Google Desktop - don't let your valuable information get out "into the wild"

This issue is devoted to the problems associated with personal information getting released somehow into the global Internet and ending up being found by people through search engines; or worse, being subject to search and seizure by authorities in jurisdictions that may have nothing to do with your daily activities.

The http://desktop.google.ca/en/ Google Desktop facility is what has spurred the note, but it is only one in a long list of potential traps that can reach out and byte you.

I've written before on Instant Messaging (see http://blog.pacdat.net/article.php?story=20051101082729255) and its potential for letting internal information out into the rest of the world as well as opening up your computers to viruses from yet another vector.

I've also written about PLAXO and other contact information aggregators - and how using them to manage your contact information is not a good idea.

Now, Google proposes to allow you to use their systems to not only index information on any/all computers in your organization (or home LAN) but also share information through Google with associates and friends. Sounds benign enough until you realize that Google is a US based company and the US government is pissed at them for not allowing Uncle Sam to have access to the search terms all of Google's users have been using recently (see the Slashdot article at: http://yro.slashdot.org/article.pl?sid=06/02/18/1356230 ) and
now I receive the latest SANS institute newsletter points me to an article at ZDnet about Google's desktop and privacy. It is compulsory reading! See the original at: http://www.zdnet.co.uk/print/?TYPE=story&AT=39252738-39020375t-10000007c

In essence - if you deal with "secret" or proprietary information (and some of you are lawyers - how about client privilege?) and you use Google desktop, the information ends up on Google's servers for something like 30 days - during which time only Google's security and the good graces of the American government protect it from getting into someone else's hands.

The wired world extends your information outside your control almost without thought. Other things to check on are wireless modems - do you have the encryption (high-security) turned on? Is it a recent purchase or at least recently upgraded to eliminate the security bug that plagued early units? Do you have separate LANs (different routers and security) for your home office and your kids?

If you have any questions about this or other office security topics, please don't hesitate to call me.