Google Copies Your Hard Drive – Government Smiles in Anticipation

This just out and hot from EFF:

San Francisco – Google today announced a new “feature” of its Google Desktop software that greatly increases the risk to consumer privacy. If a consumer chooses to use it, the new “Search Across Computers” feature will store copies of the user’s Word documents, PDFs, spreadsheets and other text-based documents on Google’s own servers, to enable searching from any one of the user’s computers. EFF urges consumers not to use this feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who’ve obtained a user’s Google password.

“Coming on the heels of serious consumer concern about government snooping into Google’s search logs, it’s shocking that Google expects its users to now trust it with the contents of their personal computers,” said EFF Staff Attorney Kevin Bankston. “Unless you configure Google Desktop very carefully, and few people will, Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index. The government could then demand these personal files with only a subpoena rather than the search warrant it would need to seize the same things from your home or business, and in many cases you wouldn’t even be notified in time to challenge it. Other litigants—your spouse, your business partners or rivals, whoever—could also try to cut out the middleman (you) and subpoena Google for your files.”

The privacy problem arises because the Electronic Communication Privacy Act of 1986, or ECPA, gives only limited privacy protection to emails and other files that are stored with online service providers—much less privacy than the legal protections for the same information when it’s on your computer at home. And even that lower level of legal protection could disappear if Google uses your data for marketing purposes. Google says it is not yet scanning the files it copies from your hard drive in order to serve targeted advertising, but it hasn’t ruled out the possibility, and Google’s current privacy policy appears to allow it.

“This Google product highlights a key privacy problem in the digital age,” said Cindy Cohn, EFF’s Legal Director. “Many Internet innovations involve storing personal files on a service provider’s computer, but under outdated laws, consumers who want to use these new technologies have to surrender their privacy rights. If Google wants consumers to trust it to store copies of personal computer files, emails, search histories and chat logs, and still ‘not be evil,’ it should stand with EFF and demand that Congress update the privacy laws to better reflect life in the wired world.”

Share
  • http://www.ronforrester.com rjf

    “Coming on the heels of serious consumer concern about government snooping into Google’s search logs…”

    Uh, as I recall, Google was the only major search company to rebuff the Govt’s request.

    That being said, US privacy laws definitely need strengthening, and Google should use it’s considerable influence to help do so.

  • http://www.firewall.cx sahirh

    When you think about it objectively, a large number of people use Gmail to store attachments and files that are equally sensitive. Those attachments are:
    1. Stored on Google’s servers
    2. Accessible to anyone who has your password.

    Given that this feature in Desktop Search can be disabled, I don’t see what the hue and cry is all about. Obviously you’ll have idiots who end up indexing something extremely confidential, but hey, natural selection works pretty well in the long run ;)

    The day they stop allowing you to disable the option AND force you to use desktop search on every single system on the planet, that’s when you have a case for calling it a world domination conspiracy.

  • Utena

    >> Given that this feature in Desktop Search can be disabled, I don’t see what the [huge] and cry is all about.

    The program really should be opt-in and not opt-out.

  • http://www.networksecurity.fi/ Juha-Matti Laurio

    Kaspersky Lab Analyst’s Diary has a clear advice at
    http://www.viruslist.com/en/weblog?weblogid=179597544

    as well. Don’t turn this new feature on, says their entry.

  • Nicholas Hawley

    Geeezzz. Talk about Spyware. I’ve said it before, and I ‘ll say it again. Google apps don’t prevent spyware, they ARE spyware.

  • http://www.nfhfsvh.com ananomous

    noooooooooooooooooooooooooo