Consumer watchdogs including the Electronic Frontier Foundation are urging a boycott of Google’s new Desktop Search program, citing privacy concerns. Is it really too risky to use the program?
In a post on the EFF’s web site, Staff Attorney Kevin Bankston paints an Orwellian picture of the new “search across computers” feature that’s part of the recently released Google Desktop 3.0 program. The feature allows you to search across all of your computers provided you take several steps to enable the capability.
While Bankston’s post raises a number of legitimate concerns, the overall tone of the message leaves little doubt that the EFF’s warning is biased, offering neither a fair nor balanced assessment of the new Google desktop search product. “Google Copies Your Hard Drive – Government Smiles in Anticipation” reads the title, followed by a lead of “Consumers Should Not Use New Google Desktop.”
The EFF’s concern comes from the fact that Google must upload indexed text files from your computers to its servers and transfer them to your other computers to enable the search across computers feature. Once these files have been transferred between your computers, they are deleted from Google’s servers.
However, to make the transfer, all of your computers need to be online. If one computer isn’t online, no data transfer can occur. Google says that in this case your files may remain on its servers for up to 30 days, at which point the data is deleted.
So Google stores your some of your data for a period ranging between a few moments to up to 30 days, and may store information about you for up to 60 days. The EFF’s Bankston says that this leaves most users incredibly vulnerable, writing:
“Coming on the heels of serious consumer concern about government snooping into Google’s search logs, it’s shocking that Google expects its users to now trust it with the contents of their personal computers,” said EFF Staff Attorney Kevin Bankston. “If you use the Search Across Computers feature and don’t configure Google Desktop very carefully—and most people won’t—Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index. The government could then demand these personal files with only a subpoena rather than the search warrant it would need to seize the same things from your home or business, and in many cases you wouldn’t even be notified in time to challenge it. Other litigants—your spouse, your business partners or rivals, whoever—could also try to cut out the middleman (you) and subpoena Google for your files.”
Legal points aside, let’s take a closer look at these claims. First, configuration. Google designed search across computers as an advanced feature. You must explicitly enable it for it to work—and if even if you’ve been using Google Desktop, no files indexed before you enable the feature will be included in the shared index.
The search across computers feature doesn’t just happen automatically—in fact, enabling it is a multi-step process. When you install the program, you’re asked to set some initial preferences. First, you must check the “Search Gmail and my other computers using my Google Account” box (which is unchecked by default). You have two additional choices when you check this box. The first is to “Index and search email in my Gmail account.” The second is “Search my documents and viewed web pages across all my computers.”
Next, you must log into your Google account. You must repeat the installation and perform a similar configuration on your other computers to fully enable the search across computers feature. This takes a bit of doing, and again, must be done deliberately for the search across computers feature to work. It’s far from an automatic, default process.
What about Google indexing “tax returns, love letters, business records, financial and medical files”? The EFF has a valid point that some kinds of sensitive documents on your computer may be indexed. But the risk may not be as great as portrayed, because Google does not index things like Turbo Tax data files, Quicken or other accounting software data (or information that’s stored by most types of business software).
If you’ve written a love letter using Microsoft Word, or your doctor has emailed you medical records, then yes, this information will likely be included, unless you take preventative measures. Google gives you options to control the types of files that are indexed, both locally and using Gmail and the search across computers function. You can also prevent indexing of specific files, folders or websites that you visit. And if you want your password protected files or the secure websites you visit (such as your financial institution) to be indexed, you must explicitly enable these for indexing.
What about Google storing your data on its servers? First, all of your information is encrypted before being sent to Google. This means that it’s not just raw text files that are uploaded to Google’s servers, but rather a secure mishmash of data that is theoretically only intelligible to your other computers, which hold the decryption keys. So nobody at Google can look at your information and make any sense of it.
Hackers, assuming they were able to penetrate Google’s servers and could find this encrypted data, would face a similar challenge in decoding the information, let alone associating it with a particular individual. Yes, if someone manages to figure out your Google Account name and password, you’re vulnerable. But not to a general hacker attack. The government, your spouse, business partners or rivals who may subpoena Google for your files would also face this obstacle.
Still worried about your data staying on Google’s servers? Use the “Clear my Files from Google” button to manually remove all your files from Google Desktop servers the moment the transfer between your computers has been made. Again, your data may still linger on Google’s servers for up to 30 days, but it won’t be accessible.
Why this 30 day period? Why can’t Google just eliminate the data immediately? That has to do with the redundant systems Google has in place across all of its services, to prevent loss of data from hardware failures or outages.
By providing encrypted file transfer and providing various control options, Google has worked hard to strike an appropriate balance between creating a useful personal search tool and protecting the privacy of most people that use the advanced features of Google Desktop 3.
The EFF is to be lauded for alerting users to potential privacy concerns and risks in using the program. It’s important to think carefully about your privacy and the potential risks you’re taking when using something like the search between computers feature. And you should take steps to make sure that you’ve fully examined the options that allow you to keep your data private, and take advantage of them.
But the EFF has a broader agenda, and its over-the-top call for a boycott of Google Desktop 3 is both disingenuous and does a disservice to a genuinely useful program. Don’t get me wrong—I agree with the EFF’s broader mission, just not the way they’re tarring Google in pursuit of their goals. Another quote from the aforementioned post:
“This Google product highlights a key privacy problem in the digital age,” said Cindy Cohn, EFF’s Legal Director. “Many Internet innovations involve storing personal files on a service provider’s computer, but under outdated laws, consumers who want to use these new technologies have to surrender their privacy rights. If Google wants consumers to trust it to store copies of personal computer files, emails, search histories and chat logs, and still ‘not be evil,’ it should stand with EFF and demand that Congress update the privacy laws to better reflect life in the wired world.”
The EFF’s efforts are commendable and worthy of support. But the EFF’s less-than-balanced approach in slamming Google over an advanced feature that requires deliberate enabling to use diminishes its credibility on this issue.
There’s no need to boycott Google Desktop 3. Think carefully before enabling the program’s advanced features, but take disingenuous claims like “Google copies your hard drive” with a substantial block of salt.