Count me as totally perplexed how the supposedly-security-minded U.S. State Department could decide to adopt security-challenged Google's Chrome browser for worldwide use by the State Department. What are they thinking?
Chrome is a consumer-grade, ad-supported, tracking-driven browser. By design Chrome has an advertising default omni-tracking capability inappropriate for Federal Government secret classified work. For the first time only last week, Google begrudgingly committed to offering a voluntary do-not-track capability for Chrome by the end of 2012 as part of the White House brokered Online Privacy Bill of Rights. However, will Google respect the State Department's right to secrecy? That's a very fair question given that…
Google alone publicly indexed all of Wikileaks' stolen State Department secret cables. Just a year ago, Google CEO Eric Schmidt told the DLD media conference in Munich: "Has Google looked at the appropriateness of indexing WikiLeaks? The answer is yes, and we decided to continue because it's legal."... Reuters reported: "Schmidt said Google had considered stopping indexing confidential cables released by WikiLeaks, but had decided to carry on. Some other U.S. organizations have bowed to government pressure to stop cooperating with the controversial site."
- Given that the Federal Government is prosecuting the alleged original leaker Army Private Bradley Manning to the full extent of the law, and also reportedly seeks to criminally indict Julian Assange for his willful and reckless public dissemination of the secret cables, what does the State Department think about using the intimate browser of a company that just last year at the highest levels, decided to risk our Nation's national security by willfully disseminating literally hundreds of thousands of secret State Department cables to the widest possible audience of our Nations enemies via Google's search index?
Security is Google's Achilles Heel. Some have suggested that Chrome is a safe browser because it survived a big money hacking contest. With Google+ integrating ~60 Google services to synch together seamlessly, Google's security is now only as strong as its weakest link.
- Just two years ago, Chinese hackers broke into Google and stole their entire password system called Gaia, per the New York Times, and given Google's all-eggs-in-one basket design (called BigTable), the pervasive invasiveness of this security breach must have been most serious.
- Moreover, Chinese hackers can't be expected to enter a public hacking contest for Chrome for money, because the prize of clandestinely stealing Government secrets, like the State Department's, is incalculably more valuable than money.
Google has twice misrepresented its security capabilities to Governments. First, in a filing with a Federal Court, the DOJ said: "On December 16, 2010, counsel for the Government learned that, notwithstanding Google's representations to the public at large, its counsel, the GAO and this court... Google does not have FISMA certification for Google Apps for Government." Second, over a year after contractually promising that Google could ensure the privacy and confidentiality of LAPD communications with other law enforcement and confidential sources, Google admitted last fall that it could not provide the contractually required level of privacy/security.
In sum, as a former State Department employee and former Deputy Assistant Secretary of State during the George H.W. Bush Administration, I care deeply about the security and privacy of the State Department's communications and activities offline and online. I can appreciate how sensitive the State Department's information and activities are and how much incalculable damage the Wikileaks' breach must have done.
I hope and trust for the State Department's, and the Nation's, sake that the appropriate people responsible for preventing security breaches have fully-vetted this decision and are doing more than just trusting Google, but verifying if that trust is fully-warranted in this case.
***
See other related Precursor LLC research:
