Can FBI or government agencies get hold of my Google Docs files just by confiscating my laptop?

Question

Assume the following:

• I am doing all my work, including the one with sensitive information on Google Docs. No documents are stored on local hard drive.
• I am not using the Google Drive App, just doing everything via web interface
• I am using incognito mode all the time.
• There is no one "looking over my shoulder", or manages to install any keylogger kind of software

So, my question is, can FBI or government agencies still be able to get hold of my files stored on Google Docs by confiscating my laptop?

What I am asking is can my laptop still give me away if I use online cloud storage? We all know that even if I delete a Microsoft Word file even from Recycle Bin, there are chances that the file can still be retrieved as long as the investigators have the hard disk.

Note that this question is very different from this one here, because we are not talking about accessing the deleted data from HDD per se, but rather, accessing the data that is stored purely on the cloud and only exists temporarily on web browser

Answer 1

When you store data on Google Docs, as you may already know, it is not encrypted at all. I read that everything you upload to Google Docs and similar services are not only yours anymore because you agree Google to own them too. This means, at first glance, Google has already access to your files since Google confesses that by itself:

When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.

Also, I am not American but from my understanding of the NSL, the FBI can access your data on Google Docs without even warning you.

In your case, I'd rather prefer to encrypt the data before storing it on Google Docs after choosing a strong algorithm and you found a secure way to protect your private key.

---

Update:

More than 24 hours after the question was asked, a user modified the title of the question giving it an other meaning than the original one:

First time I answered your question, you were online around fourty minutes while my answer was the only one available. You answered only to two comments of @schroeder but nothing else even after you received different answers dealing with different aspects of your question. Even one of your 2 comments was too confusing because you said a thing and its opposite:

if the government agency subpoena Google, then my data wouldn't be safe, am I right? No, I don't worry that the government agency will do that –

You did not react to accept it or comment it to ask something. After few users said that your question's title is not the same as its content, I asked you clarification via a comment I deleted (because it is too chatty already) but you did not react either. Following your silence to different answers and comments and your refusal to clear the ambiguity of your question, I need to update my answer by focusing on an other side you may wanted to ask, for further readers as the posts here are intended to last.

I had to focus on your question's title because good answers to so many questions as yours already exist here:

1. Is it possible to recover securely deleted data from a hard drive using forensics?
2. How to recover securely deleted data
3. How does forensic software detect deleted files
4. Is data-remanence a concern in RAM?
5. How can I reliably erase all information on a hard drive?
6. Prove that you deleted the file
7. Ensure data doesn't linger after being deleted
8. I'm leaving my job and want to erase as many personal details etc. as possible; any tips?
9. Overwriting hard drive to securely delete a file?
10. Secure file deletion vs wiping free space

And the list of similar questions with good answers is still so long on this website. This is just a short list I picked myself. And we all know that when you delete a file from Windows' Recycle bin (trash), it becomes invisible to your operating system only because the file allocation table does not point to it anymore, otherwise the file exist somewhere in your hard drives and you can get it back (if the OS did not override it especially if it has been a long age since you deleted it)

There is also a point I want to add to those answers about the possibility to FBI to recover your data. It is the easiest way but the answers I read elsewhere here forget it frequently:

• The easiest way for them is to use the Restore System feature of Windows. That way they could, by chance, get back your browsing history, cookies and even your secret files that you uploaded to Google Docs. By chance, I mean all depends -for the files, for instance- on the restore point you set. This is the easiest way.

Also, other answers to your question mentioned that your coockies, browsing history and browser's cache are a way for the FBI to get your data. That is true even in the case you cleared these elements from your browser because all what the FBI needs is to find where your browser stores its cache:

P.S.

