Employer Surveillance: Google Vault Privacy, Data, and Security - Your Words Saved for 100 Years! - Jammer Wiki

cart Shopcart:$0.00


Employer Surveillance: Google Vault Privacy, Data, and Security – Your Words Saved for 100 Years!


2023-08-06 By: W, Lynn
Employer Surveillance: Google Vault Privacy, Data, and Security – Your Words Saved for 100 Years!

Your Digital Privacy at work may be compromised!

Google Vault is a significant aspect that sheds light on how our digital interactions, including emails sent through platforms like Gmail, Facebook, or LinkedIn, are stored and retained. It is an essential digital privacy concern that more individuals should be aware of.

If your company uses Gmail as its email provider, they have the option to utilize Google Vault for all elements within the Google Workspace.

While it may be challenging to determine whether your company has implemented Google Vault, it is crucial to inquire about email privacy if it holds importance to you. Taking steps to find out more provides reassurance and a better understanding of the privacy measures in place for your email communication.

Here’s why: With Google Vault  . . . Everything you type into Gmail–even Drafts can be saved.  When I say “Drafts,” I’m not just referring to the ones you saved to your Drafts Folder.   Every iteration becomes a “draft” or variant of that email and is saved to the Google Vault. To be clear, it’s not just the email you click “send” on.  It’s everything you type to get the click.  Typos, rethinks, anger, errors, backspaces, deleted words.  All of it.  Every. Single. Keystroke.

  • Every Word In Google Chat
  • Everything in Google Drive
  • Everything in Google Meet
  • Everything in the Workspace

Who Can See This?

Every Google Vault has at least one Administrator, and it can be a number of people:  Your boss, the IT guy or another peer in the company. Essentially, the Administrator has access and can search the Vault. Since everything can be searched, everything is discoverable in a court of law. Furthermore, your privacy is on the line and so is your job. I urge you to protect yourself.   We showed our TechWellness employees how to do it, too!  The Fix is at the end of this article.

Signal Blocking Block GPS So You’re Not Tracked

Digital Privacy: My Google Vault Story

Like millions of businesses, we use Gmail. It’s best in class, with great encryption and spam filtering and search. When it comes to technology and privacy, Google has advanced and secure Cloud infrastructure. Our IT guy a few months ago suggested we upgrade to Google Vault so that we could archive old emails indefinitely – as a business owner, I value the ability to save company data and communications. Lots of archiving systems can do that… but Google Vault doesn’t just save emails, chats, Hangouts,  files (PDF, DOCX, and JPG, Microsoft Word, Excel, Powerpoint) Google Earth and connected Gmail products. Recently, I accidentally discovered that with Gmail and the Google Vault turned on. Virtually, everything an employee had typed, every iteration was saved–sometimes as many as 50 versions of one email!

A Peek Inside Your Not-So-Private Email

Let me show you a stunning screenshot of what I see when I search topic or name in Google Vault:

What Do Employees Think When The Boss or IT guy can read E V E R Y T H I N G?

Being a bit of a digital privacy fanatic, I was compelled to demonstrate the inner workings of the Google Vault to my employees so we created a video demo. We watched as  keystrokes were typed while on or connected to the Gmail server were “vaulted.” It was very unsettling to see that even when a “draft” was deleted from an employee’s draft folder, every word, mistake etc. stayed in the Google Vault.  Each iteration became a time-stamped “draft.” Working very much like a keystroke logger. Google puts it this way: “Messages are available in the vault as soon as they are received by Gmail.” If you’re getting a bit nervous here, I’ve included some helpful work-a-rounds at the end of this article, but stay with me for a moment.

Vault Can Save Everything In Google Workspace!

Google Vault is part of what used to be called Google Apps,  Google’s powerful business tools and includes Gmail, Docs, Drive Sheets, Sites, Chats, Meet and Calendar. Google Workspace is a Cloud-based enterprise that Google touts as an “All-in-one suite to communicate, store and create.”

You can watch Google Vault in action below:

Who Loves Google Vault?

For one – Employers.  It’s great for finding and retrieving valuable company information and data, even from closed accounts. The things hidden in drafts can be very revealing.
Who else loves it?  Lawyers.  Everything in the Vault may be “discoverable” – meaning it could be subpoenaed in a lawsuit or criminal investigation. It’s called e-discovery, the process of seeking and finding information in electronic format, in response to legal matters and investigations. Note that many archival systems can and do save company communication for the purpose of litigation.  Vault makes this super easy as it uses Google-patented search to access data in email
and attachments including Word .docs  power point, attached PDF’s, Hangouts, chats etc. and . . . everything typed onto a company mail that’s connected to the Gmail server.

eDiscovery and Digital Privacy

This is the part that really concerns me: The
words you type into Gmail are saved—the
thoughts you wrote and then deleted or wrote over—
those are saved and may be discoverable.  Now, truthfully, it would be a rare occurrence for drafts in the Vault to be subject to search, but not beyond the realm of possibility if circumstances were compelling. If they were discoverable would someone be guilty or complicit by virtue of their
thoughts?? I don’t know,  but I like to think my thoughts are just…well, mine, and subject to change.

UHH, But for How Long?

Incredibly, employers or administrators can set the time period for data to be retained up to 36,500 days!  That’s 100 years
.

When an employee leaves, an employer can choose to delete the account or “suspend” it. If the account is suspended, the data REMAINS in the Vault, long after you’ve left that particular workplace.

