Google Epitomizes Cyber Systemic Risk

Google’s unprecedented concentration of most all Web information, services, users, publishers, advertisers and developers, in combination with Google’s extensive track record of unethical, illegal, and predatory behavior, makes Google the epitome of cyber systemic risk to many industry ecosystems substantially affected by, or dependent on, the World Wide Web.

“Cyber systemic risk” is Internet-driven risk that threatens to destroy the business viability of industry ecosystems. (For more on “cyber systemic risk” see this chart on Precursor’s new website.)

The purpose of this summary analysis is to help ensure that Fortune 500 companies’ enterprise risk management programs have identified, and are diligently addressing, the potential severe cyber systemic risk Google may present to their enterprise, given that Google claims 60% of Fortune 500 companies are paying clients of Google’s enterprise services; and given the evidence below that shows Google to be an exceptional cyber systemic risk hiding in plain sight.

Summary of Google’s Unparalleled Cyber Systemic Risks

1. Single-point-of-failure
2. Linchpin as most depended-upon global Web platform
3. America’s cybersecurity Achilles heel
4. Untrustworthy track record
5. Abuse of information/market power

1.   Google’s Single-Point-of-Failure Cyber Systemic Risk

Google has become such a large and foundational bearing point for so much of the Web’s connections, services, production, efficiencies and benefits in the global digital economy, that Google increasingly represents a de facto single-point-of-failure, cyber systemic risk.

The Internet and Internet protocol are not prone to a single-point-of-failure because the US DOD originally designed them to survive a nuclear attack. However in stark contrast, Google’s Web platform is hyper-integrated, and near-totally centralized by design, to operate as the de facto largest single computer in the world.

While Google has fifteen data center locations globally, Google’s software platform is near perfectly integrated, unified, and centralized to optimize speed and efficiency, which creates a huge potential, single-point-of-failure, cyber systemic risk for any entity depending on Google for key parts of their business or operation.

Few have any idea how much of the Web depends on Google. 60% of Internet devices and users exchange traffic daily with Google’s servers; >50% of websites’ traffic involves Google analytics, hosting and ads daily; and ~25% of the Internet’s daily traffic is Google, per Deepfield research.  

The Web learned in August of 2013 that Google is in fact a real potential, single-point-of-failure, cyber systemic risk because global Internet traffic fell by 40 percent during a five minute period when Google suffered a complete global blackout of all its services.

2.   Google’s Linchpin Cyber Systemic Risk – As Most Depended Upon Global Web Platform

Few realize how central Google has become to global commerce in so many ways.  Even if an entity does not use or depend on Google directly themselves, indirectly they may depend on Google because their key customers, partners, suppliers, supply chain, data providers, exchanges, marketplaces, outsourced contractors, etc. may depend on Google to varying degrees that they do not appreciate – hence the “systemic” risk.  

Over two billion people have Google accounts which rely upon some of Google’s plethora of products and services to play their efficient part in the economy. Over a billion people use and rely on these Google services: Search, YouTube/video distribution, Maps/directories/location services, Gmail/communications, Android operating system, Chrome browser, Play app store, and a half billion active users rely on Google Translate.

Consider: Google search offers a uniquely large and comprehensive information set via the world’s largest index size >100 million gigabytes that’s generated from crawling over 60 trillion unique URLs. Android users check their smart phones 125 times a day, and Google’s #1 domain name server resolvers handle >70 billion DNS address requests daily.

Google claims five million organizations, including 60% of Fortune 500 companies, are paying active clients of its enterprise services.

Google serves 4 million advertisers, 2 million more than any other digital advertiser. Over 2 million websites are Google display ad partners and 1.2 million websites depend on Google Maps. ~98%  of the top 15 million websites globally depend on Google Analytics for their advertising livelihood.

All of this commerce, connection, and economic activity depend entirely on one single hyper-integrated/unified/centralized software platform system that two years ago proved that it can fail completely without warning.

3.   Google is America’s Cybersecurity Achilles Heel, Cyber Systemic Risk

Overwhelming evidence indicates that Google is the weakest link in America’s cybersecurity chain.

