You are here

Cybersecurity

Exposing Google's Systemic Privacy Vulnerabilities -- Part XXII of Publicacy vs Privacy series

Google's latest privacide admission -- that all of Google's roving StreetView vehicles around the world have been recording some of people's WiFi traffic/web behavior since 2007 -- should prompt privacy officials and the media to ask the simple question: why does Google serially keep having privacy scandals?

Simply Google will continue to have privacy scandals because Google has deep systemic privacy flaws and vulnerabilities -- by design.

  • At core Google philosophically believes in "publicacy" that the world is a better place with more openness/transparency rather than closed systems or private/proprietary information.
  • Thus Google has a publicacy mission, culture, business model, and no serious of effective system of management and internal controls to protect people's privacy.    

1.  Publicacy Mission: Google's infamous publicacy mission is to "organize the world's information and make it universally accessible and useful." It is their mission to collect whatever information they can, where ever they can, whenever they can without regard to whether it is private or proprietary information. As Google's repeated privacy flaps prove, they believe it is more efficient to ask for forgiveness than for permission.   

Questions for Google on its Latest Act of Privacide -- Part XXI Privacy vs. Publicacy series

Google's latest privacy-killing act of privacide is "Google's roving Street View spycam," which is not only taking pictures, but is also scanning to log WiFi network addresses and unique Media Access Control (Mac)addresses per Andrew Orlowski's excellent scoop at the Register.

Google's Titanic Security Flaws -- "Security is Google's Achilles Heel" Part VIII of Series

Well informed reports (that Google will not deny), that hackers breached Google's most sensitive software code, the Gaia password system, surface titanic security flaws at Google.     

Why Google is too big not to fail. 

1.  "Bigtable" Storage design: How Google stores and accesses "all the world's information" in and from its data centers is: "'Bigtable:' a Distributed Storage System for Structured Data." It is Google's innovation to maximize scalability, speed and cost efficiency -- not security, privacy, or accountability. Simply, Bigtable is an "all eggs in one basket" approach to information storage and access.

Google on Chrome: we don't need your permission

For skeptics of Google's need for more transparency and accountability, consider the latest disturbing example of Google Chrome not asking tens of millions of Internet users for their permission to gain wide open access to their computers and content -- when it clearly should ask for permission -- like every other Internet browser provider does.    

Per ComputerWorld's article: "Google's Chrome now silently auto-updates Flash Player." 

  • "Unlike other browsers, Chrome updates itself automatically in the background without asking for permission or prompting users that security fixes or new features are available." 
  • "Google uses a unique approach, they don't ask users [for permission to update], they just do it" said Peter Betlem, Senior Director of Flash Player Engineering.  

What this means is that unlike all other browsers or Google competitors, Google does not believe it needs permission from users to gain wide open access to users' entire computer software and all its private contents.

How Google and China are alike

Ever since Google announced it suffered a cyber-attack from China, Google's legendary PR machine has gone into overdrive, opportunistically framing the conflict as a good versus evil story, and positioning Google as the Internet's benign superpower defending free expresssion, and as a new kind of business that puts morality before money.   

  • Google understands it is easy to politically demonize China, because China's pervasive censorship and trampling of fundamental freedoms and human rights offend all freedom-loving people.

However, those willing to look behind the curtain of Google's self-serving political rhetoric here, will discover that many of the attributes that offend so many people about China, Google shares to an unfortunate extent.

  • Let's review four significant strategic similarities between Google and China -- brought to you in Google's own words.

First, Google's leadership, like China, has affirmatively chosen to not be democratically accountable.

Do you know where your Google data was last night?

Yale University has postponed its adoption of Gmail in part because of concerns that Google will/can not tell Yale where or in what country their private information/data will be stored -- per Yale Daily News.

