Rob Sullivan at Search Engine Journal questions whether the new “search across computers” feature of Google’s Desktop software really puts users’ privacy in jeopardy. Yes, it does. To respond to some of Rob’s observations:
So what if you have to give Google this ability? Google will encrypt the data so that no one else can access it. And even if there is some sort of DOJ subpoena requiring access to these files I don’t think it would stand up in court.
This is because Google has set up a network whereby all your Google activities are tied to one Google account. Your personalize home page, gmail, google analytics, adwords and adsense accounts all share the same Google account. Therefore, it would be difficult for anyone to get a subpoena to review information pertaining to only part of that account.
Rob is misktaen on a number of points here. First, Google does not automatically encrypt the index or data files it stores on its servers. This is an option that has to be turned on by a savvy user. In fact, Google discourages the privacy-protecting choice to encrypt your data by warning that enabling this feature will “reduce the performance of Google Desktop.” An average user might decide against this level of protection. Additionally, the Microsft Windows Encrypted File System (EFS) used for encryption is less than bulletproof [PDF].
Second, Rob’s argument that since all your Google activity is tied to a single user account, particular elements of that data (ie, your desktop files, but not your e-mails) could not legally be requested isn’t likely to be the barrier he thinks it is. There is no technical reason why Google could not provide only certain pieces of data from a user’s entire dossier, and no legal reason why a subpoena couldn’t request only that partial information. If someone can prove me wrong, please do.
Legalities aside, if you are that concerned about the privacy being surrendered to Google in order to use this system then don’t sign up for it.
You can still download and use the new Desktop Search with most of its new features, but you don’t have to use the file sharing.
This is a common response to privacy-invading technologies – “just don’t use it!” True, simply not using Google Desktop is the best option, but your average Google user might not (a) even be aware of these privacy concerns, (b) trust that whatever Google does must be in the user’s best interest and activate the feature, or (c) trust Google that encrypting their data will be too much of an inconvenience.
…I can almost guarantee you that your local ISP will fold and hand over the data much easier than Google will.
Trust me, there are no such guarantees. Google’s recent resistance to the DOJ is more about trade secrets than user privacy, and ISPs (such as Verizon) have an OK track record denying access to thier user records.
Finally, Rob thinks the Desktop search issue just isn’t important enough in the grand scheme of things to be worried about:
Really, when it comes to all the other ways that Google captures your personal data, from search history to Gmail, should we be all that concerned that some files may end up being stored on a Google server somewhere?
Absolutely we should be concerned about Google having copies of our files. Combined with the dangers of Google archiving our search histories and emails, having copies of our offline intellectual activities (love letters, financial spreadsheets, political essays, personal papers, and so on) provides Google (and whoever requests access to these files) an increasingly extensive & invasive glimpse into our private lives. Further, tather than needing a search warrant to enter one’s home to gain access to these documents, authorities now only need to present a subpoena to gain access Google’s electronic records of these personal files.
The privacy threats of Google’s Desktop are real.