My editorial in the current (November 2007) issue highlights some of the significant advantages that Google Apps delivers to corporate users. (The article is here.)

It prompted a letter from reader Jim Charters of Toronto, and before I go any further I want to thank Jim for writing and to encourage all of our readers to do so. I very much appreciate it when readers take the time to send in comments.

Jim's comments are accurate and this blog gives me a chance to share the points he made and expand on them a little.

Jim's letter
I'm surprised that you did not, in your current issue's editorial, point out two of the most serious reasons not to use Google Apps.

Google, being a United States corporation, is subject to United States law. The fact that the user may be in a different jurisdiction, and a citizen of another country, does not exempt her data from being scrutinized by security agencies in the United States under legislation such as the Patriot Act.

Secondly, in a corporate or research environment, it is likely that files a user stores on Google servers may contain sensitive or confidential information. By placing such information on a server operated by a corporation over whose security policies and practices you have no control, you may imperil yourself or your business or research partners.
------

To Jim's first point, I'll just say that our columns are about 650 words max, so I can't cover off all aspects of a topic.

As for both the Patriot Act and security/confidentiality, I did raise both issues with Dave Girouard, Google vice-president and general manager, enterprise, who was quoted in the editorial.

On the Patriot Act: "There is no easy answer to that. We may move to a model in which we can promise data is not located in the U.S. but that’s difficult because we and everyone else works on a distributed data model. I think also though that Google has shown itself to be willing to fight the U.S. government. We had a well-publicized spat with the Department of Justice and we were successful in preventing access to customer information."

And on the question of where data is stored and how that may compromise both security and confidentiality: "Every company in the world stores data with third parties. Many companies use hosted servers but everyone has accountants and auditors and lawyers and they have back-up data facilities, so businesses are already making choices about who they trust with their data. Our goal is to get Google on that list."

The second comment is, I think, fair. Companies and universities often contract with a third-party data management and backup company and I don't see any reason to assume Google is less secure or reliable than Iron Mountain or AT&T. In fact, with all the dollars Google has lying around one would expect their facilities to be quite good.

The issue of the Patriot Act is much tougher. As a Canadian, I object strongly to the idea that a government can simply grant itself access to my data. I would object just as strongly as an American citizen.

Girouard's response is as reasonable as possible and, while he didn't say so, one certainly got the sense his company disapproves of the Patriot Act.
But however galling the situation, it has to be acknowledged that any American provider, such as Iron Mountain or AT&T, is subject to the same statutes as Google.

There are a number of reasons Google Apps is not for everyone, including the lack of macros in Document, fewer formulae in Spreadsheets and the inability to export a .ppt in Presentation. To this list should be added the uncertainty of where data is located and who can access it, for those for whom this is a real concern.

But for most people, Google Apps may be all they need.

Thanks again to Jim Charters.

Peter Wolchak