One recent Thursday morning, I logged into my email and made an alarming discovery. Instead of opening my inbox, Google directed me to a notice:
Account has been disabled . . . . In most cases, accounts are disabled if we believe you have violated either the Google Terms of Service, product-specific Terms of Service . . . . or product-specific policies . . . . it might be possible to regain access to your account.
It was like I’d gotten dumped, via text message, by someone en route to Cabo. The vagaries left me reeling. I read the terms and policies, but they offered few clues. There were no numbers to call, no tickets to request help. I had a real problem with how things ended, so I filled out a form and sent it into the ether. What exactly had I done wrong? Had I missed the warning signs? Did Google want me or not?
At last count, Google manages a whopping 343 million active Google+ accounts (though the number of actual people using its services is probably fewer) and operates in 130 languages. Google strategically avoids the crush of users by offering little in the way of direct customer service. My calls to Mountain View HQ landed me in a labyrinth of recorded messages that inevitably led to one of a man, sounding only slightly less exasperated than I felt, shutting me down with a “Thankyougoodbye.”
A few minutes into my Google-less existence, I realized how dependent I had become. I couldn’t finish my work or my taxes, because my notes and expenses were stored in Google Drive, and I didn’t know what else I should work on because my Google calendar had disappeared. I couldn’t publicly gripe about what I was going through, because my Blogger no longer existed. My Picasa albums were gone. I’d lost my contacts and calling plan through Google Voice; otherwise I would have called friends to cry.
I turned to Facebook to ask friends who work at Google for help. Living in the Bay Area, I have a fair number of Googler-friends, but the Googleplex has apparently grown so vast that none of them had any idea where to start. One guessed the policy department, another accounts. All assured me that this sort of thing rarely happened.
I had assumed it never happened at all. Sure, it had occurred to me when I had moved my work and memories into the “cloud” that I was relying on other people to keep them safe on their servers. But I figured a company with $50 billion in revenues and the modest aim to “organize the world’s information” had to run a tight ship. Anyway, it seemed implicit that in allowing Google to use my data, I could rely on Google to hold on to it—and to give it back.
In reality, I discovered, Google assumes no responsibility over user data nor is it required by law to do so. In the same notice informing me that it had disabled my account, Google told me for the first time that it reserves the right to “terminate your account at any time, for any reason, with or without notice.” In its Terms of Service, Google limits its total liability for stolen data, lost data, anything, “TO THE AMOUNT YOU PAID US TO USE THE SERVICES” (yes, in all caps), which could mean as much as the $2.49 per month you shelled out for 25GB more storage or in my case, nothing.
Google not only reserves the right to take away or vaporize our data for any reason, but it also reserves the right to discontinue services, the means to access it, whenever it wants. It does this more often than you probably realize and most recently with Google Reader, which disappears on July 1.
I was getting a crash course on the harsh realities of the Internet and early cloud computing, an era in which we are all just users and nothing more. No matter how much we actively contribute to improving companies’ products or the network of data that makes the Internet possible at all, users are easily discarded. Google’s priorities are squarely fixed on preventing data from falling into the wrong hands—not ensuring it is always available to the right ones.
I wondered whether users could find some reassurance in the law. Banking and investing came to mind first since both are in the middle of regulatory revolutions. At first, the analogy seemed apt. In the same way that we deposit funds into banks or with our brokers, we deposit data into Google’s servers and allow Google to utilize our data while expecting steady access to our accounts. But just as I discovered Google holds its interests above mine, under the law banks can also shut us out, owing depositors no fiduciary duty under the law in most states. The FDIC, not the law, is the safety net when banks fail their customers.
Technology policy expert Susan Crawford offers an alternative justification for regulation in her new book, Captive Audience: The Telecom Industry and Monopoly in the New Gilded Age, based on the premise that access to the Internet is now as essential as access to water, electricity, and the once mighty telephone, and therefore should be similarly regulated as a public utility to ensure it stays within everyone’s reach.
While critics argue that the public utility model is an ill fit for the Internet, I found one of its consequences particularly comforting. Public utilities have a “duty to serve” under common and statutory laws, meaning that ISPs would have to provide and maintain adequate and efficient services for the general good. Just as water companies can’t leave us dry without notice or very good cause, neither could an ISP.
Google so far does not control the Internet lines, not outside of Kansas City anyway, but even in the old world order, there have been times when the means to connect have mattered as much as what we connect to. Back in 1949, when an already regulated AT&T controlled most of the local and long-distance lines and the mode of access (customers had to pay extra to use phones not made by AT&T), the government sought to break it up even further. Modes of communication, whether wired or wireless, are essential services and Google knows this. Its Android OS already powers 70 percent of smartphones worldwide.
Even if Google may not entirely control how we access the Internet (not in a way that permits the FTC to regulate or that has convinced many states to regulate ISPs as public utilities yet anyway), this may be more of a failing of the law to adapt to the changing world than evidence that this new world order is working for us as mere users.
For now, all we have to balance out Google’s unfettered ability to lose or lock down the data we store on its servers is Google’s commercial sense, its recognition that providing dependable service is the only way it will keep us. I’m not sure that’s good enough for me, the 5 million businesses, or the 45 states that rely on Google, especially since the more users Google has, the less it needs us individually.
In case you’re wondering, in the end, I was fortunate. By Monday, a Googler filed the right internal escalation paperwork on my behalf and on Tuesday morning, six days after I lost access to my account, relayed that it had been restored.
My data was intact save for the last thing I’d worked on–a spreadsheet containing a client’s account numbers and passwords. It seems that Google’s engineers determined this single document violated policy and locked down my entire account. My request to get that document back is still pending.
I returned to the Google fold with eyes wide open to my responsibilities as a user. In relationship terms, I am no longer monogamous. I store my data on other servers maintained by providers like Evernote, Dropbox, and WordPress, and the cloud is my standby, not my steady. I’ve swapped convenience for control: I back up my email and what I care about most on physical hard drives.
I’m also back in touch with my first love—spiral notebooks. Unlike Google, they will never come close to containing the world’s information, so no one but me will ever want to access them. And to encrypt my data, I just rely on my handwriting.
***
Tienlon Ho writes about food, travel and the environment in San Francisco. Follow her @TienlonHo.
Image credits: Alvaro Villanueva (who created this in sympathy during my Google-less week and also because he is a Kafka fan).
“My data was intact save for the last thing I’d worked on–a spreadsheet containing a client’s account numbers and passwords. It seems that Google’s engineers determined this single document violated policy and locked down my entire account. My request to get that document back is still pending.”
This is why. People are/were using google drive to store credit card numbers stolen, and passing them along to purchasers. In combination with the account number, this rule keeps them from being sued for “hosting piracy/phishing/etc”.
Next time, read your ToS before you use it for business. Any business owner knows to have their own system, and not rely on a “free” system to be able to run said business.
Google just keeps getting scarier and scarier. I avoid Google as much as possible.
Google earth and (when all other search engines don’t satisfy) Google search are the only Google items I use.
Agree with Jordan K on the reason why your account got disabled — this has been documented and reported on before.
And if this experience got you to adopt good Internet and Data backup habits, it sounds like you owe Google a little more than $0 / month for that life lesson.
Jordan K – you are wrong – plane and simple. Google are protected under Communications Decency Act in the US and eCommerce Directive in Europe and are classed as “Mere Conduit” service providers.
In fact by scanning the data they make themselves MORE liable than if they just do nothing, because it can then be argued that they are aware of the illegal data.
So [edited for civility]
Do a search on locking down phishing combined with google docs [edited for civility]. He is doing BUSINESS, not CONSUMER level base issues. Any files that are either copyrighted, or are personal information NOT of your own, is against ToS for Google. I implore you to read GOOGLE’S ToS, and not some law that has no basis on Commercial law. If this was the case, why was Kim DotCom’s web cloud hosting service shut down, and he was prosecuted, etc? For copyrighted materials, and the fact that the court did NOT feel he was doing enough “scans” to be able to filter out the bad. Which means, Google has to play nice and DO THE SAME THING, lest they be shut down in it’s entirety as well.
Alexander Hanff, He said client, he did not say his own personal information. And to kick start even more fun stuff, read this about their privacy laws on Google Drive (their cloud service):
“Your Content in our Services
Some of our Services allow you to submit content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.
When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide licence to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights that you grant in this licence are for the limited purpose of operating, promoting and improving our Services, and to develop new ones. This licence continues even if you stop using our Services (for example, for a business listing that you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure that you have the necessary rights to grant us this licence for any content you submit to our Services. ”
So, as a business owner in ANY WAY SHAPE OR FORM, why would you IN ANY CASE, keep sensitive client information on their cloud? They can PUBLICALLY publish those works.
Please, [edited for civility]
‘….all we have to balance out Google’s unfettered ability to lose or lock down the data we store on its servers is Google’s commercial sense..’
Do you tell your customers that you store their account numbers & passwords in Google Drive? Do you store their account numbers & passwords in cleartext?
‘….My data was intact save for the last thing I’d worked on–a spreadsheet containing a client’s account numbers and passwords..’
Excellent post, so glad you got your data restored.
There must be something in the air as only this week I started discovering ownCloud.org to cloud your own files on your own servers. Control vs Convenience? Control wins every time and neither Google nor DropBox are 100% relied upon in this household. I value the physical ownership of my data too much.
