You are here

Online Safety

Why Security is Google's Achilles Heel -- Part II; Google values security much less than others do

"It’s not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question" said Michael Arrington of TechCrunch in a post defending his publishing of secret Twitter corporate information that was stolen from Twitter by "Hacker Croll" via Google's password system. See New York Times story.

Only last week I wrote a post "Why Security is Google's Achille's Heel."

My overall security thesis is simple.

Why Security is Google's Achilles Heel

Google's launch of a new PC operating system on the heels of its announcement ending the "beta" phase for its popular gmail, Calendar, Docs and Talk applications, is happening in the midst of a new era where cyber-security has been made a new national priority and internet security breaches are increasingly serious and commonplace.

  • All this naturally puts a spotlight on Google's approach to security, because Google is becoming increasingly central to so many people's Internet experience.

An examination of Google's own public representation of its corporate philosophy and design principles shows security/safety is simply not a priority for Google. In many respects, security is viewed as a hinderance to, or a drag on, Google's over-riding goal of speed-efficiency.

In Google's philosophy statement, "Ten things Google has found to be true" there is no mention of the importance of security/safety to Google or Google's users.

#3 point on the philosophy list says: "Fast is better than slow:"

No consumer control over commercialization of their privacy? -- Part XII Privacy-Publicacy Series

Increasingly the "underground currency" of the Internet is private data.

  • Private information is valuable to many Internet businesses, because in the absence of a system where consumers can assert ownership of and control over their privacy, privacy can be taken from them for free and profited from with little to no obligation to, or compensation due, to the affected user/consumer.  
  • In effect, the increasing practice of commercializing privacy by publicacy businesses increasingly creates new risks for consumers in return for little to no protection or reward.

Why are private data a de facto "underground currency" on the Internet? Well, most consumers are unaware that they are not in control of their private information. For example, a Consumer Reports 9-25-08 consumer survey found:

  • "61% are confident that what they do online is private and not shared without their permission;
  • 57% incorrectly believe that companies must identify themselves and indicate why they are collecting data and whether they intend to share it with other organizations;
  • 48% incorrectly believe their consent is required for companies to use the personal information they collect from online activities..."   

The current technology-driven, "Swiss cheese" privacy framework may be the worst of all possible worlds. 

The President Makes Cybersecurity a National Priority -- Internet's Growing Security Problem -- Part XII

The President's Cybersecurity announcement 5-29 was a game changer for the Internet. For the first time the U.S. Government officially declared the lack of cybersecurity as the Internet's biggest problem.

  • It is interesting to note there was instant disagreement with the President's assessment from some in the Web 2.0 world. Speakers at the Computers, Freedom, and Privacy conference in Washington this week said (per Washington Internet Daily) that:
    • "Cybersecurity threats in general are wildly overstated or portrayed as malevolent acts when some of the best known incidents have come through accidents or simple security holes."
  • I have been writing this now twelve-part series: "The open Internet's growing security problem" since the beginning of the year, precisely because many continue to deny the growing mountain of evidence from mainstream sources that the Internet security problem is getting worse not better. 
  • Fortunately, President Obama gets it.

Here is the latest mainstream evidence of the open Internet's growing security problem.

"Mysterious virus strikes FBI" ZDNet

Why New WH Cybersecurity Focus is a Game-Changer -- for the Internet and Net Neutrality

President Obama's new approach to cybersecurity likely is more of an Internet game-changer than many appreciate. Initial reporting and commentary has been superficial and has not connected dots or analyzed the broader logical implications of this new policy emphasis and trajectory.   

Why is it a game-changer for the Internet?

  • First, it formalizes a new leading priority for the Internet.
  • Second, it formalizes the lack of cybersecurity as the Internet's leading problem.
  • Third, it practically redefines what "open Internet" means.
  • Fourth, it practically takes any extreme form of net neutrality off the table. 

Moreover, the new cybersecurity focus will likely have a practical effect on the trajectory of Internet 3.0, which embodies:

  • Cloud computing (where security has not been a primary priority by many);
  • The Mobile web (where security has always been a very high priority); and
  • The Internet of Things (where security will be imperative to prevent theft, intrusion, and sabotage).

 

I.   Cybersecurity -- New #1 Internet Priority

President Obama said:

The Open Internet's Growing Security Problem -- Part XI

New evidence continues to spotlight the Open Internet's growing security problem. 

"Privacy is Over" -- Part VIII Privacy-Publicacy Fault-line Series

"All our information is being sucked into the cloud. Privacy is over." That was the bold declaration of Attorney Steve Masur at DCIA's P2P Media Summit per Washington Internet Daily.

  • Wow. As stark an assessment that that is, what really disturbs me is the thought process and tech ethic that underlies this view.
  • Mr. Masur is not alone, he is part of a growing publicacy mentality/movement that looks at privacy as:
    • A neandrethal expectation in the Internet Age,
    • Buzz-kill for Internet innovators, and
    • Road-kill for the cloud-computing bus speeding down the information super-highway.

My pushback here is the blind worship of technology or tech-determinism.

  • I define tech-determinism to be:
    • if technology or innovation can do it, it must be good; and
    • if something stands in the way of technology and innovation, like privacy, it is in the way and should be terminated. 

Did it ever occur to the tech determinists that if there is no privacy in the cloud, many won't go there?

  • Most users appreciate that technology should work for them, they don't work for technology.

Privacy isn't over. 

The Open Internet's Growing Security Problem -- Part IX

New evidence continues to spotlight the Open Internet's growing security problem. 

  • The growing catalogue of evidence from mainstream sources is getting harder and harder to ignore. See previous parts of the series:  I, II, III, IV, V, VI, VII & VIII.

"Internet security threat report finds malicious activity continues to grow at a record pace -- Web based attacks evolve as hackers target end-user information; Underground economy continues to thrive." Symantec

Is an Open Internet a Secure Internet? Open Internet's growing security problem -- Part VIII

High profile Internet security/safety/privacy problems continue to spotlight the Open Internet's growing security problem.

"Computer hacking attacks soar as gangs focus on financial data" -- FT

  • "Computer hackers stole more sensitive records last year than in the previous four combined, with ATM cards and Pin information growing in popularity as targets, according to a study..."

"Computer Attackers target popular sites in quest for profit" IBD

  • Symantec...  "found new varieties of malware rose 265% last year vs. 2007."
  • "This is about fraud and theft — I don't think there's any doubt in anyone's mind," said Dean Turner, director of Symantec's global intelligence network unit. "Where this is headed is not good for anybody."

"Computer Spies Breach Fighter Jet Project" WSJ

  • "...He spoke of his concerns about the vulnerability of U.S. air traffic control systems to cyber infiltration, adding "our networks are being mapped." He went on to warn of a potential situation where "a fighter pilot can't trust his radar."

"New Military Comand to Focus on Cybersecurity" WSJ

Pages

Q&A One Pager Debunking Net Neutrality Myths