Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Privacy Concerns On Google's 30 Day Data Policy

Posted by CmdrTaco on Tue Feb 14, 2006 10:47 AM
from the something-to-think-about dept.
Businesses Google The Internet Security
darkmonkeh writes ""Google Inc. is offering a new tool that will automatically transfer information from one personal computer to another, but anyone wanting that convenience must authorize the Internet search leader to store the material for up to 30 days", CNN reports. Although Google's policy states that it can hold data for up to 30 days, "Google intends to delete the information shortly after the electronic handoff, and will never retain anything from a user's hard drive for more than 30 days", said Sundar Pichai, director of product management. With pressure on Google after the request by the Bush administration for personal information, privacy concerns may be hard hitting."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Privacy Concerns On Google's 30 Day Data Policy 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • advertising? (Score:4, Insightful)

    by JFlex (763276) * on Tuesday February 14 2006, @10:50AM (#14716206)
    Does this give Google the right to search the data for advertising purposes? Google desktop could easily have small text-bases ads relevant to data in my MyDocuments folder.

    • Does this give Google the right to search the data for advertising purposes?

      According to the article on CNN.com:

      Google plans to encrypt all data transferred from users' hard drives and restrict access to just a handful of its employees. The company says it won't peruse any of the transferred information.

      So, I guess no, Google won't read what you wrote... unless, of course, the Chinese [boston.com] ask them.

  • Fortunately... (Score:5, Funny)

    by Black Parrot (19622) on Tuesday February 14 2006, @10:51AM (#14716215)
    ...you can count on Slashdot to re-post it every few days, so don't worry about the 30-day expiration.
    • OR... Does it mean that they will delete your files permanently but before deleting they will rip-off all information they are intersted in?

      Deleting your files does not mean that there are no information extracted from that files, right?

  • pirates? (Score:4, Insightful)

    by megacia (534566) on Tuesday February 14 2006, @10:51AM (#14716218)
    could you give this out and let people download your drive for up to 30 days?

  • Retention of Data (Score:5, Insightful)

    by SeanDuggan (732224) on Tuesday February 14 2006, @10:52AM (#14716226) Homepage Journal
    I suspect that this is just due to their data model of redundant machines. As with GMail, they can't guarentee deletion of the material in a time period less than thirty days, although it may actually be retained for much less.
    • ...why isn't this story about how great it is that Google promises to keep your data for no longer than 30 days?

      30 days is not very long at all, in terms of data retention. Could we get such a guarantee from any other corporation? From our credit card companies, banks or libraries?

      Well, maybe our libraries...

  • Here's a question: (Score:5, Insightful)

    by TripMaster Monkey (862126) * on Tuesday February 14 2006, @10:52AM (#14716230)

    From TFA:
    To enable the computer-to-computer search function, a user specifies what information should be indexed and then agrees to allow Google to transfer the material to its own storage system. Google plans to encrypt all data transferred from users' hard drives and restrict access to just a handful of its employees.
    Why exactly do any of Google's employees need access to this information? Why can't the content be encrypted by the user via an asymmetric key scheme (like PGP) and decrypted again once it's reached the target system?

    I'm really not seeing the necessity for Google to have any access at all to users' information...am I missing something?
    • I assumed that the article was referring to accessing the physical equipment, not the actual data on the drives.
    • You know, people like sys-admins may need access in case something goes wrong...

      Keep in mind that access does not mean unencrypted. I read it as saying that the data will be stored encrypted on google's system, however some employees will still need to potentially have access to the encrypted data.

    • Re:Here's a question: (Score:5, Funny)

      by Marsmensch (870400) on Tuesday February 14 2006, @11:02AM (#14716315)
      They're not evil, but they still want to see those pics of your girlfriend naked.

    • Why can't the content be encrypted by the user via an asymmetric key scheme (like PGP) and decrypted again once it's reached the target system?

      I imagine they want to index the information, which they wouldn't be able to do if it was encrypted.

    • Re:Here's a question: (Score:2, Insightful)

      by Anonymous Coward
      I'm sure you know the answer, but...

      Google's not storing people's data out of altruism. They're doing it to make a profit from data mining and association-mapping.

      Think supermarket "loyalty" cards but on a far grander scale. That's what Google is aiming for: the ability to study and profit from the collated details of the lives of millions of people. In order to study the details, they must be able to process them in an unencrypted form at some point.

      They may have no evil intentions whatsoever. People s

  • Don't Do It (Score:5, Insightful)

    by krgallagher (743575) on Tuesday February 14 2006, @10:53AM (#14716237) Homepage
    "With pressure on Google after the request by the Bush administration for personal information, privacy concerns may be hard hitting."

