To see what is at stake, consider a very simple example of what the new policy allows. Suppose a Department of Energy employee uses the Google Apps for Government calendar to schedule an audit of a nuclear site in a particular city. Google may now observe from this user's Google+ account that she has friends in that city and ask her if she wants to notify them of her visit. Suppose she inadvertently clicks "yes", or clicks "yes" without realizing that the notification will go to a broader circle than she intends. It's not sensible policy to force government users into a system that makes it so easy for naÃ¯ve or untrained users to make these kinds of mistakes.
Now suppose that such a system is deployed to millions of federal, state and local government users, and that neither the users nor their system administrators are allowed to turn off these information sharing features. Suppose further that the sharing extends across many different online services - not just calendaring and social networking, but also email, search, group collaboration, and potentially even the real-time location of users' mobile devices. Such a system is rife with opportunities for unintended and undesirable information disclosures. It needlessly multiplies the opportunities for social "phishing" attacks directed against government users. It is, frankly, an information catastrophe waiting to happen.
Jeff Gould is an expert contributor to SafeGov.org, a forum of industry leaders that promotes safe and secure cloud computing.