sourced from computerworld.co.nz
by Sumner Lemon
21 February 2006
Google Desktop 3 beta poses a security risk to many companies and use of the software should be tightly controlled, says Gartner in a research note.
Google Desktop 3 is the latest version of Google’s desktop search application. The software’s “search across computers” feature allows users to search for information stored on other PCs and servers. To do this, Google stores an index of files contained on a PC running the software for 30 days, promising that the information is encrypted and accessible to a limited number of Google employees, according to Gartner.
While the “search across computers” function offers a measure of convenience, allowing this data to leave the safety of a corporate network is a concern despite Google’s assurances, Gartner says. “Its mere transport outside the enterprise will represent an unacceptable security risk to many enterprises,” it says.
To mitigate this risk, Gartner advises IT managers to stop users from using the individual version of the software and install the enterprise version, called Google Desktop for Enterprise, on their computers instead.
IT managers should then disable the “search across computers” function in the enterprise version of the software, Gartner says. “They must also evaluate what information they are allowing be indexed [by Google Desktop], and whether they are comfortable that they can adequately bar the sharing of data with Google’s servers,” it says.
Gartner is not the first to warn users to steer clear of the “search across computers” function in Google Desktop. Earlier, the Electronic Frontier Foundation (EFF) advised users to disable the search across computers function.
The US Electronic Communication Privacy Act of 1986 affords less privacy protection to data stored on online service provider servers than to data stored on a home or work PC, EFF said. As a result, the US government and private litigants only need a subpoena instead of a search warrant to access files stored on Google servers, it said.
Google executives were not immediately available to comment.