Posts Tagged ‘Google’

h1

Where in the world is China?

April 7, 2012

The World According to Mike

OK, it is a poor take-off on the Where in the world is Waldo books!  I accept that, but I really did not know how else to phrase it.  I was looking at the nice world map WordPress provides of the countries that visit a site.  Readers from most every country have visited my blog with one big exception – China!!

Does anyone know someone in China that can resolve this glaring blank spot on my world map?  Yes, I see much of Africa is blank too but the reason there is something different all together, Let’s resolve China first, then work on the other missing countries.    Am I “black-listed” or something?  It’s not that I have anything earth shattering to share with our Chinese brethren, no it is more I worry if they can’t even find little ol’ me, everything else are they missing out on.  Is the the effect of companies like Google knuckling under to governmental pressure?  Well, at least it is something for me to look into, I will get back to you on that.  Until then keep your head up China, you are not forgotten.

h1

Inviting the Criminals In

April 20, 2010

In the dark of the night, the robbers approach the bank with faces concealed and little evidence of how they arrived.  Surprisingly, the men find the bank door opened and the alarms off.  They soon make their way to the ultimate prize – the vault.  Not surprisingly, they find the vault locked and the bandits can make no further progress.  At first, they seemed thwarted but this was the first of many attempts.

Night after night, the bandits return to the bank and find it open with only the vault impeding their progress.  At first, they try to cut their way in, it proves impossible.  Next, they try to tunnel under; again, they are turned back.  Then it happened, a simple stroke of genius came to mind.  They only needed to trick an employee with the combination and the contents of the vault would be theirs.  After all, human nature is much easier to manipulate than a vault door.  Needless to say, after returning through the open bank door, the vault proved no problem with its combination in hand and the bandits made off with its treasures.

Now, no bank leaves its doors open and its alarms off.  Even with the imposing vault, banks deny would-be robbers access to it.  They understand that with access, eventually a criminal will overcome whatever security they find on the inside.  In other words, banks rely on physical separation to further protect themselves from theft.  It is prudent for them to do so.

This is the lesson internet companies must learn.  As obvious as it may seem to the average person, for legitimate business concerns many internet-based companies leave the doors open and alarms off allowing hackers access to their version of a bank vault – a hard drive with sensitive information stored on it.  This is exactly what Google did when their most critical systems were hacked earlier this year in China.  In his April 19, 2010 article[1] in the New York Times, John Markoff describes the attack in detail.  In the end, hackers gained access with trickery after they were past the front door.

As Google is one of the more advanced companies in the world, when it comes to internet technology, it must be assumed that less savvy companies are even more vulnerable to such attacks.  Companies that collect large amounts of data have an absolute responsibility to safeguard it.  It is not enough to simply provide a quasi-vault door in the form of passwords.  Access must also be limited.  Had such a policy been in place at Google, this attack may have never happened.  As it stands now, security is limited in a desire to provide easy access for uses across the globe.  When is comes to safeguarding personal data and sensitive company information, perhaps a better course is less convenience.  For example, if someone wants to download the company’s user database, maybe the request needs to be in writing and approved rather than just happening.  Yes, it will slow things down but that is the one thing criminals do not want, for you to have time to think.

According to the Bureau of Justice Statistics (BJS)[2], over half of the business that participated in one of their surveys reported at least one cybercrime.  While the intent of most cybercrime is not obvious at the time, the results of such crimes cost business and people real money.  Here is a recap from BJS’s website with the 2005 results:

Among 7,818 businesses surveyed:

  • 67% detected at least one cybercrime.
  • Nearly 60% detected one or more types of cyber attack.
  • 11% detected cyber theft.
  • 24% detected other computer security incidents.
  • Most businesses did not report cyber attacks to law enforcement authorities.
  • The majority of victimized businesses (86%) detected multiple incidents, with half of these (43%) detecting 10 or more incidents during the year.
  • Approximately 68% of the victims of cyber theft sustained monetary loss of $10,000 or more .  By comparison, 34% of the businesses detecting cyber attacks and 31% of businesses detecting other computer security incidents lost more than $10,000.
  • System downtime lasted between 1 and 24 hours for half of the businesses and more than 24 hours for a third of businesses detecting cyber attacks or other computer security incidents.

The debate over the necessity for data security is past us.  Rather than try to just stay ahead of clever thieves through programming, the tried and true solution of limiting access must be incorporated into the security plans for businesses.  In addition to locking the vault, we must also lock the front door and prevent access in the first place.


