More worries about Google Desktop 3
IT administrators are banning the software, saying its new multiple-computer search feature could ultimately violate federal privacy regs.
Last week, Google unveiled Google Desktop 3, a free, downloadable program that includes an option to let users search across multiple computers for files. To do that, the application automatically stores copies of files, for up to a month, on Google servers. From there, copies are transferred to the user's other computers for archiving. The data is encrypted in transmission and while stored on Google servers.
The Electronic Frontier Foundation urged consumers to boycott the software, warning that Google could be forced to turn over the data to the government if subpoenaed, even if the data is stored on Google servers only temporarily.
Any amount of time that data is stored on an outside server is too long for institutions that must comply with the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA), which provide strict guidelines for protecting student and medical data, respectively, said Michael Holstein, security administrator at Cleveland State University.
"We have to be careful about where our data ends up," he said on Tuesday. "There is no effective way to manage (Google Desktop 3) from a technology policy standpoint, so we have resorted to instituting a policy that it is not to be installed on any university computers."
Holstein said the university also has technical means to alert administrators when the software has been installed and to block it from functioning on any of the 5,000 managed workstations the 2,800 faculty and staff use.
The feature is disabled by default, but that doesn't solve the problem since all it takes is a single user who is unaware of the ban to turn it on, he said. "It is one of those features that users will think is handy and they will turn it on," Holstein said.
Faisal Sehbai, system administrator and network engineer at Johnson Controls, agreed.
"Any of our intellectual property could end up on Google, which is potentially a big problem," he said. "We deal with a lot of government contracts with secure, classified information."
As a result, Sehbai said his department was banning Google Desktop and blocking it, via technical means, from being used by an estimated 300 employees.
"As a general rule, I like Google and their products, but this one seemed to be more invasive than others," he said. "I realize that by default it is off, but it still raises concerns. Better safe than sorry."
A Google representative pointed out that the enterprise version of Google Desktop, due out "very soon," will allow IT administrators to centrally deploy and manage the software, including enabling or disabling entire feature sets. In addition, a user has to have administrator rights to the computer to download Google Desktop, so concerned network administrators could control its usage by withholding administrator rights on a broad scale, she said.
However, Holstein said it was impractical to bar all users from having the ability to download software. "To prohibit that (or make it a complicated process requiring central approval) just wouldn't fly in an educational setting," he said.
Sehbai said he, too, was undeterred by news of the pending enterprise version. "When Google does come out with the enterprise version, sure we'll test it for the users who claim they 'need' it," he said. "But Google Desktop remains a non-critical application for our corporation."