Google Docs experiences a privacy glitch

10 Mar 2009

Google discovered a privacy glitch that inappropriately shared access to a small fraction of word-processing and presentation documents stored on the company's online Google Docs service.

This follows on the heels of the search engine leader's problem with its mail service (See: Gmail failure sparks online panic)

Google said in a blog post, penned by Docs product manager Jennifer Mazzon, that the security lapse was ''limited to people with whom the document owner, or a collaborator with sharing rights, had previously shared a document.'' She claimed that very ''few users'' would have been affected by the bug ''because it only could have occurred for a very small percentage of documents, and for those documents only when a specific sequence of user actions took place.''

Google said in a later statement that the problem affected only 0.05 per cent of documents stored at the site and that affected Google Docs users had been notified. It said the error was limited to its Docs system within Google Apps and did not affect its spreadsheet system, though some presentations were also hit by the error.

The company fixed the bug by using what it described as an ''automated process to remove collaborators and viewers from the documents'' that had been exposed to the security glitch. In other words it stripped all sharing privileges from the documents affected by the bug and then informed affected users that they would have to manually re-share their documents.

''We're sorry for the trouble this has caused. We understand our users' concerns (in fact, we were affected by this bug ourselves) and we're treating this very seriously,'' said Mazzon.

Though the documents were shared only with people whom the Google Docs users had already shared documents, rather than with the world at large, the problem illustrates one downside of cloud computing, in which internet servers host software previously run on a person's own computer.

The flip side of a cloud-computing advantage, that a person can get access to those documents from any internet-connected computer or smartphone, is that technical problems or hacking attempts also can expose private information.