Patriot Act Haunts Google Service

The Globe and Mail has an interesting piece taking a look at Google's latest headache, the US Government. Many people are suddenly deciding to spurn Google's services and applications because it opens up potential avenues of surveillance. "Some other organizations are banning Google's innovative tools outright to avoid the prospect of U.S. spooks combing through their data. Security experts say many firms are only just starting to realize the risks they assume by embracing Web-based collaborative tools hosted by a U.S. company, a problem even more acute in Canada where federal privacy rules are at odds with U.S. security measures."

Not good enough

Spurning these services will mark you out for further surveillance straight away.

Have they never read Crime and Punishment?

Re:Not good enough

I would, but I am afraid to check it out from the library and get added to the terrorist watch list.

Re:Not good enough

This guy [google.com] spurned the services and look what happens to him!

Re:Not good enough

Spurning these services will mark you out for further surveillance straight away.

'Mark you out?' The fact of the matter is, everything we transmit outside of the firewall is subject to surveillance these days. And most companies have no clue how much of their data is crossing the firewall every day.

I don't know why people are getting their knickers in a knot over Google, when the main problem lies with the US backbone carriers, who - with only one known exception - have opened their networks to constant and widespread monitoring by US security agencies. Google at very least had the guts to fight a public legal battle with the Feds over release of even sanitised data.

The story here may be the danger to companies when they bring these companies inside the firewall, but again, refusing to trust Google is a funny place to start enforcing data integrity. The plain and simple fact is that the greatest threat of corporate data leaks is from staff who, whether through sins of omission or commission, carry sensitive data on laptops, thumb drives, CDs without any protections whatsoever.

I'd like to believe that data protection regimes are so advanced in these companies that the potential threat posed by Google and other online services is the main concern, but I find that impossible to do. I have to conclude, therefore that this is nothing more than a tiny kernel of truth wrapped in chocolatey FUD-ness that PHBs and corporate counsel love so much.

PGP

Perfect time to consider PGP.

http://firegpg.tuxfamily.org/ [tuxfamily.org]

Tragically PGP is too hard to use

Perfect time to consider PGP.

When you can figure out a way to make public key encryption so easy even my mother can use it I'll be happy to try. I'd love to use it but the person on the other end of the message has to be willing to try too. I haven't found anyone I correspond with yet willing to jump through the hoops required. Maybe you've had better luck than I have.

Never mind the fact that almost no one except serious geeks have even heard of, much less actually understands, public key encryption.

Re:PGP

yes, sTeganogRaphy seems like a good idea to me... perhaps we coUld even embed SecreTs iN Our messages ON slashdot or somEthing...

Privacy is an illusion

The war over privacy in the U.S. was fought during the last eight years and common people lost. Nothing is secure. No information is out of reach of any government agency that decides it wants it, and there are no legal protections. Laws are in place now to make sure that our old image of privacy can never be restored, no matter what the current presidential candidates might claim. They don't us t have that privacy back because it does not serve their purpose.

The war was fought. We lost. I don't blame people from other nations for being concerned but if they haven't already lost privacy where they live they soon will, and it isn't coming back.

Facebook

Quick, everyone join Facebook [commongrou...nsense.org] in protest!

"Patriot" act

What is so patriotic about passing laws that will eventually put US companies out of business in the era of hosted applications while terrorists will simply move their sites abroad?

Re:"Patriot" act

I think the problem is assuming that Congresscritters are patriotic on the whole or that they have any thoughts outside of ensuring their own re-election.

All they have to do is shout "Think of the children" or "We need this to fight terrorism" and the majority who have no interest in delving into the consequences of any given action will line up behind them like good little citizens.

Re:"Patriot" act

All they have to do is shout "Think of the children" or "We need this to fight terrorism" and the majority who have no interest in delving into the consequences of any given action will line up behind them like good little citizens.

