Nathan (gemsling) wrote,

Encyption is the key

The EFF has just issued a press release titled Google Copies Your Hard Drive - Government Smiles in Anticipation. The new version of Google Desktop has a search across computers feature, which works by uploading files to Google's servers so that they can be indexed and searched even if you're using one your other computers. The EFF points out that this is a privacy concern, as it's much easier to get a subpoena to obtain data from a service provider than it is to obtain a search warrant to get stuff from a home.

So, people should be wary of what data they place online. But surely the best approach is to use encryption. There is little value to governments and other litigants in data that is unreadable. Google Desktop is just one of many online services that should encrypt data at the time of upload. They'd also need to manage user passwords in such a way that they can be reset, but not retrieved in cleartext. Users of these services would then supply their password to decrypt the files.

Unfortunately, I don't see it happening. A couple of email providers do it, but only because they set out to provide privacy and security from the beginning. When Gmail launched, Brad Templeton wrote about its privacy issues and recommended encryption. I don't belive Google ever implemented it.

Brad's article on Gmail is worth a read for more info on the risks and the solutions: Privacy Subtleties of GMail.
Tags: google, privacy

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded