EFF warns over Google privacy risk

By Matt Whipp

Posted on 10 Feb 2006 at 17:44

Digital civil rights group the Electronic Frontier Foundation is warning that the latest version of the Google Desktop application may pose a serious risk to your privacy.

Among the facilities of the Desktop is the ability to search your files remotely. This is because, if you choose to enable this, Google will keep copies of the files on your computer on its servers, so that you can log into the service remotely and access them.

But the EFF says that the laws protecting data held in this manner are far from robust. In fact, it becomes much easier for legal parties to get hold of your data by forcing Google to hand it over if it is keeping a copy of it, particularly governments.

'Coming on the heels of serious consumer concern about government snooping into Google's search logs, it's shocking that Google expects its users to now trust it with the contents of their personal computers,' said EFF Staff Attorney Kevin Bankston. 'Unless you configure Google Desktop very carefully, and few people will, Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index. The government could then demand these personal files with only a subpoena rather than the search warrant it would need to seize the same things from your home or business, and in many cases you wouldn't even be notified in time to challenge it.'

Not only is data stored in online repositories more vulnerable to legal acquisition than if it was stored at home, whatever protections that currently stand might then fall away if Google later decides to use that information to serve adverts, in the way it does via the email in Gmail accounts.

The EFF is not putting Google at the root of this problem. Rather, it is saying that the legal system should be updated to afford user data the same protections wherever it may be stored.

But there's one other vulnerability outside the legal argument. All those personal documents stored online and accessed through username/password authentication are an attractive target for hackers.