You are here
State Dept. Adopting Google Chrome -- What are they thinking?
Submitted by Scott Cleland on Fri, 2012-03-02 17:16
Count me as totally perplexed how the supposedly-security-minded U.S. State Department could decide to adopt security-challenged Google's Chrome browser for worldwide use by the State Department. What are they thinking?
Chrome is a consumer-grade, ad-supported, tracking-driven browser. By design Chrome has an advertising default omni-tracking capability inappropriate for Federal Government secret classified work. For the first time only last week, Google begrudgingly committed to offering a voluntary do-not-track capability for Chrome by the end of 2012 as part of the White House brokered Online Privacy Bill of Rights. However, will Google respect the State Department's right to secrecy? That's a very fair question given that…
Google alone publicly indexed all of Wikileaks' stolen State Department secret cables. Just a year ago, Google CEO Eric Schmidt told the DLD media conference in Munich: "Has Google looked at the appropriateness of indexing WikiLeaks? The answer is yes, and we decided to continue because it's legal."... Reuters reported: "Schmidt said Google had considered stopping indexing confidential cables released by WikiLeaks, but had decided to carry on. Some other U.S. organizations have bowed to government pressure to stop cooperating with the controversial site."
Security is Google's Achilles Heel. Some have suggested that Chrome is a safe browser because it survived a big money hacking contest. With Google+ integrating ~60 Google services to synch together seamlessly, Google's security is now only as strong as its weakest link.
Google has twice misrepresented its security capabilities to Governments. First, in a filing with a Federal Court, the DOJ said: "On December 16, 2010, counsel for the Government learned that, notwithstanding Google's representations to the public at large, its counsel, the GAO and this court... Google does not have FISMA certification for Google Apps for Government." Second, over a year after contractually promising that Google could ensure the privacy and confidentiality of LAPD communications with other law enforcement and confidential sources, Google admitted last fall that it could not provide the contractually required level of privacy/security.
In sum, as a former State Department employee and former Deputy Assistant Secretary of State during the George H.W. Bush Administration, I care deeply about the security and privacy of the State Department's communications and activities offline and online. I can appreciate how sensitive the State Department's information and activities are and how much incalculable damage the Wikileaks' breach must have done.
I hope and trust for the State Department's, and the Nation's, sake that the appropriate people responsible for preventing security breaches have fully-vetted this decision and are doing more than just trusting Google, but verifying if that trust is fully-warranted in this case.
See other related Precursor LLC research: