In a letter to Google, a group of 37 leading academics highlight the dangers linked to the growing use of so-called 'cloud computing' applications, which Google has championed via its Gmail service.
In recent years, Google has broadened Gmail to include calendars, documents, photos and other software, which are stored on external servers rather than personal computers.
But the academics warn of emerging security threats linked to cloud computing. "Anyone who uses these services from a public connection - such as open wireless networks in coffee shops, libraries, and schools - faces a very real risk of data theft and snooping, even by unsophisticated attackers," warns the letter, saying "tools to steal information are widely available on the Internet".
The letter was signed by academics in the fields of computer science, information security and privacy law from top EU and US universities, including Oxford, Cambridge, Harvard and the Massachusetts Institute of Technology (MIT).
"Similar initiatives are in sight against Microsoft, Yahoo! and the main social networking websites such as Facebook or MySpace," Christopher Soghoian, a research fellow in cyber security and law at Harvard University, told EurActiv.
Switch to HTTPS
Security breaches could easily be avoided if the applications adopted HTTPS, the secure Internet protocol that is already widely used by financial institutions to protect their transactions, for example in e-banking. The protocol encrypts the data transmitted, thus complicating their exploitation by hackers.
However, most email services such as Gmail, Hotmail and Yahoo! mail use the unsecured protocol HTTP by default in order to speed up their service and improve users' experience.
While Google does allow users to switch to the secure protocol, this involves a complex procedure and the company does not explain the dangers of using unprotected file transfers.
Academics acknowledge that Google does better than Yahoo!, which supports the most widely-used email service in the world - and Hotmail, Microsoft's e-mail service, as neither of them offer users the possiblilty to switch to HTTPS.
The risks involved include privacy breaches and loss of relevant financial data, which can be resold by electronic thieves on a thriving black market for online personal data (EurActiv 16/04/09).
But the academics believe attacks are still focused on Google because its services poses greater a threat via its growing cloud computing applications. Their joint letter followed a complaint filed in March by EPIC, a US privacy protection organisation, on the security and privacy risks associated with Google's cloud computing services.
Indeed, Google's document and calendar services are poorly protected, despite being more likely to contain sensitive data. Moreover, if a hacker manages to break into these applications, he will also be able to access Gmail, even if it is protected, the academics argue.
The researchers are therefore asking Google and its competitors to use the protected protocols by default, allowing users to switch them off if they want to.
Online privacy ranks among the main concerns of EU Information Society Commissioner Viviane Reding, who is heading for a second five-year mandate in charge of the information society portfolio. The topic is likely to feature high on the agenda of today's meeting with Larry Page.
