UCSD
CAMPUS NOTICE
University of California, San Diego
 

OFFICE OF THE SENIOR VICE CHANCELLOR -
ACADEMIC AFFAIRS

OFFICE OF THE VICE CHANCELLOR -
BUSINESS AFFAIRS

February 23, 2006


ALL ACADEMICS AND STAFF AT UCSD (Including UCSD Healthcare)

SUBJECT:    Google Desktop Security Exposure

Google Desktop V.3 contains certain features that raise serious security and privacy concerns. Specifically, the "share across computers" feature that introduces the ability to search content from desktop to desktop greatly increases the risk to users' privacy. If Google Desktop V.3 is set to allow "Search Across Computers" files on an indexed computer are copied to Google's servers. We recommend that individuals seriously consider the potential for information stored on their computers to be accessed by others if they enable this feature of Google Desktop V. 3 on their computers.

Employees of the University (whether student, regular staff or faculty) who have confidential data on their work or home computers should not enable this feature. There are both privacy laws and university policies that could be violated through the installation of this feature, specifically, SB 1386, HIPPA, FERPA and GLBA.

While some of the features of Google Desktop V.3 are enticing to faculty, students, and staff, it is important to understand how information is collected, stored, and shared through this application, and the potential privacy risk to individuals.

Please review and share this information widely.

Helpful References:

Google Source:
http://desktop.google.com/features.html#searchremote

Policies about Protecting Data:
http://blink.ucsd.edu/Blink/External/Topics/Policy/0,1162,1861,00.html

For a good summary of the privacy concerns related to Google Desktop V.3, see:

Electronic Frontier Foundation:
http://www.eff.org/news/archives/2006_02.php#004400

Technical Paper from University of Michigan's IT Security group:
http://safecomputing.umich.edu/tools/download/gd_security.pdf

For questions regarding this message, contact Charlotte Klock, Director ACT Data Center, at cklock@ucsd.edu or (858) 822-1223 or Tony Wood, Director of Academic Computing Services, at twood@ucsd.edu or (858) 534-4050.


Marsha A. Chandler
Senior Vice Chancellor -
Academic Affairs

Steven W. Relyea
Vice Chancellor -
Business Affairs