G Suite domains lack end-to-end encryption and content can be scanned by Google for a variety of purposes, claims former employee
A former employee of Google has claimed that user data stored in Google Docs and certain other Google products can be accessed by the internet giant, and law enforcement agencies.
Google Docs is used by millions of people today to write, edit, collaborate and archive their documents.
Like many other useful applications, this programme (and other G Suite products such as Gmail, Google Drive, Google Calendar) may have some privacy and security implications.
Martin Shelton, an ex-Google employee, published a blog post on Wednesday, revealing all the ways in which Google, as well as law enforcement agencies, can access the data stored on users' G Suite accounts.
Shelton, a principal researcher at the Freedom of the Press Foundation, says that any organisation using Google's paid G Suite products is likely to have complete access to everything that its employees do on those services.
The volume of information which can be accessed by the organisation depends on the version of G Suite being used, he claims.
Currently, there are three core versions of G Suite available: G Suite Enterprise, G Suite Business, and G Suite Basic. Normally, G Suite Enterprise version offers the greatest monitoring capabilities to administrators into users' Google activities.
So, a G Suite administrator using Enterprise edition can easily find out which files an employee opened in a shared Google Drive, according to Shelton.
Admins can also monitor Gmail, Drive, Slides, Sheets, Calendar, and more, using mobile and desktop devices, he adds.
Shelton also stated that the documents within the G Suite domains are not end-to-end encrypted, which means Google can also read users data on G Suite. Google can scan user data for a variety of purposes, such as filtering data for spam or malware detection, for spellcheck or searching for content, which is in violation of Google's policies.
Google may also be asked by the law enforcement agencies to hand over relevant user data, including email exchanges between two (or more) individuals, to aid in their investigations. Such requests usually come in the form of a court order, a subpoena or search warrant, compelling Google to share data with the requesting agency.
Google says it received 43,683 US government requests for user data from 124,991 accounts in 2018, and provided the data in in 81 per cent of those requests.
