Ex-Google staffer claims data stored in Google Docs and other G Suite apps isn't as private as users might think

clock • 2 min read

G Suite domains lack end-to-end encryption and content can be scanned by Google for a variety of purposes, claims former employee

A former employee of Google has claimed that user data stored in Google Docs and certain other Google products can be accessed by the internet giant, and law enforcement agencies.

Google Docs is used by millions of people today to write, edit, collaborate and archive their documents.

Like many other useful applications, this programme (and other G Suite products such as Gmail, Google Drive, Google Calendar) may have some privacy and security implications.

Martin Shelton, an ex-Google employee, published a blog post on Wednesday, revealing all the ways in which Google, as well as law enforcement agencies, can access the data stored on users' G Suite accounts.

Shelton, a principal researcher at the Freedom of the Press Foundation, says that any organisation using Google's paid G Suite products is likely to have complete access to everything that its employees do on those services.

The volume of information which can be accessed by the organisation depends on the version of G Suite being used, he claims.

Currently, there are three core versions of G Suite available: G Suite Enterprise, G Suite Business, and G Suite Basic. Normally, G Suite Enterprise version offers the greatest monitoring capabilities to administrators into users' Google activities.

So, a G Suite administrator using Enterprise edition can easily find out which files an employee opened in a shared Google Drive, according to Shelton.

Admins can also monitor Gmail, Drive, Slides, Sheets, Calendar, and more, using mobile and desktop devices, he adds.

Shelton also stated that the documents within the G Suite domains are not end-to-end encrypted, which means Google can also read users data on G Suite. Google can scan user data for a variety of purposes, such as filtering data for spam or malware detection, for spellcheck or searching for content, which is in violation of Google's policies.

Google may also be asked by the law enforcement agencies to hand over relevant user data, including email exchanges between two (or more) individuals, to aid in their investigations. Such requests usually come in the form of a court order, a subpoena or search warrant, compelling Google to share data with the requesting agency.

Google says it received 43,683 US government requests for user data from 124,991 accounts in 2018, and provided the data in in 81 per cent of those requests.

You may also like
Google Cloud adds AI to Gmail and Docs

Office Software

Aiming to bring AI to 'nearly all' of Workspace

clock 15 March 2023 • 3 min read
Google rolls out client-side encryption for Gmail and Calendar

Privacy

Additional security for business users

clock 01 March 2023 • 2 min read
Russia responsible for more than half of all Google takedown requests

Government

Russia, which has long desired to clean up its image online, submitted twice as many requests to remove content as the other top ten countries put together

clock 01 February 2022 • 3 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

Cloud encryption rates are disastrously low, research

Cloud encryption rates are disastrously low, research

Come on in, the door's open

John Leonard
clock 05 June 2024 • 2 min read
Remote working: We're on top of defending WFH, say IT leaders

Remote working: We're on top of defending WFH, say IT leaders

'Security has been moved to devices rather than offices meaning all have the same protections'

John Leonard
clock 31 May 2024 • 3 min read
Asian Tech Roundup: Pressure grows in US-China trade war

Asian Tech Roundup: Pressure grows in US-China trade war

Plus: Google 'accidentally' deletes pension fund's cloud account

Tom Allen
clock 17 May 2024 • 4 min read