Hi Marzai, Thanks for the detailed response. It would be great to get those clarifications included in the terms of service and/or privacy policy. I can see from my post rating that some people don't share my concern, but data privacy is probably the number one barrier to commercial cloud adoption at the moment. Clear legal statements are always better than implied trust, or clarifications made in forums. I don't doubt that the constraints you have outlined are correct, but I read the privacy policy and terms of service to say something significantly different. The privacy policy explicitly lists content (including code) and says this -
'We use this information internally to deliver the best possible service to you, such as improving the Google App Engine user interface and maintaining a consistent and reliable user experience.' The terms of service say this (in section 8, which overrides any rights outlined in section 6) - 'By submitting, posting or displaying the Content on or through the Service you give Google a worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute such Content for the sole purpose of enabling Google to provide you with the Service in accordance with its privacy policy.' When you put these two statements together, Google is able to reproduce, adapt and modify developer contributed code to improve your UI, and explicitly *does not* require content owner's permission. Apparently that permission is given once the data is uploaded. I'm not trying to be difficult - that is actually what it says - and those documents are actually what business look at when making decisions. I realise that the terms of service and privacy policy are produced by the legal team and not the engineering team, and the legal guys have a responsibility to protect Google from liability and litigation. Perhaps the legal team isn't fully aware of the importance of data security to GAE adoption. It is probably the engineering team's responsibility to raise that awareness. It seems clear to me that Google's strategy is to market GAE applications to its Google Apps customers. Both offerings sustain each other, and the delivery of the reseller program is a hint that this ecosystem is well on its way to being opened up. If you want an abundance of vendor supplied, commercial quality applications in that ecosystem, then data security needs to be much more clearly respected in the legal documentation. Thanks, Colin On Jan 16, 5:23 pm, Marzia Niccolai <[email protected]> wrote: > Hi, > > First let me say that everyone on the App Engine team takes data > privacy very seriously, and point you to Section 6 and 8 of the App > Engine terms of service (http://code.google.com/appengine/terms.html) > that deal explicitly with the issue of data ownership and copyright. > > Also, it is important to note that the only Google employees who have > the ability to access data pertaining to any App Engine app are > certain members of the App Engine engineering team, and the access is > limited to that which is necessary to perform their job role. > > The _only_ circumstances under which a member of the App Engine team > would access your application code and/or data is: > > - With the developer's permission, in order to troubleshoot a specific issue > - If your application is causing system wide instability > > Any modification to your app through the Admin Console (by any person) > is logged in the Admin Logs, that can be access > at:http://appengine.google.com/adminlogs?&app_id=YOURAPPID > Access logs are maintained by Google as well. > > -Marzia > > On Wed, Jan 14, 2009 at 1:06 PM, hawkett <[email protected]> wrote: > > > Hi, > > > Just wanted to query the privacy policy, especially as it relates > > to code. Would I be right in thinking that the only thing stopping > > google stealing an app. or an idea for an app, or an algorithm or data > > structure or whatever, is that you are such good guys? > > > This is the privacy policy I am reading > > -http://code.google.com/appengine/privacy.html > > > I read the privacy policy to pretty much say you can do what you > > want with the code? i.e. 'We use this information internally to > > deliver the best possible service to you...' - you could interpret > > that to mean pretty much anything, including ripping off an idea and > > serving it back to us - (yeah, I know you are good guys). > > > A second question would be Google's policy for employees or > > contractors etc. looking at the code of app engine apps? Are there > > any internal controls? Do you maintain access logs? What are your > > criteria? > > > An obvious situation would be a google employee reading a group > > post, and saying 'Hey that's an interesting point, I wonder what app > > they are building... let me just go in and look at their code... wow > > that's cool... <days pass>... hey boss I have an idea for my 20% spare > > time, how about we do this <subtle variation on app they looked at > > recently>' - can you confirm that this does or does not happen? > > > It doesn't even need to be conscious - knowledge is knowledge, and > > you can't 'unsee' something. I challenge anyone to see something done > > in a better way, and then continue to do it in an inferior way, > > because they are a 'good guy'. > > > It might just be a good idea to you, but it is IP and business > > value that you shouldn't have access to. It is a significant barrier > > to GAE adoption for many organisations. It is completely different > > situation on a platform like Amazon (because I can protect my content > > myself, among other things), and GAE requires a different policy than > > 'to provide a quality service'. > > > I realise this is covered > > byhttp://code.google.com/p/googleappengine/issues/detail?id=501, > > which is an absolutely crucial issue that, naturally, has no input > > from google apart from acknowledgement. I'm not writing this post to > > register my support of that issue, I've already done that. I'm > > writing it to try and get some sort of meaningful response form > > Google. > > > Would someone at Google please be able to elaborate? When do you > > access our code? Thanks. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
