February 14

Good Grief Google!

Last week the The Electronic Frontier Foundation (EFF), an online privacy advocacy group, issued a statement discouraging Internet users from using the Google Desktop software because of a feature that could allow Google to copy the contents of your hard drive.

Google was already under privacy scrutiny for it’s stance against the United States government in trying to keep public search records from it’s popular search engines private. Google has now done an about face in it’s apparent stance on user privacy.

Okay, let me get this straight. The United States Government has no business knowing what a search for using Google’s search engine but my document, excel spreadsheet and other classified files that I store on my hard drive is open season for the world to see? Sounds like another interesting but a dangerous game of “double standard” is being played out on a more disturbing scale.

It’s important to realize that this feature which Google has dubbed “Search Across Computers” can be easily disabled from within the Google Desktop software, but what happens when a feature like this becomes enabled by default? Especially, without the explicit knowledge of the end user.

Google realizes that it sets the bar quite high and prides themselves as the leader in technology concept development and implementation which causes it’s competitors to play “catch up”. While this might sound a lot like “Chicken Little”. However, I for one and I am sure others in the computer security profession cringe at the thought of other companies like Yahoo, Time Warner and Microsoft who may think that duplicating their own versions of “Search Across Computers” is mandatory to compete for advertising dollars.

To sum up this latest installment of mine, security again, has taken a deliberate back seat to “functionality.

Bill Matherly is a computer security consultant in Oklahoma City, and is a regular contributor of The Security Catalyst website. He can be reached via email at bill.matherly.jr@gmail.com. All views and opinions expressed in this article are not necessarily the views and opinions of The Security Catalyst web site or administrators.


You may also like

Are you using frameworks properly?

Leadership and communication are actually layers, not levels

  1. I disagree. There is no double standard in this case.

    What the Google was resisting had nothing to do with privacy. What was under subpoena was publicly available information (something you can get yourself by searching Google for keywords like “porn”, “xxx”, and “fetish”. (Okay, maybe not that simple but the data’s still available via the front-end.)

    As for the Excel spreadsheet on your computer, it’s your responsibility to protect it. Otherwise, we’d see multiple lawsuits against Google for the stuff in its databases.

    Oh. Wait…. No, Google is still not at fault if you expose a sensitive document to their search engines. Google and the other search engines are quite helpful in removing content from their databases (as long as you can prove that you’re the owner).

    “Search across computers” is likely to be a security problem if it makes the data available outside of the account that the computers are limited to. If your data actually gets spilled into the larger database, call a lawyer. You’ll probably get rich quickly. However, the doom-mongering that’s being done in numerous podcasts is starting to come across only as self-righteous posturing. I hope it fades quickly.

    Oh! Personally, I agree that the Google toolset should not be used in the corporate network, but for an entirely different set of reasons.

  2. I have to go with Bushwick on this one. You’ll note that the Gartner Group does as well:

    It boils down to me that I’ve got a problem whenever any kind of data about my network, or computer, leaves my control.

    On the policy level, I agree with Gartner. It boils down to “don’t let it happen,” and I think it’s a very reasonable corporate policy, and a very sound reason to prohibit Google Desktop on any sort of controlled network whatsoever.

Comments are closed.
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!