Why Security is Google's Achilles Heel -- Part II; Google values security much less than others do

"It’s not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question" said Michael Arrington of TechCrunch in a post defending his publishing of secret Twitter corporate information that was stolen from Twitter by "Hacker Croll" via Google's password system. See New York Times story.

Only last week I wrote a post "Why Security is Google's Achille's Heel."

My overall security thesis is simple.

  • First, Internet security is becoming increasingly important and critical. 
    • I have been systematically documenting the "Open Internet's Growing Security Problem" in a thirteen part series since the start of the year. 
    • Moreover, President Obama affirmed the reality of the  growing Internet security problem in his Cybersecurity Address 5-29-09
      • "From now on, our digital infrastructure -- the networks and computers we depend on every day -- will be treated as they should be:  as a strategic national asset.  Protecting this infrastructure will be a national security priority."
  • Second, security is not, and has not been, a priority for Google.
    • My post last week, "Why Security is Google's Achilles Heel," examined Google's own public representation of its corporate philosophy and design principles to show that security/safety is not, and has not been, a priority for Google. As I said then, security is generally viewed by Google as a hinderance, or drag on, Google's over-riding goal of speed and efficiency.        

You be the judge if security is in fact becoming an Achilles Heel for Google.

  • We don't have to wait for more instances like the easy hacking of Google's password system cited above for evidence. 
  • Let's look at the public record of Google's behavior over a long period of time that has been documented by mainstream sources.

First, Google's well-known mission is "to organize the world's information and make it universally accessible and useful."

  • Think about it. Isn't "universally accessible" conceptually close to being the opposite goal of "secure?"
  • Moreover, just like it is common sense to not tell your secrets to a known gossip, it is also common sense that an entity -- whose stated mission is to find most everyone's information and make it universally accessible to most everyone else -- is the Internet equivalent of a gossip.
  • Do we believe a known gossip when they assure us their secrets are secure with them?
  • To be fair, Google has been forthright in saying that it is in the business of sharing information most widely and that it is against limitiations on access to information.
    • Conversely however, Google has been much less forthright when it has professed to place a high priority on security.  

Second, Google has long been a well known proponent of the view that "information wants to be free."

  • Is it not common sense that free stuff should be available for the taking?
  • Is it also not common sense that someone who thinks most information should be free would not put a priority on keeping information secure so others could not take it? 

Third, Google is also well-known for not keeping other's property secure when it is in Google's care.

  • Many trademark owners have sued Google for not keeping their trademarks secure or respecting their property rights. Rosetta Stone is only the most recent of many companies which have sued Google for trademark infringement for selling trademarks as keywords to the trademark owner's competitors.  
    • Google's consistent business and legal position has been that all keywords are free to sell to others regardless of whether or not they are trademarked. 
  • Google has taken the same generously self-serving business and legal position towards copyrighted property.
    • Viacom has sued Google-YouTube for $1b for mass copyright infringement of TV/video programming. 
    • The MPAA has sued Google for aiding and abetting movie piracy.
    • Authors and publishers have sued Google for copyright infringement; this issue is now pending before the court in the book settlement.
    • AP seeks payment for Google News use and advertising off AP's content.  
    • Agence Press also separately sued Google for copyright infringement. 
  • Google has also taken that generously self-serving business and legal position when it comes to the security of people's privacy. 
    • Google's StreetView application has caused a widely reported uproar, literally all around the world, because people wanted their privacy to be more secure than Google wanted it to be.  

In closing, it is in this less-than-secure context that Google wants to lead the world in the transformational shift toward "cloud computing," where much of the information that is currently secure in your own possession would be moved from your possession to Google's possession for "safe-keeping." 

Why security is Google's Achilles heel, is that Google seeks to take possession of most everyone's information and store it in Google's data centers, at the same time that Google places a vastly lower priority on keeping that information/content secure than do many of the original owners of that information/content. 

  • Simply, there is a growing disconnect between people's expectation of security from Google and Google's priority to fulfill that expectation of security.