Want privacy? Don't give up your personal data.
That's the gist of the brouhaha that followed Google Inc.'s release this week of an upgrade to its Google Desktop software, which can store files from a PC on the company's server.
Among the enhancements in the new version of the product, which is available by download, is a feature called Search Across Computers, which allows people to choose files on their hard drives that they want Google to automatically index, store and track on its servers, and make accessible over the Web from any computer. People can disable the feature, if they don't want files stored online.
Nevertheless, even the vocal critics of the Mountain View, Calif., search engine agree that Google is not the villain with a black hat in offering to store personal data. "But, it's at least wearing a grey hat," Kevin Bankston, staff attorney for privacy advocate the Electronic Frontier Foundation, said.
The San Francisco group argues that many people are unlikely to take the time to learn the features that can disable and manage file and data sharing. In addition, it says Google is asking for too much information, and could enhance privacy of personal files by encrypting the data and giving its owners the only key to unlock the information.
"Google has a responsibility to make privacy by design a priority," Bankston said.
EFF, which advises people not to store personal data with Google, also argues that the company is making people more vulnerable to lawyers' subpoenas and government warrants, because current federal law gives less protection to data stored online than to data stored in a home PC.
But Andrew Serwin, a partner and privacy expert with the law firm Foley & Lardner LLP in San Diego, disagrees, arguing that government, law enforcement and attorneys in civil cases have to follow the same rules in seeking personal data online as offline.
"The government would have the same burden either way," Serwin said. "With a lawsuit, it's not any more or less difficult."
The government prosecutors would still need to get a warrant, and a lawsuit attorney would still need a subpoena, Serwin said. As to whether the person named would need to be notified first, that would depend on the circumstances, and the final decision would be left up to a judge. But whether offline or online, notification may or may not be required.
"If courts say this is how you proceed, then that's how you proceed," Serwin said.
Google has been praised, even by the EFF, for recently refusing to hand over subscriber search data to the U.S. Justice Department in its attempt to revive an anti-pornography law struck down by the Supreme Court. Yahoo Inc., Microsoft Corp. and America Online Inc. complied with similar subpoenas. A court hearing on Google's refusal is pending.
"We think Google is doing a good job," David McGuire, spokesman for the non-profit lobbying group Center for Democracy & Technology, said. "We were impressed that they resisted the Justice Department's subpoena, but when you're drawing all of these different threads of information together in one place, it creates a whole new set of privacy issues that we don't think will be fully resolved until there is a strong federal law."
To that end, the EFF argues that if Google and other Internet companies that depend on gathering customer data to sell products, feed advertising and to improve Web sites were really concerned about privacy, then they would lobby Congress to strengthen the Electronic Communication Privacy Act of 1986. The law, the EFF says, gives only limited protection to emails and other files that are stored with online service providers.
So with so much unsettled in the area of online privacy, the best protection is to keep your personal data close, and under your control as much as possible. Spreading it around just makes more of it available to others.
"You have to assume that once you release data to a third party, that data could be distributed in a public way," Serwin said.
TechWeb Associate Editor K.C. Jones contributed to this article.