If the FBI is interested to check your browsing history (supposed you hid some of your data on your secret Wordpress blog, for example), they can find where you surfed (your blog) by checking your DNS because your computer uses DNS servers to resolve hostnames to IP addresses, such queries are temporarily stored in your DNS cache. When you clear your browser history, your DNS cache is not touched. You can try this command yourself: ipconfig /displaydns to display the contents of the DNS resolver cache. Do not forget also that the FBI can check your router logs (even if in most routers this functionality is deactivated by default). This can be useful for them in case you downloaded some data you are not allowed to access, or in case you stored your secret data elsewhere before you upload it to Google Docs, or simply they can find a proof you used Google Docs. One thing to mention also: your browsing history still can be detected in case your ISP, the government, or whoever else decides to cache your list of browsed sites. Finally, some files of your operating system such as Index.dat (hidden file) contain all of the Web sites that you have ever visited. Every URL and every Web page is listed there.

Answer 2

As pointed out by begueradj, any government agencies can access your cloud-stored files through a subpoena to Google. But your question was what they can do when they have your laptop alone and nothing else. This is not an unlikely scenario. It is the situation you have, for example, when you get arrested by law enforcement and they do not have sufficient evidence to hold you or your property for longer than a few hours.

• When you still have a valid login cookie for google docs in your browser, they can copy it to impersonate you or simply log into your account by opening it in your browser.
• When your browser saves passwords without requiring a master password, they can extract your password from the browsers password storage.
• When either of the previous points applies to your webmail account, they can request a password reset for your Google Docs account.
• It's even easier when you use an email client which doesn't ask you for your username and password when fetching your mail.
• Your browser might still have cached parts of the documents in the browser cache from the last time you accessed them.
• If it doesn't, those deleted cache files might be restored using a data recovery program if they are lucky.

Any of these problems can be mitigated by using a full-disc encryption software... as long as the laptop is switched off when they confiscate it... and you are in a jurisdiction where you can't be forced to reveal the password... and the people who detain you care about your right to not reveal it.

Answer 3

In addition to the answers discussing cloud access, or the good answer from phillip,

google docs is going to leave lots of traces in temp files/swap etc where the documents could be easily retrieved.

By common practice/configuration virtually all browsers are going to leave temp files behind for every page viewed. In addition to the temp/cache files that users may be aware of, additional temp files are used and deleted automatically by the browser, but those would be accessible to forensic investigators.

To compound the issue, the browser is certainly keeping the document in RAM (in order to be able to display it to you) and RAM is regularly put into disk as part of memory swapping of almost every OS. That data is also easily available for forensic investigators.

Finally on a laptop hibernate/sleep mode will also dump a copy of RAM to disk.

As others have said, full disc encryption, and make sure the laptop is off when they get it, are the answer. Using the tails OS is also a good mitigation for these problems (when configured to not allow any local storage)

However, if you are a person "of concern" to anyone with the resources to jump through these hoops, having the data in the cloud to begin with is a much greater liability.

If you must put it in the cloud for distribution purposes, encrypt it locally with strong encryption and upload it for others to be able to fetch.

Yes that is much more inconvenient, but if you are actually worried about the security of this information, it is virtually mandatory.

Answer 4

Others have commented that if they capture your session cookie they can simply access your documents, and otherwise they can obtain a warrant to get your documents from Google. There is a minor twist to the second point: they need to know your user ID. Without this, they cannot serve a meaningful warrant to Google, and finding some incriminating document among the billions of legitimate documents would be difficult.

If they capture your laptop when it is turned on, they will more than likely get your session cookie, and it's hard to stop this. But if your laptop is off, and there's no trace of your user ID anywhere (which would require care on your part), then in practice it would be very difficult for them to access your documents.

You'd also have to hide any likely routes to trace your account. Say they arrest you in Joe's Cyber Cafe. They could ask Google to show what accounts were accessed from the IP address of Joe's Cyber Cafe. You can stop this by masking your IP address, perhaps using Tor. Another concern is if they could figure out a search string, which would match your document.

Ultimately, while this approach has some potential merit, the more common approach of encrypting everything seems to be a better idea.

Answer 5

It's really a bad idea to store sensitive information in the internet, especially in Google products. If you are concerned about FBI I suggest to delete everything and read a lot about how to keep your files safe. If you need thease files in internet for some reason, at least use PGP encryption for the files. Also use encryption for your hard drive with strong and long password. If you are using Windows, don't use the build-in encryption.