My state agency's intrusion- detection systems were showing some undesirable activity on our network. Upon investigation, we found that several desktop systems were communicating with Google via Google Desktop. I ran a network security scan and found at least 50 computers set up to do this. How was that possible?
All 50 were new Dell machines. I called down to the lab where desktop system images are created. A tech answered, and I asked him if he knew why Google Desktop was installed on the new systems. "Yes," he said. "The new Dell systems came with it installed. We thought it was a useful tool, so we included it in our standard image."
The question that immediately reverberated in my head was, Why weren't the security implications considered? What I said was, "This is a security problem for us, and we have to uninstall it as soon as possible. I'll put together a meeting."
The good news is that I caught this security lapse before all agency desktops were replaced in our current system refresh. In fact, since desktops are being replaced about 50 at a time, I had caught it pretty early. The realisation that the problem could have been worse cheered me up a bit.
Admittedly, the person who decided to leave Google Desktop on the new computers had no reason to suspect that the program could cause a serious security vulnerability. The root of the problem lay in our quality assurance processes. And that means that if I was going to be irritated at anyone, it would have to be me.
I am in charge of all IT processes and had failed to make sure that we had a certification process for new systems. I was focused on auditing the environment. And in the meantime, I made assumptions - one of the surest ways to get myself into trouble. I assumed that the image had not changed. I assumed it would not change. I assumed I would be asked before someone made a change. No way around it, this was my fault.
Several staffers came knocking at my door, having heard about the situation and wanting to know why it was a big deal. I printed out some articles on Google Desktop for their edification. I had filed in my brain the factoid "Google Desktop = security vulnerability" at least a year ago.
But apparently, my staffers don't read the security news. I don't want to make them do that; they work hard as it is. But I wondered whether I should put together for them highlights of the latest in security vulnerabilities on a weekly or monthly basis to prevent this kind of thing from happening again.
So, what is the big deal about Google Desktop? At Google's desktop.google.com site, it says, "Google Desktop gives you easy access to information on your computer and from the Web. It's a desktop search application that provides full text search over your e-mail, files, music, photos, chats, Gmail, Web pages that you've viewed and more." That all sounds pretty good? But, read on:
"Removing deleted files from search results - Some users like the fact that Google Desktop saves cached versions of deleted files in case they need to retrieve them. But we know this isn't for everyone. Don't want to see deleted files in your search results? Just enable the 'remove deleted items' option in your Desktop preferences."
In and of itself, this isn't scary (even though the option should be disabled by default -- in Windows, you can always retrieve deleted files if you have the right utilities). So far, we have an application that indexes everything on our users' computers so they can search them and find information quickly. That is a totally cool feature in an age when we are inundated with so much information we can't think straight. But there's more:
"Search Across Computers enables you to search your documents and viewed Web pages across all your computers. For example, you can find files you edited on your desktop from your laptop. To activate this feature, you will need a Google Account (the same log-in you use for Gmail, Orkut or other Google services). Files accessed on your computer after you enable Search Across Computers will be searchable from your other computers.
"To search your other computers, you must also install Google Desktop on them, as well as enable the Search Across Computers preference using the same Google Account on each one.
"In order to share your indexed files between your computers, we securely transmit this content to Google Desktop servers located at Google. This is necessary, for example, if one of your computers is turned off or otherwise offline when new or updated items are indexed on another of your machines. We store this data temporarily on Google Desktop servers and automatically delete older files, and your data is never accessible by anyone doing a Google search."
The italics are mine, although you probably could spot the security problem on your own. The good news is that this feature isn't enabled by default. If it were, there would be hell to pay. It would allow our users who have Google Desktop and Gmail accounts to share data across the Google servers and wherever else they happened to log into a computer - and that could include data protected under the Health Insurance Portability and Accountability Act.
As it turns out, only one of our users had a Gmail account, and the Search Across Computers feature had not been enabled. But when I think about the thousands of computers using this feature and the quantity of data being cached by Google, I get the creeps.