So what if you have to give Google this ability? Google will encrypt the data so that no one else can access it. And even if there is some sort of DOJ subpoena requiring access to these files I don’t think it would stand up in court.

This is because Google has set up a network whereby all your Google activities are tied to one Google account. Your personalize home page, gmail, google analytics, adwords and adsense accounts all share the same Google account. Therefore, it would be difficult for anyone to get a subpoena to review information pertaining to only part of that account.

Rob is misktaen on a number of points here. First, Google does not automatically encrypt the index or data files it stores on its servers. This is an option that has to be turned on by a savvy user. In fact, Google discourages the privacy-protecting choice to encrypt your data by warning that enabling this feature will “reduce the performance of Google Desktop.” An average user might decide against this level of protection. Additionally, the Microsft Windows Encrypted File System (EFS) used for encryption is less than bulletproof [PDF].

Second, Rob’s argument that since all your Google activity is tied to a single user account, particular elements of that data (ie, your desktop files, but not your e-mails) could not legally be requested isn’t likely to be the barrier he thinks it is. There is no technical reason why Google could not provide only certain pieces of data from a user’s entire dossier, and no legal reason why a subpoena couldn’t request only that partial information. If someone can prove me wrong, please do.

Rob continues:

Legalities aside, if you are that concerned about the privacy being surrendered to Google in order to use this system then don’t sign up for it.

You can still download and use the new Desktop Search with most of its new features, but you don’t have to use the file sharing.

This is a common response to privacy-invading technologies – “just don’t use it!” True, simply not using Google Desktop is the best option, but your average Google user might not (a) even be aware of these privacy concerns, (b) trust that whatever Google does must be in the user’s best interest and activate the feature, or (c) trust Google that encrypting their data will be too much of an inconvenience.

…I can almost guarantee you that your local ISP will fold and hand over the data much easier than Google will.

Trust me, there are no such guarantees. Google’s recent resistance to the DOJ is more about trade secrets than user privacy, and ISPs (such as Verizon) have an OK track record denying access to thier user records.

Finally, Rob thinks the Desktop search issue just isn’t important enough in the grand scheme of things to be worried about:

Really, when it comes to all the other ways that Google captures your personal data, from search history to Gmail, should we be all that concerned that some files may end up being stored on a Google server somewhere?

Absolutely we should be concerned about Google having copies of our files. Combined with the dangers of Google archiving our search histories and emails, having copies of our offline intellectual activities (love letters, financial spreadsheets, political essays, personal papers, and so on) provides Google (and whoever requests access to these files) an increasingly extensive & invasive glimpse into our private lives. Further, tather than needing a search warrant to enter one’s home to gain access to these documents, authorities now only need to present a subpoena to gain access Google’s electronic records of these personal files.

The privacy threats of Google’s Desktop are real.

Even with these helpful design considerations, this service remains problematic. For “search across computers” to work, Google has to copy your computer’s files to Google’s servers, and then those files are available to be downloaded on the other linked computers. Previous versions of Google Desktop merely indexed your files; now, full copies of your files are stored on Google’s servers. A key concern here is that electronic files located on third-party servers have much less privacy protections than the files located on your own computer.

EFF immediately picked up on the privacy and surveillance threats inherent to this new feature:

Google today announced a new “feature” of its Google Desktop software that greatly increases the risk to consumer privacy. If a consumer chooses to use it, the new “Search Across Computers” feature will store copies of the user’s Word documents, PDFs, spreadsheets and other text-based documents on Google’s own servers, to enable searching from any one of the user’s computers. EFF urges consumers not to use this feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who’ve obtained a user’s Google password.

“Coming on the heels of serious consumer concern about government snooping into Google’s search logs, it’s shocking that Google expects its users to now trust it with the contents of their personal computers,” said EFF Staff Attorney Kevin Bankston. “Unless you configure Google Desktop very carefully, and few people will, Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index. The government could then demand these personal files with only a subpoena rather than the search warrant it would need to seize the same things from your home or business, and in many cases you wouldn’t even be notified in time to challenge it. Other litigants—your spouse, your business partners or rivals, whoever—could also try to cut out the middleman (you) and subpoena Google for your files.”