You are here

Internet Security

Google's "Immaculate Collaboration" with NSA? Part XIX of Privacy-Publicacy Series

Ellen Nakashima may have a career-making scoop with her front page Washington Post investigative reporting piece: "Google to enlist NSA to help ward off cyberattacks."  

  • As Publisher of the Google watchdog site, www.GoogleMonitor.com, I can't say I am surprised about a Google-NSA connection, especially given that over the last year my PrecursorBlog has posted: 
  1. An 18-part "Privacy vs. Publicacy" series;
  2. A 6-part "Security is Google's Achilles Heel" series; and 
  3. A 16-part "The Open Internet's Growing Security Problem" series

Ms. Nakeshima's revelation that Google sought out NSA's help shortly after it suffered massive cyber-attacks, apparently from China, opens a Pandorra's Box of privacy issues given that Google's aggressive "publicacy" (anti-privacy) business model, policies and practices have shown little respect for people's privacy in practice over the last decade.

"If Google can drop China, it can drop you"

My vote for quote of the month on Google was "If Google can drop China, it can drop you."

This profound razor-sharp insight was said by Howard Shelanski, speaking for himself, not the Federal Trade Commission, at the Free State Foundation's annual conference at the National Press Club in Washington DC on Friday. 

Mr. Shelanski is currently Deputy Director of the Bureau of Economics at the FTC, a former Chief economist at the FCC, and a widely respected economist and antitrust expert. 

I am spotlighting his quote because it sheds light on the broader implications of the world censorship policeman role Google is asserting for itself in the world. 

If Google is going to take the position that it unilaterally will withdraw access to its search engine from hundreds of millions of Chinese, if the Chinese Government does not do what Google tells it to do, it puts everyone else in the world on notice that Google has the power, interest and wherewithal to withdraw access to its search engine to anyone who might disagree with Google politically.      

 

 

 

 

Google-China: Implications for Cyber-security -- Part VI "Security is Google's Achilles Heel" Series

The theft of Google's source code is the under-appreciated and under-reported new development in Google's big announcement of Google's "new approach to China" and its apparent decision to withdraw its business from China if China continues to insist that Google censor search results for in-country Chinese.  

  • Google: "In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google." [Bold emphasis added]

Google Apps' Security Chief is a Magician/mentalist; Why Security is Google's Achilles Heel Part V

Only Google would think it was a good idea to have a Director of Security for Google Apps, Eran Feigenbaum, who is also a professional magician/mentalistA ValleyWag post first spotlighted this frightening irony/bad joke. 

Let's review what a magician and mentalist does:

  • Per Dictionary.com:
    • A "magician" is: "an entertainer who is skilled in producing illusion by sleight of hand, deceptive devices." 
    • A "mentalist" is: "a mind reader, psychic, or fortuneteller." 

Security is very serious business. Given that Google arguably has collected and stored more recent private information... on more people without their meaningful permission... than any entity in the world... one would think that Google would treat security as very serious business too.    

People want real security, not the illusion of security. Security is deadly serious; its not for show.

What is most disturbing about Google's judgment here is that this is not an isolated issue undermining confidence in Google's committment to security; see the other parts of the series on "Why Security is Google's Achilles Heel," to learn how this is part of a broader disturbing pattern of Google not taking security seriously.  

Goobris Alert: "We want to be Santa Claus"

I kid you not. Google's latest antitrust defense, from the mouth of Dana Wagner, Google's lead antitrust lawyer, is: "We want to be Santa Claus. We want to make lots of toys that people like playing with. But if you don't want to play with our toys, you've got us."

  • See the quote for yourself at the very end of a Globe and Mail article entitled: "Google: we're not evil and we're not a monopoly either."
    • Google's Mr. Wagner continues: “In a West Coast company run by engineers, I don't think there was much attention paid to being in Ottawa, being in D.C. and telling your story,” Mr. Wagner says. “If you don't tell your story, other people do it for you.

Let me attempt to unpack the irony of this new story/metaphor of which Google has taken ownership. 

Most companies when they tell their corporate "story" try to "put their best foot forward," but no one but Google would think to try and slip jolly megalomaniacal corpulence down the narrow chimney of public credibility.  