    If you have privacy concerns, don't use the service. If you are stupid enough to transfer private or sensitive information over someone elses network, let alone store it on their drives, you deserve what you get. I use some online storage for information that I would not want to lose in the event of a catastrophe at my home, but it is nothing I consider sensitive. If it was, I would either store it elsewhere or use some kind of encryption on the files.

    • Re:Don't Do It (Score:4, Insightful)

      by Billosaur (927319) * <`wgrother' `at' `optonline.net'> on Tuesday February 14 2006, @11:11AM (#14716391) Journal
      If you have privacy concerns, don't use the service.

      The same can be said for online banking, email correspondence, chat, IM, or P2P. The fact is you have to be smart about who you let have access to what data. It's hard enough protecting your security in just the above arenas, without letting an outside group have access to your hard-drive. Another service I don't think I'll be touching anytime soon.

    • The parent couldn't be more right.

      I have a completely encrypted drive in my laptop for sensitive information in case I lose it or it is stolen. This is just wise in my humble opinion and can be easily achieved by many tools, like truecrypt [truecrypt.org]. For everything else, there is Gmail [gmail.com]! =)
    • Is it me or does it seem that when it comes to Google, there is a stigma that every service they roll out should be awesome and immediately utilized - oh but wait - they can store my data for 30 days? Hrm, I don't know. It is Google, but that doesn't sit right. But it is Google. Mm, Google.

      For real, just don't flippin' use it, viola, no more concerns over the privacy of your data. (At least with Google.)

  • Ugh... (Score:5, Insightful)

    by jim_v2000 (818799) on Tuesday February 14 2006, @10:53AM (#14716240)
    This has nothing to do with your rights online. It's an opt in service. No one is being forced to do anything. If you don't like the TOS, don't use it.
    • If you don't like the TOS, don't use it.


      'cause, you know, everyone always reads the TOS, don't they.

      Hypothetical: Another user on a shared machine uses this, and it exports C:\DocumentsAndSettings\* then everyones data is uploaded, not just the person running the Google service.

      (yeah, I know.. restrict user permissions, don't run as admin, etc, etc. Welcome to the real world, where "the right way" isn't what most people do.)

  • Technical feasibility? (Score:5, Insightful)

    by DRJlaw (946416) on Tuesday February 14 2006, @10:54AM (#14716248)
    I suspect that the 30 day requirement is a matter of technical feasibility rather than "evil intentions." I seem to recall Google announcing that it could not guarantee that email deleted from Gmail would be deleted from Google's data storage system, at least immediately. When you consider how much redundant storage Google holds, and how that storage is distributed around the world, the 30 day provision may be more of a CYA from legal liability.

    The policy may very well translate into "We will make a best effort to delete the information when you instruct us to do so, but we will only guarantee that the information will be deleted within 30 days."
    • I agree it has something to do with legal matters, but I doubt it is about feasability.

      The details are fuzzy, but IIRC, when you leave your *stuff* on their servers for more than 30 days, the police do not need a regular warrant to get at your data.

      I remember this was talked about back when Google first introduced G-Mail and said "We can't promise we're going to delete your data."

      Maybe someone else remembers the exact details, but I know the 30 day limit is there because it has something to do with 'possess

  • Not to mention (Score:5, Insightful)

    by isa-kuruption (317695) <kuruption@[ ]uption.net ['kur' in gap]> on Tuesday February 14 2006, @10:56AM (#14716267) Homepage
    I work for a healthcare company, and we have already attempted to block Google Desktop at our proxies. There are HIPAA concerns with allowing users to transfer personal data between their work machines and . But we're not the only ones, banks and other healthcare companies will eventually do the same.

    Hopefully this will be sufficient. If not, we will need to block access to all of Google, which would seriously upset many people within the company, and of course this will cascade to other organizations. Will Google be happy it's pissing off a bunch of Fortune 50 companies?

    • I concur. But it's not just HIPAA, there are GLBA concerns as well.

      If Google doesn't publish the URLs and/ or netblocks used by this then they run the risk of getting blocked in entirety all over the place.
      • Jest to toss another acronym into the mix, SOX is going to be a problem too.

        For those who don't know the alphabet soup we're talking about:

        HIPAA [epic.org] - Health Insurance Portability and Accountability Act of 1996 belongs to the Dept of Health & Human Services

        GLBA [epic.org] - Gramm-Leach-Bliley Act aka the Financial Services Modernization Act of 1999 belongs to the Federal Trade Commission

        SOX [wikipedia.org] - Sarbanes-Oxley Act of 2002 belongs to the Securities & Exchange Commission
    • And Google cares about Fortune 50 company users accessing them from work because? Unless they make for a significant proportion of ad revenue, Google really doesn't care.

      Your value to Google is the number of eyeballs you can offer them, or the advertising revenue they make from you. Do Fortune 50 corporations offer enough eyeballs to be a globally significant number?
  • They have to retain it for a certain period:
    1. Turn on computer A, and indicate you want to sync with computer B
    2. Data is copied to googles servers
    3. Turn on computer B, and your data automagically appears.

