Log in

No account? Create an account
Previous Entry Share Next Entry
Encyption is the key
The EFF has just issued a press release titled Google Copies Your Hard Drive - Government Smiles in Anticipation. The new version of Google Desktop has a search across computers feature, which works by uploading files to Google's servers so that they can be indexed and searched even if you're using one your other computers. The EFF points out that this is a privacy concern, as it's much easier to get a subpoena to obtain data from a service provider than it is to obtain a search warrant to get stuff from a home.

So, people should be wary of what data they place online. But surely the best approach is to use encryption. There is little value to governments and other litigants in data that is unreadable. Google Desktop is just one of many online services that should encrypt data at the time of upload. They'd also need to manage user passwords in such a way that they can be reset, but not retrieved in cleartext. Users of these services would then supply their password to decrypt the files.

Unfortunately, I don't see it happening. A couple of email providers do it, but only because they set out to provide privacy and security from the beginning. When Gmail launched, Brad Templeton wrote about its privacy issues and recommended encryption. I don't belive Google ever implemented it.

Brad's article on Gmail is worth a read for more info on the risks and the solutions: Privacy Subtleties of GMail.