Is Google Desktop Evil?

Category: Privacy

I got a warning from a friend who told me not to use the Google Desktop program. He says it will secretly make copies of my personal files and send them to Google's own servers, and from there they could be made available to the government. Is this true?

evil ninja spy

Google Desktop and Privacy


Relax... the Google Desktop software won't secretly send copies of your love letters to Uncle Sam. Here's the truth about the "Search Across Computers" feature that was added to the Google Desktop software earlier this year. According to Google's documentation:

Search Across Computers enables you to search your documents and viewed web pages across all your computers. For example, you can find files you edited on your desktop from your laptop. To activate this feature, you will need a Google Account (the same login you use for Gmail, Orkut, or other Google services). Files accessed on your computer after you enable Search Across Computers will be searchable from your other computers. To search your other computers you must also install Google Desktop on them as well as enable the Search Across Computers preference using the same Google Account on each one.

So yes, it's true that if you use the Search Across Computers feature, Google Desktop will transfer an encrypted copy of certain files to a Google server, so that you can search for files on all of your computers at once. It's a handy tool for power users who have files scattered across multiple computers. But nothing is being done in secret, or without your permission, and your personal files are NOT available to other Google users.

Here are some important things to remember about the Search Across Computers feature:

  • You must explicitly turn on this feature. It's not automatically enabled, and it's not something you might do by mistake.
  • You must install the Google Desktop on all of your computers, sign up for a Google Account, and then enable this feature on all your computers for it to function.
  • Files are encrypted before transmission, and are deleted from Google's servers after 30 days.
  • Password-protected files and secure web info are automatically excluded.
  • Specific files and folders can also be excluded.
  • All of this is clearly spelled out in the Google Desktop website and help files.

    So What's The Fuss?

    Why are some privacy pundits crying foul, telling others not to use the Google Desktop software? Warnings from the Electronic Frontier Foundation have been issued, saying things like "Google Copies Your Hard Drive - Government Smiles in Anticipation" and "Consumers Should Not Use New Google Desktop." The EFF claims that if files are transferred to Google servers, then the government, business rivals or your spouse could easily obtain them with a subpoena.

    The problem, according to the EFF, is the Electronic Communication Privacy Act (ECPA) of 1986, which gives only "limited" privacy protection to data stored with online service providers. If that's true, then the problem is MUCH bigger. Any ISP that stores your personal files or emails would be in the exact same situation. AOL, Yahoo and Hotmail keep your emails on their servers, many websites allow you to upload photos, and it's common for online stores to keep records with your personal information, such as address, phone and credit card numbers. Web hosting firms store private files and proprietary code that power millions of websites.

    So is all of this information really up for grabs by Uncle Sam, your competitors, and your ex-wife? I'm not a lawyer, but it's very hard for me to believe that the law permits almost anyone to secretly request a copy of others' private files from an Internet service provider. And it's even harder for me to believe that Google is somehow complicit with the government to violate the privacy of millions of Internet users. Is the sky really falling?

    No. Here's what's really going on... The EFF wants Congress to update the ECPA and other privacy laws, and maybe some changes to the law really are needed. But they're stringing up Google like a digital pinata, telling the world that Google Desktop software is evil, in order to get publicity for their cause. That may be a common tactic in public relations, but it's unfair and it's wrong. Some might even say it's evil.

    Do you have comments on this story? Post them below.

  •  
    How Else Can I Help You?   (Enter your question in the box above.)
     

    Sign up now for AskBob Updates!

    Boost your Internet IQ, keep up with the latest online trends... get your FREE subscription now!


    Email:


    Posted by on 15 May 2006


    For Fun: Buy Bob a Snickers.
    Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!

    Prev Article:
    Passports Online

    The Top Twenty
    Next Article:
    Secure Your Computer!

    Link to this article from your site or blog. Just copy and paste from this box:


    Most recent comments on "Is Google Desktop Evil?"

    Posted by:

    Knight4131
    16 May 2006

    I've been in Law Enforcement for over 10 years. I can tell you that if your private stuff is stored on a server, then YES it is subject to search by a Law Enforcement organization! A Law Enforcement agency will need to get a subpoena and show probable cause however, so it's not like it's an open market.

    EDITOR'S NOTE: Probable cause... it's a Good Thing!


    Posted by:

    Jim Andrews
    16 May 2006

    Technical White Paper from University of Michigan's IT Security group

    http://safecomputing.umich.edu/tools/download/gd_security.pdf

    gave me reason to be concerned. You do not need to be an administrator to install plug-ins that extend the indexing or sidebar capabilities of Google Desktop. Such plug-ins can be written by anyone. This is noted solely because, historically, security problems have been incorrectly associated with applications when, in reality, the problems originated in poorly written extensions.

    As noted earlier, Google Desktop indexes the web sites you visit and keeps a cached copy of those pages. By default however, this does not include pages viewed over HTTPS. However, this is a configurable preference and if this preference is set inadvertently by a user or by other malware, you could be indexing and caching (in the clear) sensitive information that is normally encrypted via SSL.

    Google may not be evil, but it isn't secure and probable cause vanished in the Patriot Acts interpretation (or misinterpretation.)

    EDITOR'S NOTE: Yes, but... is Joe User likely to fiddle with plugins and change the default setting to index secure pages? Somewhere along the line, users have to take responsibility for their actions.


    Posted by:

    Brian
    16 May 2006

    Probable Cause...Against Whom, giving access to what? So if a law enforcement agency has Probable Cause against a company such as an ISP or even Google, are all individuals records subject and open to inspection (including the offsite backups of _possibly_ more than 30 days worth of data). Does the said company have the right to tell the individuals their data is potentially being read? Does it have to?


    Posted by:

    Patricia F. Anderson
    16 May 2006

    The problem is not that Google is or not evil, but rather that like any tool, it has costs and benefits. Fire can cook food or burn a home; depending on the knowledge and expertise and attention to detail of the person setting the fire.

    I work in a healthcare environment, and the risk of even accidental revelation of private patient data is simply not worth it. None of our staff would intentionally broadcast patient data, but using Google Desktop does make it more of a risk.

    Google Desktop, like every other tool, has appropriate and inappropriate uses. Match the tool to the task, and for now, keep Google Desktop out of healthcare environments. Not because of a problem with the software, but because the users of the software are only human.

    EDITOR'S NOTE: In an enterprise environment where the privacy of client data is paramount, I can understand your extra caution. But it seems MUCH more likely that one of your peers might expose private data in an email, than by using the Search Across Computers feature in G Desktop. Remember... this is something you must explicitly turn ON. And even so, the (encrypted) data cannot be accidentally exposed. It would require a court order to obtain the data. And I'm sure any such files would still be protected by HIPPA laws. So your exposure seems vanishingly small.


    Posted by:

    Steph
    16 May 2006

    I would not put anything on the internet that I would consider private whether it be email or website or searches or whatever. I don't think Google is "evil" any more so or less than Yahoo or AOL. I don't feel secure about "probable cause" either is since the NSA tapped into phone conversations of American citizens with NO probable cause or court order. If you don't want it public, don't put it out there!

    EDITOR'S NOTE: I assume you're referring to the recent news about the gov't obtaining phone calling records from several telecomm providers. There's a BIG difference between listening to phone calls and simply knowing who called who, and when.


    Posted by:

    anonymous coward
    16 May 2006

    So, the government or an ex-spouse or whoever could subpoena your information from Google. This seems to imply that those same individuals *couldn't* subpoena your *entire pc*, get a warrant to enter your home, and just take it with them. Or at least your hard drive, removable media, etc. Which they can, if probable cause is given. If I were going to request a subpoena for that kind of information, I wouldn't even mess with Google. Why settle for a subset of the total information on a computer? -- I'd go straight for the pc.

    Still, it is of some concern in the current political climate, in which it doesn't appear to be necessary to demonstrate any kind of probable cause, or even let you know your stuff is being looked at.

    Of course, I personally am a lover of convenience, and am amused at the idea that I might just be creating more (dry & boring!) 'noise' for 'the powers' to wade through. So I'll probably avail myself of Google Desktop's 'search across computers' feature. Besides. Hiding in plain sight is awesome.


    Posted by:

    Charlie On PA Tpk
    16 May 2006

    Regarding the NSA's alleged 'tapping into phone conversations': the Google Desktop scare is very much like the twisted story regarding the NSA. If you want the convenience of Google Desktop, you have it. If you want to have the same access but just a little extra work, use a VNC app, and search your desktops on your own.


    Posted by:

    Pierre,Canada
    16 May 2006

    When Google Desktop search came out, i became aware of the ramifications,by reading their privacy policy. It's one of the reasons I don't use this app. Charlie (previous post) is perfectly correct by advocating the use of a VNC app. Far more secure. Besides, their indexing takes way too long and is too intrusive and CPU intensive, just like the MS Indexing service.


    Posted by:

    Richard Burke
    16 May 2006

    Does a jealous or vindictive spouse need probable cause in a divorce case? Do they make ANY backups of the data? If so, how long are the backups retained?


    Posted by:

    sCOTT
    20 May 2006

    Thank all of you ,I used firebird wed browser and I hav`t to "OK" what is set(as SPY ware) or not!

    I feel enpowerd by this, but ,I have alot to learn !

    I love google,it has always, just been there for me ,like a friend. I used google news as home page for now,and not any other stuff. Thank you for writing in. God Bless America


    Posted by:

    Abraham
    05 Jun 2006

    I wonder about those people who said GOOGLES DESKTOP IS EVIL. i'm afraid there maybe something wrong with them.I used google so many times, i found nothing.If it was,google may not be seen at the screen of our computers and we may not see or use it again.

    In this case;for those who said that,i ask them to appologize google.


    Posted by:

    QB
    01 Feb 2009

    Don't be so sure Google is respecting your privacy. Google, Yahoo, Microsoft,and other other companies routinely spy for the Chinese government. Also, Google recently provided information to the U.S. government on searches related to the flu and other illnesses - and we must take them at their word that IP addresses were not a part of the information they provided the feds. Read this CNET article:

    http://news.cnet.com/What-Google-censors-in-China/2100-1030_3-6031727.html

    and this article from engadget:

    http://www.engadget.com/2007/01/19/microsoft-google-and-others-developing-code-of-conduct/

    Remember boys and girls, the price of liberty is eternal vigilance!


    Post your Comments, Questions or Suggestions

    *     *     (* = Required field)

        (Your email address will not be published)
    (you may use HTML tags for style)

    YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

    All comments are previewed, and may be edited before posting.

    NOTE: Please, post comments on this article ONLY.
    If you want to ask a question click here.


    Free Tech Support -- Ask Bob Rankin
    RSS   Add to My Yahoo!   Feedburner Feed
    Subscribe to AskBobRankin Updates: Free Newsletter
    Copyright © 2005 - Bob Rankin - All Rights Reserved
    Privacy Policy -- See my profile on Google.


    Article information: AskBobRankin -- Is Google Desktop Evil? (Posted: 15 May 2006)
    Source: http://askbobrankin.com/is_google_desktop_evil.html
    Copyright © 2005 - Bob Rankin - All Rights Reserved