    Without the google servers, both systems need to be on all the time, and data retaining issues, as well as another google tool are a non issue.

  • What about GMail? (Score:3, Interesting)

    by antron-jedi (951323) on Tuesday February 14 2006, @10:58AM (#14716283)
    Pretty much half my life is saved in my GMail anyway, so I figure what the hell, why not? Just from reading TFA my concern would be less with the government and more with other security/privacy breaches, though.
  • Create a tarball or zip of your home directory and overwrite the home directory with the same name on another Mac. Reset permissions if needed. Problem solved, no third party. *scratches head* Come to think of it, the only group that has problem with this is the Windows users with all of their hidden, protected yada yada directory crap.

    One more area where Microsoft creates markets, sometimes for their competitors.
    • Actually, that works well on Windows PCs as well. Heck, if it didn't, you couldn't have roaming profiles (which do have some minor issues, but work remarkably well) where you can log in on any machine and all of your files/settings/etc are visible to you. The only difference is that some Windows users love making random hidey-holes for their files instead of putting them under "/Documents and Settings/[Username]" in the appropriate Documents or Images or Whatever folders. There are some badly behaved app

  • In dubio pro reo (Score:5, Insightful)

    by Opportunist (166417) on Tuesday February 14 2006, @11:03AM (#14716322)
    Now, I'm a big fan of privacy and having my data securely and tightly to my chest.

    But, to show off some more latin, cui bono? What's google's gain in the game? What could they possbily gain from having access to my data? My highly sensitive christmas pics?

    Hardly.

    What they do get in that way is an idea where people and data travels. Information about their users. That's it. And that's by far more valuable than your grocery list or granny's phone number. IMO they don't care about your data. What they want is the information where data comes from and where it goes to. And that can be simply achived by tracking where you are when you dump the files on them, how long they stay there and where you are when you pick them up again (or, what's also possible, where the person is that picks them up).

    That's the info they're after. Not your files themselves.

    So why the 30 days? Well, this could be connected with their update and deletion cycles. As someone already pointed out, their servers are most likely redundant. It's not like at home, where you simply hit "del" to get rid of a file. Their array of servers first of all has to realize that the file is actually supposed to be deleted. Or it could be that they are using some nightly job to clean up and purge all the "waste" data, and that this can't be done during normal operation, not even more than once a month, simply because the servers got better things to do.

    So, in a nutshell, I don't suspect "evil" in that 30 days cycle. More likely, it's simply a technical necessity, and a legal one too. So people don't start suing them 'cause the files are still on their servers 10 days after they picked them up.

  • Safety (Score:4, Interesting)

    by rjstanford (69735) on Tuesday February 14 2006, @11:04AM (#14716331) Homepage Journal
    This is basically using Google's storage as a BigAssDisk(tm) for you to move/wipe your machine. Think about what would happen if they didn't do this:

    1) User "saves" his data to google.
    2) User wipes and rebuilds his PC.
    3) User loads his data from google, after which google immediately forgets it.
    4) User realizes that his drive was set up incorrectly and repeats step 2.
    5) User says, "Fuck. I thought I'd saved that!"

    They're emulating a temporary backup tape in this case, so they're acting more like one. Destructing 30 days after last use is reasonable (it is a temporary tape) and indeed useful. Destructing 30 seconds after first use is potentially catestrophic.

  • bandwidth impact? (Score:3, Interesting)

    by slackaddict (950042) <rmorgan@NosPAM.openaddict.com> on Tuesday February 14 2006, @11:17AM (#14716446) Homepage Journal
    What's the likely impact on Verizon's data network if you have millions of users all over the world sending data constantly to Google's server farm for this new service in addition to the already high amount of web traffic? Verizon is going to be pissed.

  • Google file system (Score:4, Informative)

    by _LORAX_ (4790) on Tuesday February 14 2006, @11:19AM (#14716467) Homepage
    If you read the white paper on how the google file system platform works, this makes perfect sense. The provision is a CYA to make sure that the customer knows that while google makes every attempt to remove the data quickly, the system only marks files for deletion. Files are later ACTUALLY deleted by an automated sweep.

    http://labs.google.com/papers/gfs-sosp2003.pdf [google.com]

  • Oh dear (Score:5, Funny)

    by voice_of_all_reason (926702) on Tuesday February 14 2006, @11:23AM (#14716498)
    With pressure on Google after the request by the Bush administration for personal information, privacy concerns may be hard hitting.

    Me: okay, delete data
    Google: I'm sorry, Dave. I'm afraid I can't do that....

