Home Message Re. Issues With Google Desktop Tool
Message Re. Issues With Google Desktop Tool
To: U-M Deans, Directors and Department Heads
Important Information: Please share with your IT Department
Sensitive and confidential information, including human subject research data, could be exposed through an application called Google Desktop. As a result, we strongly recommend that it not be deployed on workstations that process sensitive data. Exposure of sensitive or confidential data could violate both University policy (SPG 601.12) and federal privacy laws (HIPAA, FERPA, GLBA).
If there is a strong business need for this application, it can be configured to restrict the transmission and storage of restricted data. See http://www.itd.umich.edu/itcsdocs/s4340/ for instructions.
Google Desktop contains features that raise serious security and privacy concerns. For example, the "Search Across Computers” feature (available in version 3), creates an index of all the files on your computer, copies them to Google's servers, and updates them as changes are made. You can then retrieve and update your files stored on Google's servers from another computer you use that also has Google Desktop installed on it. Google stores Word documents, Excel spreadsheets, PowerPoint presentations, PDF files, text files, and except for secure (https) sites, Google also stores the web sites that you've viewed.
There is a real possibility that sensitive, research, and confidential information stored on a home or office computer could be accessed by others when Google Desktop is installed and incorrectly configured. IT professionals should seriously consider prohibiting its use and individuals should take care not to install it on University or home computers that store sensitive or research data.
To help protect the privacy and security of University data, we ask that you please share this information broadly. ITSS and others are also taking steps to distribute this information immediately, as noted in the Activities section below. IT professionals should reference the Technical Paper prepared by ITSS at http://safecomputing.umich.edu/tools/download/gd_security.pdf
Reference documents are included below to provide you with additional information, but if you have questions regarding this message, please contact me at firstname.lastname@example.org.
U-M network logs identified some computers using the search "across computers" feature in the residence halls. Information about security concerns is available at http://rescomp.housing.umich.edu/
Announcement and link to information is posted on the U-M Gateway at http://www.umich.edu
An article directed at University research staff will be published in the Biomedical News.
| Last modified
January 17, 2013