[1] Markoff, John. “Cyberattack on Google Said to Hit Password System.” New York Times. 19 Apr. 2010. Web. 20 Apr. 2010. <http://www.nytimes.com/2010/04/20/technology/20google.html?src=busln&gt;

[2] “Cybercrime.” Bureau of Justice Statistics (BJS). Web. 20 Apr. 2010. <http://bjs.ojp.usdoj.gov/index.cfm?ty=tp&tid=41&gt;

h1

You’ve Got Mail; I’ve Already Read It… It’s not Important.

March 9, 2010

We all have the expectation that when we spend our 44 cents and mail a letter, the contents are a private matter between us and the person to whom we address the letter.  We take the right so seriously that it is a federal crime to open or even interfere with another person’s mail.  How would you feel about the post office opening your letters, making a copy and archiving it, analyzing the contents, and only then sending your letter on its way?  We would have our pitchforks in hand ready to make a pincushion out of the official responsible.

Technology is a wonderful thing but simply having the ability to do something does not make it a good idea.  Yet, Google’s Gmail service does exactly what’s described above.  Are they violating federal law?  No, they’ve covered themselves with a EULA.  EULA stands for End User Licensing Agreement, it is the page filled with all sorts of legal double talk you must agree to while installing software like Gmail.  To read one of the many pages of Google’s EULA, click here.  When you agree to use Gmail, you grant Google permission to use the contents of your email for their own purposes.  They analyze your email’s content and prompt you on things like referencing an attachment but not having one.  In that case, when you try to send it, a warning pops up informing you that nothing is attached.  That seems reasonable enough, but that same analysis targets advertizing to you as well.  Think of it as personalized junk mail.

This is where things get a bit gray with the EULA.  It does give Google the legal right, but it is buried in a document hardly anyone reads, as they are commonplace.  A fact Google is counting on, to say the least.  Moreover, it is far down the document and hidden among standard items that protect Google from lawsuits.  Google, being a free service, is entitled to seek profit where they can and this is the path they picked to do that.  The only problem with Google is the stealth with which they undertake the process.  It would be nice if Google stated its intentions in an open fashion so users understand exactly what they give up to receive “free” email service.

We always have the option to subscribe to a service that does not analyze email, but how do we know what any Internet Service Provider (ISP) does with our email?  We expect the same level of privacy with an electronic letter that a printed one enjoys.  Currently, that privacy simply does not exist. Say you send an email to your Aunt that lives in another country, you have a copy of the email you created, your ISP keep a copy, any server that the email is transferred through has one, the routing server that sends it overseas has a copy, your aunt’s ISP keeps one, and of course your aunt does too.  Any one of these copies may be read and copied and distributed without your knowledge.

ISPs claim the need to make copies for “backup” purposes, in case of a problem.  Sometimes they are required by law to keep copies for a period of time.  While complying with the law is hard to argue, the backup claim is tenuous at best as local copies exist.  The real problem comes with the length of time emails are archived in various backups around the world; there is no limit.

When you use the US Postal Service to mail a letter, no copy is made unless a judge grants law enforcement the right to intercept the letter.  It seems the same logic needs to apply to email and any agent that delivers mail in any form.  In the case of Google, if you grant permission, that is another matter.  Still, Google should live up to its unofficial motto, “Don’t be evil,” by pointing out their business practices.

For now, understand your emails do not enjoy the same privacy protection as a traditionally mailed letter.  Our rights have not caught up to the digital revolution.  Everyone my age remembers the Watergate break-in back in 1972 that lead to President Nixon’s resignation.  Another aspect that is forgotten, he used the National Security Agency to spy on American citizens without a warrant of any kind and for purely political reasons.  Rather than learn proper oversight from that event, with the Patriot Act we allow the FBI to use something called a National Security Letter to seek information, like emails, without a warrant as long as it involves matters of a time-sensitive nature, as a looming terrorist attack, where going through a court is not practical.  The Department of Justice has documented over 1,000 cases of abuse of this system(Various Sources: Washington Post; CNN; New York Times).  We don’t know for what purpose the FBI abuses occurred, but it is obvious that allowing them the ability means they will use it.

Again, email does not enjoy the same protection as a mailed letter.  We only have the rights we can protect; for now, we cannot protect email from interception and being read.  In other words, no email is private, no matter what someone may tell you.  Keep that in mind next time you compose an email and press the send button!

%d bloggers like this: