Google Drive is production

Look at me, I'm the source of truth now

Art: Composition with Grid IX, Piet Mondrian, 1919

A couple weeks ago, Jack Dorsey tweeted that he was donating money to fighting COVID. A whole lot of money. 

And he did it in a Google Sheet, which, in an interesting twist, is open to everyone.

In researching (and interacting with) Jack previously, he doesn’t exactly strike me as the kind of person who would carefully track things in a Google Doc.

After all, 

Jack also loves to talk about his meditation schedule, intermittent fasting, and SaunaSpace. He also uses something called an Oura Ring to track his sleep, and he drinks “salt juice” (water, Himalayan salt, and lemon - I guess he’s working on self-actualizing into becoming a conductor of electricity?)

He also recently went on a silent retreat in Myanmar.

Looking at the sheet, there are a number of points for further investigation. We could talk about the charities he picked, the fact that he hasn’t updated it since 4/14, and the calculus of transferring Square shares to pay for all of this. 

But what’s most interesting to me is just how ordinary is it from an actual spreadsheet perspective. It has equations. It has links. It has tabs. Billonaires - they’re just like us! They freeze panes to lock in rows and columns!

I think the much bigger story here, though, is that absolutely everyone uses Google Drive, simply because it’s a tool all of us, regardless of status, class, or how many companies we own, have ambiently available in our digital lives. In much the same way that Excel still powers the financial economy (and lots, lots of other things), Google Docs has risen as a cloud complement. The worse story is that, since it’s tied to Google, an ecosystem that almost everyone is a part of, and because its consumer version is free, it’s wormed its way into the operational systems of companies where it now lives like a very dangerous Swiss army knife, used for anything and everything without thought given to the implications.

For example, after the botched Iowa caucus in January, Nevada tried to record some of its election results through Google Drive,

Details on the new system are patchy, but it seems that at least some caucuses will be tabulating and reporting their results through a combination of Google Forms and associated spreadsheets. There’s also some indication that Google Forms may be used to check voters in at caucus locations, although in both cases, there will be other options available as a safeguard.

On the tech side, the state party is operating from a regular enterprise G-Suite account, apparently connected with off-the-shelf iPads.  

And, as I wrote earlier, schools are fully embracing Google Docs for students and staff alike.  In tech, Google Sheets are also often used to share salaries in order to give employees negotiational leverage. From my own personal experience, they’re often used to collaborate on writing and editing books, editorials, and petitions, and as invoice systems for places that pay freelance writers, including lots of fun personal information such as addresses and bank account and routing numbers.

The more I think about it, the more I’m convinced that the world now runs on Google, and if Google Docs ever went down, it would be an even larger blow to the economy than Zoom or Excel at this point, but that the more it stays up, the more this cloud app owned entirely by Google becomes the most dangerous weakest link in all of our workflows.

This is not an exaggeration. A couple days ago, I put out a call for crazy Google Docs use cases, and got them in spades. 

Here are some of my favorite ones: 

GDocs as a payment system:

GDocs as a chat platform: 

Google Docs as a lunch resolution service: 

And, finally, as a development platform: 

And, here are some from DMs:

  • “Used a google sheet as a shared account password manager, which is probably common. But this one was secure because someone made the password column white text on white background.”

  • “Not exactly google docs but One non-engineering team at a company I know used Google Colab to run production api ingestion tasks. This included all secrets being pasted in plain text with this Colab being shared with multiple people.”

  • “P&L level figures on a doc set to link-sharing that anyone can find I can email the entire company by sharing a team drive with the entire org - the "all employees" emails list has tons of non-internal email accounts”

Finally, are a couple where the specifics were so terrible that I needed to edit them out: 

  • Doctors keeping track of groups of patients in Google sheets

  • Ad teams using Google sheets to manually construct complicated boolean queries in place of NLP to create ads responding to specific consumer sentiments

  • Companies keeping all their customer’s addresses in docs that were accessible to external vendors, and, really, anyone

  • A very large company that initially kept track of a multimillion dollar line-item budget in a database, but migrated to a single, enormous Google Sheet that’s directly editable by at least 5 people. 

The more stories I got, the more I became terrified that our entire economy (what remains of it, anyway) is only a “click to share” link away from exposure. (But if you have more stories, definitely put them in the comments.)

There are a number of things that make Google Docs extremely sticky and extremely dangerous. First, most people have Google personal accounts. When you open a work-related spreadsheet, if your Google personal account is the default on your machine, the document goes in there. 

And where “in there” is, is a different story, too. We no longer own anything in the cloud. 

Google doesn’t give us a very fine-grained view or control on these files. As I wrote before, what’s ours is no longer ours. 

I was really surprised. Memes are, in an internet that’s been entirely corporatized and controlled top-down by Amazoogle and advertising, the People’s Content. They come from the bottom up, from message boards and reddit threads, from Photoshop and Powerpoint, and make their way online. And yet, we have no control over them, no way to save and catalog them, to search through them.

The people before us left behind vellum manuscripts and paintings, wrinkled photographs and handiwork, letters that smell of sealing wax - evidence that humans were here, doing human things, living.

What will be left of us when the servers are turned off and the last Baby Yoda gif disappears into the ether?

Another enormous problem is link-sharing. There are millions of spreadsheets out there that are accessible to the public with a link. Hackers have already previously exploited it, but surprisingly for a problem this big, there doesn’t seem to be a lot of other news about it. If hackers are working on exploiting this already, then we just have not heard anything about it lately.

Finally, it’s hard to tell which documents are ours and which are someone else’s. For example, as soon as I opened Jack’s sheet, it went into my own Drive, where it will now stay, for a very long time:

We, as tech professionals and security professionals, spend hundreds of millions of dollars securing our clouds, our personal laptops, our databases and now we’re harping on Zoom’s security issues.

But I haven’t seen much press at all about how much of a problem it is that a company has not only managed to embed itself into our consciousness with search, but now also lives inside our companies as a complete production system that people rely on to track revenue, run databases, manage vendors, and, yes, distribute billions of dollars.

I’m not saying that all of this is going to come crashing down, mostly because many of thse systems operate through security by obscurity, but maybe we (and Jack) should back our stuff up at least every once in a while, and maybe take some of these docs out of production.

What I’m reading lately:

  1. Why are Taleb’s ideas so good (I personally have long been a fan) and yet it’s so easy to hate him? The Taleb starter pack.

  2. TFW you’re a data scientist IRL

  3. Cuomo’s Powerpoint aesthetic

  4. Bleak but good content

  5. Saudi Arabia now owns Ticketmaster?

The Newsletter:

This newsletter’s M.O. is takes on tech news that are rooted in humanism, nuance, context, rationality, and a little fun. It goes out once a week to free subscribers, and once more to paid subscribers. If you like it, forward it to friends and tell them to subscribe!

Swag: Stickers. Mug. Notepad.

The Author:
I’m a data scientist. Most of my free time is spent wrangling a preschooler and a baby, reading, and writing bad tweets. Find out more here or follow me on Twitter.