Sign in with
Sign up | Sign in

How Secure is Google Drive?

How Secure is Google Drive?
By

Google Drive is one of the most widespread cloud-storage services around, but between the National Security Agency (NSA) and Google's own overreaching terms of service, your files may be open to snooping from both organizations.

The NSA asserts that its PRISM program targets only citizens of foreign countries and not U.S. residents. Even so, with this technology in place, it would be simplicity itself to turn PRISM's focus toward Americans if the NSA ever decided that it would be valuable.

Google denies granting the NSA unlimited access to private data. "I'm not sure I can say this more clearly: We're not in cahoots with the NSA," said David Drummond, Google's chief legal officer, in a statement to The Guardian.

Whether you believe Edward Snowden, the NSA or Google, there are benefits to knowing exactly what Google

Google provides many amenities — an Internet browser, email, a search engine and global navigation, among other things. PRISM can supposedly collect information from any of these services as well as Google Drive, the company's cloud-storage platform. Drive has two components: Making documents and storing them on the fly ("Create"), and importing your own files ("Upload").

Google's privacy policy weighs in at nine pages, and states that Google can collect device, login and location information. If you access Google Drive through Chrome, Google also collects your browser history, plants cookies on your system and records what other applications you've been using.

Google's Drive FAQs say that the company will not use any data you mark as private for marketing or promotional purposes, but its terms of service are much more freewheeling: Google can "use, host, store, reproduce, modify, create derivative works … communicate, publish, publicly perform, publicly display and distribute [user] content."

These permissions may sound scary, but there's actually a very innocent explanation for each one. Google needs to know your device and login information in order to keep you signed-in on a phone or private computer. Your location information helps Google ascertain if someone has hacked your account in an unusual spot — say, Eastern Europe.

Even the company's terms of service are not unusually demanding. Using, hosting and storing data is Drive's explicit purpose. Reproducing, modifying and creating derivative files would be necessary during a server migration or as a recuperative measure if Drive ever became the victim of a large-scale cyberattack.

One could even argue that communicating, publishing, publicly performing or displaying, and distributing content are just convoluted, legal-ese ways of saying that Google can provide your own data to you from any computer you choose, be it public or private.

Display 1 comment.
This thread is closed for comments
  • 0 Hide
    TracerR , August 27, 2013 9:44 PM
    If you store your files on someone else's servers, then they can access the files. Either law enforcement can make them do it, or the server admins can steal your data, or just expose it through negligence. The best way to protect files is to use encryption, but it must be done locally, not on the cloud server. There are many tools that will do this: Truecrypt http://www.truecrypt.org/ will encrypt entire disk volumes. Syncdocs http://www.syncdocs.com/ will encrypt files stored on Google Drive.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter