Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Google Privacy United States Your Rights Online

DOJ Vs. Google: How Google Fights On Behalf of Its Users 78

Lauren Weinstein writes: While some companies have long had a "nod and wink" relationship with law enforcement and other parts of government -- willingly turning over user data at mere requests without even attempting to require warrants or subpoenas, it's widely known that Google has long pushed back -- sometimes though multiple layers of courts and legal processes -- against data requests from government that are not accompanied by valid court orders or that Google views as being overly broad, intrusive, or otherwise inappropriate. Over the last few days the public has gained an unusually detailed insight into how hard Google will fight to protect its users against government overreaching, even when this involves only a single user's data. One case reaches back to the beginning of 2011, when the U.S. Department of Justice tried to force Google to turn over more than a year's worth of metadata for a user affiliated with WikiLeaks. While these demands did not include the content of emails, they did include records of this party's email correspondents, and IP addresses he had used to login to his Gmail account. Notably, DOJ didn't even seek a search warrant. They wanted Google to turn over the data based on the lesser "reasonable grounds" standard rather than the "probable cause" standard of a search warrant itself. And most ominously, DOJ wanted a gag order to prevent Google from informing this party that any of this was going on, which would make it impossible for him to muster any kind of legal defense.
This discussion has been archived. No new comments can be posted.

DOJ Vs. Google: How Google Fights On Behalf of Its Users

Comments Filter:
  • by SpaghettiPattern ( 609814 ) on Tuesday June 23, 2015 @04:46AM (#49968323)
    IMHO Google remains less suspect than other corporations, when it comes to defending privacy. I would never trust MS or Apple with my data. Not that they would gladly hand over data. But the corners they cut in order to achieve their own goals and the negligible contributions to OSS show that they're only in it for the money. I know, purely subjective but we as commoners will only be able to judge through indirect perception. Much like you can judge by lack of code quality that software is unlikely to be well developed.
    • by AmiMoJo ( 196126 ) on Tuesday June 23, 2015 @05:15AM (#49968431) Homepage Journal

      To be fair, Apple's contributions to open source have been significant. Also in the interests of fairness, their locked down walled garden approach is one of the worst and most open-source hostile.

      As TFA points out, a lot of this comes from confusion of the leaked NSA slide showing that Apple, MS, Google and others had been infiltrated. Doubtless they do have some illegal hooks into those companies, but actually the slide was saying that they were monitoring traffic between data centres belonging to their victims. Google was one of the quickest to respond to this by encrypting traffic between data centres and ensuring that there were no effective MITM attacks.

      That alone we should be eternally thankful to Snowden for. That encryption vastly cut down the amount of data that the NSA was able to steal from Google users. Unfortunately MS and Apple have not been nearly as transparent about how their networks were monitored and what they did to fix the problem, so props to Google.

      • > Google was one of the quickest to respond to this by encrypting traffic between data centres and ensuring that there were no effective MITM attacks.

        Those are two distinct statements: one does not automatically mean the other. The cost and difficulty of man-in-the-middle attacks rises considerably with ubiquitous encryption, it's true. But one of the vulnerabilities I've pointed out recently to proxy maintainers is that it's become quite commonplace to host SSL based traffic on an external router or loa

        • by swillden ( 191260 ) <shawn-ds@willden.org> on Tuesday June 23, 2015 @09:05AM (#49969649) Journal

          But one of the vulnerabilities I've pointed out recently to proxy maintainers is that it's become quite commonplace to host SSL based traffic on an external router or load balancer, and carry it entirely unencrypted between that load balancer and the local server. It often eases maintenance of SSL keys and allows far less expensive, small servers to handle the actual traffic and allows the cost of robust SSL services to be shared more effectively.

          Google's encryption is end-to-end. It's also not SSL-based, but instead much simpler and more robust (and more efficient), though there's nothing proprietary or custom about the encryption ciphers or protocols used (Google employs lots of cryptographers who would quickly stomp on any questionable designs). I work for Google and used to do stuff related to internal network encryption though I worked on a different aspect of it, focused on securing payments data (credit card numbers, etc.).

          I think it would be awesome if Google were to publish the details of its security infrastructure, which is dramatically better than anything I saw in my 15 years as a security consultant, but AFAIK that hasn't been done so I have to keep my comments vague and high-level.

          I'll also point out, since I know it has been mentioned publicly, that Google didn't actually start doing all of the link encryption in response to Snowden's revelations. It was a project that was already well under way. Snowden's information did cause the project to be accelerated, though.

          From what I saw, the main effect was that the tolerance for exceptions to the encryption requirement dropped basically to zero. In an enormous and complex infrastructure like Google's there are always dozens of corner cases where anything you'd like to do is really hard for one reason or another, and so big infrastructure changes tend to take years to fully deploy, to avoid requiring project teams to drop all their productive work in order to avoid breakage from the change. Snowden's data changed the encryption mandate from "You need to get this done as soon as you can" to "Encryption will be on 100% by date X, no exceptions. If you can't see how to make it work, come talk to us and we'll help." (X was single-digit weeks away).

          I know one team who had to deploy a spit-and-baling-wire construction to enable their protocol to be encrypted, and then had to fight with serious performance degradation until they got a well-designed and tested replacement in place. They begged for permission to turn off encryption for a while so they could focus on building the solid replacement rather than spending their time fighting production fires caused by the interim solution... and they were denied. This was for an important production service related to financial systems, too, which gives you a good idea of how serious Google was about the encryption mandate.

          Thank you, Edward Snowden!

          (I want to be sure no one thinks that last line is sarcastic. It's not. At all. I think Edward Snowden is one of the great American heroes, and I think that history will eventually give him his considerable due. I don't know anyone on the team I mentioned who would disagree, either, even though it caused them some weeks of long hours and stress.)

          • I believe that if the majority of Americans who are fed up with the lawlessness by this (and previous) administrations are able to somehow "right the ship of state" in the near future, Edward Snowdon will claim a place in history like this nations heros during the revolutionary war, for example, Paul Revere.. Considering Mr Snowdon did a similar service to the nation as Paul Revere...

            • by ahodgson ( 74077 )

              If history is any guide, righting the ship of state is incredibly unlikely. Dictatorship and some form of imperial rule are far more likely outcomes.

            • by KGIII ( 973947 )

              It is a little late in the conversation to add this but maybe we should start a write-in candidacy for Snowden for president? I am not sure that he is old enough. Perhaps a senate seat and we can assume he is still a citizen of Hawaii.

          • Just to concur, I also work at Google and the security is pretty incredible. They baked it into the RPC system (predating but similar to the publicly-available gRPC) so you don't even have to think about it - it just happens automatically and still doesn't get in the way (which is a remarkable achievement). I work pretty closely with one of the teams responsible for most of the user traffic, and they did some pretty heroic stuff to secure their part (which was some huge percentage of "all of it") in like a

            • by arcade ( 16638 )

              Let me pile on as another Googler.

              The feeling of outrage within the organization was palpable.

              The feeling of betrayal, fury and pure anger towards the NSA.

      • Apple responded by doing a full audit of code checked in around the time that the NSA claims they successfully infiltrated Apple. The most publicized outcome of the audit was the fixing of the notorious "goto fail" bug that looked innocent but would have allowed an attacker with knowledge of its presence to listen in on communication between two parties.

    • IMHO Google remains less suspect than other corporations, when it comes to defending privacy. I would never trust MS or Apple with my data.

      And in my own not so humble opinion it's exactly the opposite.

      You say that Apple is in it for the money - guess what Google is after? The difference is that Apple produces and sells hardware. Apple's customers are the people buying the hardware. And Apple keeps its customers happy by doing what's good for them, and not what's good for the government.

      Google, on the other hand, makes most of its money from advertisements. How you can think that Google wants to defend your privacy, when their biggest sou

      • by moronoxyd ( 1000371 ) on Tuesday June 23, 2015 @06:10AM (#49968599)

        Apple does not only sell hardware but also digital goods and ads. And to target said goods and ads they need what? A good profile of the user.

        Apple does pretty much the same Google does. But Tim Cook dares to go on stage and pretend they don't. That makes him a liar in my book.

        Over the years there were enough cases where we could see that apple does in fact collect data from their users without telling them (and without protecting said data properly).
        Apple is neither better or worse than Google in that respect.

        And neither of them is very interested in giving the information about their users to third parties. Their advantage in the ad/targeting business is that THEY have the profile of their users and the third parties do not.

  • Over the last few days the public has gained an unusually detailed insight into how hard Google will fight to protect its users against government overreaching, even when this involves only a single user's data.

    What are those insights?!?!?

  • by Anonymous Coward

    Where's the read me button? Not liking the changes

  • by joeflies ( 529536 ) on Tuesday June 23, 2015 @05:12AM (#49968415)

    The article says that Google lost the case several months after it started in 2011, and it was gagged from telling anyone until 2015.

    So thus, can we conclude that Google did in fact turn over all of the requested metadata on the user without his knowledge for nearly 4 years?

    The question about whether Google should fight to protect this information should be weighed along with just how much metadata that Google collects and stores about your online behavior in the first place.

    • What I also wonder is whether Google instantly informed the person in question of the demand (thereby basically ignoring the gag order which they didn't think was valid anyway).

      And is such a gag order even legally bounding the moment it's issued even if the receiving party has strong grounds to believe it is not? Because if it is, just by issuing gag order anyone could stop any information from being released for quite a while, at least until the court decided it's invalid. In this case Google seriously bel

      • A gag order is issued by a judge on procedural grounds based on the merits of the case in front of it. The DOJ would have argued that Google by informing the person targeted would taint their investigation. Usually judges will err on the side of the government, not always, but mostly they will. Since the Gag order is issued by the court, violating that gag order usually means sanctions. You don't want to get a judge pissed off with you when you're arguing a case in front of them.

        I haven't read the 300 p

    • by AmiMoJo ( 196126 ) on Tuesday June 23, 2015 @07:02AM (#49968789) Homepage Journal

      They were forced to turn over the data they had, but then carried on fighting for four years just for the right to inform the victim of what had happened. Hopefully by making it slow, expensive and time consuming for the DoJ they discouraged other such requests too.

    • by Agripa ( 139780 )

      So thus, can we conclude that Google did in fact turn over all of the requested metadata on the user without his knowledge for nearly 4 years?

      Yes. Further we can conclude that all of this information from any provider is available to law enforcement under the standard of reasonable suspicion without a warrant. In many or all cases now however the same data is available with an administrative subpena which just requires the data to be relevant to an investigation.

  • Apple recent push on "we don't want users data, etc" and then this counter piece stating that Googles the good guy, seems like puff piece to counter Apples puff.
  • by Anonymous Coward on Tuesday June 23, 2015 @05:52AM (#49968545)

    Leaving things laying around on the network is dumb. Keep repeating till the light bulb goes on.

  • I don't know who this "Lauren" person is, but their blog post is about as insightful as, I dunno, Luke Skywalker, or maybe a pet rock. Why can't editors just link to the real detail?

    https://drive.google.com/file/... [google.com]

  • I am Google (Score:4, Funny)

    by Trogre ( 513942 ) on Tuesday June 23, 2015 @06:34AM (#49968677) Homepage

    I fight... for the users.

  • Comment removed based on user account deletion
  • 48 posts and not a single "TRON" reference?

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...