A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators (pdf). I have been playing around recently with Google's Documents and Spreadsheets. What Google documents and spreadsheets allows you to do …
Bank Safe Deposit?
Lots of questions about rights and ownership, and analogies that don't quite fit.
Surely it's the same as when you store documents in a bank safe deposit box, or if you lodge your will or other legal documents with a lawyer. To me that seems legally equivalent and the same rules should apply (whatever they are).
Another reason not to use the Google apps.
Yes Anahata, the government can get a search warrant and seize records from your safe deposit box. They, to the best of my recollection (but consult a lawyer), cannot subpoena anything in your safe deposit box from the bank but must approach you directly. As far as your will is concerned, it's work product and is protected. UNLESS, as is required in Texas, your will is registered with the county. Then it's a public record. There have been attempts in the past to limit this ability, but anti-privacy advocates (Tom Craddick) have blocked most attempts at protecting public data. Even my carry license is public record, but, as of Sep 1, you can only get that information if you ask for it by name, you can't do a fishing expedition.
What they can do
Isn't it a bit pointless to argue about what can be legally done by a government that has shown it cares not a whit for the law?
Store sensitive documents on Google?
Storing sensitive or personal documents on Google, or any other online storage facility, come to that, is asking for trouble. That said, Google Documents does have a useful role. I store basic document letterheads, spreadsheet templates, etc. just in case I need them urgently and have no other way of accessing them - a catastrophic failure of my laptop, for instance. I can then use my templates on a client's or colleague's machine, save the completed document to removable media and shred the original. I cannot see that storing sensitive documents online is any less incompetent than leaving a laptop in a taxi or failing to securely delete data from a no longer required hard drive. In security matters one should always consider the internet a leaking sieve.
Another SWIFT snafu waiting to happen
There has been already a recent example of this: the infamous SWIFT case. The US government didn't care if the information was from another country, it just asked for it, and took it.
And SWIFT got in real trouble because the move is illegal under EU law.
Now here the records were protected by law, but the "physical possession" definition was used to acquire that info. Now imagine Gmail / Google Spreadsheets et al, where there is no such provision; your data is for all purposes in the US Gov't hands. Happy data mining!
Host your own Google-ish apps?
I love the convenience of Google apps, but maybe it would work better to host such things on my own home server. Does anyone out there have such software, or are they developing it?
How important is security?
While security is an important issue, for all of the documents that I or my company create on Google Docs and Spreadsheets, I'm not really worried if someone else sees them.
The three main cases in which they can be seen is if
(a) someone gets my password (I take care over where I type this in, and it's a random alphanumeric string that only I know),
(b) if a Google employee decides to have a look (I think that they have better things to do with their time, and I'm sure there's a lot more interesting Google Docs out there) or
(c) if Google are ordered to part with the info by law (if it comes to this, I probably have more pressing problems, and "I've got nothing to hide" etc).
I think that it would be difficult for malicious outsiders to get hold of the info if you're careful about passwords, ownership etc and for me at least, the benefits (proper concurrent spreadsheets and docs) outweigh the fairly small risks. I think that the majority of users will be in the same boat as me. For some, any risk is unacceptable, and these users will naturally have to fall back on more secure and less accessible options.