Google's reputation for maintaining user privacy took a hit last week when some Google Docs users found their online documents exposed to viewing by others.
"We've identified and fixed a bug which may have caused you to share some of your documents without your knowledge," the Google Docs team told users on Friday. "This inadvertent sharing was limited to people with whom you, or a collaborator with sharing rights, had previously shared a document."
Few Users Affected
Google said the problem occurred in cases where the document owner -- or a collaborator with sharing rights -- selected multiple documents and presentations from the documents list and changed the sharing permissions. The incident affected only a small percentage of users, who potentially had their documents and presentations exposed but not their spreadsheets, Google said.
"We believe the issue affected less than 0.05 percent of all documents, but in the interest of transparency we wanted to share the details more broadly," said Google Docs Product Manager Jennifer Mazzon in a blog. "The issue affected so few users because it only could have occurred for a very small percentage of documents, and for those documents only when a specific sequence of user actions took place."
Still, it was embarrassing for Google to admit that even some of its own employees had documents exposed. "We understand our users' concerns -- in fact, we were affected by this bug ourselves -- and we're treating this very seriously," Mazzon said.
As part of the fix, Google used an automated process to remove collaborators and viewers from documents it identified as being affected, then e-mailed the owners in case they needed to re-share them. "We have extensive safeguards in place to protect all documents, and are confident this was an isolated incident," Google said in an e-mail.
Since Google Docs is a general purpose, lightweight collaboration offering, no companies are likely to have used it to put highly sensitive information online, said Jim Murphy, a research director at Forrester Research. But the Google Docs bug did have an impact on some users due to "the inconvenience of having to strip the security rights off the docs and then reapply them," Murphy said.
The glitch underlined one of the potential dangers inherent in cloud-computing platforms where users store documents on remote servers instead of their own computers. "No question about it, there's a risk," Murphy said.
On the other hand, Murphy observed, there are potential risks inherent in whatever method companies may use to enable employees to collaborate with others. "In the past, they may have used an e-mail to do this, and there's no security there," Murphy said.
What's more, Murphy noted that companies are always taking risks whenever they permit sensitive materials to be stored on any employee's computer, which may be subject to loss or theft. If someone loses a laptop, Murphy noted, no one necessarily knows about the incident unless it involves a defense contractor or the CIA and the news gets published.
"However, once you are in a collaboration environment, then everyone knows and the risk gets more exposure," Murphy said. "And if you are Google, then the loss gets hyped in the news."