Google beta 'security risk'

Google Desktop 3 beta poses a security risk to many companies and use of the software should be tightly controlled, says Gartner.

Google Desktop 3 is the latest version of Google’s desktop search application. The software’s “search across computers” feature allows users to search for information stored on other PCs and servers. To do this, it stores an index of files contained on a PC running the software for 30 days, promising the information is encrypted and accessible to a limited number of Google employees.

While the search across computers function offers a measure of convenience, allowing this data to leave the safety of a corporate network is a concern despite Google’s assurances, Gartner says. “Its mere transport outside the enterprise will represent an unacceptable security risk to many enterprises,” it says.

To mitigate against this risk, Gartner advises IT managers to stop users from installing the individual version of the software and opt for the enterprise version instead. IT managers will then be able to disable the “search across computers” function, Gartner says. “They must also evaluate what information they are allowing to be indexed [by Google Desktop], and whether they are comfortable that they can adequately bar the sharing of data with Google’s servers,” it says.

Gartner is not the first to warn users to steer clear of the search across computers function in Google Desktop. Earlier, the Electronic Frontier Foundation (EFF) advised users to disable the function.

The US Electronic Communication Privacy Act of 1986 affords less privacy protection to data stored on online service provider servers than to data stored on a home or work PC, the EFF says. This means in the US only a subpoena is needed instead of a search warrant to access files stored on Google servers, says the EFF. Google executives were not immediately available to comment.