Intelligent Machines

Google's Private Lives

Its new desktop search application would make your personal files available for government searches without your knowledge.

A new search technology from Google makes it possible for law enforcement officials to examine personal documents from your hard drive, without your knowing it, according to the digital-rights advocacy organization Electronic Frontier Foundation (EFF).

Released last week, Google Desktop 3, the latest version of the company’s desktop search utility, adds a “Search Across Computers” feature that automatically uploads files from a user’s computer onto Google’s servers. Then, when a search is performed on any computer owned by the user, Google Desktop will pull search results from both the Web and information stored on all the user’s computers.

Certainly, such a feature will be handy for anyone trying to coordinate a project from different locations. Yet the idea of turning over private files to a public company is worrisome to privacy advocates. In fact, in a press release, the EFF has urged consumers to avoid the Search Across Computers feature because it would make consumers’ files more vulnerable to subpoenas from government investigators as well as private litigants.

Of course, it’s headlines news that Google (as well as its competitors) has already given in to pressure from a national government, by excluding censored content from its Chinese portal (Google.cn). Although so far the company has resisted a U.S. Department of Justice subpoena asking it to turn over logs for millions of recent search terms, smaller subpoenas – such as those for the search history of a particular user’s IP address – don’t make the news, because they’re often sealed.

EFF staff attorney Kevin Bankston says that files on a service provider’s computers, such as those stored by Google, would be easier for law enforcement to access because a subpoena would be issued to the provider, rather than the user. In some circumstances, as with Patriot Act requests, Google would not even be required to notify the user that their files were being turned over. Because of the secrecy of such investigations, it’s impossible to know how many such subpoenas have actually been issued. However, says Bankston, “It’s fair to assume that Google – and all the other search engines – have received and complied with this kind of request in the past.”

“This is every text document on your computer that you’ve set Google to index,” says Bankston. “Unless you’ve individually marked all of your private files [not to be indexed], you are going to be putting your most private data on Google’s servers.”

Google spokesperson Sonya Boralv counters that the company is taking measures to protect the security and privacy of individuals. For one thing, the Search Across Computer feature gives users control over what they upload to the Google servers, allowing people to exclude specific files or types of files. Furthermore, Google Desktop encrypts files before transmitting them to and from Google, and they’re stored in encrypted form on Google’s servers. In other words, they can’t be easily snooped in transit. Finally, Google deletes personal files from its servers as soon as they’re downloaded to a user’s computer; and if the files aren’t downloaded, Google deletes them after 30 days.

However, Bankston points out that, since Google Desktop uploads files whenever they’re accessed, frequent users will be continually refreshing Google’s servers with the latest copies of their personal files. Google provides a button for clearing all one’s personal files stored on its servers, but deleted files may reside there for as long as 30 days, according to Google’s Boralv.

To be fair, since Google Desktop is intended for power users, its Search Across Computers feature is not turned on until a user indicates his or her acceptance of the company’s privacy policy. “We’ve tried to take really proactive steps to make sure that people know where their data is going, and how it’s going to be handled,” says Boralv. “Our role as a service provider is to make it really easy for them to make an informed decision.”

Despite these controls, though, privacy advocates are concerned that most people won’t understand the implications of uploading their files to a public server. Boralv says that Google has a key to unlock the encrypted files stored on its servers. And, as its privacy policy states, the company will turn over personal information, including users’ stored files, to comply with law enforcement requests. And the ongoing controversy over the federal government’s secret surveillance of U.S. citizens makes such a possibility more than just theoretical.

“There’s a parade of horrible things that could happen” when files are stored on a service provider’s servers, says Jonathan Rosenoer, an attorney and author of Cyberlaw. “You’ll never know if you’re spuriously a target of investigation, and the government has gone fishing through your files.”

To its credit, in its privacy policy, Google informs users of its obligations to law enforcement and discloses how the Search Across Computers feature works – at least it explains it for those who understand it.

“We’re not blaming Google for the state of the law,” says Bankston. “[But] if they want to ‘not be evil,’ they should be mobilizing resources towards reforming the law and educating the public about its risks. And, until then, they should be designing around the law,” for example, by using peer-to-peer file-sharing technologies instead of storing files on Google’s own servers.

Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look. Exclusive early access to stories.

    Insider Conversations. Listen in as our editors talk to innovators from around the world.

  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.