Computerworld

Ministerial Services investigates Google Desktop Search security

The worry is that the software may send too much information back to Google servers in the US during use

The Department of Internal Affairs is asking government ministers and their staff to consider removing Google’s Desktop Search software from their computers because of security concerns.

Computerworld understands an email was issued within the last few weeks informing parliamentary staff of concerns about the software. The worry is that it may send too much information back to Google servers in the US during use.

Colin Feslier, manager of strategic communications for the department, was unable to provide comment before Computerworld went to press. He said it was difficult to get authority to talk about anything to do with security.

John Preval, the information systems and technology manager of Parliamentary Services, which provides IT services for non-ministerial users in Parliament, says Google Desktop Search is not used there and so is not being investigated.

Google was not prepared to comment, however, the company’s website says the contents of emails, files or anything else found is not sent to Google “or anyone else”. Nor is computer content made accessible to anyone else without the user’s explicit permission. It says “non-personal” information about program performance is transmitted, but this can be disabled by the user.

Concern about the security of Google’s search utility has been ongoing among enterprise IT users overseas. A discussion thread from December on the Webmaster World site highlights some concerns.

One user, using the moniker “Justageek”, said he had never had a good look at the data stream going to Google “but I’m guessing it cannot be all that secure,” he said.

“I have always dictated what should be on a machine for my users and have always denied the Google desktop from being utilised.

“In my mind I just couldn’t justify having a tool, made by a company that makes almost all its money off of knowing what text is on a page, run on a business machine,” Justageek said.

“Shame on any IT head that would let this or anything like it get installed.”

Another user, “Mcavic”, responded that there’s no evidence that Google Desktop Search is a security risk.

“If your computer contains unencrypted sensitive data that’s a security risk by itself.

“If you run an IT department then, yes, you should know everything that’s running on the machines and what it does, and yes, you should think carefully about letting users run Desktop Search.”

Other users argued Search is a threat and one suggested its use could run afoul of corporate governance requirements, referencing the US Health Insurance Portability and Accountability Act as an example.