In July, I blogged about a proposal to move the city of Los Angeles’s e-mail system, internal data and public records to Google’s paid cloud computing service Google Apps. The project has created controversy, and the World Privacy Forum wrote to Los Angeles Mayor Antonio Villaraigosa (pdf) raising questions about privacy and security components of the proposal.
In L.A.’s $7.25 million plan (pdf), “the city [would] transition about 30,000 users to Google’s e-mail and office productivity products by the end of December 2009 […] The migration would make Google, which hosts the servers running the applications, responsible for retaining and protecting sensitive health care and litigation data along with criminal and drug investigation records.”
On Tuesday, the Los Angeles City Council voted unanimously to outsource its e-mail system and other internet services to Google Inc., reports the Associated Press.
An amendment added shortly before the vote makes the contract contingent on Computer Science agreeing to pay a preset penalty if a security breach occurs. The contractor’s project manager David Barber said he believed such an agreement would be reached. […]
The Associated Press noted, “The city’s police officers’ union and privacy advocates had raised security concerns over the Google contract because it places data online rather than on individual computers under the city’s direct control.”
One of the most important privacy questions involves the fact that the physical location of the “in the cloud” server where the data is housed could be in any country and subject to the laws of the host country, which could be less protective of the data than the United States’ laws.
In a New York Times op-ed, Harvard Law Professor Jonathan Zittrain wrote about privacy and cloud computing, noting that the cloud “comes with real dangers.” “Data stored online has less privacy protection both in practice and under the law. […] Before, the bad guys usually needed to get their hands on people’s computers to see their secrets; in today’s cloud all you need is a password.”
You can learn more about privacy and security questions connected to cloud computing in a report (pdf) from the World Privacy Forum, “Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing.”