Google's Private Lives
Its new desktop search application would make your personal files available for government searches without your knowledge.
A new search technology from Google makes it possible for law enforcement officials to examine personal documents from your hard drive, without your knowing it, according to the digital-rights advocacy organization Electronic Frontier Foundation (EFF).
Released last week, Google Desktop 3, the latest version of the company’s desktop search utility, adds a “Search Across Computers” feature that automatically uploads files from a user’s computer onto Google’s servers. Then, when a search is performed on any computer owned by the user, Google Desktop will pull search results from both the Web and information stored on all the user’s computers.
Certainly, such a feature will be handy for anyone trying to coordinate a project from different locations. Yet the idea of turning over private files to a public company is worrisome to privacy advocates. In fact, in a press release, the EFF has urged consumers to avoid the Search Across Computers feature because it would make consumers’ files more vulnerable to subpoenas from government investigators as well as private litigants.
Of course, it’s headlines news that Google (as well as its competitors) has already given in to pressure from a national government, by excluding censored content from its Chinese portal (Google.cn). Although so far the company has resisted a U.S. Department of Justice subpoena asking it to turn over logs for millions of recent search terms, smaller subpoenas – such as those for the search history of a particular user’s IP address – don’t make the news, because they’re often sealed.
EFF staff attorney Kevin Bankston says that files on a service provider’s computers, such as those stored by Google, would be easier for law enforcement to access because a subpoena would be issued to the provider, rather than the user. In some circumstances, as with Patriot Act requests, Google would not even be required to notify the user that their files were being turned over. Because of the secrecy of such investigations, it’s impossible to know how many such subpoenas have actually been issued. However, says Bankston, “It’s fair to assume that Google – and all the other search engines – have received and complied with this kind of request in the past.”
“This is every text document on your computer that you’ve set Google to index,” says Bankston. “Unless you’ve individually marked all of your private files [not to be indexed], you are going to be putting your most private data on Google’s servers.”
Google spokesperson Sonya Boralv counters that the company is taking measures to protect the security and privacy of individuals. For one thing, the Search Across Computer feature gives users control over what they upload to the Google servers, allowing people to exclude specific files or types of files. Furthermore, Google Desktop encrypts files before transmitting them to and from Google, and they’re stored in encrypted form on Google’s servers. In other words, they can’t be easily snooped in transit. Finally, Google deletes personal files from its servers as soon as they’re downloaded to a user’s computer; and if the files aren’t downloaded, Google deletes them after 30 days.
However, Bankston points out that, since Google Desktop uploads files whenever they’re accessed, frequent users will be continually refreshing Google’s servers with the latest copies of their personal files. Google provides a button for clearing all one’s personal files stored on its servers, but deleted files may reside there for as long as 30 days, according to Google’s Boralv.
“There’s a parade of horrible things that could happen” when files are stored on a service provider’s servers, says Jonathan Rosenoer, an attorney and author of Cyberlaw. “You’ll never know if you’re spuriously a target of investigation, and the government has gone fishing through your files.”
“We’re not blaming Google for the state of the law,” says Bankston. “[But] if they want to ‘not be evil,’ they should be mobilizing resources towards reforming the law and educating the public about its risks. And, until then, they should be designing around the law,” for example, by using peer-to-peer file-sharing technologies instead of storing files on Google’s own servers.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today