  • "Google stores every piece of data in three centers randomly chosen from the many it operates worldwide in order to guard the company’s ability to recover lost information — but that also makes the data subject to the vagaries of foreign laws and governments, [Yale computer science professor Michael] Fischer said. He added that Google was not willing to provide [Yale] ITS with a list of countries to which the University’s data could be sent, but only a list of about 15 countries to which the data would not be sent."

It appears that Google continues to organize information for the benefit of Google's own engineering efficiency, simplicity and convenience -- without regard to what is best or safest for its users.

  • WHERE users private data is stored by Google has immense implications for users' privacy, security and whether or not their private data/communications are vulnerable to subpoena, with or without their knowledge.  

This is further evidence of Google's cavalier approach to privacy and security of users.

 

 

 

 

Big Brother 2.0: Google-NSA through foreigners' eyes

Today's New York Times front page story "Google's computing power betters translation tool" by Miguel Helft spotlights that Google arguably owns and operates "the world's largest computer." The article quotes a Google  engineering VP explaining that Google's unparalleled computing power enables Google to "take approaches others can't even dream of."

Combine the world's largest computer, with the best automated translation capability for most all of the world's top languages, with reports from the front page of the Washington Post that Google proactively sought help from America's top spy agency, the NSA, for its cyber-security vulnerabilities, and it is not surprising that foreigners would be growing increasingly wary of Google and the extraordinary potential power that Google holds over them. 

So what do foreigners increasingly see Google doing?

First, they increasingly see "The United States of Google," a term Jeff Jarvis coined in his book on Google. Shortly after Google publicly accused the Chinese Government of being behind or complicit in the cyber-attacks on Google:

Did Google Over-React to China Cybersecurity Breach? -- "Security is Google's Achilles Heel" Part VII

It appears Google impetuously over-reacted to the big cyber-security breach of Google and a reported ~30 other companies. Google alone publicly blamed China and only Google publicly pledged to stop censoring search results in China in retaliation.    

What is the evidence that Google impetuously over-reacted here?

First, Forbes reported: "Researchers Call Google Hackers 'Amateurs' -- A new report says the attack on the search giants network was far less sophisticated than it has claimed." Specifically:

  • "A great play is being made about how sophisticated these attacks were," says Damballa's vice president of research Gunter Ollman. "But tracing back the attacks shows that they were not sophisticated, and that the attackers behind them have a history of running multiple botnets with a variety of tools and techniques," many of which, he says, were far more rudimentary than Google or the cybersecurity industry has portrayed."

People incorrectly assume that because of Google's popularity, brand and reputation for innovation, that Google is  secure and cutting edge on cyber-security -- when in reality they are not.

How much should Google be subsidized?

Pending FCC policy proposals in the National Broadband Plan and the Open Internet regulation proceeding would vastly expand the implicit multi-billion dollar subisidies Google already enjoys, as by far the largest user of Internet bandwidth and the smallest contributor to the Internet's cost relative to its use.

Interestingly, the FCC's largely Google-driven policy proposals effectively would:

  • Promote Google's gold-plated, 1 Gigabit broadband vision for the National Broadband Plan at a time of trillion dollar Federal budget deficits;
  • Recommend a substantial expansion of public subisidies for broadband that would commercially benefit Google most without requiring Google to contribute its fair share to universal broadband service; and
  • Regulate the Internet for the first time in a way that would result in heavily subsidizing Google's out-of-control bandwidth usage. 

I.   Does Google need more subsidies?

Google is one of the most-profitable, fastest-growing, cash-rich companies in the world, with over $10b in annual free cash flow, 17% revenue growth, and ~$25b in cash on hand.

"Bold Practical" Questions for the Media & Democracy Coalition Panel Wednesday on Capitol Hill

The Media and Democracy Coalition, the leading advocates for the FCC to effectively take over management of the Internet and the American broadband industry are gathering on Capitol Hill 11 am Wednesday (Rayburn 2123) to present their policy recommendations to the FCC for a "Bold Practical National Broadband Plan." 

Here are some questions the panelists should be asked:

Pages

Q&A One Pager Debunking Net Neutrality Myths