Jordan K:
1. Kim DotCom’s servers were seized because the entertainment industry persuaded the FBI and ICE that Kim DotCom was knowingly facilitating and promoting copyright infringement – note the use of the word “knowingly” in fact they claim to have internal emails from Kim DotCom’s company illustrating that he knew and intended his service to be used for unlawful copyright infringement.
2. I am a privacy guy, I speak about privacy laws all over the world at conferences, government consultations and academic institutions. I know the law very well. I wrote a thesis on the Communications Decency Act in 1997 (the year after it was signed into law by Bill Clinton) I have not only read it, I have analysed it over and over again from an academic perspective and strong understanding of law.
3. There is no way Google could have determined that the information was about a “client” simply from account numbers and passwords – and even if they could they would have to read the file in the first instance to be able to make that determination. Many lawyers would argue that this was a breach of Wiretap/Intercept Law such as the Cable Act, Stored Communications Act and Communications Act (in the US) in the EU it would be seen as a breach of Data Protection Directive and Privacy and Electronic Communications Regulation (both enacted into all member state’s law via various legal instruments).
So in summary – [edited for civility]
There is zero evidence to date throughout this blog post to suggest that data was in any way, shape or form, in breach of Google T&Cs in fact the owner of the blog states explicitly that he does not believe the file was in breach of any contractual obligations whatsoever.
So in closing, [editor for civility]
I use gmvault to back up my GMail account – it’s a simple program that automates connecting over IMAP and pulling down all my e-mails. That’s the most valuable thing that I’ve got stored in Google.
Great post and a good reminder to people that if one is going to store things online to do it in several different places.
I would never store anything sensitive online ANYWHERE. I’d use other drives for backup of things that could pose any kind of risk.
I do use Google a lot of course but save things elsewhere as well.
Loved the last line “And to encrypt my data, I just rely on my handwriting.”
Trouble is mine would be so well encrypted that even I wouldn’t be able to read it!
great piece! a reminder of how dependent we have become on companies with little, if any, obligation to us
This is terrifying. Not only are all of my accounts, calendar, files, etc on Google services – that’s how I setup all of my customers.
I have to be honest, I’ve never gone over the Google Terms of Service, but this is appalling. What exactly about the file violated their terms? Because you were storing customers passwords?
I am currently in the middle of rethinking everything about our business model, including the thousands of accounts (between my and my customers) who use Google Apps for Business. Maybe it’s time to setup my own Exchange server or possibly review what Microsoft puts in their contract with hosted Exchange.
Thanks for writing this.
Someone remember years ago, when google`s slogan was “don`t be evil” ???… Some was change….
@Tienlon….@Alexander Hanff just made you rich. You sue google..!
What motives did google invoke to terminate your account?
Considering your media contacts, you should try and spread this like a wildfire. Google wants people to trust them with their information, and such breeches could be devastating for their business model.
The person who authorized this action would likely be terminated from the company, likely an internal review with how they deal with personal information and accounts, and a PR campaign to rebuild trust with users would come of this.
Do you not have the Google Drive for PC installed on your machine? If all of your files are 100% on the cloud, it’s a deserved demise. That’s the purpose of the sync app feature. It works just as if you lost your internet connection. The docs, etc. are still intact on your machine.
I don’t see how anyone could not have it on their machine in addition to any cloud drive.
I can’t believe people are in such a state of disbelief that Google monitors the data users place in the “safekeeping” of Google’s cloud. The company is all about advertising; their services are a means to an end, nothing more, nothing less.
Thank you for posting this!! I have shied away from ‘free’ services, ‘cloud’ storage, etc. I have felt a bit old fashioned, but at the same time, even though many of my friends think I’m silly for paying $$ per month for my own domain name, through a conventional ISP (more than one, at least), I feel a lot safer and in control of managing my ‘digital assets.’ My appointment book is leather bound with a paper insert I order every year from a place that prints them in Maine. I keep the pencil sharpened. True, my addresses are on my iPhone and on my MacBook Pro, but iCloud? No thanks!
Why were ‘the engineers’ looking at the document in the first place to suspect that it broke any policy? Do they check all documents? Or have an algorithm that scans documents and captures suspect documents for additional investigation? Either way why are they looking?
Re #44: “So despite all this you have failed to ask one critical question. How on earth did Google know what was in your spreadsheet in order to determine it violated their T&Cs?
“Sounds to me like they are reading the documents you store on their system, which is both a significant security and privacy issue which in itself should be enough to persuade anyone NOT to use any of their services.”
Certainly possible, but I think a heuristic trigger is more likely, just like the automated DMCA takedown requests submitted to YouTube and scores of Usenet and torrent sites. The sheer volume of data Google engineers would have to snoop through manually would make deep diving into individual accounts untenable.
This is an excellent story and touches exactly the point raised by Wozniak the co-founder of apple that we have an over-dependency on the cloud which is about to backfire.
