Internet Security

In another Google fit of no-self-awareness, Google has launched a new web tool that they call the "transparency report" in order to promote transparency as "a deterrent to censorship," per a Google spokeswoman in the NYT's Bits Blog.

While I applaud the tool and Google's effort to promote transparency as a deterrent to censorship, the effort appears disingenuous because of Google's double standard that others must submit to transparency, but not Google.

Google's tool will have "a map that shows every time a government has asked Google to take down or hand over information, and what percentage of the time Google has complied," per the NYT's Bits Blog."

If transparency is good:

The top U.S. spy agency for mapping announced a no-bid digital mapping contract with Google on August 19th. However, after media inquiries, the agency modified the contract's no-bid format, but made clear "the agency's intention to award the contract to Google without entertaining competitive bids" -- per a Fox News story by James Rosen.

• Wow. There are large and broad implications of this remarkable new development for: privacy, security, antitrust, Google's international business, and Government oversight.
• The fact that this was announced in late August, when precious few are paying attention, should heighten everyone's Big Brother Inc. antennae.

Has anyone in a position of authority or oversight even begun to think through the irony and stupidity of contracting out the Nation's most sensitive intelligence gathering and analysis function to a company that has:

The fateful policy decision by the FTC/DOJ to exclude privacy as a factor in antitrust enforcement has fostered a perverse market dynamic where many online advertising companies now effectively compete on the basis of who can most take advantage of consumer privacy fastest, rather than compete on the basis of who can best protect consumer privacy. 

• Consumers' online privacy Waterloo was the FTC's failure in its 2007 review of Google-DoubleClick to fundamentally understand the online advertising business model, i.e. that consumers are not the "customer" of online advertising, but the "product" that Google and DoubleClick effectively sell to advertisers and publishers.
• In getting it wrong that consumers are the real "customer" in Google's online advertising brokering-triangle of advertisers, publishers and users, when users don't pay Google at all, the FTC fundamentally misunderstood consumers' real interests.
• The FTC unwittingly aimed the worst part of this business model's privacy arbitrage at consumers' vulnerabilities rather than aiming it at protecting consumers' privacy. 

This analysis will show: 

• The implications of exempting privacy from antitrust enforcement;
• Why privacy is an antitrust issue;
• How consumers are harmed by exempting privacy from antitrust enforcement; and
• In conclusion, how Google has become the "poster child" of this problem.  

I.   Implications of exempting privacy from antitrust enforcement.   

37 States are now involved in a "powerful multi-state investigation" of "Google's Streetview snooping" per a press release from investigation leader, Connecticut Attorney General Richard Blumenthal, who released a new follow-up letter to Google asking for more information and clarification of its representations to date. 

The letter shows the investigation is very serious. Its prosecutorial exactness strongly suggests that investigators believe Google has not been forthright in its answers to date and that it could be covering up material information to the investigation. 

• Several questions in the letter also indicate that the investigators are seriously concerned about the integrity and completeness of Google's systems of internal controls and supervision to ensure the safety and privacy of consumers. 

What appears to be the most problematic line of inquiry is whether or not Google tested this software before it was used in public to collect private information on consumers. 

In an exceptionally uncharacteristic low-key PR manner for Google, Google announced on its blog in one sentence that China renewed its license to operate in China.

• "Update July 9:
  We are very pleased that the government has renewed our ICP license and we look forward to continuing to provide web search and local products to our users in China."
  

What's the rest of the story here?

Google and China have been at loggerheads with one another in one of the highest-of-profile international standoffs between a private company and a superpower in modern history, since Google publicly accused China in January blogpost of being complicit in a hack of Google that resulted in the theft of Google's intellectual property, (which John Markoff of the New York Times reported was the extremely sensitive computer code for Google's password control system.) 

What is the quid pro quo here?

Google's wanton "wardriving," i.e. detecting, accessing, and recording residential WiFi networks in 30 countries for over three years, was not simply a "mistake," "inadvertent," or an "accident" as the Google's PR machine has spun it. The evidence to the contrary is overwhelming to anyone who bothers to examine it closely. 

• Google's wanton wardriving was either: gross incompetence/negligence or wrongdoing. 
  • Government investigators must determine for themselves via subpoena, whether or not anyone at Google, in a supervisory or management position, knew that this private "payload" data was being collected, and whether or not this private data had been accessed, copied, analyzed, or used by Google in any way.

The case for why Google's wanton wardriving is more than just a "mistake."        

I.  Identifying the questionable practice: "Wardriving"

Google's latest privacy-killing act of privacide is "Google's roving Street View spycam," which is not only taking pictures, but is also scanning to log WiFi network addresses and unique Media Access Control (Mac)addresses per Andrew Orlowski's excellent scoop at the Register.

Well informed reports (that Google will not deny), that hackers breached Google's most sensitive software code, the Gaia password system, surface titanic security flaws at Google.     

Why Google is too big not to fail. 

1.  "Bigtable" Storage design: How Google stores and accesses "all the world's information" in and from its data centers is: "'Bigtable:' a Distributed Storage System for Structured Data." It is Google's innovation to maximize scalability, speed and cost efficiency -- not security, privacy, or accountability. Simply, Bigtable is an "all eggs in one basket" approach to information storage and access.

The abrupt change, that Google's CEO Eric Schmidt will no longer be accountable to shareholders on Google's earnings calls, should prompt investors to ask why? 

• Google claimed that they wanted to put more focus on Google's strong financials, but they did not disclose any more than Google's usual barest of minimum of information to investors.  
• The most obvious reason for this abrupt change is the literal explosion of real franchise liabilities and risk overhangs to Google that reared their ugly heads this past quarter. 
  • Had CEO Schmidt been available to answer investor questions, Google's exploding liabilities could have dominated the Q&A and the investment narrative coming out of the earnings call.

What has changed, and what Google has been not been open about, is the very serious ripening of three different types of going-forward franchise risks (antitrust, privacy/security, and intellectual property) that cumulatively herald a de facto change in Google eras: from the roaring "Growth Decade" of 2000-2009, to the more unpredictable "Liability Decade" of 2010- 2019.

For skeptics of Google's need for more transparency and accountability, consider the latest disturbing example of Google Chrome not asking tens of millions of Internet users for their permission to gain wide open access to their computers and content -- when it clearly should ask for permission -- like every other Internet browser provider does.    

Per ComputerWorld's article: "Google's Chrome now silently auto-updates Flash Player." 

• "Unlike other browsers, Chrome updates itself automatically in the background without asking for permission or prompting users that security fixes or new features are available." 
• "Google uses a unique approach, they don't ask users [for permission to update], they just do it" said Peter Betlem, Senior Director of Flash Player Engineering.  

What this means is that unlike all other browsers or Google competitors, Google does not believe it needs permission from users to gain wide open access to users' entire computer software and all its private contents.