The Net has been thundering over the last few days about a security issue at Google, and some users have reported receiving the following email:

Dear Google Docs user,

We wanted to let you know about a recent issue with your Google Docs account. We’ve identified and fixed a bug which may have caused you to share some of your documents without your knowledge. This inadvertent sharing was limited to people with whom you, or a collaborator with sharing rights, had previously shared a document. The issue only occurred if you, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and changed the sharing permissions. This issue affected documents and presentations but not spreadsheets.

To help remedy this issue, we have used an automated process to remove collaborators and viewers from the documents that we identified as being affected. Since the impacted documents are now accessible only to you, you will need to re-share the documents manually. For your reference, we’ve listed below the documents identified as being affected.

We apologize for the inconvenience that this issue may have caused. We want to assure you that we are treating this issue with the highest priority.

The Google Docs Team

A lot of people are understandably critical of Google.  But the reality is that systems built like this are doomed to suffer security breaches for three reasons:

  • There is often little ‘engineering’ in ‘software engineering’.  People who design most of the world’s software are ‘software artists’ or ‘software developers’ and apply few, if any, engineering principles to the task.
  • Users of these services don’t demand — and often don’t desire — a high level of security.
  • The applications rely on a single layer of security.

But the purpose of this article is not to bash Google or software developers.  I’ve written software and I’ll be the first to admit that some of it was hacked together as fast as possible for the same reason lots of software is.  The vendors provide exactly what the market is asking for.  The real problem is us.

When it comes to computers, software and the Internet, we consumers are singing the famous Queen song, I want it all and I want it now. We want instant access to information from any computer. We want sharing it to be very easy. We want it virtually for free and it is never fast enough.  And we seldom consider security until something goes wrong.

For some information, security really doesn’t matter.  Most of my personal email falls into that category.  Sure, I’d prefer that others don’t read it, but reality is that the impact on me if they did would be really small.  I use Google Apps for two non-profits I’m involved with.  It’s free, reasonably reliable, and it’s not any less secure than using ISP email accounts. But, for other information, the security provided by Google Docs and other, similar services is woefully inadequate.

The problem is that security seldom is free and easy.  As long as we insist on being able to walk up to any computer, enter a username and password, and access our data, we will continue to see security breaches escalate.  Passwords are a very poor authentication mechanism and using them as the only line of security invites disaster.  But we continue to use them because they’re cheap and easy.

PayPal gets it, mostly because, in the financial world, poor authentication directly results in monetary loss.  If you’ve been following PayPal, you already know that they’re offering customers the ability to use their mobile phone or a (US)$5 authentication token to protect their account.  My guess is that PayPal has begun this as a voluntary measure in order to test it out and gain acceptance, and that they will make it mandatory at some point in the future, as well they should.

Some markets are different.  Medical, aeronotical, defence and financial software used by banks are noted exceptions.  Some security software is also very well designed.  But it’s because in those markets very bad things can happen when the software fails, so customers demand better solutions and are willing to pay for them.

The technology required to make file sharing like Google Docs highly secure has existed for more than a decade.  If we cared about security, our browsers would have the ability to encrypt and decrypt files built right in and we’d carry certificates and keys around on a smartcard or USB device.  When we wanted our documents, we’d plug in the card or device, use a certificate to authenticate to Google Docs and download the document. Then it would be automatically decrypted. If we cared, we’d use a product like the USB devices from MXI Security that can validate the user’s fingerprint right on the device before giving access. If we cared, we’d demand that Google and other software-as-a-service (SaS) providers apply sound engineering practices so that software bugs don’t result in security breaches.  And, if we really cared, we’d be willing to pay at least a bit more to get it.

But, for the most part, we don’t care.  And, until we do, these security breaches will continue.

2 Responses to Lightning in Google’s Cloud

  1. Wendy
    Mar 09, 2009

    Hi Eric:

    Good points, but what should we non-tech computer users be doing. My DH works in a ‘secure’ setting and the security ‘keys’ they use are very expensive (having said that they are still cheaper than iphones) I use dropio and dropbox occasionally for less-than-critical documents. What should I be doing to share files safely?



  1. Security Apathy | Eric Jacksch

Leave a Reply