Our Google Government
Dec 24th, 2009 by sherri
Recently I saw an ad which read:
“Over 60% of the U.S. state governments have gone Google.”
Does this mean that we’ve now handed the majority of our state governments’ operational data to a single privately-controlled company which has well-publicized partnerships with other governments such as China?
To find out more, I contacted Google’s press department. A representative promptly got back to me with more information:
“The reference to Going Google refers to US state governments using one or more of Google’s enterprise products…With regard to data hosting, Google Apps is a cloud computing solution meaning Google hosts the data in our data centers, relieving the customer or gov agency of the burden of managing their own servers in house.”
In other words, according to Google, United States state governments have literally handed over our public data to be held and managed by a private company which has well-publicized partnerships with other governments such as China. The data is physically stored in Google’s buildings, on Google’s servers, managed by Google’s employees. This means Google now controls our government’s access to it’s own data.
Google declined to make their list of state government customers public, so instead I checked to see which states had active Google Apps login pages for their domains. There are 19 states that have active Google Apps login pages (plus Washington D.C.) These include:
|
Alaska Connecticut Washington, DC Illinois Iowa Kentucky |
Louisiana Maine Michigan Montana North Dakota Nebraska |
New Hampshire Ohio Oklahoma Minnesota Pennsylvania South Dakota |
Utah Wisconsin |
In September, Google announced its plans to create a major government data hosting operation for the United States. “Today, we’re excited to announce our intent to create a government cloud, which we expect to become operational in 2010. Offering the same services and features as our existing commercial cloud (such as Google Apps), this dedicated environment within existing Google facilities in the US will serve the unique needs of US federal, state, and local governments…”
Moving the data itself offsite is a BIG change, and one that comes at a BIG price. This effectively places state governments’ data outside the direct control of our government. If Google (or an ISP) were to decide for whatever reason– economic, political– to cut us off from our data, governments using their services would be, well, Scroogled.
To me, this is an unacceptable level of control for a single private company to have over federal, state or local government. When you reach a point where the government cannot operate without a private company, then the private company has effectively gained control of the government.
With Google physically housing and managing state government operational data, they literally gain control of our government’s operations. What’s more, Google also has access to data mine the information. Would this be legal? Hopefully not, depending on the contract that our governments have signed. Would it be technologically possible? Of course.
In another twist, state governments’ moves to outsource their data could also open their information to far greater access by intelligence agencies. It might be legal under homeland security rules for federal intelligence agencies to force Google to turn over information from state and local governments, perhaps without even notifying them. For issues where state laws are in direct conflict with federal laws, the implications for states’ rights are serious. For example, several states maintain lists of registered medical marijuana patients. Could a federal agency force or coerce Google to turn over lists of names without permission from the state?
Google is extremely good at managing its own public image (it undeniably has a leg up due to the fact that it controls news sources and search engine returns). However, it is still a for-profit corporation and ultimately works for the good of its owners, not the public. The fact that Google is working to host a large percentage of U.S. government data should set off alarm bells. How can the U.S. government effectively manage its own security and the interests of the people when large corporations have it by the balls?
The long-term, hard-to-quantify risks of moving the United States’ operational data to a private company are easy to ignore when you look at the short-term technological benefits and shiny flashy features. No one can deny that Google enables government entities to operate with a level of sophistication that would inconceivable if all operations were done in-house. Governments typically suffer the same problems as many midsize companies with underfunded IT departments and political complexities that make it difficult to centralize and streamline operations. It doesn’t really make sense for every state and local government to reinvent the wheel with respect to IT. With no “public option” for scalable, government-sponsored IT services, it’s understandable that state and local governments would outsource to the private sector.
That said, the practice of outsourcing government IT management is risky and deserves careful scrutiny and regulation. It’s funny that we’re chasing after “terrorists” in our airports, and at the same time our state governments have moved fundamental operations data over to a private company which is not controlled by the public and has strong ties to foreign governments.
Google is outside our system of checks and balances. They are quickly becoming absolutely necessary for our government to function, but their operations are not transparent and are outside the control of the American people.
Here are a few related press materials published by Google:
| Sherri Davidoff |
| PGP-signed text: 2009-12-24 (current) |
Yawn. Let’s all hate on Google because of their dominance. How safe is our data with IBM, NIC, Deloitte, BearingPoint (now bankrupt), or a slew of other vendors. Hating on Google right now is popular and will drive traffic to your site, but the fact of the matter is your data is not safe any way you slice it…
Sherri, just so I’m clear, you think part of Google’s positive PR is because it is consciously and deliberately manipulating coverage about itself in Google News and Google web search?
