Cloud computing hasn't just enabled us to store mass amounts of data online; it has also brought with it a number of privacy and security issues that have now come to the attention of the Federal Trade Commission. The Electronic Privacy Information Center (EPIC) has petitioned the FTC to investigate privacy concerns over Google's gaggle of online services just as the FTC was already meeting to discuss whether the benefits of living in the cloud justify the risks.

In its petition (PDF) to the FTC this week, EPIC asked that services like Gmail, Google Docs, Picasa, and Google's other cloud computing services be investigated to determine "the adequacy of the privacy and security safeguards." The privacy organization cited a recent glitch in Google Docs that made certain documents—previously marked as private by their owners—public and available to the world, despite repeated claims from Google that the data is safe and secure. EPIC also highlighted a number of reports from security experts about vulnerabilities in Google's services between 2005 and now.

"Recent reports indicate that Google does not adequately safeguard the confidential information that it obtains," wrote EPIC. The organization wants the FTC to evaluate Google's safeguards, require Google to revise its Terms of Service to highlight its obligations to security, compel Google to be more transparent about its policies, and pressure the company into donating $5 million to a public fund dedicated to privacy and security research. Additionally, EPIC urged the FTC to consider the possibility of blocking Google from offering those services until the necessary safeguards are "verifiably established."

(Some news outlets took this to the extreme by saying that EPIC wants to shut down Gmail, though a reading of the document reveals that it was more of a suggestion should the FTC find that Google is doing a terrible job at keeping data secure.)

The FTC is already aware of the privacy and security concerns that come with keeping everything in the cloud; it recently held a meeting to talk about how companies can manage data security issues when data might span multiple jurisdictions. Over the course of two days, the FTC met with various organizations and company representatives to discuss the risks involved in cloud computing, and which entities have jurisdiction over the data at any given time, especially as it changes digital hands.

The FTC has previously held such meetings to investigate topics like online behavioral advertising. The agency likes to keep informed about tech topics, but the conferences don't generally lead to new rules (certainly not in the short term). In the case of behavioral advertising, the FTC decided that industry self-regulation was the way to go, a position it has held for two years—though that may finally be changing.

For cloud-based services like Gmail, though, keeping the public trust remains paramount; a spate of bad PR may be pressure enough to keep those companies offering web services to the public thinking hard about security and privacy.