DOJ Vs. Google: How Google Fights On Behalf of Its Users 78
Lauren Weinstein writes: While some companies have long had a "nod and wink" relationship with law enforcement and other parts of government -- willingly turning over user data at mere requests without even attempting to require warrants or subpoenas, it's widely known that Google has long pushed back -- sometimes though multiple layers of courts and legal processes -- against data requests from government that are not accompanied by valid court orders or that Google views as being overly broad, intrusive, or otherwise inappropriate. Over the last few days the public has gained an unusually detailed insight into how hard Google will fight to protect its users against government overreaching, even when this involves only a single user's data. One case reaches back to the beginning of 2011, when the U.S. Department of Justice tried to force Google to turn over more than a year's worth of metadata for a user affiliated with WikiLeaks. While these demands did not include the content of emails, they did include records of this party's email correspondents, and IP addresses he had used to login to his Gmail account. Notably, DOJ didn't even seek a search warrant. They wanted Google to turn over the data based on the lesser "reasonable grounds" standard rather than the "probable cause" standard of a search warrant itself. And most ominously, DOJ wanted a gag order to prevent Google from informing this party that any of this was going on, which would make it impossible for him to muster any kind of legal defense.
Re: (Score:3)
Re: (Score:2)
Re: (Score:1)
Please cite your source that Google allows "anyone" to pay to get customer data. I've been an AdWords advertiser for 11 years and I've never seen information (except in large aggregates) on who sees my ads or who clicks on my ads.
Re: (Score:1)
So you have no evidence to support your claim but will double-down and go for broke in hopes that somebody will believe you. Excellent! Shine on.
Re: FTFY (Score:5, Interesting)
because this is their business model, selling as much information about you as possible.
Utterly wrong. This is not their business model. Their model is it to, via algorithms, identify people who are most likely to respond positively to a given ad and then to show them the ad. Nowhere does this involve selling any information about even a single individual to a third party. You are simply ill informed. Also, whatever Apple does or does not claim is entirely irrelevant. After all they're a competitor. Finally, to my knowledge, there is not a single documented case of Google ever selling personal data about anybody they're tracking.
Re: (Score:1)
You... You do not have to use them and they are trivial to block. There, any other silly questions?
Re: (Score:2)
That's not their business model.
Their business model is selling targeted advertising using your data, not selling the raw data.
Less suspect than the others (Score:5, Insightful)
Re:Less suspect than the others (Score:5, Interesting)
To be fair, Apple's contributions to open source have been significant. Also in the interests of fairness, their locked down walled garden approach is one of the worst and most open-source hostile.
As TFA points out, a lot of this comes from confusion of the leaked NSA slide showing that Apple, MS, Google and others had been infiltrated. Doubtless they do have some illegal hooks into those companies, but actually the slide was saying that they were monitoring traffic between data centres belonging to their victims. Google was one of the quickest to respond to this by encrypting traffic between data centres and ensuring that there were no effective MITM attacks.
That alone we should be eternally thankful to Snowden for. That encryption vastly cut down the amount of data that the NSA was able to steal from Google users. Unfortunately MS and Apple have not been nearly as transparent about how their networks were monitored and what they did to fix the problem, so props to Google.
Re: (Score:3)
> Google was one of the quickest to respond to this by encrypting traffic between data centres and ensuring that there were no effective MITM attacks.
Those are two distinct statements: one does not automatically mean the other. The cost and difficulty of man-in-the-middle attacks rises considerably with ubiquitous encryption, it's true. But one of the vulnerabilities I've pointed out recently to proxy maintainers is that it's become quite commonplace to host SSL based traffic on an external router or loa
Re:Less suspect than the others (Score:5, Interesting)
But one of the vulnerabilities I've pointed out recently to proxy maintainers is that it's become quite commonplace to host SSL based traffic on an external router or load balancer, and carry it entirely unencrypted between that load balancer and the local server. It often eases maintenance of SSL keys and allows far less expensive, small servers to handle the actual traffic and allows the cost of robust SSL services to be shared more effectively.
Google's encryption is end-to-end. It's also not SSL-based, but instead much simpler and more robust (and more efficient), though there's nothing proprietary or custom about the encryption ciphers or protocols used (Google employs lots of cryptographers who would quickly stomp on any questionable designs). I work for Google and used to do stuff related to internal network encryption though I worked on a different aspect of it, focused on securing payments data (credit card numbers, etc.).
I think it would be awesome if Google were to publish the details of its security infrastructure, which is dramatically better than anything I saw in my 15 years as a security consultant, but AFAIK that hasn't been done so I have to keep my comments vague and high-level.
I'll also point out, since I know it has been mentioned publicly, that Google didn't actually start doing all of the link encryption in response to Snowden's revelations. It was a project that was already well under way. Snowden's information did cause the project to be accelerated, though.