That'll only work for so long. Then they'll need a new boogey man to scare the shit out of everyone. It's almost amusing sometimes to watch old movies to see how our nation's top boogey man evolves... right now I'm thinking of Back to the Future. During that era, the boogey men were Libyans. They used to be Russians, and Germans/Japanese before that, and now it's Al Qaida. Is there ever a time when we don't single out someone as the enemy and use them as an excuse to gain more control of the domestic population? I guess I just hate freedom...don't listen to me.

Unbelieveable!

You mean, if I enter personal information on a free web server run by some organization whose business model is the harvesting and sale of personal information, that my personal information might not be kept private?

Horror of horrors.

Re:Unbelieveable!

Just in case you're serious (or someone else suffers from the misconception embodied in your post):

The issue here is not with users voluntarily using Google services (search, gmail, etc.). Rather it is with companies who want to outsource their data needs to Google. In addition to the visible public products that Google has, it also offers corporate solutions: for instance if a company wants to outsource their email system, or have Google run search and collaborative software for use inside the company.

Google is trying hard to make these new kinds of products work. But unfortunately U.S. laws mean that any data that ends up on Google servers can be snooped by U.S. authorities. Many companies don't like the idea that the U.S. government will have such broad access to their data. In many countries where strong privacy laws exist (Canada, U.K., etc.), allowing the data to be managed by a U.S. company would then actually be illegal--since the company couldn't guarantee integrity or privacy of the data.

The end result of this is that Google is at disadvantage in the global marketplace because of the over-reaching U.S. laws. Google isn't the only one, of course: I'm sure U.S. companies have been losing lots of contracts because international businesses are wary of storing or moving data through U.S. systems since it is now well-known that such systems are not immune to U.S. government monitoring or interference.

How did google get singled out?

ever look at the kind of data stored in an online CRM, like salesforce.com? complete sales records, every email to every client, all the product defect issues. Maybe the SEC and the IRS may decide to look at raw data and not wait for the auditor report to come back.

Corporate Espionage?

Many people are suddenly deciding to spurn Google's services and applications because it opens up potential avenues of surveillance.

Um, how about corporate espionage? Nothing, absolutely nothing, stops Google from harvesting everything they can get their hands on- and they have the storage systems and human expertise to do it.

Case and point: I emailed a link to a wiki I had just set up to 3 people, two of whom had Gmail accounts. A spider from Google hit the page hours before anyone else did, hitting the wiki just after I emailed the link out. There were no public links to the site, and no referral URL.

So, let's see: processing your email to show you relevant ads? Check. Processing email to feed URLs to their spider? Check. What else does Google do with your email? Wouldn't it be the greatest tool in their quivver- the "God Google"? Sit down with HipWebShit.com, then an hour after the meeting and see a)How many people search/click on links for HipWebShit b)Who from HipWebShit.com has sent gmail users email (and what it says...), c)Who is talking about HipWebShit from/to a Gmail account period (ie general "valley buz"?

Hint: why do you think Google has so many PhDs? It starts getting creepy when you realize that Google seems to work very hard to keep their employees inside the google campus as much as possible, how secretive their operations are (seriously, nobody can compete with them anymore- it's not like they're guarding the henhouse for competition reasons) and how cult-like the atmosphere is...

Re:Corporate Espionage?

It starts getting creepy when you realize that Google seems to work very hard to keep their employees inside the google campus as much as possible, how secretive their operations are (seriously, nobody can compete with them anymore- it's not like they're guarding the henhouse for competition reasons) and how cult-like the atmosphere is

More sympathetically: if you keep the workers at work, they work more. However, I can't discount your view completely. Perhaps they really are preparing their worker bees for the transfer to the comet hale bop UFO, and if you are correct, they'd want to hold those workers close to their incorporeal breast so that word of this lunacy doesn't spread beyond the compound confines.

I emailed a link to a wiki I had just set up to 3 people, two of whom had Gmail accounts. A spider from Google hit the page...

Oh my gord. They sent a digital arachnid!?

Hint: why do you think Google has so many PhDs?

I don't know. Because they're employing Dr. Evil(s)?

Re:Corporate Espionage?

Or .. its how the gmail anit-smap system tries to find and filter out spam / virus links by tasting what links are sent to gmail recipients and looking for known exploits / spam / etc. Sorry if that was tin-foil-hatted enough :)

Only terrorists host files abroad!

In this day and age, anyone who 'hides' thier data beyond the reach of America's patriotic government data mining operations is a cut and clear terrorist! Whether it be in some dank and dusty cave in the mountains of Afghanistan, or a climate controlled secure facility in Canada.

Uncle Sam says "Do your part, keep data in America!"

When you host abroad, your hosting with Osama!

Privacy is for the unpatriotic!

Re:Time for google.ca?

I think the bigger issue is how much information google is actually storing. I don't care if Canada's government respects the individual's privacy more.. the temptation is there for future abuse.

I'm not one that usually gets paranoid and I hate conspiracy theories.. but google worries me. Even if they never do anything wrong as a company, it just takes one person with bad intentions to make all that information public.

There is something wrong with a company that wants to be everything to everyone. (look at Microsoft)

Re:Time for google.ca?

Someone should tell the US Gooberment that all their Crackberry©(tm) e-mail traffic goes through a data center in Canada, eh? See how fast The Bushies and Their Henchmen annex The Great White North, eh?

Huh???

While I am not one of the Google faithful I must say that your criticism is at best miss placed.
Google has fought when the US government wanted them to turn over customer records in the past. They do not seem to cooperate with the US government anymore than is required by law. Anytime you use a hosted service you loose some privacy. Once the data leaves your systems you have lost some privacy and control.

If you want to scream at Google for not living up to there "Don't be evil" line. I suggest that there following US laws it far less evil than their good relationship with China.

Re:VIRUS ALERT

This has a spoofed link whose structure identical to this post http://science.slashdot.org/comments.pl?sid=496946&cid=22837250 [slashdot.org] which, when clicked on, downloads a virus, brings up dozens of pages in Firefox in seconds and tries to use mailto: BEWARE curious people.

Re:Don't keep logs

There's no reason why Google (et al) need keep logs of who's doing what.

Ok, how naive are you?

Websites keep logs largely to trace attacks, don't they?

That's one element of it, but for most sites its a minor element. Most sites keep logs to trace where users are going, how they are using the site, etc.

Most site-admins are interested in where users are going on the site, how they get their, where they leave, how they arrive, how long they spend on each page, etc. They want to know which pages are popular, they want to know at which stage people usually abandon their shopping cart, etc, etc.

They generally want to make the site more effective, and logs (and analysis of those logs) are a primary tool.

Google, of course, being an ADVERTISNG company first and foremost, is further interested in logs in order to generate profiles, to attach your surfing habits to demographics. They want to know how old your are, what your interests are, how much you make, your ethnicity, level of education, etc. Now, getting that from one site would be nearly impossible. But when you consider that every site that has 'ads by google' on it, is doing its best to track you, they actually CAN get a lot of that information with a high degree of accuracy.

These logs are valuable. If they develop a new algorithm to extract new information they can run it against their logs and pull out that additional information.

And with google its not just -logs-, its content. Google apps like gmail, groups, documents, maps, store your content. So now they have your content (your email messages, your text documents and spreadhseets + a good chunk of your browsing history, possibly including what you've bought online... or at least what you've added to shopping carts, etc.

Google isn't in business to provide you with free useful applications. The value to google of google docs and gmail is to be able to data mine the content to generate profile information.

Can't they have a standard EFF-approved `we keep logs for 24 hours` policy, after which time they're removed permanently?

Even if they -would- delete your logs after 24 hours (They won't without a huge fight.) that still doesn't address the issue of google hosting (and data mining) your content, not to mention the risk they might turn it over to the us government if they ask.

Re:Conspiracy

I can debunk this one easily.

Google works as advertised and works well.

You name one government service that has ever worked as advertised or worked well.

Clearly, Google is too productive and effective to be a government thing.