7 minute read
2.2 Diagnostic Data
Google Account As explained in Section 1.4.2, end users have to create a Google Account in order to use the G Suite Enterprise services. In principle, Google processes data relating to a Google Account (as a data controller) under its (consumer) Privacy Policy. However, Google explained that when a Google Account is used to access a Core Service, the processing is subject to the G Suite DPA, rather than the (consumer) Privacy Policy:
“We consider Google Accounts to primarily serve as engineering infrastructure by which an end user authenticates and gains access to whatever services the end user is allowed to access by virtue of its relationship with Google. Google Account is processed in the same way as Core Service data when its functionality is used in conjunction with Core Services (to which the G Suite DPA, rather than the Google Privacy Policy would apply).”88
Advertisement
Support Data As described in Section 1.4.4, G Suite includes technical support services relating to the Core Services (Technical Support Services).89 Google refers to the data it obtains in connection with the Technical Support Services as Support Data. In the Technical Support Services Guidelines (TSS Guidelines), Google defines Support Data as ‘account details and the information that Customer provides to Google for the purpose of obtaining TSS under these Guidelines, including requests for support and the details provided to Google about the specific support issue.’
According to the TSS Guidelines, Google collects and processes Support Data for the purpose of providing the support services described in these Guidelines and maintaining the Services.90 Google does not provide additional information.
2.2 Diagnostic Data
As explained in Section 1.2, Google collects Diagnostic Data in multiple ways. Sections 2.2 to 2.4 discuss how Privacy Company obtained access to Diagnostic Data in the context of this DPIA and contains an overview of the content of such Diagnostic Data.
Though Google provides extensive documentation about the existence and contents of the logs that it makes available for administrators, there is very little public documentation about other Diagnostic Data Google collects, such as telemetry data, or other data Google collects on its servers about the use of G Suite Enterprise applications.
2.2.1 Audit logs and visual reports Google stores Diagnostic Data about the use of its cloud services in log files. Googles makes some of these logs available for admins in so-called audit logs. There is no public documentation what logs Google collects in system generated logs, and what data it makes available for admins.
The audit logs provide some information about the Diagnostic Data Google collects. Another source of information used for this report, is traffic interception from the installed apps. This will be discussed below, in Section 2.3.
88 Google reply to part A of the DPIA. 89 As well as services identified as ‘Other Services’ in the G Suite Services Summary and services described in the Complementary Product Services provided under a separate agreement. These services are out of scope of this DPIA. 90 Clause 6.4 G Suite Technical Support Services Guidelines.
Figures 11 and 12: Google list of different audit logs and reports API
Admins can access 19 kinds of audit logs through the Google Admin Console.91 These are: Admin, Login, SAML, LDAP, Drive, Calendar, Context-Aware Access, Devices, Password Vault, Token, Groups, Hangouts Chat, Google+, Voice, Hangouts Meet, User Accounts, Access Transparency and Rules.92 Additionally, admins can use a separate Email Log Search. For this DPIA, 13 logs about services in scope of this DPIA were analysed.
Google also makes these logs available through its API so that administrators can obtain automated, almost realtime access to end user activities.93
Google additionally provides four types of visual reports:94
1. Activity log files (activities of end users and administrators) 2. Customer Usage Metrics (aggregated properties and statistics for all end users, across an entire Enterprise domain
91 Google, understand audit logs, URL: https://support.google.com/a/answer/6098211?hl=en&ref_topic=9027054 92 The following 5 logs were empty, because the functionality was not tested: SAML, LSDAP, Context-Aware Access, Voice and Password Vault. 93 https://developers.google.com/admin-sdk/reports/v1/guides/manage-auditdrive 94 Google API Reference, URL: https://developers.google.com/adminsdk/reports/v1/reference/
3. User Usage Metrics (individual Diagnostic Data. “The end user usage report returns G Suite service usage information for a particular end user in your domain. These reports can be customized and filtered for specific usage information. The default and maximum time period for each report is the last 450 days”95; and 4. Entities Usage Metrics (only about the use of Google+)
The logs and reports show that Google logs personal data at a granular level about individual end user actions in three different categories: application usage (such as Gmail or Docs), file access (any activity related to the opening, changing, saving and sharing of files) and access to third party services using the Google credentials (Cloud Identity).
The Drive Audit log file contains file and path names, in combination with the email address of the end user.
Table 7: Drive Audit log
Item name
Event description
User
Date
Event name
Item ID
Item type
Owner
(Prior) visibility
IP Name of document with URL (path name)
Username and executed action, such as ‘edited’ ‘viewed’ or ‘downloaded’
Username and link to the account of the end user who executed the actions.
Timestamp with time zone
For example: view, download or edit
Unique identifier for the document
For example: Google Docs or Slides
Email address of the owner of the document
Whether a document is visible or accessible.
Full IP address
The Token audit log contains a log of authentication tokens that applications and websites use to access Google Account. In the tests executed for this DPIA, authentications tokens to log in to Chrome, Dropbox, iOS and Android were logged. For each event the type (creation, use or revocation), end user account, the application or website, the end user’s IP address and timestamp were logged. Thus Google collects information on the use of websites and apps by an end user with a corporate G Suite authentication token.
95 Google Report API: Users Usage Report, URL: https://developers.google.com/admin-sdk/reports/v1/guides/manage-usage-end users
Figure 13: Example of Token audit log
Many websites and apps accept easy sign-in with a Google Account. This is convenient for end users, because they will not have to remember separate credentials for each website or app., It is reasonable to expect that end users will frequently use their Cloud Identity Google Account for single sign-on services. In the G Suite Enterprise environment, this has as a side effect that the Token audit log allows administrators to view on what websites and apps end users have logged with their Google account.
Google notes: “G Suite audit and reporting help administrators track important activities. Log-in activity for third-party apps is included so administrators have a complete picture in one place.”96 A third example of logging is shown in the reports that provide an overview of activities of one end user in one application, for example the use of Gmail.97
The Gmail usage reports provide aggregated information about one specific individual’s email behaviour, such as the total number of emails sent and received in the last 450 days, and the last time they accessed their mail through webmail, pop or imap.
Table 8 Overview of individual end user actions in Gmail
is_gmail_enabled boolean If true, the end user's Gmail service is enabled
num_emails_exchanged integer The total number of emails exchanged. This is the total of num_emails_sent plus num_emails_received
num_emails_received integer The number of emails received by the end user
96 Google, Google Identity Services for work, URL: https://storage.googleapis.com/gfw-touched-accounts-pdfs/google-identitytakeaway.pdf 97 Google Gmail Parameters, URL: https://developers.google.com/adminsdk/reports/v1/appendix/usage/user/gmail
num_emails_sent integer The number of emails sent by the end user
num_spam_emails_received integer The number of emails received by the end user's marked as spam mail
timestamp_last_access integer Last access timestamp
timestamp_last_imap integer Last imap access timestamp
timestamp_last_interaction integer Last interactive access timestamp
timestamp_last_pop integer Last pop access timestamp
timestamp_last_webmail integer Last web access timestamp
Google also creates aggregated statistics about Gmail usage in the Customer Usage Metrics.98
These statistics contain much more information about email behaviour, such as the number of encrypted inbound and outbound mails, and the number of inbound spam emails. Such information can be useful for administrators if they would want to change their security policy to for example ban unencrypted mails. These logs can also inform an administrator if a particular end user suddenly receives a lot of spam. Without these user specific reports, it would require more effort to retrieve this information from the general Email logs.99
Figure 14: G Suite Reports API: export Gmail actions
98 Google G Suite Admin SDK, Reports API, Gmail Parameters, URL:https://developers.google.com/adminsdk/reports/v1/appendix/usage/customer/gmail 99 See Google, Email Log Search, URL: https://support.google.com/a/topic/2618873?hl=en&ref_topic=9027054