You are here

Internet Security

My Network World Interview on Google's Privacy & Security

My Network World interview with Ms. Smith, the Privacy and Security Fanatic, about: Search & Destroy Why you can't Trust Google, is here. The link to my book site is here.

Announcing My New Book: Search & Destroy Why You Can't Trust Google Inc.

I've long thought there was a big untold story about Google, essentially a book all about Google, but told from a user's perspective, rather than the well-worn path of Google books told largely from Google's own paternal perspective.




Given that Google is the most ubiquitous, powerful and disruptive company in the world, it seemed logical to me that users, and people affected by Google, had a lot of important and fundamental questions about Google that no book had ever tried to answer in a straightforward and well-defended manner.

Google vs Apple: How Business Models Drive Disrespect vs Respect for Privacy

How business models are aligned or not with users' privacy interests, will be spotlighted at the Senate Judiciary hearing Tuesday on "Protecting Mobile Privacy" featuring Google and Apple officials as witnesses.


  • Expect the term "privacy conflict of interest" to become more common and important as companies who don't work for users, hurtle into the future increasingly tracking, analyzing and using users' private information and behavior without users' meaningful consent.


While the Senate Subcommittee on Privacy will hear from both Google and Apple witnesses on how their companies handle users' WiFi location data, their testimony will provide stark contrast in the companies' privacy conflicts of interests.

Google vs Apple concerning alignment with users' interests:

First, 97% of Google's ~$30b in annual revenues comes from advertisers, whereas ~99% of Apple's ~$87b in annual revenue comes directly from customers who buy and use Apple's products and services.


Google's Anti-Management Bias Problem

In a remarkable admission for a senior public company executive, Google Chairman and longtime former CEO Eric Schmidt told Gigaom: "At Google, we give the impression of not managing the company, because we don't really. It sort of has its own borg-like quality if you will. It sort of just moves forward."

If the executives ultimately responsible for "managing the company" to ensure it proactively respects users' privacy, vigilantly guards against security and data breaches or property infringement, is not really "managing the company," it now makes sense why Google has so many privacy scandals, and security and property infringement problems.

Generally protecting privacy, security and property rights are not engineering goals unless company management and managers have internal control and management focus, systems, processes, and procedures to ensure they are a priority to engineering teams.

Google's lack of interest in management execution is evident in Google's:


Google WiSpy II & Privacy Scandal #11 vs. Apple's Respect for Privacy

The current media and Congressional interest in the new revelation that Google and Apple have collected WiFi location information has largely missed an exceptionally salient point -- Google and Apple have very different privacy track records stemming from their very different attitudes toward privacy.

Google Privacy Scandal #11:

DOJ: Google Misrepresents Govt. Security Certification -- Google's Federal Rap Sheet Grows

Google's ignominious Federal rap sheet only grows longer.


  • Friday the DOJ effectively charged Google with misrepresentation to the public.
    • Google represented that its cloud service for Government was certified under the Federal Information Security Management Act (FISMA) since last July, when in fact it was not FISMA-certified for the product that Google claimed it was.
  • This latest Google misrepresentation revelation came in a DOJ filing to the Federal Court which is hearing Google's case against the Department of Interior of the U.S. Government:
    • "On December 16, 2010, counsel for the Government learned that, notwithstanding Google's representations to the public at large, its counsel, the GAO and this court... Google does not have FISMA certification for Google Apps for Government."


I.   What does this mean?

Key Questions for Google's New CEO Larry Page

When the world's most powerful company gets a new CEO for the first time in a decade, everyone naturally has a lot of questions.


  • When new Google CEO Larry Page decides to become accessible to people outside the insular Googleplex, here are some key questions to ask Mr. Page about: priorities, management philosophy, privacy, antitrust, intellectual property, and social responsibility.




Google's No Privacy by Design Business Model

Popular bipartisan interest in safeguarding consumers privacy in the U.S. and Europe confronts Google with a core strategic problem because Google's targeted advertising business model is no "privacy by design" and no "privacy by default."


  • Google bet wrong and big in assuming that since technology made it so much easier to track and profile users for targeted advertising, users would just accept the new loss of privacy and users and governments would never enforce user demand for choice to protect their privacy.
  • Google's all-in company bet on openness, transparency, and sharing, was also a strategic bet against robust privacy, security, and property protections.
  • In choosing to brand itself as the penultimate "White Hat" player promoting "openness," Google has effectively designed its business, architecture, and brand to be the main "Black Hat" player on privacy.


Google's No Privacy By Design model is unique.


If Google Explained Its Branding of Social as: "Circles"

Google's imaginary spokesmodel Brandi Sparkles explained the logic and thinking behind Google considering branding its new Social media effort and "Facebook Killer" service -- "Circles" -- in the following statement.

"After analyzing everything that everyone has ever said privately or publicly about the word "circles" in digital recorded history, Google's skynet computer decided that Google should name its secret "Facebook-killer" social media service -- drum roll please -- "Circles!!!" (Cue: The digital crowd and the media Googlerati should now roar with approval and delirium at witnessing branding perfection by artificial intelligence. Pretty cool! Pretty cool!)

Google's skynet computer liked the many connotations that spring to mind when one hears the words: "Google Circles."


Google's Deep Aversion to Permission -- "Security is Google's Achilles Heel" -- Part XI

Google's deep aversion to securing the permission of others before doing something that affects them is central to Google's famed "innovation without permission" ethos. Sadly, it is also the wellspring of Google's infamous privacy and security problems.

Where does Google's deep aversion to permission come from? From Google's founders, Larry Page and Sergey Brin, according to their mentor Terry Winograd, in Ken Auletta's book "Googled."

  • "Winograd describes his former students as impatient: 'Larry and Sergey believe if you try and get everybody on board, it will prevent things from happening. If you just do it, others will come around to realize they were attached to the old ways that were not as good.' The attitude, he said 'is a form of arrogance.'"


This week we witnessed the latest high profile example of Google's deep aversion to getting the permission of others.

A few days ago, Google announced that it remotely disabled malware-infected Android applications without the permission of 260,000 Android users who bought or downloaded infected applications from Google's app store.



Q&A One Pager Debunking Net Neutrality Myths