Google Desktop widens the privacy hole

EFF is sounding a warning about Google Desktop’s latest Search Remote Computers function. The function itself sounds nice: one search command to search all your documents and viewed webpages regardless of what computer they’re on. Trouble is, Google does it by uploading all those sensitive documents to their own servers in case your laptop or other computers are off-line.

I think Google has a pretty good moral compasses, but (as I mentioned when GMail came out) there are fundamental risks with this sort of centralized system regardless of the trustworthiness of the company running them. As EFF’s alert points out, many legal protections enjoyed by information stored on your own home computer are lost when stored with an online service provider:

The privacy problem arises because the Electronic Communication Privacy Act of 1986, or ECPA, gives only limited privacy protection to emails and other files that are stored with online service providers—much less privacy than the legal protections for the same information when it’s on your computer at home. And even that lower level of legal protection could disappear if Google uses your data for marketing purposes. Google says it is not yet scanning the files it copies from your hard drive in order to serve targeted advertising, but it hasn’t ruled out the possibility, and Google’s current privacy policy appears to allow it.

I can imagine other legal and practical questions as well. For example, if Google Desktop wound up uploading a researcher’s company-confidential tech reports, would that count as “disclosure” and thus prevent him from filing for a patent on his work? And if a laptop running the software is opened in a foreign airport (e.g. China), can the local Google office be subjected to subpoena under that country’s own laws?