How law enforcement may have helped Google get hacked
January 14, 2010
2 comments
Julian Sanchez points out that the Chinese hackers who broke into Google were able to do so using a system that Google created to help law enforcement execute warrants. Once they compromised that system, they were able to get the keys to the kingdom, so to speak. One could argue that Google should have taken more stringent precautions to secure such a system, but that ignores the fundamental point that once you build a backdoor of any sort into a system, there is a backdoor in your system. You can secure it with a team of jet pack-wearing, flying monkeys trained in the ninja arts who will fanatically murder anyone who attempts to access it, but if someone manages to find a way to access it, your security is potentially deeply, deeply compromised.
Sanchez points out that things like this call into question the popular dichotomy between security and privacy, but I'll take that a step further. Every backdoor or security compromise made to help the authorities is one step closer to a loss of security. Privacy and security are often inextricably tied, and facilitating the loss of one leads to the loss of the other. If we were still stuck using 48-bit encryption in order to sooth government concerns, breaking into SSL-protected traffic would be so easy that Nigerian scammers using 10 year old computers could efficiently do it. One of my repeated concerns about data retention mandates has been that they will invariably lead to a gold mine of information that is attractive to criminals.
On the specific issue of Google getting hacked by what increasingly appears to be Chinese government agents, I think a justified response would be for Google to retaliate by breaking into China's military infrastructure, stealing their secrets, passing them through Google Translate and indexing them in every language they serve...
Sanchez points out that things like this call into question the popular dichotomy between security and privacy, but I'll take that a step further. Every backdoor or security compromise made to help the authorities is one step closer to a loss of security. Privacy and security are often inextricably tied, and facilitating the loss of one leads to the loss of the other. If we were still stuck using 48-bit encryption in order to sooth government concerns, breaking into SSL-protected traffic would be so easy that Nigerian scammers using 10 year old computers could efficiently do it. One of my repeated concerns about data retention mandates has been that they will invariably lead to a gold mine of information that is attractive to criminals.
On the specific issue of Google getting hacked by what increasingly appears to be Chinese government agents, I think a justified response would be for Google to retaliate by breaking into China's military infrastructure, stealing their secrets, passing them through Google Translate and indexing them in every language they serve...
I love Google, use them and count on them. But all of this revealed from the company that is recently heard speaking about the "end of anonymity"? This is just proof again that we should be worried about a world in which anonymity is impossible. Google would like to think the world will be a better place when we have more "accountability" (and it sure soothes the conscience, I'm sure) but who decides what needs to be accounted for? What if the wrong people are in charge of deciding what those things are? I guess "do no evil" is fine and dandy when you're the only ones left defining what EVIL IS(Google it in 5 years and let me know). And as Google keeps purchasing the friggen universe, they very well could end up being that one. If they aren't already, at least literally.
I mean, can I possibly be a Google whistle-blower if Google hosts all of my assets? What if something happens to the wondertwins and the new people in charge decide a little evil is worth the payoff in the end? Google has to prove it can be trusted and it's going to take more than slapping China's wrists with a ruler to do it. And we must all do our part to make sure the government we'd LIKE to trust doesn't force Google's hand.
The problem with the 'end of anonymity' is that assumes that if you don't do bad things you don't mind being observed. As Cory Doctorow (and others) have pointed out, everybody takes a dump, but that doesn't mean you want to have to do it in the middle of Times Square. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated..." What's the problem. Seems pretty explicit to me.