Internet Security

Yale University has postponed its adoption of Gmail in part because of concerns that Google will/can not tell Yale where or in what country their private information/data will be stored -- per Yale Daily News.

• "Google stores every piece of data in three centers randomly chosen from the many it operates worldwide in order to guard the company’s ability to recover lost information — but that also makes the data subject to the vagaries of foreign laws and governments, [Yale computer science professor Michael] Fischer said. He added that Google was not willing to provide [Yale] ITS with a list of countries to which the University’s data could be sent, but only a list of about 15 countries to which the data would not be sent."

It appears that Google continues to organize information for the benefit of Google's own engineering efficiency, simplicity and convenience -- without regard to what is best or safest for its users.

• WHERE users private data is stored by Google has immense implications for users' privacy, security and whether or not their private data/communications are vulnerable to subpoena, with or without their knowledge.  

This is further evidence of Google's cavalier approach to privacy and security of users.

Today's New York Times front page story "Google's computing power betters translation tool" by Miguel Helft spotlights that Google arguably owns and operates "the world's largest computer." The article quotes a Google  engineering VP explaining that Google's unparalleled computing power enables Google to "take approaches others can't even dream of."

Combine the world's largest computer, with the best automated translation capability for most all of the world's top languages, with reports from the front page of the Washington Post that Google proactively sought help from America's top spy agency, the NSA, for its cyber-security vulnerabilities, and it is not surprising that foreigners would be growing increasingly wary of Google and the extraordinary potential power that Google holds over them. 

So what do foreigners increasingly see Google doing?

First, they increasingly see "The United States of Google," a term Jeff Jarvis coined in his book on Google. Shortly after Google publicly accused the Chinese Government of being behind or complicit in the cyber-attacks on Google:

It appears Google impetuously over-reacted to the big cyber-security breach of Google and a reported ~30 other companies. Google alone publicly blamed China and only Google publicly pledged to stop censoring search results in China in retaliation.    

What is the evidence that Google impetuously over-reacted here?

First, Forbes reported: "Researchers Call Google Hackers 'Amateurs' -- A new report says the attack on the search giants network was far less sophisticated than it has claimed." Specifically:

• "A great play is being made about how sophisticated these attacks were," says Damballa's vice president of research Gunter Ollman. "But tracing back the attacks shows that they were not sophisticated, and that the attackers behind them have a history of running multiple botnets with a variety of tools and techniques," many of which, he says, were far more rudimentary than Google or the cybersecurity industry has portrayed."

People incorrectly assume that because of Google's popularity, brand and reputation for innovation, that Google is  secure and cutting edge on cyber-security -- when in reality they are not.

Ellen Nakashima may have a career-making scoop with her front page Washington Post investigative reporting piece: "Google to enlist NSA to help ward off cyberattacks."  

• As Publisher of the Google watchdog site, www.GoogleMonitor.com, I can't say I am surprised about a Google-NSA connection, especially given that over the last year my PrecursorBlog has posted: 

1. An 18-part "Privacy vs. Publicacy" series;
2. A 6-part "Security is Google's Achilles Heel" series; and 
3. A 16-part "The Open Internet's Growing Security Problem" series. 

Ms. Nakeshima's revelation that Google sought out NSA's help shortly after it suffered massive cyber-attacks, apparently from China, opens a Pandorra's Box of privacy issues given that Google's aggressive "publicacy" (anti-privacy) business model, policies and practices have shown little respect for people's privacy in practice over the last decade.

My vote for quote of the month on Google was "If Google can drop China, it can drop you."

This profound razor-sharp insight was said by Howard Shelanski, speaking for himself, not the Federal Trade Commission, at the Free State Foundation's annual conference at the National Press Club in Washington DC on Friday. 

Mr. Shelanski is currently Deputy Director of the Bureau of Economics at the FTC, a former Chief economist at the FCC, and a widely respected economist and antitrust expert. 

I am spotlighting his quote because it sheds light on the broader implications of the world censorship policeman role Google is asserting for itself in the world. 

If Google is going to take the position that it unilaterally will withdraw access to its search engine from hundreds of millions of Chinese, if the Chinese Government does not do what Google tells it to do, it puts everyone else in the world on notice that Google has the power, interest and wherewithal to withdraw access to its search engine to anyone who might disagree with Google politically.      

The theft of Google's source code is the under-appreciated and under-reported new development in Google's big announcement of Google's "new approach to China" and its apparent decision to withdraw its business from China if China continues to insist that Google censor search results for in-country Chinese.  

• Google: "In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google." [Bold emphasis added]

Only Google would think it was a good idea to have a Director of Security for Google Apps, Eran Feigenbaum, who is also a professional magician/mentalist. A ValleyWag post first spotlighted this frightening irony/bad joke. 

Let's review what a magician and mentalist does:

• Per Dictionary.com:
  • A "magician" is: "an entertainer who is skilled in producing illusion by sleight of hand, deceptive devices." 
  • A "mentalist" is: "a mind reader, psychic, or fortuneteller." 

Security is very serious business. Given that Google arguably has collected and stored more recent private information... on more people without their meaningful permission... than any entity in the world... one would think that Google would treat security as very serious business too.    

People want real security, not the illusion of security. Security is deadly serious; its not for show.

What is most disturbing about Google's judgment here is that this is not an isolated issue undermining confidence in Google's committment to security; see the other parts of the series on "Why Security is Google's Achilles Heel," to learn how this is part of a broader disturbing pattern of Google not taking security seriously.  

I kid you not. Google's latest antitrust defense, from the mouth of Dana Wagner, Google's lead antitrust lawyer, is: "We want to be Santa Claus. We want to make lots of toys that people like playing with. But if you don't want to play with our toys, you've got us."

• See the quote for yourself at the very end of a Globe and Mail article entitled: "Google: we're not evil and we're not a monopoly either."
  • Google's Mr. Wagner continues: “In a West Coast company run by engineers, I don't think there was much attention paid to being in Ottawa, being in D.C. and telling your story,” Mr. Wagner says. “If you don't tell your story, other people do it for you.”

Let me attempt to unpack the irony of this new story/metaphor of which Google has taken ownership. 

Most companies when they tell their corporate "story" try to "put their best foot forward," but no one but Google would think to try and slip jolly megalomaniacal corpulence down the narrow chimney of public credibility.  

Only Google would have so little real-world self-awareness as to choose to wrap itself in the beloved mythical role of Santa Claus who has the unique power to decide who has been good or "evil" during the last year, and the unique power to reward those who have been "good" in Google's eyes with toys and punish those who have been "evil" with coal in their stocking. 

Only Google would think it was good PR to allude to Google's secret search algorithms and auction "quality scores" as a worldwide "naughty and nice" list.

Kudos to Link Hoewing's insightful post on "The Internet's Evolution and Network Management" on Verizon's Policy Blog.  

• Its an important analysis and perspective for anyone wanting to understand how FCC regulation of the Internet and network management could negatively and seriously harm innovation and the Internet's natural evolution.

The lead WSJ story today, "Arrest in Epic Cyber Swindle" covering the cybercrime ring theft of over 130 million credit/debit cards, is a stark high-profile reminder of the very real and pervasive Internet problem of lack of cybersecurity. 

• In the face of overwhelming mainstream evidence that lack of cybersecurity is the Internet's #1 problem (see links below), including President Obama's declaration that cybersecurity must be a new national security priority in his 5-29 cybersecurity address, it is perplexing that none of the FCC's National Broadband Plan workshops are on cybersecurity. 
• It is hard to see how the Open Internet's growing security problem can be addressed and mitigated over time, if the U.S. Government's main big picture policy effort addressing the broadband Internet, the National Broadband Plan, does not even collect input from the public or experts on the Internet's #1 problem -- lack of cybersecurity.
• The first step in solving a big problem is acknowledging there is one.