Only Google would have so little real-world self-awareness as to choose to wrap itself in the beloved mythical role of Santa Claus who has the unique power to decide who has been good or "evil" during the last year, and the unique power to reward those who have been "good" in Google's eyes with toys and punish those who have been "evil" with coal in their stocking. 

Only Google would think it was good PR to allude to Google's secret search algorithms and auction "quality scores" as a worldwide "naughty and nice" list.

Kudos to an Insightful Post on Innovation/Internet's Evolution

Kudos to Link Hoewing's insightful post on "The Internet's Evolution and Network Management" on Verizon's Policy Blog.  

  • Its an important analysis and perspective for anyone wanting to understand how FCC regulation of the Internet and network management could negatively and seriously harm innovation and the Internet's natural evolution.

Will National Broadband Plan Address Cybersecurity? Part XVI : Open Internet's Growing Security Problem

The lead WSJ story today, "Arrest in Epic Cyber Swindle" covering the cybercrime ring theft of over 130 million credit/debit cards, is a stark high-profile reminder of the very real and pervasive Internet problem of lack of cybersecurity. 

  • In the face of overwhelming mainstream evidence that lack of cybersecurity is the Internet's #1 problem (see links below), including President Obama's declaration that cybersecurity must be a new national security priority in his 5-29 cybersecurity address, it is perplexing that none of the FCC's National Broadband Plan workshops are on cybersecurity. 
  • It is hard to see how the Open Internet's growing security problem can be addressed and mitigated over time, if the U.S. Government's main big picture policy effort addressing the broadband Internet, the National Broadband Plan, does not even collect input from the public or experts on the Internet's #1 problem -- lack of cybersecurity.
  • The first step in solving a big problem is acknowledging there is one. 

      

Why Security is Google's Achilles Heel -- Part IV

It is interesting that since I started this series spotlighting that security is and has been, for all practical and official purposes, a low corporate priority for Google, a Googler now publicly claims: "for Google, there is no higher priority than the safety and security of our users."

  • This new public claim was made as part of a press release announcing that Google has joined the board of the National Cyber Security Alliance
  • While I commend Google for joining the National Cyber Security Alliance, it is telling that none of the relevant official Google corporate links, indicate that security is a high priority for Google: check "Our Philosophy -- Ten Things," "Design Principles," or even "Google's Security Philosophy." 
  • We will know when Google makes security a high priority when they actually walk the talk and when their official representation of their corporate priorities (in the main corporate links above) reflect that security has truly become a new higher priority for Google. 

This new claim and development presents a useful opportunity to evaluate Google's stated security philosophy.   

Does new Government cookie policy favor publicacy over privacy? Part XIII -- Privacy-Publicacy Series

The U.S. Government is relatively quietly proposing a major change in its online privacy policy from a Government ban on Government using "cookies" to track citizens' use of U.S. Government websites to allowing the Government to track some citizen online behavior with some restrictions.

This policy shift is a quintessential example of the shift away from a default expectation of online privacy, to the default "publicacy" approach increasingly taken by many web 2.0 entities.

  • ("Publicacy" is the opposite of privacy. "Publicacy" also describes the Web 2.0 movement that seeks to have transparency largely supplant privacy online.) 

I have written about the growing tension between privacy and publicacy thirteen times this year, because I believe it is one of the biggest changes that is occurring online that average users are not aware of, but should be. 

The Open Internet's Growing Security Problem -- Part XV

Evidence of the Open Internet's growing security problem only continues to mount. There also appears to be a growing and troubling disconnect between the seriousness of the actual problem and the seriousness of attention paid to the growing Internet security problem.  

  • For example, despite President Obama making cybersecurity a national security priority in his cybersecurity address 5-29-09, none of the FCC's 18 currently planned public workshops designed to help develop a National Broadband Plan are on cybersecurity.   

"Twitter, Facebook Sites Disrupted by Web AttackWSJ

  • "Multiple Internet sites, including popular hangouts Twitter and Facebook, were temporarily disrupted Thursday after they were struck by apparently coordinated computer attacks..."
  • "The companies traced the problem to what the computer industry calls "denial-of-service" attacks, which are designed to make sites inaccessible by overwhelming them with a flood of traffic. Though such attacks are fairly routine, simultaneous action against multiple consumer Internet companies is rare."

"Most users clueless about cybersecurity, FBI says" PC World

Pages

Q&A One Pager Debunking Net Neutrality Myths