Frankly, as someone who’s watched the company since it began, the Google PR story has simply gotten worse over time. That’s to be expected for any company that has gotten so large and so powerful. But no, I haven’t seen signs they’re trying to manipulate their public image through search results.
@1: Joe – Are you saying that because Google is “dominant,” we shouldn’t bother pointing out that our government is becoming deeply dependent on them? I don’t quite follow the logic here.
With the rise of “cloud computing,” data is being outsourced at a much faster pace than ever before. Also, more day-to-day government operations are dependent upon IT than ever before.
I agree that we’ve seen similar problem crop up with IBM, Deloitte, Ma Bell, and many other companies, but I suspect the scale at which our government’s data and operations are being outsourced to a single company is (or soon will be) unprecedented.
3rd party firms have always played a primary role in government IT – so now they use Google instead of Microsoft?
Providing IT services is not, nor ever will be, a core competency of local, state, or federal government entities. It is a waste of taxpayer money for these entities to be trying to provide these services themselves. Email and these other services are commodity solutions.
IT is a general purpose technology. Economics dictates the services will be provided as a utility. Google is just one of dozens of private IT firms these entities are working with – no doubt most are interacting with our data. How are they handling payroll, their 401K administration, accounting, payment processing?
Google should be held accountable for their services as should the other providers. By partnering with Google, these entities are able to leverage state of the art IT solutions – they would never be able to duplicate the functionality or the price on their own. Google allows our government to do more and spend less – as a tax payer, I’m very OK with that.
@2: Danny – No, I’m just saying that Google is very proactive about publishing case studies, interviews, YouTube videos, and other materials which portray them in a positive light. They are also very responsive to press inquiries. They have a leg up when it comes to distributing these materials since, as a news/search site, they already have an enormous amount of traffic and obviously a lot of experience with disseminating information.
Personally I have no way of knowing whether or not Google deliberately manipulates search results to better reflect on themselves. There would definitely be a risk to their public image if that were well known.
@4: Pat– Typically companies such as IBM and Microsoft help governments better manage their own infrastructures. Even where the service is fully outsourced, the government normally still owns the equipment.
In this case, the government doesn’t even own the infrastructure. They are totally at the mercy of their infrastructure provider now to allow them to access their own data on a daily basis.
From the perspective of inherently governmental responsibility, this is sheer lunacy.
@Jonathan
IBM and Microsoft provide the hardware and software that governments have depended on and that’s fine. I think it would be “sheer lunacy” to say that we are at the mercy of Microsoft’s potentially rogue software as well as IBM’s potentially rogue hardware … After all the government does not have access to Microsoft’s source code or IBM’s hardware schematics, right?
Well I find your argument about having security by owning the infrastructure just as crazy. Furthermore, as a former employee who has worked in a few different government IT offices, I can attest to the fact that there are ample amount of incompetent IT personnel.
To be absolutely honest, they are even scarier than I thought. Is there anything in the TOS that stops them from using whatever data they collect through government sources to other ends (such as to target ads)?
“Hello, Mr. Anderson! It sure looks like you haven’t paid your taxes in full this year. Perhaps a LOW INTEREST LOAN would interest you? No? Then how about paying off those outstanding parking tickets with a FREQUENT FLYER-REWARD CREDIT CARD? We at Google are committed to finding you the best deal for whatever you need – as long as fits your account profile which we created for you, with the help of State of XYZ. Sorry, but you can’t “opt out” because your state government already handed us your all your data, unconditionally. So, how about them, the parking tickets?”
I can certainly see the risks here, but given the financial predicament most state and local governments have found themselves in, perhaps the benefits outweigh the risks. And there are other private companies capable of competing with Google in this arena – the names Oracle and IBM spring to my mind, and I’m sure there are others.
Frankly I’m *much* more concerned with the amount of control Google exerts over private-sector commerce than I am with the potential for abuse of the cloud hosting of government data and the applications that process those data. For example, take this line from Google’s recent blog post, “The Meaning of Open” http://googleblog.blogspot.com/2009/12/meaning-of-open.html
“On the web, the new form of commerce is the exchange of personal information for something of value.”
Given that many people now carry portable telephones that know exactly where they are and who is nearby, I don’t think this is an agreement that all of those people have signed, even implicitly. My suspicion is that many people are giving personal information and receiving nothing in return, not even a discount on luxury items. They most certainly aren’t, as far as I can tell, receiving any *basic* value – food, clothing, shelter or transportation – in exchange for their personal information.
Very thoughtful piece. This sounds like it would be a fertile area to make some Freedom-Of-Information-Act (FOI) requests to those state goverments.
That’s time-consuming, so it’s not going to be easy. But maybe support could be found somewhere.
Am I alone in having greater trust in the ability of a company like Google to store and secure that data than of the government? Governments lust after power, companies operate on greed… Google only wants my money (which they can’t force out of me), the government wants my soul, the souls of my unborn children *and* my money (and the IRS does a pretty good job of forcing that away from me).
A major factor in Google’s success is their relative innocence in the eyes of the public. If people didn’t trust the company, that’d be its downfall. Manipulating the search results or news feeds in their own favour would be a major betrayal of that trust and Google knows that they can’t afford that. They’d be destroying their biggest asset for short-term gain. They’re smart enough to know this.
“3rd party firms have always played a primary role in government IT – so now they use Google instead of Microsoft?”
I think there’s a potentially crucial difference here: when they use Microsoft software, and they make sure to control or block their outgoing network stream, then they are apparently not at risk from data sharing/ spying. With Google, the data is hosted within Google, not within the government anymore.
Look people, putting all your eggs in one basket is a mistake. Trusting all your data to one company’s data centers is a mistake. It’s a mistake that you can pay greatly for if something goes wrong with those data centers. Each state should have its data located in its state within buildings it owns, on infrastructure that it owns. I don’t really care if Google were a vendor, but centralizing everything creates a major point of failure… Even if the data is in multiple places within a single infrastructure it’s still a bad idea.
I trust Google more than incompetent government I.T. departments, which is what it boils down to. They are probably a lot cheaper and more efficient. While I’m not keen on one company holding all that data, it should be a lot easier to secure one point of access than a massive mess that are government websites.
Besides that, do you even know what they are storing in the cloud? It could be totally harmless info.
I love Google. I of course do not authorize anyone to keep records on me. I appreciate the quality search Google provides. That records about people and their personal information such as address, phone etc. is available to anyone is wrong. The truth is we the people must stop big brother from getting bigger. No one asked me if I supported Camera’s all over. I don’t. It starts small and grows (facism that greedy large corporations cause). Fake a 911 here as an excuse to steal money and power and expand forever the military and their advanced weaponry does not make me feel safer. (Because it could be used against us (the citizens) if it falls in the wrong hands.)
Maybe the real problem is that US government holds SO MUCH data about it’s own citizens …
@ #8, Peter said:
——————————————————-
To be absolutely honest, they are even scarier than I thought. Is there anything in the TOS that stops them from using whatever data they collect through government sources to other ends (such as to target ads)?
——————————————————-
Even if it’s not in their TOS, it would be illegal for them to do so.
Even if in their TOS there was the contrary, ie that they have the right to use those informations for any purpose they see fit, and even if a government was insane enough to sign this, it would still be illegal under current law.
The question is not whether or not they have the legal right to use these information (they categorimatelly don’t, under any circumstances), but whether or not they have the technical way to do so without being caught (to which the answer is that they potentially could).
Do you agree that 60% go to a company with good technology is better than 60% go to 100 of unknown company?
Which do you think easier to control sensitive data and do you think Google take the risk to ruin itself?
If state governments are using Google Apps, that means they’re using Gmail, Calendar, Docs, and Groups (or some combination thereof). So they’re essentially replacing Microsoft Office products with Google products.
So we shouldn’t assume that they’re storing “our public data” on Google’s servers, because we don’t know exactly how Google Apps are being used.
However, we as citizens have the full right to know exactly what IT infrastructure our governments use, and that should be fully disclosed by the states after we demand it from them (it’s not Google’s job to disclose that)…
Is Google becoming too big to fail?
What happens to all the government records, email, etc. if or when Google goes bankrupt? There have been very few, if any corporations that have survived “forever”.
The answer is a govt takeover of GOOG
If you look at the recent Twitter corporate data hack, all it took was one compromised Google Apps login to ferret out a huge amount of highly sensitive corporate data.
If even a technically savvy company like Twitter can be breached so easily, how long will it be until one or more government Google Apps accounts are hacked? All it takes is one fool with an easy to guess password.
I think what Luigi said bears repeating. These government agencies are using Google Apps, which means they are using services like GMail and Google Docs to manage communication through email (and we don’t know what communication but it’s more likely to be low-risk where sensitive data is not involved) and to manage document creation and distribution (again, we don’t know what these documents are). I don’t see why this is cause for immediately jumping to the paranoid conclusion that this means Google has “all of our public data”. For one thing “public data” is a meaningless phrase. I have no idea what you mean by that. Let’s just assume it means something like “tax records”, and in that case are you able to demonstrate that this is in fact the type of data being handed over? Can you demonstrate how this data is stored (if it’s even being stored in computers, considering how slow corporations much less government agencies are to change how they manipulate data) and if this method is at all compatible with a quick transfer off to Google’s servers?
