yourself, that’s your prerogative. But you cannot deny that facebook’s utility depends on people never knowing or realizing this aspect of their business model. And more importantly, you don’t get to complain when others point this out to people who “should know better” because while its true a person has a bit of their own responsibility in these matters - when the system is specifically designed to use social and psychological manipulation to attract unaware or uneducated users in the realms of data privacy and the value of data importance, those who fail to educate their fellow humans are the ones taking advantage of them and that is not your right. And in Facebook’s case - the point of the matter is to disenfranchise or disempower non-paying users and transfer that power and wealth to paying customers.

Which is fine if you’re a person looking for a product, and facebook’s algorithms match you up with a promotion of such a product. Great. Maybe you’re satisfied with that arrangement when you realize it. But what about when facebook subtly (or unsubtly) injects hateful ideals by recommending some “friends” that might feed some of your internal hatreds, vices and prejudices? What happens when facebook helps initiate a riot that feeds into a political narrative a paying customer wants to project? What happens when facebook uses the data at its disposal to identify you, your friends, and your relations so that governments can oppress you or disenfranchise you?

This is what it means when your business model is using the people you attract to your platform to resell them and their personal information as a product.

Google has a different path, but its free offerings fall into many of the same categories. One must always be wary of how organizations like google manipulate their users to achieve their goals. Enterprise security is great, and it will trickle down - but only so long as you are a paying customer at some level. Same with Microsoft. Same with Apple. Same with any company. The moment funds are exchanged for products and services, you become a customer and are entitled to rights in the same way the company is. Free? Free has a lot of caveats and exclusions. Always read the fine print. Always be aware that free has risks. Even free such as open source software needs a careful analysis - so always be aware of what you are using so it does not use you in ways you do not expect.

And this is coming from a Linux advocate, so - beware. As long as money is the primary motivator in this world, things that do not involve its exchange may have hidden elements that use you and your information as the product. Quite a few people do it correctly with Open Source Software - but you have a responsibility to understand what your rights are and what the author’s rights are in kind if you wish to not be taken advantage of.

The price of freedom maintained has always been eternal vigilance... and the price of freedom won can only be paid with blood.