Who is in charge of files created and stored on Google Docs and Drive?
Most people assume it’s the user or team sharing them but an incident affecting these services on Halloween has reminded everyone that there is always a superuser with absolute power sitting above this – Google itself.
On that particular day, a portion of Docs users started finding themselves blocked from opening or editing specific documents. Many reported seeing the following message:
This item has been flagged as inappropriate and can no longer be shared.
Except the files were wholly innocent of the charge, something that was quickly pointed out to Google using the preferred medium of modern complaint, Twitter. A few hours later, access to the files was restored.
All back to normal? Not exactly.
On Friday, Google offered an official explanation for what went wrong:
A short-lived bug that incorrectly flagged some files as violating our terms of service (TOS). [This] caused the Google Docs and Drive services to misinterpret the response from these protection systems and erroneously mark some files as TOS violations, thus causing access denials for users of those files.
What Google is saying is that its “unparalleled automatic, preventive security precautions … using both static and dynamic antivirus techniques” suffered what is known in the trade as a false positive.
This happens when a security system incorrectly flags something as suspect that isn’t, a phenomenon affecting all systems from time to time.
While not fun they’re still less worrisome than a false negative, which happens when a genuinely malicious file slips through unnoticed.
Nonetheless, the incident makes it clear that every time a user creates a file on Drive (which is where Docs files are stored), there is a possibility that it might at some point be scanned by Google’s security software to decide whether it’s “inappropriate” or not.
Drive has been widely abused to host malicious (boobytrapped) files, command and control and even crude phishing attacks, so you can understand why Google might want to do such a thing.
The deeper issue is how this is done and whether it in any way compromises privacy over and above the implicit fact (as stated in the terms and conditions) that Google can be legally compelled to hand files over to law enforcement if presented with a court order.
On the basis of Google’s policies it seems unlikely to me that the system reads the contents of files or scans each individually as it is created and used. Rather, periodic scans are run on groups of files as a way of spotting patterns that indicate something suspicious is afoot.
We have no way of knowing how well this system spots malice, but we can say from the rarity of events like this, where large numbers of users are locked out, that disruptive false positives are rare.
It’s possible individual users can protect themselves against this kind of glitch by mirroring Drive files to a local machine and working on those offline. This definitely won’t work for G Suite (formerly Apps for Work) files shared across multiple users and hosted online, however.
The lesson from the Halloween lock-out remains that while content sitting on Drive or created through Docs might belong to the user, the service itself is always Google’s domain. If only more people read the T&Cs.
AJC
Isn’t the question how deep this analysis goes and what (commercial) use might be made of the results?
Robert Stoneking
Another reminder that you don’t control your data if you don’t have physical security of the media it’s stored on.
Steve Adams
This (security, malware protection etc.) is a significant part of the value provided by the service.
i.e. we WANT this service, it’s one of the reasons we choose to use it.
Drive scans & indexes the contents of our files so that the amazing search features can be provided.
Sure a false positive is a failure, but such failures are rare, it’s a great service & incredibly inexpensive (G Suite for busineses).
Paul Ducklin
This isn’t like an unwanted malware detection, where you still have your file but with a mistaken warning saying that it’s dangerous. (You could always scan it with a different anti-virus, take a chance on it, disinfect it or safely convert it to a different format, e.g. DOCX to TXT.)
This is a essentially an accusation that you’ve done something legally wrong, with what amounts to seizure of your property as the price to pay. It’s not a inappropriate warning, it’s an unjustified punishment. The analogy for what happened isn’t quarantine…it’s prison :-)
Anonymous
Scanning your files for viruses protects you, so you are the customer. Scanning your files for copyright infringments protects Google from making its much bigger customers angry, so you are not the customer, you are the product (and in the case of a false positive also the victim). If that’s a significant part of the value provided by the service then it’s not you that gets the value :-)
Anonymous
I’m confused. At one point, Google says the bug was that the content scanner said files were bad when they were good. Therefore if the rest of the system was working correctly the files would be blocked. (Correct processing of incorrect data.)
Then Google says the bug was that the rest of the system handled the reply from the scanner wrongly, and that’s why the files were blocked. But surely that means the scanner would have to have said the files were good for the wrong handling of its answer to be turned into “block”? (Incorrect processing of correct data.)
Seems like Google could benefit from Mr Stockley’s article “What You Sound Like After A Data Breach”
https://nakedsecurity.sophos.com/2015/10/09/what-you-sound-like-after-a-data-breach/