Google's Cloudy Day

OK, let's go through the allure and danger of Google's cloud-computing vision. Here's what Google hopes: It will create a new model of computing in which users' hard drive memory and software will all be provided by a grand universe of servers and data centers, allowing you to access everything you need without being anywhere near your computer. Instead, all you need is a machine with enough power to drive a screen, a keyboard, and an Internet browser. The plan could make computers cheaper than anyone ever imagined, as features that were once thought essential are stripped away, leaving only a fraction of the infrastructure we used to need. And your documents, from reports and essays to photographs and personal videos, will be immediately accessible from any terminal in the world. And Google will make it happen for you; all it asks is that you glance at an ad now and then. The online world is remade, Google makes a killing, everyone's happy.

Here's what Google fears: If its cloud-computing system crashes, or inadvertently lets companies view their rivals' confidential documents all over the world, the entire system of cloud-based business-information processing collapses. Companies' most precious secrets are leaked, as are government files; suddenly, your tax history is available for anyone to read. The world's governments and businesses panic and come fleeing back to software that is embedded in individual computers, but not before incalculable damage is done to the modern economy and the privacy rights of ordinary citizens.

Lately, the latter scenario's been getting a little more likely. Last year, Gmail crashed three times, and Google Docs, the service that migrates word-processing and spreadsheet documents onto the cloud, crashed in July. In February, the company's gmail froze for several hours, right in the middle of the business day in Europe. Earlier this month, a small percentage of word-processing documents were made available to people who shouldn't have access to them. If people can't guarantee that their private documents will stay private, they may never join the cloud utopia.

So here's the latest nail in Google's cloud coffin. Computer security consultant Ade Barkah looked over Google Docs' potential vulnerabilities and announced today that he found plenty. If you take a graphic—say, a bar graph of coal output or a diagram of your fancy new cold-fusion generator—and embed it into a document that Google has promised is private, a shadow of it is uploaded to a Google server, and if you're a reasonably smart hacker, you can pull it out and look at it. If you put a graphical element into a document, decide to strip some sensitive information from the graphic, and send it to someone else, that special someone will be able to access previous drafts of the graphic, including elements you wanted stripped.

Finally, if you give people permission to view your Google Docs but withdraw that permission later, they could still occasionally sneak a peek. "Even if you unshare a document with a person, that person can in certain cases still access your document without your permission, a serious breach of privacy," Barkah concludes. "For now I'm withholding the mechanics of when/why/how this happens, pending further research and feedback from Google if any."

As Barkah writes, Google representatives haven't yet responded to his notes alerting him to these alleged problems. Meanwhile, we'll let TechCrunch writer Robin Wauters get the last word: "If that last claim turns out to be valid, I'm leaving Google Docs and never coming back."