  • This doesn't make any sense (Score:3, Interesting)

    by voice_of_all_reason (926702) on Tuesday February 14 2006, @11:29AM (#14716565)
    So it's based on the presumption that it's easier to transfer your whole hard drive than sort through the data and burn only what you need. Even with broadband and a reasonably small (5gb) hard drive, you're talking a good day or two at constant top speed (40kbps for me). I think just a small amount of effort in cherry-picking what you really need on the other computer could easily fit on a burned cd or dvd, and take up infinitely less time.

    Besides, won't Microsoft throw a hissyfit about this? Technically, if I upload my entire c:\, google now has a copy of windows it didn't pay for. Along with every other registered program in my program files directory. I can't imagine Sony would be too pleased either when they find out I rip my DVDs to hard disk and pass 'em along to google.

  • Boiling a Frog (Score:3, Insightful)

    by WED Fan (911325) <`ten.liamhsart' `ta' `egihaka'> on Tuesday February 14 2006, @11:30AM (#14716576) Homepage Journal

    (First, this is not an Anti-France post.)

    Google is starting to creep me out. I've been in love with them and their "Don't be evil" thing, and have adopted many of their tools, including GMail. But, they are starting to do things that make me wonder if we are the frog that is destined to be boiled.

    You know:

    How do you boil a frog?
    Put him in a pot of cold water then slowly increase the heat.

    I'm thinking we are going to turn around one day and wonder how Google got all our data. It will follow the revelation that all the data Google had was exposed to a hacker, or sold by a disgruntled employee, or accessed by Chinese Military Intel.

    • How do you boil a frog?
      Put him in a pot of cold water then slowly increase the heat.

      While I do love the story, wouldn't it just be a hell of a lot easier (and more merciful) to just throw him in the boiling water and cover the pot?

  • Government Mandated Retention (Score:4, Insightful)

    by airship (242862) on Tuesday February 14 2006, @11:43AM (#14716686) Homepage
    No matter what Google says their current retention policy is, I expect that the U.S. government will eventually require sites like Google to maintain all data on their users for a specified period, probably years. The government wants to know all about you, and under the guise of 'hunting terrorists', they'll get it.
  • This is not a new function that will act as a big network based hard drive. This is simply the index that google desktop search uses that is being shared.

  • Let me get this straight (Score:3, Insightful)

    by MythoBeast (54294) on Tuesday February 14 2006, @11:46AM (#14716719) Homepage Journal
    Google is allowing people to use their servers as a temporary holding pen for information so that you can transfer it from one machine to another. People are complaining about privacy because, um, why? Because the data isn't just on their computer any more? How does this differ from an FTP server or services like Dropload [dropload.com]? I'm betting that Google's 30 day policy is a nuisance number designed to protect them from litigation in case the auto-wiping fails. This way they can re-image their hard drives every 30 days to protect themselves.

    To be honest, I think that they should be commended for making the full disclosure. If privacy advocates are concerned, then privacy advocates should avoid using the service.
  • Our IT guys don't want anything to do with Google. They think, rightly or wrongly, that Google is a potential IP leak. Fine, but we really need to be able to Googlelike search our network volumes. What other products can I suggest to them?

    • Re: Wow. (Score:5, Funny)

      by Black Parrot (19622) on Tuesday February 14 2006, @10:54AM (#14716246)
      > Next you'll have to share your DNA configuration.

      Not so bad, if you get to choose who you share it with!

      • Re: Wow. (Score:4, Funny)

        by Zoologico (855429) on Tuesday February 14 2006, @11:00AM (#14716307)
        Please elaborate. I can't think of a good reason for wanting to share DNA configs with anyone. :)

        • Re: Wow. (Score:5, Funny)

          by Black Parrot (19622) on Tuesday February 14 2006, @11:07AM (#14716348)
          > Please elaborate. I can't think of a good reason for wanting to share DNA configs with anyone. :)

          That should be in the Slashdot FAQ by now.

      • Next you'll have to share your DNA configuration.

        Not so bad, if you get to choose who you share it with!

        Looks like there is going to be alot of DNA sharing later tonight, after all it's Valentine's Day!
      • > Next you'll have to share your DNA configuration.

        Not so bad, if you get to choose who you share it with!

        Even better if I can avoid using Google and use "direct connect".

    • Re:Wow. (Score:5, Insightful)

      by huge colin (528073) on Tuesday February 14 2006, @11:51AM (#14716762) Journal
      Yeah, I know. It's so horrible how we're all forced to used this free service.

      • Re:Wow. (Score:3, Insightful)

        by smoker2 (750216)
        No, you're not forced to.

        But - you have been warned !

        Ever had a really good friend, who you haven't seen for a while, so you go out for a beer, and halfway through a conversation, you discover he is trying to sell you life insurance/water filters/mortgage services/etc/etc ? Not fatal, but uncomfortable and disingenuous.

        Well that's google for ya. I can handle advertising on their search pages, as the price of using their service, but I'm damned if I'll help them index me !

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.