I spent all afternoon Monday waiting at the LA City Council Budget Committee to give the Council members my two minutes on why Google’s proposal to put the City’s computing into its cloud could be dangerous. In a nutshell: Security, security, security.
Moving public records — city emails, documents etc — to Google servers, taking them off City desktops and servers, is a radical move. That’s why the LAPD came down against the proposal until Google said it would create its own government cloud, give security checks to data handlers and get the California Department of Justice to clear the deal. But only LAPD would be in the government cloud, there’s no room for the rest of City Hall and other City Departments apparently.
Still, LA Info Tech or IT people want Google to take charge because they say they are not up to the task. The head of City IT even hinted there’d been breaches of security already that no one knows about and claimed Google will do it better. My point was Google is in the business of delivering advertising, not securing information. Google needs to pay big damages if it breaches securty under the contract with the City. The City Attorney present acknowledged that might give Google some "skin in the game" but there’d have to be a contract renegotiation.
Council members Rosendahl and Koretz put Google’s director of Enterprise services on the spot about my questions. Bill Rosendahl, who used to host a popular cable show The Week In Review on Adelphia, said the back and forth reminded him of his talk show days, and he thanks Bernard Parks for letting it go on. Apparently that’s not the usual in City Hall.
Bottom line is the council members were unimpressed with many of Google’s answers, or that of city managers who said the deal wouldn’t really save any money. The proposal went to the full City Council without the committee’s recommendation. Rosendahl asked that liquidated damages be added in cases of breach of security.
Google probably doesn’t care all that much about the $7 million the City will pay it per year to host City emails, documents and data in its cloud. What Google wants is to say the City of LA trusts us, and to get every other governmental entity to use its Apps. That means Google will not only have our personal data, but our public data as well. It’s a pretty scary concept for those of us who understand that Google’s goal is not just moving computing off our computers to its servers, but opening information to the world so it can market us better.
The young Googlemen at City Hall talked about the reduncancy of data storage etc but none of us really know how Google’s servers or its cloud operates, or what it does with our data. That’s scary. As little as I trust government, it’s job is to protect and serve, not to market me. And I can get my government officials fired for misdeeds. So I trust government alot more than I trust Google.
I know Google’s piecing together a map about me every day from my searches, my map requests, soon my book choices re Google books if the Justice Department lets the deal go forward next month. It wants to serve me up personal advertising based on my behavior. Well, I don’t want my behavior tracked by Google’s cloud, no more than I want my City records stored in Google’s cloud. How will it treat the public data, and what will it seek to learn about me from it to better personalize its pitches and maximize its services?
As much as I love Google, I fear it. And so should the City Council. We will find out at next week’s City Council meeting whether the City will put adequate "skin in the game" for Google should it breach security. Right now the contract with the city comes through an intermediary corporation, so Google does not appear to be on the hook at all, let alone for big damages. The contact is ambiguous and needs to become clearer.
I was filling in this week for my dogged colleague John Simpson, who was in DC yesterday meeting with Google and privacy advocates over Google’s behavioral advertising initiative and the need for privacy controls in it. It’s good Google’s talking to us again. The company shut down communication when we blew the whistle on their lobbying over medical privacy issues, arguing Google lobbyists weren’t there until the lobbying reports came out and showed they were. Google’s government relations exec Bob Boorstin emailed our funder, The Rose Foundation, to ask them to stop our funding. Ironically, Boorstin was identified in a CNN Money story today as "a former Clinton White House speechwriter who works on freedom of expression issues in Google’s Washington, D.C., office." Freedom of expression, unless you are expressing concerns about Google apparently. It’s things like that that make me worry about Google and its claims. Any company whose motto is "Don’t be evil," has got to have some evil to hide.
Google also got a little annoyed last week when we showed the City Council disclosures to shareholders making the case Google’s cloud was vulnerable to viruses, worms, earthquakes, terror attacks etc. So Google sent a "fact check" memo around City Hall citing a Wall Street Journal story about us. The memo highlighted our defense of blowing the whistle on Google’s "rumored lobbying" but left out the part of the story talking about Google’s attempts to defund us or the other positive parts regarding the pressure Consumer Watchdog’s generated. Again, Google’s got some evil in it afterall.
John Simpson went away from DC yesterday feeling like Google actually was going to take a stab at doing the right thing to put privacy controls on its products. But to help them we’ll have to sign a non disclosure agreement. Which apparently you have to do just to get into a certain part of Google’s offices. John declined the non disclosure agreement at the office, but they let him in anyway for the meeting. It’s so interesting how a company that is so interested in making all our information available takes such precautions to guard its own secrets.