jducoeur: (Default)
jducoeur ([personal profile] jducoeur) wrote2006-04-19 03:45 pm
  • Add Memory
  • Share This Entry

Your online history, right there on display...

So I finally decided to install Google Desktop, partly because it's the sort of technology I like to keep an eye on on principle (you never know what we're going to integrate with next), and partly because it's quite possible that it might be useful in development (if, say, it indexes code halfway competently). Overall, it's become a pretty interesting toy, although it has some irritating quirks -- in particular, the way that it initially decides to take over a chunk of your screen and rearranges all your icons around it. (I hate programs that do that.)

But the most useful-but-disconcerting feature has to be the "Browse Timeline", which shows your order of access of Pretty Much Everything -- not just web history, but your searches, which emails you accessed at what times, and so on. On the one hand, I'd bet that it's remarkably useful in a number of contexts -- there are certainly times when I ask myself "Okay, I know I found this site as part of digging around at that time, but I don't remember exactly what it was".

OTOH, this is pretty much a prosecutor's wet dream: I can't imagine that it's going to be very long before it first gets introduced as evidence in some insider-trading case, since it demonstrates not just what you know, but *the exact order in which you did things*. I mean, I can only imagine what they would have given to be able to say, "Ms. Stewart, your own computer shows that you sent the request to sell ImClone less than ten minutes after receiving this message from your broker. Do you really expect us to believe that this was a coincidence?"

Surely this is going to be one of the better examples of the Law of Unintended Consequences. I'll be very curious to see whether it gets formally banned at some offices for exactly this reason...
Flat | Top-Level Comments Only

[identity profile] patsmor.livejournal.com 2006-04-19 07:53 pm (UTC)(link)
Justin, I would love to have an article about this in Interface, the online journal about how people, computers, and the Internet shape one another. Could you write such a thing? (I'm doing communities this time, so if you don't, I probably will next time, but it would be nice to have a different voice.)
jducoeur: (Default)

[personal profile] jducoeur 2006-04-19 08:37 pm (UTC)(link)
Hmm. Realistically speaking, now probably isn't the time for me to say yes -- I've got a lot on my plate right at the moment, so I shouldn't commit to trying to write something publication-worthy. (Blog entries are easy; real columns require more thought and care.) But thanks for asking; maybe at a later time.

I do notice, rather to my amusement, that Google has not only thought of this issue, they've turned it into a virtue. It appears that Google Desktop Enterprise Edition (for which they would love to sell you their Premium Support package) allows IT departments to centrally control what sort of things can be indexed within the company.

It's intriguing to see how Google, simply by dint of its own power, is winding up in the grey areas. I was remarking to a friend earlier today about how hard it is going to be for Google to stick to its "Don't be Evil" motto as it gets more powerful, and this illustrates the way that "Evil" is very much in the eye of the beholder. From an enterprise POV, this new corporate-level control is a great and necessary thing, but from the individual employee's POV it's probably going to be a bit of a pain in the ass.

Information is becoming a key flashpoint in the relation between individuals and corporate entities, whether those be as small as individual companies or as large as countries. Google, simply by the nature of what it is trying to do, is inevitably going to get sucked more and more deeply into that particular tension...

[identity profile] patsmor.livejournal.com 2006-04-20 01:39 am (UTC)(link)
I'll nag you again later, OK? ;-)
jducoeur: (Default)

[personal profile] jducoeur 2006-04-20 03:21 am (UTC)(link)
Definitely. I'm always fond of talking, heaven knows, and it's a topic I've always been passionately interested in...

[identity profile] hascouf.livejournal.com 2006-04-19 07:57 pm (UTC)(link)
At my office we have been informally asked not to install either Google desktop or the MSN equivalent. I would imagine that at review time when they update policies it will be formal.

[identity profile] umbran.livejournal.com 2006-04-19 08:55 pm (UTC)(link)
I'll be very curious to see whether it gets formally banned at some offices for exactly this reason...

Perhaps more importantly - how easy is it to fake the logs? If, for example, the information is stored in a plain, unencrypted text file in an easy to read format, it probably isn't going to be admissible as evidence in a criminal case. If, on the other hand, it is difficult for a non-expert to alter them, yeah, the thing is dangerous.
jducoeur: (Default)

[personal profile] jducoeur 2006-04-19 09:37 pm (UTC)(link)
Interesting point, and an interesting question -- a quick search doesn't make it obvious where the search index is.

And now that I think of it, that puts a new spin on the fact that the thing includes caching to at least some degree. I don't know the depth of that cache, but if it includes previous versions of some alterable files, then it becomes even *more* dangerous for the non-expert. If it's easy to alter the current version, but requires a modicum of expertise to alter the cache -- well, that makes certain types of lies much more catchable...

(Anonymous) 2006-04-20 02:44 am (UTC)(link)
If Google is storing the logs, rather than on individual desktops, then subpoening Google will become a favored activity of law enforcement. If the desktop machine stores it, forensic investigators will be reading it.

It doesn't matter if something is easily forgable or not; the criteria are basically: (a) was chain of evidence maintained properly (b) is it in the expected format and consistent (c) is there reason to believe it was forged (d) does the judge believe it (e) does the jury believe it.

Many is the time that an ISP is subpoenaed to produce call detail records; large ones may have a procedure or even a person dedicated to the job.
dsrtao: dsr as a LEGO minifig (Default)

[personal profile] dsrtao 2006-04-20 02:45 am (UTC)(link)
that was me.
jducoeur: (Default)

[personal profile] jducoeur 2006-04-20 03:23 am (UTC)(link)
The logs are currently *mostly* stored on the local desktop (although I'm not sure how the Search Across Machines function works). And yes, I fully expect that forensic experts are going to *love* this program...

Trenza had this idea too

[identity profile] dauphin1974.livejournal.com 2006-04-20 01:23 am (UTC)(link)
Justin - remember Trenza - one of the things it was supposed to do was show you where you'd been.....

Re: Trenza had this idea too

[identity profile] patsmor.livejournal.com 2006-04-20 01:36 am (UTC)(link)
And Alexa - http://alexa.com/ -- whose model (like the Internet Archive) was to store everything in a giant data warehouse, not on your desktop. That's why Alexa is considered a spybot by some software
jducoeur: (Default)

Re: Trenza had this idea too

[personal profile] jducoeur 2006-04-20 03:21 am (UTC)(link)
Note that Google Desktop is moving in that direction. For the best of reasons, of course -- they've introduced a new feature that allows you to do desktop search simultaneously across all of your computers. But in order to make it work, they have to upload the files to their secure servers. Even granting them the best of intentions, there is no way I'm going for that one...

Re: Trenza had this idea too

[identity profile] patsmor.livejournal.com 2006-04-20 06:48 pm (UTC)(link)
There's a new version of ??PC Pursuit??? that is supposed to let you "connect to your computer at home from no matter where you are!" -- not a chance!!!
jducoeur: (Default)

Re: Trenza had this idea too

[personal profile] jducoeur 2006-04-21 01:20 pm (UTC)(link)
Oh, I dunno -- I could *imagine* a system of that sort that I would trust. They'd have to publish their security model in good detail, and I would have to believe in it; an open source system would probably be preferred so that it could be hammered hard, and I certainly wouldn't be first onto the bandwagon. But the idea doesn't strike me as inherently crazy, just one that would make me very, very cautious...

Re: Trenza had this idea too

[identity profile] patsmor.livejournal.com 2006-04-21 05:35 pm (UTC)(link)
One that I would only use to connect to a not-very-important computer.
jducoeur: (Default)

Re: Trenza had this idea too

[personal profile] jducoeur 2006-04-20 03:19 am (UTC)(link)
Oh, sure -- but in our wildest dreams (and Patrick's dreams got pretty wild) we never imagined being quite so *comprehensive*. I mean, collating the trail of breadcrumbs through your emails, the web pages you looked at, the files you accessed: really, it's pretty scary how easily this information could be abused...

Re: Trenza had this idea too

(Anonymous) 2006-04-20 07:15 am (UTC)(link)
Can't your emails and general activities already be logged and accounted for without having Google Desktop in the mix at all?

This timeline of the sequence of events adds some depth to the activities that you are responsible for, but ultimately if you behave in a reasonable manner while at work, you should be in good shape, wot?

As long as my company doesn't frown upon me spending their dimes while I post to my personal blog, everything should be just dandy. Bring that Enterprise solution on.
jducoeur: (Default)

Re: Trenza had this idea too

[personal profile] jducoeur 2006-04-20 01:11 pm (UTC)(link)
Can't your emails and general activities already be logged and accounted for without having Google Desktop in the mix at all?

Oh, sure -- this is just an illustration of the way that Google is sitting at the intersection of what I suspect will be a growing tension in coming years. On the memetic level, individual liberty vs. corporatism is turning back into A Big Issue, as it does from time to time.

This timeline of the sequence of events adds some depth to the activities that you are responsible for, but ultimately if you behave in a reasonable manner while at work, you should be in good shape, wot?

The definition of "reasonable manner" varies *wildly* from company to company, and some companies' definition of "reasonable" are not especially reasonable...

Re: Trenza had this idea too

(Anonymous) 2006-04-20 01:35 pm (UTC)(link)
"The definition of "reasonable manner" varies *wildly* from company to company, and some companies' definition of "reasonable" are not especially reasonable..."

You have a few options here. Read the corporate policy manual if you need to. During your interview, ask some questions. If you don't like the corporate policies, you can find another job at a company that suits you in a fashion you feel more comfortable with. Or work for yourself. Don't simply assume that you have the freedom to do anything you want to at work.

I think most of us know when we are doing something questionable. Even slightly. You don't need a mandate or a policy in place to know if your activities might pose possible problems for you.

If you're breaking the law by downloading & using illegal software, stabbing co-workers in the back over email, wasting company time playing games, ordering personal items with a corporate credit card (which you plan on paying with your own money later), sabotaging corporate files on a network, doing personal work/emailing on the company dime, etc. and you get caught - you have no one to blame but *yourself*.

Let's see if Google really turns this into a big issue. Their enterprise solutions have been around for a while now. Lets see if abuse really starts to take place. There has been activity tracking software running on machines for a long time now, which tell admins what software, jobs, etc. you were using and for how long to track billable hours. I haven't seen that blow up into a huge ball of contention. I don't hear the ACLU complaining about it. Wait and see I guess. Not holding my breath though.

Interesting observations on your part though - a good blog post that is generating a lot of good discussion. And that is *always* a good thing.

Re: Trenza had this idea too

[identity profile] patsmor.livejournal.com 2006-04-21 05:41 pm (UTC)(link)
Oh, sure -- this is just an illustration of the way that Google is sitting at the intersection of what I suspect will be a growing tension in coming years. On the memetic level, individual liberty vs. corporatism is turning back into A Big Issue, as it does from time to time.

It's been building as a big issue for some time; since Glee and I started consulting on how to build corporate use policies the major point has been that careful balance between "fun place to work" and "corporate needs." And appropriate notice. (And in the EU, what the regional regulations are.) I suspect we're at the widest point of the swing now, and it's going to start swinging the other way shortly (within a year or two).

It's going to get tied up in a nasty way with the "government security vs. individual liberty" issue for a while, tho, and that's going to be significantly difficult to untangle from the corporate interests.
Flat | Top-Level Comments Only