February 15, 2006 1:52 PM PST

More worries about Google Desktop 3

Google Desktop's new search-across-computers feature could put sensitive data at risk and violate federal data-privacy regulations, say IT administrators at a public university and a large manufacturing company. Both are banning it from their networks.

Last week, Google unveiled Google Desktop 3, a free, downloadable program that includes an option to let users search across multiple computers for files. To do that, the application automatically stores copies of files, for up to a month, on Google servers. From there, copies are transferred to the user's other computers for archiving. The data is encrypted in transmission and while stored on Google servers.

The Electronic Frontier Foundation urged consumers to boycott the software, warning that Google could be forced to turn over the data to the government if subpoenaed, even if the data is stored on Google servers only temporarily.

Any amount of time that data is stored on an outside server is too long for institutions that must comply with the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA), which provide strict guidelines for protecting student and medical data, respectively, said Michael Holstein, security administrator at Cleveland State University.

"We have to be careful about where our data ends up," he said on Tuesday. "There is no effective way to manage (Google Desktop 3) from a technology policy standpoint, so we have resorted to instituting a policy that it is not to be installed on any university computers."

Holstein said the university also has technical means to alert administrators when the software has been installed and to block it from functioning on any of the 5,000 managed workstations the 2,800 faculty and staff use.

The feature is disabled by default, but that doesn't solve the problem since all it takes is a single user who is unaware of the ban to turn it on, he said. "It is one of those features that users will think is handy and they will turn it on," Holstein said.

Faisal Sehbai, system administrator and network engineer at Johnson Controls, agreed.

"Any of our intellectual property could end up on Google, which is potentially a big problem," he said. "We deal with a lot of government contracts with secure, classified information."

As a result, Sehbai said his department was banning Google Desktop and blocking it, via technical means, from being used by an estimated 300 employees.

"As a general rule, I like Google and their products, but this one seemed to be more invasive than others," he said. "I realize that by default it is off, but it still raises concerns. Better safe than sorry."

A Google representative pointed out that the enterprise version of Google Desktop, due out "very soon," will allow IT administrators to centrally deploy and manage the software, including enabling or disabling entire feature sets. In addition, a user has to have administrator rights to the computer to download Google Desktop, so concerned network administrators could control its usage by withholding administrator rights on a broad scale, she said.

However, Holstein said it was impractical to bar all users from having the ability to download software. "To prohibit that (or make it a complicated process requiring central approval) just wouldn't fly in an educational setting," he said.

Sehbai said he, too, was undeterred by news of the pending enterprise version. "When Google does come out with the enterprise version, sure we'll test it for the users who claim they 'need' it," he said. "But Google Desktop remains a non-critical application for our corporation."

See more CNET content tagged:
Google Desktop, enterprise version, IT administrator, Google Inc., HIPAA

5 comments

Join the conversation!
Add your comment
Boycotting the Software
Though I generally support the EFF (they helped defend me in the early years of the web/free speech...) I have to say that 'boycott' is a little strong. This isn't a piece of nefarious software..it is very upfront about how it works and what it does. To warn IT managers to keep it off their system, I agree with.

For personal use, I love the desktop as it helps me find docs that were not put in the right place or to find info from 2months ago from an email. It comes with the option to share across desktops OFF by default and Google does a good job explaining the function.

For business use I see the problems but is this any different from any other 3rd party software out there that system managers must keep out of their systems?
Posted by KsprayDad (375 comments )
Reply Link Flag
no its not
and they are appropriately KEEPING it off there systems.

When privacy laws basically make public (with supeona or warrant) information that you have placed in the hands of third parties then those 3rd parties MUST disclose that info.

This allows an end run around illegal search and seizure, and even if its encrypted that does not mean that google can't unencrypt it for the govt., or for your spouse's divorce lawyer, or the RIAA et al. upon request
Posted by The user with no name (259 comments )
Link Flag
Boycotting the Software
Though I generally support the EFF (they helped defend me in the early years of the web/free speech...) I have to say that 'boycott' is a little strong. This isn't a piece of nefarious software..it is very upfront about how it works and what it does. To warn IT managers to keep it off their system, I agree with.

For personal use, I love the desktop as it helps me find docs that were not put in the right place or to find info from 2months ago from an email. It comes with the option to share across desktops OFF by default and Google does a good job explaining the function.

For business use I see the problems but is this any different from any other 3rd party software out there that system managers must keep out of their systems?
Posted by KsprayDad (375 comments )
Reply Link Flag
no its not
and they are appropriately KEEPING it off there systems.

When privacy laws basically make public (with supeona or warrant) information that you have placed in the hands of third parties then those 3rd parties MUST disclose that info.

This allows an end run around illegal search and seizure, and even if its encrypted that does not mean that google can't unencrypt it for the govt., or for your spouse's divorce lawyer, or the RIAA et al. upon request
Posted by The user with no name (259 comments )
Link Flag
I think google has nice product, but if I can use another product instead I prefer this alternative! For google desktop there are a lot of alternative products out there, where you can be sure that they don't store any files anywhere! So I think everyone who feels scared about his privaty has the choice to use another search! The same did I, I decided for Lookeen and I am very satisfied with this decision!
Posted by Jackumsat (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.