Survv with Google App Engine

by Anil Makhijani on June 1, 2008

A few weeks ago I went to the Google App Engine Hack-a-thon in New York City.  For those who don’t have the low down, Google App Engine is a framework set up by Google that allows people to host their web applications for free.  Google App Engine excited me for a number of reasons.  One, I don’t like nor am I good at system administration.  Two, I cannot afford monthly web-hosting fees.  Three, other organizations who may be interested in Survv might not be able to afford web-hosting fees.  Fourth, Google App Engine is scalable.  Whether we have one hundred or one million users, Google will host our application for free.  Finally, a Google App Engine application is easy to deploy.  If a legal clinic in Nebraska wanted to use Survv to manage their lawyers and clients, they would be able to set up the website with just a few mouse clicks.

Ian Bicking, one of my co-workers at The Open Planning Project, gave a presentation at work yesterday citing some of the same benefits if one were to use Google App Engine.  However, another co-worker, David Turner, expressed some of the privacy concerns with using something like Google to host a web application.  What would happen if the government issued a subpoena to Google asking for all clients on Survv?  What type of privacy guarantees could be offered to people who use Survv?  In recent years companies such as AT&T and Yahoo have been quick to give the government information about their customers.  Would Google do the same?

I will have come back to this at a later date and look more closely at Google’s history with the government and privacy before I can make any final conclusions.

1 Comment »

  1. They’ve stated very clearly that they take no ownership over your data, so presumably they treat it accordingly. Which still implies that given a subpoena they would give access to the data, just like a bank would to something in a safe deposit box. I don’t know if they’d keep you in the loop enough to fight the subpoena on your own, as it would seem reasonable that you should have that opportunity, but in practice it’s only effective if Google makes sure you have that opportunity. Presumably they have some policy about this sort of thing, and could tell you that policy if asked and given specific scenarios that you are concerned with. For something explicitly legal like a pro bono site, the result might be workable as you have access to the lawyers to setup whatever protocols you require.

    Of course, this only relates to civilized legal attacks. Things like national security letters are another approach, and one which Google would be obligated to obey without any opportunity for you to do anything. has fought these, but they seem quite alone (though none of us have any way to know). Notably no (US-based) managed service is likely to be any better than Google, which is the norm for most hosting situations anyway. If you own the computer and can regulate physical access to the server, that helps. If you host the server and data outside of the country it also helps a great deal, as it’s just really *hard* to manage the process of dealing with laws in other countries. Though it should be noted that Rackspace has turned over computers it hosts in the UK based on orders received in the US. So… there’s several things to think of, and though it could be more explicit Google doesn’t seem any worse than any other managed service. And it’s just not practical for many people to manage their own services. Except perhaps for foreign hosting, which is quite easy to do.

    Comment by Ian Bicking — June 2, 2008 @ 2:42 am

RSS feed for comments on this post. TrackBack URL

Leave a comment