Let’s say (completely hypothetically, no need for disclaimers) that I’m involved in a civil suit against a Google employee. Keeping it simple, assume the suit has nothing to do with computers or Google-related services. Let’s also assume the Google employee is very personable, and most other Google employees would willingly do him a favour short of breaking the law or severe misconduct.
Could he make a couple internal phone calls and ask someone to give them a file on “that Rhythmdvl character” and see my entire Google portfolio (searches, gmail contents, etc.)? Or is the information tied to a computer but it would take unreal computing to trace a person to a Google ID? Or if he had my Google username, would that be sufficient to pull up everything they had and use my search history, sites visited to sway the suit (assuming something useful is in there)?
Further, if I had a profitable Web site such that Google is looking to buy it, can their acquisitions team call up my files and see what’s in there in hopes of strengthening their bargaining position?
Only if your site is hosted by Google. They only have access to whatever the rest of the public has access to on a Web site. They would have better tools for quickly crawling your whole site but otherwise unless your hidden files reside on a Google server there’s no way for Google to get them.
Ok unless your files aren’t password protected and sitting in a viewable folder, but the public also has access to those.
Oops, no, I don’t mean the site’s files. I mean my Google-related file. As in, can they walk into negotiations knowing about my browsing habits and therefore know that I’m actually on the verge of bankruptcy and more likely willing to take a quick deal or that I search/read whatever Grateful Dead articles come through Google News and therefore would be more likely to sign if they threw in some GD memorabilia. I’m choking on good examples, but that sort of thing in general.
Yes, Google employees can read your email/chats: see here.
Without knowing a lot about Google privacy policies, though, I suspect that user data is treated the same way as user data at a bank is treated: A number of people can in principle pull up your account, but such access is audited and an employee conducting a fishing expedition on someone will be found out relatively quickly.
I imagine they do some sort of anonymization or encryption (of the parts that can’t be anonymized) on data they, or they’d spend all their time sorting through their databases in response to subpoenas.
In general, IT staff don’t have access to your private files beyond the level necessary to enforce company policies (make sure you’re not using business resources for personal projects, downloading porn or other prohibited content, etc.).
And responsible techs do NOT want that access without appropriate monitoring and other safeguards. It’s all to easy to imagine a situation where a vengeful user accuses a tech of messing up that users data or putting in naughty stuff.