Internet Security

Google's deep aversion to securing the permission of others before doing something that affects them is central to Google's famed "innovation without permission" ethos. Sadly, it is also the wellspring of Google's infamous privacy and security problems.

Where does Google's deep aversion to permission come from? From Google's founders, Larry Page and Sergey Brin, according to their mentor Terry Winograd, in Ken Auletta's book "Googled."

• "Winograd describes his former students as impatient: 'Larry and Sergey believe if you try and get everybody on board, it will prevent things from happening. If you just do it, others will come around to realize they were attached to the old ways that were not as good.' The attitude, he said 'is a form of arrogance.'"

This week we witnessed the latest high profile example of Google's deep aversion to getting the permission of others.

A few days ago, Google announced that it remotely disabled malware-infected Android applications without the permission of 260,000 Android users who bought or downloaded infected applications from Google's app store.

See a preview below of Google's likely official public apology for collecting kids' partial Social Security #s and other private information -- without the permission of their parents.

Per Google's Official Blog:

"We are deeply sorry, very very sorry, and even oh-so-sorry for collecting partial social security numbers, date and place of birth on kindergartners and grade schoolers participating in the Doodle-4-Google contest.

It is stunning that Google's decision to side with Julian Assange's Wikileaks and make all the stolen secret, private and proprietary Wikileaks information universally accessible to the world via Google search, has gotten virtually no media attention, given the:

• International carnage and controversy caused by Wikileaks reprehensible actions;
• Media's broad coverage of Wikileaks;
• Google's serial disrespect for others as evidenced by its serial privacy, IP, cybersecurity, and antitrust problems around the world that have been broadly covered by the media; and
• Google is the world's leading source for accessing Wikileaks secret, private and proprietary information.

When Google's Acting CEO Eric Schmidt told the DLD media conference in Munich (as reported by Reuters):

Larry Page is very different from Eric Schmidt, consequently he will be a completely different Google CEO.

• Mr. Page is the internal hardliner and the main driving force behind Google, providing the uber-ambition, the "open" philosophy/ideology zeal, the passion-for-innovation, and the impatient, aggressive take-no-prisoners approach to most everything Google does.
• Mr. Page has always been the penultimate power, final decision-maker and driving force inside Google behind the scenes.
• Mr. Schmidt has been the co-founders' public face and very able implementer and businessman.

The biggest difference people will notice will be external relations.

First, Schmidt and Page are polar opposites when it comes to external relations.

Julian Assange's reprehensible Wikileaks data breaches of secret, private and proprietary information to the web, endangering lives, diplomacy and peace, has thrust to the forefront of public debate: what are the responsible boundaries of an "Open Internet?"

• It is an especially timely debate given that the FCC is proposing an "Open Internet Order" for FCC decision on December 21st, and given that the FCC is trying to officially define what an "open Internet" is for the first time, in order to restrict what competitive broadband Internet providers can and cannot do.

It is instructive that the term "open Internet" is found nowhere in law.

Julian Assange's likely-criminal dissemination of many nations' secret national security information via Wikileaks --  in posting secret, proprietary, and private information that clearly endangers lives, diplomacy and peace -- has exposed one of the darkest sides of the broad open Internet movement, which pushes radical transparency, and general disrespect for secrets, confidentiality, privacy, and intellectual property -- to varying degrees.

• Assange tries to justify his reckless, irresponsible and destructive acts by claiming to "Keep Governments Open," without bothering to explain the problem his destructive acts are supposed to solve.

It ironic that the Open Internet Coalition is lobbying the FCC hard now to have the Government force Title II telecom utility regulation on private competitive broadband companies in the name of "openness" -- when there is no identifiable or proven problem to solve.

It is especially ironic that leading corporate proponents of the Open Internet Coalition have been so slow to condemn the obvious harm and criminality of Assange's destructive "open" Wikileaks, but are so quick to condemn competitive broadband companies for not being "open" enough -- when the coalition's  definition of "open" is fluid, and when the coalition has no evidence that broadband providers are not being "open."

If it is now so clear that Assange's Wikileaks are a serious problem, why did it take three massive wikileaks over a period of several months for Open Internet member:

Hackers have discovered a new serious security vulnerability in certain Android smartphones that is not easily or quickly patched because of Android's open and fragmented platform -- per Joseph Menn's report in the FT.

• Specifically an HTC Android browser vulnerability enables a hacker to take broad control of an Android device.

The potential security implications of this are even more serious than they first appear.

Google's latest privacy controls are a bad joke, certainly not sufficient to warrant the FTC completely absolving serial privacy violator Google from all responsibility in the Google WiSpy Affair, especially given that other law enforcement bodies have found misrepresentation of facts and violation of users' privacy.

• Hopefully, the FCC's investigation of Google WiSpy will not look the other way like the FTC apparently did, when a Fortune 200 company with the industry's longest privacy violation rap sheet, was caught red-handed violating millions of Americans' privacy and found to have misrepresented facts and misled investigators, got off without any FTC sanction, oversight or accountability whatsoever.

Why are Google's latest privacy controls insufficient?

First, Google's leadership is clearly not publicly supportive of more privacy controls, but openly skeptical and defiant that Google does not need to alter its approach to innovation to better protect privacy and security.

Google won't allow you to opt-out of their location tracking for search, we learn from CNET's Chris Matyszczyk's outstanding post "How Google stops you hiding your location."

• Kudos to Mr. Matyszczyk for spotlighting this latest "creepy line" Google default mandate.

What does this mean?

First, it means that Google has not learned much from its serial privacy problems, like Google setting a default that everyone's house should be included in StreetView photographing and Spi-Fi signal recording, and everyone that signed up for Google Buzz by default should share their Gmail addresses with the public.

Second, it means that Google profiles and tracks your location by default and that you can't opt out from Google knowing where you are, you can only select what local setting Google will use to customize your search results.

Congress needs to conduct oversight hearings to learn why the FTC is apparently giving Google special treatment, and more specifically why the FTC inexplicably dropped its Google StreetView spi-fi privacy probe without any charges, before it even learned all the facts, and without any accountability mechanism in place to protect consumers or prevent repeat violations.

Google's wanton wardriving in 33 countries for over three years secretly recording people's WiFi transmissions, including full emails and passwords, arguably is the single broadest privacy breach in the Internet era. And the FTC did nothing. And the FTC sees no need for any further action. Amazing.

What's wrong with this picture? A lot. A better question might be what's right with the FTC-Google privacy enforcement picture?