Here are Google Current 2023 Rules for Retaining All Types Of Google Data

How retention works

Data retention rules control how your organization saves and deletes Google Workspace data for compliance or regulatory reasons.

By default, Google Workspace data stays in user accounts until the user or admin deletes it. If your organization needs more control over data retention, you can set up retention rules in Google Vault. These rules organize how data is stored, for how long, and purge data once it’s no longer needed.

  • Keep data for as long as you need it—You can set up rules in Vault to retain data for how long you need it. The data is kept even if users delete messages and files or empty their trash.
  • Remove data when you no longer need it—You can schedule Vault to delete data after a duration of time. When the retention period expires, the data is automatically removed from user accounts and purged from all Google systems. (Data under a legal hold is not purged.) The time it takes to removed expired data varies depending on the service.

WARNING: An improperly set up retention rule can allow Google services to immediately and irreversibly purge data. Use caution when you create or change retention rules. We recommend that you test new rules on a small group of users before you apply them to your entire organization.

Default retention rules

Set a default retention rule when you must keep all data for a service for a set time. Default rules apply to data only when a custom rule or hold doesn’t apply. You can’t apply default retention rules to only specific accounts or time periods, and you can only have one default retention rule for each service.

Custom retention rules

Set custom retention rules to keep specific data for a set time. You can specify the data with conditions and terms depending on the service:

  • Gmail and Groups—Set by organizational unit, date ranges, and specific search terms.
  • Drive, Meet, and Sites—Set by organizational unit and define expiration based on last modified dates (to address staleness) and created dates (to address compliance requirements), or trashed dates.
  • Chat–Set by organizational unit or for all Chat spaces in the organization.
  • Google Voice for Google Workspace–Set by organizational unit and data type.

You can set as many custom rules as your organization needs. Data is retained according to the rule with the latest expiration. For Drive, if a Drive item in trash is subject to multiple retention rules, a moved-to-trash rule supersedes all other retention rules.

 

What do Privacy Experts Say?

If the very idea of an employer being able to look at your email seems not right to you, listen to this.  I contacted
Paul Stephens Director of Policy and Advocacy at The Privacy Rights Clearinghouse.  He viewed our Google Vault Video and though he was not aware of the detail of the Vaults functionality he offered this reminder:

“Almost anything an employee does on an office computer can be monitored. Courts often have found that when employees are using an employer’s equipment, their expectation of privacy is limited.”

I also reached out to a woman highly respected in the world of Cyber Security,
Dr. Dena Haritos Tsamitis, Director, Information Networking Institute at Carnegie Mellon University for her input and perspective:

“In the past decade, rapid advances in workplace technology have often come at the expense of privacy and security. On one hand, we have enterprise-level software and applications like Google Vault offering incredible opportunities for collaboration and communication. On the other, we have the threat of compromising the privacy of employees.The balance lies in an organization’s commitment to understand how these tools work and educate its employees on safe and secure practices.”

Excellent advice,  Dr. Tsamitis.  Of course,  my entire team is now well aware of our utilization of and the privacy implications of Google Vault.

To Be Honest

As an employer, TBH, I’m not stoked about seeing or saving drafts. Honestly, looking at a draft that wasn’t sent makes me uncomfortable.  It’s creepy. I feel like I’m spying and looking at thoughts and words that were not meant to be shared.  I realize I can choose not to search drafts and I intend to exercise that option—now that I’m done experimenting and researching for this article.

Digital Privacy, Cyber Security, the Cloud, and Privacy

If Cloud-based Google Vault has the ability to save every Gmail written on its live server, that probably means that anyone writing in Gmail should assume that all words are saved and/or could be stored and accessed. The same holds true for most if not all files stored in the Cloud.  More then ever, we should be very mindful of everything we do and put online. As I said in the  , when it comes to ALL your internet moves, Digital Privacy is Absolutely NOT Guaranteed.  Practice mindfulness when online.

In This Connected World: Writer Beware.

Remember, if you use Gmail at work, you may have no idea if your employer uses Vault on their end. So, first things first – ask! Ask HR, ask the IT guy. We’re not sure what your employer is obliged to tell you -but it doesn’t hurt to ask. I contacted Google about eliminating the option to save drafts. A customer service representative of Gmail verified that there is no option to “not save” drafts at this point, but did offer me the opportunity to suggest the change to developers. So, I submitted the idea to Google as they directed through the Features program.

The Fix

If your work email is served by Google and you suspect Vault is enabled, and you’re concerned about privacy and cybersecurity, there are a couple of ways to limit what’s being recorded:

Option 1:  IF you have an older version of Microsoft Office you’re Golden.  It used to be the apps were never connected to the internet. Type into TextEdit or Word. Compose to your delight in those apps, cut and paste directly into your Gmail or Mail Client. This option works only on Non-cloud based.  You can do this with the new versions, but you run the potential of the version being saved on Microsoft servers, depending on your settings.  

Option 2: Disable Internet connection:  You compose, delete, type over and write anything you want and then, when that draft is in final form, you can reconnect to the internet and send or save just the final draft on the server. Prior to disconnecting from the internet, you can open Gmail.  Then, disable internet and Gmail allows you to “compose” as many different emails as you’d like.  Each time you click “COMPOSE” a new window pops up.   You can also compose in a mail client or use Word or Stickies or text editor and then cut and paste to Gmail or your mail Client.

Option 3: Try using a mail client.  If the client has the option of Save Drafts to My Computer.  I’ve personally tried this and it works!