Google’s ecosystem has already been near totally compromised by Chinese hackers. Quantitatively, Google is the biggest hacker target in the world because it controls the world’s largest Internet ecosystem of people and information. Qualitatively, Google is the biggest hacker target by virtue of Google’s comprehensive and intimate profiles on over two billion people and its unique mission to "organize the world's information and make it universally accessible and useful."

In addition, Security is not a high priority to Google; it is subordinate to speed, scale and first mover advantage. Google also does not believe security is Google’s responsibility, and as a result it is most prone to malware. Moreover, Google is culturally and philosophically averse to strong cybersecurity. Hence it should be no surprise that Google’s Android operating system has rapidly grown into Google’s cybersecurity weakest link.

4.   Google’s track record has a proven Google untrustworthy

For a company that so many blindly depend on for so much, and that is assumed to operate as a responsible corporate citizen, overwhelming evidence indicates that the current effective global blanket assumption of trust in Google is epically flawed.

The evidence shows Google: fosters a culture of unaccountability; deceptively brands and misrepresents its business;  evades sovereign accountability; flouts the rule of law; operates in an irresponsible unsafe manner; takes others’ intellectual property; and disrespects users’ privacy.  

5.   Google has unparalleled information/market power to disintermediate with impunity

Google surveils more people and businesses, in more ways, for more data, than any other entity. Google is also involved in widespread wiretapping.    

Only Google’s commercial surveillance syndicate tracks most all users and businesses’ customers via Google Analytics at 98% the top 15 million websites; Google pays 2 million websites ~$12b yr to collect data on users’ and business customers’ behavior, interests and locations; and ~90% digital advertisers  pay Google ~$60b yr to target users via data profiles.

Google’s data dominance is purposeful. No other entity in the world has a stated omniscient mission; an omnivorous information and surveillance appetite; a practically omnifarious repertoire of products/services to collect information; and practically omnipotent web ambitions.

Google’s data dominance is lasting because it is the only ecosystem in the world where: users/buyers can go for ~all information; publishers can go for ~all advertisers/readers/viewers; and advertisers/sellers can go for ~all users/buyers. No other entity can match Google’s rapidly consolidating scale, scope, reach and capabilities.

Many resultant Google anticompetitive risks threaten many Fortune 500 enterprises via:

• Gatekeeper power to unilaterally dictate what online content most people, including businesses’ customers, discover, read, view & share;  
• Bottleneck power to unilaterally pick market winners and losers not on merit or competition;
• Market power to dictate ad prices and advertising payouts to partners that provide half of all Google searches;
• Market power to corner or manipulate markets from Google’s unique omni-tracking perspective of supply, demand, prices, and inventory of actual and potential Fortune 500 competitors;  
• Unregulated data-dealer/broker powerto self-deal, anti-competitively discriminate, and hide conflicts of interest; and
• Meta Information power to disintermediate and commoditize much of the global economy and many Fortune 500 businesses in at least these following industries: advertising, content, distribution, software, cloud, shopping, travel, hospitality, communications, insurance, financial services, real estate, transportation, delivery services, energy services, satellites, military contracting, artificial intelligence, robotics, health care, genomics, wearables, etc.

Conclusion:

In sum, Google manifests real and serious cyber systemic risk to many Fortune 500 companies.  

At a minimum, many Fortune 500 companies should evaluate if Google’s unparalleled cyber systemic risks present material enterprise risk to their businesses, warranting becoming part of their enterprise risk management (ERM) processes.

That’s because the evidence here exposes that many Fortune 500 companies face dramatically more enterprise risk from Google than they or their enterprise risk management processes currently appreciate or reflect.

Out of sight may be out of mind, but not out of danger.

Forewarned is forearmed.

Scott Cleland served as Deputy U.S. Coordinator for International Communications & Information Policy in the George H. W. Bush Administration. He is President of Precursor LLC, an emergent enterprise risk consultancy for Fortune 500 companies, some of which are Google competitors, and Chairman of NetCompetition, a pro-competition e-forum supported by broadband interests. He is also author of “Search & Destroy: Why You Can’t Trust Google Inc.” Cleland has testified before both the Senate and House antitrust subcommittees on Google and also before the relevant House oversight subcommittee on Google’s privacy problems.