Google Admits Security Risks
Page 1 of 1
Google has agreed with researchers that a controversial feature in its newly released Desktop 3 Beta app may create security concerns for businesses.
According to a Gartner research report, storing data on Google's servers "will represent an unacceptable security risk to many enterprises."
The Search Across Computers feature of the beta version of Google Desktop 3, released earlier this month, enables users to seek out data stored on several computers.
For the feature to operate, Google automatically transfers data from a user's computer to the Internet giant's servers.
Gartner is advising companies to switch to Google Desktop for Enterprise and "immediately disable this feature." The "mere transport outside the enterprise" of business data poses a security liability, according to the analysis posted online.
Google has responded to security questions by noting the data is encrypted, storage is limited to 30 days and users can decide which data is shared.
The level of encryption used by Google Desktop 3 is on par with the security of Web-based e-mail, a Google spokesperson told internetnews.com. "Privacy was a big consideration" during the development of Google Desktop 3.
Google Desktop for Enterprises is different from Google Desktop for Consumers because of differing concerns, according to the spokesperson. Businesses need the ability to centrally manage security.
That admission doesn't seem to include consumer privacy, according to Kevin Bankston, staff attorney with the Electronic Frontier Foundation (EFF), a privacy watchdog group. "Like enterprises, consumers store private data," Bankston told internetnews.com.
"We'd like to see [Search Across Computers] removed" from Google Desktop, Bankston said. Alternatively, Google could encrypt the data and give the key only to consumers. As it is now, the data could be revealed with a simple subpoena, according to Bankston.
In a related development, Google is insisting a Justice Department's subpoena for search records would damage user trust. The U.S. government is asking for the records to prove a federal law is effective in preventing minors' access to harmful content.
"Google users trust that when they enter a search query into a Google search box, not only will they receive back the most relevant results, but that Google will keep private whatever information users communicate absent a compelling reason," according to papers filed in San Jose, Calif., by company lawyers.
In addition to the trust factor, divulging a week's worth of searches could put the Internet company at a competitive disadvantage, according to Google.
"Google's competitors could use Google's confidential query data to manipulate their search engines to accommodate Web users and run queries similar to Google's, according to the papers. Yahoo, Microsoft and AOL also received subpoenas.
The Justice Department has until Feb. 24 to respond to Google's answers. A March 24 court date is set for hearing the case brought by U.S. Attorney General Alberto Gonzales. The American Civil Liberties Union in 1998 filed suit, claiming the federal Child Online Protection Act (COPA) is not as effective as filtering technology.
Although Bankston did not link the two privacy issues, it shows, for Google, "there is a difference between protecting privacy and protecting the allusion of privacy," according to the lawyer.
Google also spent today rebuffing claims the Chinese version of its popular Web search is operating without a license from that government. After the Beijing News today reported Google.cn did not obtain an Internet Content Provider (ICP) license required to operate in China, Google replied it had the necessary license.
Although China prohibits Internet services directly run by foreign investors, a number of companies, including Google, Yahoo and eBay, have formed partnerships with local companies.
Google said it uses the license from its China partner, Ganji.com. The license is shown at the bottom of the screen at Google.cn.
Google has come under fire for its China search engine blocking links to politically charged subjects, such as Tiananmen Square.