Go Directly to Page Content
Go Directly to Site Search
Go Directly to Site Navigation
ITS Safe Computing

Message Re. Issues With Google Desktop Tool

To: U-M Deans, Directors and Department Heads
From: Paul Howell, U-M Chief IT Security Officer
Date: Thu, 23 Mar 2006
Subject: Google Desktop Tool Exposes Sensitive Information

Important Information: Please share with your IT Department

Sensitive and confidential information, including human subject research data, could be exposed through an application called Google Desktop. As a result, we strongly recommend that it not be deployed on workstations that process sensitive data. Exposure of sensitive or confidential data could violate both University policy (SPG 601.12) and federal privacy laws (HIPAA, FERPA, GLBA).

If there is a strong business need for this application, it can be configured to restrict the transmission and storage of restricted data. See http://www.itd.umich.edu/itcsdocs/s4340/ for instructions.

Google Desktop contains features that raise serious security and privacy concerns. For example, the "Search Across Computers” feature (available in version 3), creates an index of all the files on your computer, copies them to Google's servers, and updates them as changes are made. You can then retrieve and update your files stored on Google's servers from another computer you use that also has Google Desktop installed on it. Google stores Word documents, Excel spreadsheets, PowerPoint presentations, PDF files, text files, and except for secure (https) sites, Google also stores the web sites that you've viewed.

There is a real possibility that sensitive, research, and confidential information stored on a home or office computer could be accessed by others when Google Desktop is installed and incorrectly configured. IT professionals should seriously consider prohibiting its use and individuals should take care not to install it on University or home computers that store sensitive or research data.

To help protect the privacy and security of University data, we ask that you please share this information broadly. ITSS and others are also taking steps to distribute this information immediately, as noted in the Activities section below. IT professionals should reference the Technical Paper prepared by ITSS at http://safecomputing.umich.edu/tools/download/gd_security.pdf

Reference documents are included below to provide you with additional information, but if you have questions regarding this message, please contact me at grue@umich.edu.

ACTIVITIES
ITSS advised members of the Academic Computing Support Forum (ACSF) of concerns related to Google Desktop.

U-M network logs identified some computers using the search "across computers" feature in the residence halls. Information about security concerns is available at http://rescomp.housing.umich.edu/

Announcement and link to information is posted on the U-M Gateway at http://www.umich.edu

An article directed at University research staff will be published in the Biomedical News.

REFERENCES
Google Source: http://desktop.google.com/features.html#searchremote
UC Berkeley: http://istpub.berkeley.edu:4201/bcc/Fall2006/905.html