From what I saw, the main effect was that the tolerance for exceptions to the encryption requirement dropped basically to zero. In an enormous and complex infrastructure like Google's there are always dozens of corner cases where anything you'd like to do is really hard for one reason or another, and so big infrastructure changes tend to take years to fully deploy, to avoid requiring project teams to drop all their productive work in order to avoid breakage from the change. Snowden's data changed the encryption mandate from "You need to get this done as soon as you can" to "Encryption will be on 100% by date X, no exceptions. If you can't see how to make it work, come talk to us and we'll help." (X was single-digit weeks away).
I know one team who had to deploy a spit-and-baling-wire construction to enable their protocol to be encrypted, and then had to fight with serious performance degradation until they got a well-designed and tested replacement in place. They begged for permission to turn off encryption for a while so they could focus on building the solid replacement rather than spending their time fighting production fires caused by the interim solution... and they were denied. This was for an important production service related to financial systems, too, which gives you a good idea of how serious Google was about the encryption mandate.
Thank you, Edward Snowden!
(I want to be sure no one thinks that last line is sarcastic. It's not. At all. I think Edward Snowden is one of the great American heroes, and I think that history will eventually give him his considerable due. I don't know anyone on the team I mentioned who would disagree, either, even though it caused them some weeks of long hours and stress.)
Re: (Score:2)
I believe that if the majority of Americans who are fed up with the lawlessness by this (and previous) administrations are able to somehow "right the ship of state" in the near future, Edward Snowdon will claim a place in history like this nations heros during the revolutionary war, for example, Paul Revere.. Considering Mr Snowdon did a similar service to the nation as Paul Revere...
Re: (Score:2)
If history is any guide, righting the ship of state is incredibly unlikely. Dictatorship and some form of imperial rule are far more likely outcomes.
Re: (Score:1)
It is a little late in the conversation to add this but maybe we should start a write-in candidacy for Snowden for president? I am not sure that he is old enough. Perhaps a senate seat and we can assume he is still a citizen of Hawaii.
Re: (Score:2)
Just to concur, I also work at Google and the security is pretty incredible. They baked it into the RPC system (predating but similar to the publicly-available gRPC) so you don't even have to think about it - it just happens automatically and still doesn't get in the way (which is a remarkable achievement). I work pretty closely with one of the teams responsible for most of the user traffic, and they did some pretty heroic stuff to secure their part (which was some huge percentage of "all of it") in like a
Re: (Score:2)
Let me pile on as another Googler.
The feeling of outrage within the organization was palpable.
The feeling of betrayal, fury and pure anger towards the NSA.
Re: (Score:3)
Apple responded by doing a full audit of code checked in around the time that the NSA claims they successfully infiltrated Apple. The most publicized outcome of the audit was the fixing of the notorious "goto fail" bug that looked innocent but would have allowed an attacker with knowledge of its presence to listen in on communication between two parties.
Re: (Score:2)
Insufficiently protecting the data of their users (iCloud).
Collecting wifi data without consent.
Just two examples that come to mind immediately.
Google and Apple are pretty much the same.
But Apple pretends not to be like Google way to much, when is clear they do the same stuff.
Re: (Score:3)
IMHO Google remains less suspect than other corporations, when it comes to defending privacy. I would never trust MS or Apple with my data.
And in my own not so humble opinion it's exactly the opposite.
You say that Apple is in it for the money - guess what Google is after? The difference is that Apple produces and sells hardware. Apple's customers are the people buying the hardware. And Apple keeps its customers happy by doing what's good for them, and not what's good for the government.
Google, on the other hand, makes most of its money from advertisements. How you can think that Google wants to defend your privacy, when their biggest sou
Re:Less suspect than the others (Score:5, Insightful)
Apple does not only sell hardware but also digital goods and ads. And to target said goods and ads they need what? A good profile of the user.
Apple does pretty much the same Google does. But Tim Cook dares to go on stage and pretend they don't. That makes him a liar in my book.
Over the years there were enough cases where we could see that apple does in fact collect data from their users without telling them (and without protecting said data properly).
Apple is neither better or worse than Google in that respect.
And neither of them is very interested in giving the information about their users to third parties. Their advantage in the ad/targeting business is that THEY have the profile of their users and the third parties do not.
Read the article ... BUT... (Score:2)
What are those insights?!?!?
Quasi-journalism at it's zenith (Score:4, Informative)
Note that I didn't say finest. It's a personal blog post rather than actual reporting, and contains little more than the summary. You are entreated to go read https://drive.google.com/file/... [google.com] - the 300+ pages of filings yourself in lieu of a journalistic treatment with more substantive information. A noble academic endeavor, but not really a "first cup of coffee" piece.
Where's the read me (Score:1, Insightful)
Where's the read me button? Not liking the changes
I'm a bit confused (Score:3)
The article says that Google lost the case several months after it started in 2011, and it was gagged from telling anyone until 2015.
So thus, can we conclude that Google did in fact turn over all of the requested metadata on the user without his knowledge for nearly 4 years?
The question about whether Google should fight to protect this information should be weighed along with just how much metadata that Google collects and stores about your online behavior in the first place.
Re: (Score:2)
What I also wonder is whether Google instantly informed the person in question of the demand (thereby basically ignoring the gag order which they didn't think was valid anyway).