Is there any information at all which describes what kind of data is being stored by Google besides what I provided above which can only leave us to conclude it’s simple stuff like email and documents and not sensitive “public data”? You can certainly try to argue that they’re sending sensitive emails or composing sensitive documents but I think it’s unlikely especially when there’s no evidence. I think it’s worth noting that even a place as remote and unassociated with technology as Alaska has policies in place that seek to prevent its paid employees from using private email for official purposes (you may remember the fiasco with Sarah Palin and how she used her private email for government work, something that did not go down well with those in her government). Despite many people’s views government agencies are not inherently stupid, they are capable of exhibiting discretion. Additionally, not everything a government agency creates in day-to-day operation is sensitive.
It’s worth looking into, and then making conclusions, not the other way around.
In my list of things to worry about, handing over control of our elections to companies like Diebold (or whatever they’re calling themselves now) is a lot higher than worrying about outsourcing email to Google. And I’m not really worried about Google mining the data. But if state governments aren’t encrypting sensitive data before it leaves their control, or if the data on Google’s servers *is* the public record rather than simply a backup or a convenient copy, then we ought to be asking whether the security risks are worth the exposure.
Better that anything be controlled by Google than by some hosting company chosen by a politician (or a maniacal president like George Bush) because of some favor owed…
I agree with the people on here that say lets hate on google when we dont other companies who do the same. But its still a scary thought to think about one company having so much power. I agree with jan about having the freedom to be able to use google as a service for this, but what next?
[...] Our Google Government [...]
Federal Reserve Bank is a Private Organization too.
Sherri, from a UK perspective I trust Google above Gordon Brown and his imbeciles…
Why is Google better than Gordon Brown’s government:
Google have more PHDs on one floor than there are in the whole of Gordon Brown’s government.
Google is staffed by professionals, Gordon Brown favours amateurs.
Google has a history of success, Gordon Brown doesn’t.
Google is fiscally astute, Gordon Brown isn’t.
I think many of you are missing the point of this article. You do that by thinking this is a technical issue. This is not at technocal issue allthough Google apps are a great product/service.
Like pointed out above. Putting all your eggs in one basket is high-risk and downright stupid. No matter how technically sound it may seem. This is especially true for business critical data like government information.
The risk of loosing control of this critical data can easily outweigh the technical/cost benefits. Decisions like these should be analyzed by all stakeholders before moving the critical mass over to commercial and centralized data center of any kind.
1) Do you lose sleep over the fact that the US government has thousands of well-publicized bilateral treaties with China, and can hand over your data to them?
How would Google being forced to part away state government data to federal government any different from any non-Google company?
2) Do you lose sleep over the fact that smaller firms with insufficient resources to manage security leaves your data far more vulnerable to hackers?
3) Do you have any reasons to believe that NSA or DHS or any other division related to national security have “Gone Google” with “Most Confidential Data”?
4) Give example of one such State Government Data which will be of any use to China?
5) Have you ever heard of the words “Government Contractor”? Do you have any reasons to believe that Google is the first for-profit company that government has handed over public data?
6) Do you really believe that there are no safeguards to prevent accidental (or even deliberate) data mining of such data by Google?
7) “When you reach a point where the government cannot operate without a private company, then the private company has effectively gained control of the government.” Please elaborate on the origin of word “cannot”? Do you really believe that the argument holds by rules of logical deduction?
PS: Please avoid underlining words that are not hyperlinks.
Google uis heavily involved with the Government, and is
repoorted to be, for lack of a better word, spying on us
for the CDC. moinitoring who makes “flu” searches. The
camel’s nose is under the tent-flap.
Google is able to compile a profile on almost anyone, based
on the intgerests evidenced by their net searches. As well,
they have just gained control of You Tube, which demands
that someone who wants to sign in open a Google account.
What is Google’s re;lstionship to the government, and what
does this do to the rapidly-eroding sovereignty we have over our person?
Yes, this sovereignty is almost gone. This is a fact. But just
because something is a fact does not make it right.
Being able to casually compile dossiers on distant people is fun for those who do it. Byt it is ultimately unhealthy.
Back when this country worked, one of tbhe things that made it great was that integrity was demanded of us as a cultural
norm. We didn;t live all the way up to it all the time, but all
in all we did poretty well with it. And it made us the strongest
nation in the world. Part and poarcel of that integrity was the
use of a phrase that is scarcely heard, these days, but was
oncve part of our every-day vocabulary. No, it was not, “What’s the matter, do you have somethinbg to hide?”
It was, “None of your business.”
We need to get back to that.