---------------------------------------------
February 09, 2006
Google Copies Your Hard Drive - Government Smiles in Anticipation
Consumers Should Not Use New Google Desktop
San Francisco - Google today announced a new "feature" of its Google Desktop software that greatly increases the risk to consumer privacy. If a consumer chooses to use it, the new "Search Across Computers" feature will store copies of the user's Word documents, PDFs, spreadsheets and other text-based documents on Google's own servers, to enable searching from any one of the user's computers. EFF urges consumers not to use this feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password.
"Coming on the heels of serious consumer concern about government snooping into Google's search logs, it's shocking that Google expects its users to now trust it with the contents of their personal computers," said EFF Staff Attorney Kevin Bankston. "Unless you configure Google Desktop very carefully, and few people will, Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index. The government could then demand these personal files with only a subpoena rather than the search warrant it would need to seize the same things from your home or business, and in many cases you wouldn't even be notified in time to challenge it. Other litigants—your spouse, your business partners or rivals, whoever—could also try to cut out the middleman (you) and subpoena Google for your files."
The privacy problem arises because the Electronic Communication Privacy Act of 1986, or ECPA, gives only limited privacy protection to emails and other files that are stored with online service providers—much less privacy than the legal protections for the same information when it's on your computer at home. And even that lower level of legal protection could disappear if Google uses your data for marketing purposes. Google says it is not yet scanning the files it copies from your hard drive in order to serve targeted advertising, but it hasn't ruled out the possibility, and Google's current privacy policy appears to allow it.
"This Google product highlights a key privacy problem in the digital age," said Cindy Cohn, EFF's Legal Director. "Many Internet innovations involve storing personal files on a service provider's computer, but under outdated laws, consumers who want to use these new technologies have to surrender their privacy rights. If Google wants consumers to trust it to store copies of personal computer files, emails, search histories and chat logs, and still 'not be evil,' it should stand with EFF and demand that Congress update the privacy laws to better reflect life in the wired world."
For more on Google's data collection:
http://tinyurl.com/chxk6
http://tinyurl.com/7wjyg
http://tinyurl.com/d85wt
http://tinyurl.com/aujee
Contact:
Kevin BankstonStaff AttorneyElectronic Frontier Foundation
bankston@eff.org
Posted at 11:04 AM
---------------------------------------------
When the first Google Desktop was released, I pushed up the ranks for this to not be used in the corporate world. People can (and will) do what they want on their personally computers, but in the business world...the "unknown" risk of this software is just unnecessary.
As attackers move away from OS levels, applications security problems will hit center stage. We are seeing this start to happen right now.
Remember the old OS security measure of reducing the number of running services? This reduces your online signature and therefore reduces the attack pathways. The same idea can be applied for system security at the application level.
More Applications = more lines of running code = higher change of security vulnerabilities
Need I say more....
No comments:
Post a Comment