I faced a similar problem when I entrusted my email hosting to a respectable US co for only to find out that one day they decided to shut down the account for allegedly spam generation. They had a ticketing support service and I found myself sending emails to california from Europe to fix the problem with no response in the horizon. In the meantime I was bleeding clients given that they could not longer reach me in a email communication ubiquitous world. This host did not even offer a telephone number to call or fax number to use and had spent the following few days trying to explain my case whilst staying up all night due to the time difference. After days of agony and a ticketing system which gave no feedback as to whether it was monitored at all, I regained access to my account, having suffered major losses in lost earnings. After this dreaded nightmare I ended up calling a friend who installed a local linux mail server which cost almost nothing using open source applications, and now eight years on have had almost zero downtime and no horror stories to tell or sleepless nights!
Seriously though, one cannot trust one single provider for anything and you need to establish simple solutions to hedge your risks. I personally wouldnt use the cloud to place any sensitive information and would only have local HDDs stored in two different places, in case a local mail server is impossible to establish. This would basically offer better security than anything on the cloud and redundancy too.
Wow – Nightmare! I used to backup my email but this article made me realize I got lazy with it and must’ve stopped at least a year ago. So pleased you got it sorted in the end. I think I may have some system of forwarding all my gmail to another gmail account but I haven’t checked it in so long, and both being Google accounts doesn’t seem the best solution.
When i first put up my blog (www.jiggygaton.info) my entire google ecosystem was taken down with the same message that you got (the indecipherable one that offers no explanation why). After a week, and after filling out the online form, my account was restored, with no explanation why. My guess is that google thought that I was re-posting writings of others, when the postings were my own. But that’s just a guess. None of the above has stopped me from digging myself even deeper into the google world: drive, g+, etc. The alternatives (paper, other sites, etc.) just does not seem to be a leading edge option. In Nepal, we say Ke Garne (what to do?) with a look of exasperation.
Now this is scary .. so if you dont have a friend in google, you are doomed. Is that what i can infer ? Big realization, i rely on gmail for a lot of my information .. thanks to this article, i am rethinking.
This is an utter shocker. If I lost all my Googled stuff, it would only be a very slight exaggeration to say that my life would be ruined. My professional life certainly would be. I need to get back to my old ‘what if the hard drive fails’ mentality, and make sure I have hard-copies and off-line backups of all the important stuff. Thanks! (I wonder how this would have ended if you didn’t have friends on Google staff…?)
Tienlon, a word to the wise: if you need to store passwords relating to customer accounts, I strongly recommend that you use a password safe program such as KeePass (http://keepass.info). You can still store the password database on Google Drive if you want to (as well as on your local drive, so you always have a backup), since it encrypts the database. That way, Google has no way of examining, let alone taking offence to, your information.
It is not just Google that can make for a bad day. My server was inundated by ‘abuse reports’ that they decided to pull my account and disallow any access to it at all. Years of work were on that server , years. Refused to allow me access , never did get access back. If you think your work is safe on the net , don’t be a fool. Always back your work up somewhere. I got lucky because one of my detractors had downloaded all my work and had placed it on the web somewhere else , to make fun of it. Luckily , I was able to capture my work and save it from his site.
Is there something in the policy that says that any work you produce on their application is legally theirs? Hahaha. I’m a cynic and I really think that companies like Google need to make the important issues like these, more transparent to the user.
I really like that people start thinking about it.
Google banned my blog on Christmas Day in 2011! Second time it happened. They do not like anyone not following the party line. I bought my own domain and never worry about what I write or post!
I’m glad you managed to get all your data back. It is a warning to everyone to make sure they have back up copies of all of their data outside of the cloud.
I too faced G+ access problem with my Google+ profile last week, They was doubt about my profile name, they think I’m using & promoting my brand as profile name. They given me two option’s either change name or deactivate Google plus profile. I submitted 3 appeals to them that the name I have using is my Real name, for the proof I shared my other social networks links to them. After submitting 3 appeals to them finally they agree that they did a mistake.
Here is the link,
https://plus.google.com/u/0/103706198497837729341/posts/GUbV1v2Yr5i
Thanks for sharing. This’s indeed scary.
What a bummer! But why would you even trust your files to an outside company who holds the keys?
Why not just buy a couple of terabyte drives (one for extra back-up) and keep your files private and in-house?
Seems like a no brainer.
Glad you were able to restore your files though…
Hi
Name is aidil. I got dumped by Google too.. It has been around 2 weeks and few days since google blocked my account. I have sent around 10+ feedback to their support and still haven’t been able to get any response.. this is so saddening…
i can’t believe google did this to me… i have assigments, pictures and everything stored in google. I want them to return before i migrate to other storage…
How long must i wait more…