Cybersecurity

In an exceptionally uncharacteristic low-key PR manner for Google, Google announced on its blog in one sentence that China renewed its license to operate in China.

• "Update July 9:
  We are very pleased that the government has renewed our ICP license and we look forward to continuing to provide web search and local products to our users in China."
  

What's the rest of the story here?

Google and China have been at loggerheads with one another in one of the highest-of-profile international standoffs between a private company and a superpower in modern history, since Google publicly accused China in January blogpost of being complicit in a hack of Google that resulted in the theft of Google's intellectual property, (which John Markoff of the New York Times reported was the extremely sensitive computer code for Google's password control system.) 

What is the quid pro quo here?

Google's wanton "wardriving," i.e. detecting, accessing, and recording residential WiFi networks in 30 countries for over three years, was not simply a "mistake," "inadvertent," or an "accident" as the Google's PR machine has spun it. The evidence to the contrary is overwhelming to anyone who bothers to examine it closely. 

• Google's wanton wardriving was either: gross incompetence/negligence or wrongdoing. 
  • Government investigators must determine for themselves via subpoena, whether or not anyone at Google, in a supervisory or management position, knew that this private "payload" data was being collected, and whether or not this private data had been accessed, copied, analyzed, or used by Google in any way.

The case for why Google's wanton wardriving is more than just a "mistake."        

I.  Identifying the questionable practice: "Wardriving"

Google's latest privacide admission -- that all of Google's roving StreetView vehicles around the world have been recording some of people's WiFi traffic/web behavior since 2007 -- should prompt privacy officials and the media to ask the simple question: why does Google serially keep having privacy scandals?

Simply Google will continue to have privacy scandals because Google has deep systemic privacy flaws and vulnerabilities -- by design.

• At core Google philosophically believes in "publicacy" that the world is a better place with more openness/transparency rather than closed systems or private/proprietary information.
• Thus Google has a publicacy mission, culture, business model, and no serious of effective system of management and internal controls to protect people's privacy.    

1.  Publicacy Mission: Google's infamous publicacy mission is to "organize the world's information and make it universally accessible and useful." It is their mission to collect whatever information they can, where ever they can, whenever they can without regard to whether it is private or proprietary information. As Google's repeated privacy flaps prove, they believe it is more efficient to ask for forgiveness than for permission.   

Google's latest privacy-killing act of privacide is "Google's roving Street View spycam," which is not only taking pictures, but is also scanning to log WiFi network addresses and unique Media Access Control (Mac)addresses per Andrew Orlowski's excellent scoop at the Register.

Well informed reports (that Google will not deny), that hackers breached Google's most sensitive software code, the Gaia password system, surface titanic security flaws at Google.     

Why Google is too big not to fail. 

1.  "Bigtable" Storage design: How Google stores and accesses "all the world's information" in and from its data centers is: "'Bigtable:' a Distributed Storage System for Structured Data." It is Google's innovation to maximize scalability, speed and cost efficiency -- not security, privacy, or accountability. Simply, Bigtable is an "all eggs in one basket" approach to information storage and access.

For skeptics of Google's need for more transparency and accountability, consider the latest disturbing example of Google Chrome not asking tens of millions of Internet users for their permission to gain wide open access to their computers and content -- when it clearly should ask for permission -- like every other Internet browser provider does.    

Per ComputerWorld's article: "Google's Chrome now silently auto-updates Flash Player." 

• "Unlike other browsers, Chrome updates itself automatically in the background without asking for permission or prompting users that security fixes or new features are available." 
• "Google uses a unique approach, they don't ask users [for permission to update], they just do it" said Peter Betlem, Senior Director of Flash Player Engineering.  

What this means is that unlike all other browsers or Google competitors, Google does not believe it needs permission from users to gain wide open access to users' entire computer software and all its private contents.

Ever since Google announced it suffered a cyber-attack from China, Google's legendary PR machine has gone into overdrive, opportunistically framing the conflict as a good versus evil story, and positioning Google as the Internet's benign superpower defending free expresssion, and as a new kind of business that puts morality before money.   

• Google understands it is easy to politically demonize China, because China's pervasive censorship and trampling of fundamental freedoms and human rights offend all freedom-loving people.

However, those willing to look behind the curtain of Google's self-serving political rhetoric here, will discover that many of the attributes that offend so many people about China, Google shares to an unfortunate extent.

• Let's review four significant strategic similarities between Google and China -- brought to you in Google's own words.

First, Google's leadership, like China, has affirmatively chosen to not be democratically accountable.

Yale University has postponed its adoption of Gmail in part because of concerns that Google will/can not tell Yale where or in what country their private information/data will be stored -- per Yale Daily News.

• "Google stores every piece of data in three centers randomly chosen from the many it operates worldwide in order to guard the company’s ability to recover lost information — but that also makes the data subject to the vagaries of foreign laws and governments, [Yale computer science professor Michael] Fischer said. He added that Google was not willing to provide [Yale] ITS with a list of countries to which the University’s data could be sent, but only a list of about 15 countries to which the data would not be sent."

It appears that Google continues to organize information for the benefit of Google's own engineering efficiency, simplicity and convenience -- without regard to what is best or safest for its users.

• WHERE users private data is stored by Google has immense implications for users' privacy, security and whether or not their private data/communications are vulnerable to subpoena, with or without their knowledge.  

This is further evidence of Google's cavalier approach to privacy and security of users.

Today's New York Times front page story "Google's computing power betters translation tool" by Miguel Helft spotlights that Google arguably owns and operates "the world's largest computer." The article quotes a Google  engineering VP explaining that Google's unparalleled computing power enables Google to "take approaches others can't even dream of."

Combine the world's largest computer, with the best automated translation capability for most all of the world's top languages, with reports from the front page of the Washington Post that Google proactively sought help from America's top spy agency, the NSA, for its cyber-security vulnerabilities, and it is not surprising that foreigners would be growing increasingly wary of Google and the extraordinary potential power that Google holds over them. 

So what do foreigners increasingly see Google doing?

First, they increasingly see "The United States of Google," a term Jeff Jarvis coined in his book on Google. Shortly after Google publicly accused the Chinese Government of being behind or complicit in the cyber-attacks on Google:

It appears Google impetuously over-reacted to the big cyber-security breach of Google and a reported ~30 other companies. Google alone publicly blamed China and only Google publicly pledged to stop censoring search results in China in retaliation.    

What is the evidence that Google impetuously over-reacted here?

First, Forbes reported: "Researchers Call Google Hackers 'Amateurs' -- A new report says the attack on the search giants network was far less sophisticated than it has claimed." Specifically:

• "A great play is being made about how sophisticated these attacks were," says Damballa's vice president of research Gunter Ollman. "But tracing back the attacks shows that they were not sophisticated, and that the attackers behind them have a history of running multiple botnets with a variety of tools and techniques," many of which, he says, were far more rudimentary than Google or the cybersecurity industry has portrayed."

People incorrectly assume that because of Google's popularity, brand and reputation for innovation, that Google is  secure and cutting edge on cyber-security -- when in reality they are not.