And is such a gag order even legally bounding the moment it's issued even if the receiving party has strong grounds to believe it is not? Because if it is, just by issuing gag order anyone could stop any information from being released for quite a while, at least until the court decided it's invalid. In this case Google seriously bel
Re: (Score:2)
A gag order is issued by a judge on procedural grounds based on the merits of the case in front of it. The DOJ would have argued that Google by informing the person targeted would taint their investigation. Usually judges will err on the side of the government, not always, but mostly they will. Since the Gag order is issued by the court, violating that gag order usually means sanctions. You don't want to get a judge pissed off with you when you're arguing a case in front of them.
I haven't read the 300 p
Re:I'm a bit confused (Score:4, Informative)
They were forced to turn over the data they had, but then carried on fighting for four years just for the right to inform the victim of what had happened. Hopefully by making it slow, expensive and time consuming for the DoJ they discouraged other such requests too.
Re: (Score:2)
Yes. Further we can conclude that all of this information from any provider is available to law enforcement under the standard of reasonable suspicion without a warrant. In many or all cases now however the same data is available with an administrative subpena which just requires the data to be relevant to an investigation.
Re:Let's not pat them on the back (Score:5, Insightful)
Re: (Score:2)
I'm not comfortable applauding corporations for protecting their bottom line and neither should anyone else be.
If I were a shareholder (I'm not) , I'd definitely consider applauding Google's protection of their bottom line
Why the hate? (Score:3)
Seems that, for some people, Google cannot possibly do anything right.
No matter matter Google does, or does not do, some people have to find some reason to hate Google anyway.
Why does the timing of this seem like counter puff (Score:2)
Re:Horseshit. (Score:5, Informative)
Thanks to Snowden and Greenwald, we know Google, and its 800lb gorilla friends Apple and Microsoft actively participated with the NSA and its PRISM program.
Bullshit. You lie and you've been called out. We do not know anything of the sort. Feel free to link to a single released document from Snowden (or any of the NSA leakers) that shows, or claims otherwise.
We know that Powerpoint slides purportedly from Snowden, that he proportedly stole from the NSA, show NSA boasting of having broken into Google. If they had to break in where was the "active participation"? And why the rapid restructuring to stop the data breach?
We know Google has lead and participated in major campaigns that threaten the wholesale spying by the NSA. And we know that despite the usual "gravitate towards evil in the name of short-term profits" that shareholder owned companies succumb to - that Google remains a company that mostly practices "enlightened self-interest" (probably helped by the type of people they employ). We believe it's more productive to cheer good work and criticise bad than the reverse (we, in this instance, does not include you).
You on the other-hand, demonstrably - know nothing (Yeah - that Bill Gates is an altruist [slashdot.org] and Google only implements security [blogspot.com.au] after the Snowden leaks). The reason you smell shit everywhere is not because of your superior vision and intellect - it's that your head is up your arse.
You seem like the fanboi face-painter type who refuses to consider it possible not to worship at a particular altar of commerce or technology (like shopping at a range of retailers instead of recalcitrantly spending at one only, while singing their jingle).
Re: (Score:3)
You obviously prefer reading Google press releases, here is real news instead:
The original NSA document [theguardian.com] stating seven companies helped with PRISM, one being Google.
[The] presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge
News from today another example [firstlook.org] of how little Google values privacy.
You Millenial fanboi's are so gullible. Corporations could give two flying fucks about you or your privacy, bu
Re: (Score:2)
You obviously [blah, blah, dodge, dodge, more attempts to baffle with bullshit]
Read the first paragraph of the first link [theguardian.com] you referred to, then re-read what I wrote (if your lips don't get too sore). Big difference between your claim Google "actively participated" and "the NSA gained access". Confirmation bias much?
You need to workshop your shilling with Mike Rogers before you post - that way you'd look less of a dick when claiming Google, Apple and others co-operated with the NSA, while he happily claims the "backdoors" "don't harm privacy" - and simultaneously "wants front-doors". B
Re: (Score:3)
I do believe that 80% of what Snowden leaked is true to some extent but based on the sniff test, the other 20% is bullshit. The problem then becomes trying to filter out what's crap and what's truth. Do I believe that Google, Apple and Microsoft had to cooperate with the DOJ and FBI? Absolutely, they're required to by law. Do I believe that they're vanguards of liberty and privacy? Fuck no. Do I believe that the NSA has taps on all their data centers? No Do I believe that the NSA has tried to tap int
It's not your data, folks. (Score:3, Insightful)
Leaving things laying around on the network is dumb. Keep repeating till the light bulb goes on.
Detailed insight? (Score:2)
I don't know who this "Lauren" person is, but their blog post is about as insightful as, I dunno, Luke Skywalker, or maybe a pet rock. Why can't editors just link to the real detail?
https://drive.google.com/file/... [google.com]
I am Google (Score:4, Funny)
I fight... for the users.
Re: (Score:2)
Alright, so someone did make a TRON reference after all.
+1 to you, sir.
Re: (Score:2)
WTF (Score:2)
48 posts and not a single "TRON" reference?