Yes, Google Desktop Does Put Privacy in Jeopardy

Rob Sullivan at Search Engine Journal questions whether the new “search across computers” feature of Google’s Desktop software really puts users’ privacy in jeopardy. Yes, it does. To respond to some of Rob’s observations:

So what if you have to give Google this ability? Google will encrypt the data so that no one else can access it. And even if there is some sort of DOJ subpoena requiring access to these files I don’t think it would stand up in court.

This is because Google has set up a network whereby all your Google activities are tied to one Google account. Your personalize home page, gmail, google analytics, adwords and adsense accounts all share the same Google account. Therefore, it would be difficult for anyone to get a subpoena to review information pertaining to only part of that account.

Rob is misktaen on a number of points here. First, Google does not automatically encrypt the index or data files it stores on its servers. This is an option that has to be turned on by a savvy user. In fact, Google discourages the privacy-protecting choice to encrypt your data by warning that enabling this feature will “reduce the performance of Google Desktop.” An average user might decide against this level of protection. Additionally, the Microsft Windows Encrypted File System (EFS) used for encryption is less than bulletproof [PDF].

Second, Rob’s argument that since all your Google activity is tied to a single user account, particular elements of that data (ie, your desktop files, but not your e-mails) could not legally be requested isn’t likely to be the barrier he thinks it is. There is no technical reason why Google could not provide only certain pieces of data from a user’s entire dossier, and no legal reason why a subpoena couldn’t request only that partial information. If someone can prove me wrong, please do.

Rob continues:

Legalities aside, if you are that concerned about the privacy being surrendered to Google in order to use this system then don’t sign up for it.

You can still download and use the new Desktop Search with most of its new features, but you don’t have to use the file sharing.

This is a common response to privacy-invading technologies – “just don’t use it!” True, simply not using Google Desktop is the best option, but your average Google user might not (a) even be aware of these privacy concerns, (b) trust that whatever Google does must be in the user’s best interest and activate the feature, or (c) trust Google that encrypting their data will be too much of an inconvenience.

…I can almost guarantee you that your local ISP will fold and hand over the data much easier than Google will.

Trust me, there are no such guarantees. Google’s recent resistance to the DOJ is more about trade secrets than user privacy, and ISPs (such as Verizon) have an OK track record denying access to thier user records.

Finally, Rob thinks the Desktop search issue just isn’t important enough in the grand scheme of things to be worried about:

Really, when it comes to all the other ways that Google captures your personal data, from search history to Gmail, should we be all that concerned that some files may end up being stored on a Google server somewhere?

Absolutely we should be concerned about Google having copies of our files. Combined with the dangers of Google archiving our search histories and emails, having copies of our offline intellectual activities (love letters, financial spreadsheets, political essays, personal papers, and so on) provides Google (and whoever requests access to these files) an increasingly extensive & invasive glimpse into our private lives. Further, tather than needing a search warrant to enter one’s home to gain access to these documents, authorities now only need to present a subpoena to gain access Google’s electronic records of these personal files.

The privacy threats of Google’s Desktop are real.


  1. You’re quite mistaken on a variety of points yourself.

    1. The encryption setting only applies to your local computer. In fact, I’m surprised the performance hit comment didn’t tip you off, as while encrypting locally obviously account for a performance hit; computers are just as efficient transmitting preencrypted data as non encrypted data. (They’re all 1’s and 0’s remember?). This kind of tips advanced GDS users off that you dont know what the hell you’re talking about. That aside..

    The search across computers feature once enabled, encrypts the data in transit both ways and on the server side cache. On the tail end of that.. “less than bulletproof”?? How about you go pay for something to bulletproof your data? Everybody would be complaining if the app used triple DES since even that’s not “bullet proof.” Whats the point again?

    2. What you’ve quoted is is a common point brought up in discussions or defenses of what are perceivied to be privacy invading technologies, because it’s still a legitimate point. The ignorant user isn’t an exculpable user, is he? Google is more than transparent on the SAC feature. If a dumb arse extremist or Enron executive gets popped because he left his illegal information on a Google server, thats what they get. The underlying point is still relevant: if you have stuff to hide from the feds A) Dont store it online, and B) Don’t use a free service and software to store it online.

    None of you chicken littles have yet to describe how different this is from private information transmitted and stored via regular email.

    3. If you’re so confident that Google is fighting the DOJ to protect trade secrets, that’s a pretty ignorant statement. Google only has to provide filtered aggregate data regarding search term usage and frequency. Nothing secret about that — unless they have many less or more users than they let on.

    4. The applicaton provides an easy means as to exclude whatever users dont want indexed. This is serious technology, and serious options. Don’t blame the tools of progress. I’m glad you guys and the EFF weren’t around when Email was invented. Or Credit Cards, library cards, Cell phones…etc.

    The legal process will always have subpoena and search warrant rights on your digital data, regardless if you’re using Google Desktop, AIM, Hotmail, Comcast internet service, Yahoo! Games, or whatever. And believe me, ISPs roll over at the drop of a dime, although also in their defense, a company doing business in the US is required to adhere to its laws.

    Any attempts to demonize Google in this whole scheme is misguided and quite frankly questionable, motivation-wise.

  2. Art – thanks for the comments. To reply:

    1. I’m not sure what your point is regarding the fact that the “encryption setting only applies to your local computer.” My main concern is that (a) encryption is an option that must be selected, not the default, (b) Google warns about encryption impacting performance, which might prevent less savvy users from selecting this privacy-protecting option, and (c) the encryption scheme might have security flaws. (I’m not crypto expert…)

    2. “Google is more than transparent on the SAC feature”: I fully agree that Google has acted well in disclosing some of the privacy & security concerns with this feature. “different from e-mail”: One difference is that data sent via e-mail might enjoy some legal protections as a communication, while simply having your files stored on a remote server has no chance of such protection. My overall point here is that while you & I might recognize some of the drawbacks to having information stored on third-party servers, less savvy Internet users might feel that whatever Google provides them (they’re on the cover of Time magazine, afterall) must be a good thing and indiscriminately allow all of their personal files to be uploaded onto Google’s hardware. If that makes me a “chicken little” so be it…

    3. For a reasonable argument that Google is protecting its trade secrets, see John Battelle. They don’t want to make public (or even put into government hands) any data regarding the types or amounts of queries it processes, nor the makeup of its index of web pages.

    4. I do not blame “the tools of progress”; I merely point out the concerns inherent with the ways the tools are designed. Indeed, these are serious technologies, with serious consequences. I’m glad that Google decided to make “search across computers” an option that needs to be turned on, and not a default. But why not make encryption a default as well? Why not warn users that their personal files are accessible at Google if they are presented with a subpoena?

    Finally, I’m confused by your comment that attempts to point out security or privacy conerns with Google’s technology is “questionable, motivation-wise.” Could you explain?

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s