I recently contributed a chapter to the book, Face the Future: Tools for the Modern Media Age. The Internet and Journalism Today. My chapter is called Wikileaks and the limits of protocol and can be downloaded from our research repository. Here’s the abstract.
In this chapter, I reflect on Wikileaks and its use of technology to achieve freedom in capitalist society. Wikileaks represents an avant-garde form of media (i.e. networked, cryptographic), with traditional democratic values: opposing power and seeking the truth. At times, http://wikileaks.org appears broken and half abandoned and at other times, it is clearly operating beyond the level of government efficiency and military intelligence. It has received both high acclaim and severe criticism from human rights organisations, the mainstream media and governments. It is a really existing threat to traditional forms of power and control yet, I suggest, it is fundamentally restrained by liberal ideology of freedom and democracy and the protocological limits of cybernetic capitalism.
We’ve recently started providing staff training on using Google apps and one of the questions that always comes up is around privacy and security. Following one of our sessions, one member of staff is using Google docs to manage a large number of sensitive documents, with several other colleagues. The sharing of folders and documents with different people is proving very useful. Recently, that member of staff asked me about whether it was possible to encrypt files stored on Google docs so I had a look around to see what the situation is. I knew that transport encryption is available (i.e. https) and that there was no feature in Google docs to encrypt a file, but wanted to provide a thorough response to my colleague.
As I said, Google doesn’t provide the facility to encrypt data held in Google docs. You can however, encrypt a file and upload it to Google docs for online storage only. To read the file, it has to be downloaded and decrypted. I tested this with a .pgp file.
I searched around on the web for a few more clues and there’s the suggestion (last comment) that the data is ‘sharded’ across multiple servers and when you click on the name of a file, the data is brought together into the file for you to work on. I haven’t found any official confirmation of this technique being used.
There’s a Google docs employee on Get Satisfaction that has responded a few times to people’s questions around this area. These replies offer some clarity:
In summary, there is no encryption of data on Google’s servers, but Google are using the same systems to manage their private corporate data and they comply with international (including the UK) data privacy policies. Introducing encryption is technically feasible but would introduce many negative consequences to the features they provide (slower, no collaboration, etc.)
If you’ve got any other, officially confirmed, information on the security of Google docs, please do leave a comment. Thanks.