Online Safety

"Security is part of Google's DNA" is Google's slogan to soothe security concerns about its services much like "competition is one click away" is Google's antitrust slogan to soothe antitrust concerns about its dominance. 

While Google claims security is metaphorically in the "DNA" or "genetic code" of their many cloud applications, "DNA" is also Google code for "Do Not Ask."

"Do Not Ask" is Google's unspoken MO -- method of operation.  

"It’s not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question" said Michael Arrington of TechCrunch in a post defending his publishing of secret Twitter corporate information that was stolen from Twitter by "Hacker Croll" via Google's password system. See New York Times story.

Only last week I wrote a post "Why Security is Google's Achille's Heel."

My overall security thesis is simple.

Google's launch of a new PC operating system on the heels of its announcement ending the "beta" phase for its popular gmail, Calendar, Docs and Talk applications, is happening in the midst of a new era where cyber-security has been made a new national priority and internet security breaches are increasingly serious and commonplace.

• All this naturally puts a spotlight on Google's approach to security, because Google is becoming increasingly central to so many people's Internet experience.

An examination of Google's own public representation of its corporate philosophy and design principles shows security/safety is simply not a priority for Google. In many respects, security is viewed as a hinderance to, or a drag on, Google's over-riding goal of speed-efficiency.

In Google's philosophy statement, "Ten things Google has found to be true" there is no mention of the importance of security/safety to Google or Google's users.

#3 point on the philosophy list says: "Fast is better than slow:"

Increasingly the "underground currency" of the Internet is private data.

• Private information is valuable to many Internet businesses, because in the absence of a system where consumers can assert ownership of and control over their privacy, privacy can be taken from them for free and profited from with little to no obligation to, or compensation due, to the affected user/consumer.  
• In effect, the increasing practice of commercializing privacy by publicacy businesses increasingly creates new risks for consumers in return for little to no protection or reward.

Why are private data a de facto "underground currency" on the Internet? Well, most consumers are unaware that they are not in control of their private information. For example, a Consumer Reports 9-25-08 consumer survey found:

• "61% are confident that what they do online is private and not shared without their permission;
• 57% incorrectly believe that companies must identify themselves and indicate why they are collecting data and whether they intend to share it with other organizations;
• 48% incorrectly believe their consent is required for companies to use the personal information they collect from online activities..."   

The current technology-driven, "Swiss cheese" privacy framework may be the worst of all possible worlds. 

The President's Cybersecurity announcement 5-29 was a game changer for the Internet. For the first time the U.S. Government officially declared the lack of cybersecurity as the Internet's biggest problem.

• It is interesting to note there was instant disagreement with the President's assessment from some in the Web 2.0 world. Speakers at the Computers, Freedom, and Privacy conference in Washington this week said (per Washington Internet Daily) that:
  • "Cybersecurity threats in general are wildly overstated or portrayed as malevolent acts when some of the best known incidents have come through accidents or simple security holes."
• I have been writing this now twelve-part series: "The open Internet's growing security problem" since the beginning of the year, precisely because many continue to deny the growing mountain of evidence from mainstream sources that the Internet security problem is getting worse not better. 
• Fortunately, President Obama gets it.

Here is the latest mainstream evidence of the open Internet's growing security problem.

"Mysterious virus strikes FBI" ZDNet

President Obama's new approach to cybersecurity likely is more of an Internet game-changer than many appreciate. Initial reporting and commentary has been superficial and has not connected dots or analyzed the broader logical implications of this new policy emphasis and trajectory.   

Why is it a game-changer for the Internet?

• First, it formalizes a new leading priority for the Internet.
• Second, it formalizes the lack of cybersecurity as the Internet's leading problem.
• Third, it practically redefines what "open Internet" means.
• Fourth, it practically takes any extreme form of net neutrality off the table. 

Moreover, the new cybersecurity focus will likely have a practical effect on the trajectory of Internet 3.0, which embodies:

• Cloud computing (where security has not been a primary priority by many);
• The Mobile web (where security has always been a very high priority); and
• The Internet of Things (where security will be imperative to prevent theft, intrusion, and sabotage).

I.   Cybersecurity -- New #1 Internet Priority

President Obama said:

New evidence continues to spotlight the Open Internet's growing security problem. 

"Network Based Security Is In Our Future" is an outstanding must-read analysis by Tom Tovar, CEO of Nominum.

Please read his full piece, its brief. Let me highlight some excellent points he made:

"All our information is being sucked into the cloud. Privacy is over." That was the bold declaration of Attorney Steve Masur at DCIA's P2P Media Summit per Washington Internet Daily.

• Wow. As stark an assessment that that is, what really disturbs me is the thought process and tech ethic that underlies this view.
• Mr. Masur is not alone, he is part of a growing publicacy mentality/movement that looks at privacy as:
  • A neandrethal expectation in the Internet Age,
  • Buzz-kill for Internet innovators, and
  • Road-kill for the cloud-computing bus speeding down the information super-highway.

My pushback here is the blind worship of technology or tech-determinism.

• I define tech-determinism to be:
  • if technology or innovation can do it, it must be good; and
  • if something stands in the way of technology and innovation, like privacy, it is in the way and should be terminated. 

Did it ever occur to the tech determinists that if there is no privacy in the cloud, many won't go there?

• Most users appreciate that technology should work for them, they don't work for technology.

Privacy isn't over. 

New evidence continues to spotlight the Open Internet's growing security problem. 

• The growing catalogue of evidence from mainstream sources is getting harder and harder to ignore. See previous parts of the series:  I, II, III, IV, V, VI, VII & VIII.

"Internet security threat report finds malicious activity continues to grow at a record pace -- Web based attacks evolve as hackers target end-user information; Underground economy continues to thrive." Symantec