Patriot Act Haunts Google Service

The Globe and Mail has an interesting piece taking a look at Google's latest headache, the US Government. Many people are suddenly deciding to spurn Google's services and applications because it opens up potential avenues of surveillance. "Some other organizations are banning Google's innovative tools outright to avoid the prospect of U.S. spooks combing through their data. Security experts say many firms are only just starting to realize the risks they assume by embracing Web-based collaborative tools hosted by a U.S. company, a problem even more acute in Canada where federal privacy rules are at odds with U.S. security measures."

Not good enough

[Naughty Bob]

Spurning these services will mark you out for further surveillance straight away.

Have they never read Crime and Punishment?

Re:Not good enough

[Anonymous Coward]

I would, but I am afraid to check it out from the library and get added to the terrorist watch list.

Re:Not good enough

[CodeBuster]

It is sad, but that is precisely what used to happen in the old days of the Soviet Union except then it was the list of "enemies of the people". One might reasonably ask what the "wrong book" is doing in the library if checking it out gets one's name put onto the list of "enemies of the people" but such questions are invariably ignored in pursuit of "the enemies of the people". The punishment continued even after one had served time in the form of a wolf ticket [wikipedia.org] and being sent to the 101st kilometer [wikipedia.org]. It is scary to think that certain types of ex-criminals are effectively getting the same treatment today in the United States.

Re:Not good enough

[fugue]

The "wrong book" is in the library in order to fish for enemies of the people. Sort of how Bush was on the ballot to fish for people who should never be allowed to reproduce. Only someone forgot an important detail somewhere along the way.

Citizen!

[gnutoo]

Be sure to use Vista, which indexes everything and eliminates all stovepipes that soot up the tubes to central services. If you use older versions of XP or Free Software, the terrorists will win!

Re:Not good enough

[TommydCat]

This guy [google.com] spurned the services and look what happens to him!

Re:Not good enough

[GodfatherofSoul]

A government agent in an unmarked car drove up and handed him a wad of cash? Sign me up!

Re:Not good enough

[grcumb]

Spurning these services will mark you out for further surveillance straight away.

'Mark you out?' The fact of the matter is, everything we transmit outside of the firewall is subject to surveillance these days. And most companies have no clue how much of their data is crossing the firewall every day.

I don't know why people are getting their knickers in a knot over Google, when the main problem lies with the US backbone carriers, who - with only one known exception - have opened their networks to constant and widespread monitoring by US security agencies. Google at very least had the guts to fight a public legal battle with the Feds over release of even sanitised data.

The story here may be the danger to companies when they bring these companies inside the firewall, but again, refusing to trust Google is a funny place to start enforcing data integrity. The plain and simple fact is that the greatest threat of corporate data leaks is from staff who, whether through sins of omission or commission, carry sensitive data on laptops, thumb drives, CDs without any protections whatsoever.

I'd like to believe that data protection regimes are so advanced in these companies that the potential threat posed by Google and other online services is the main concern, but I find that impossible to do. I have to conclude, therefore that this is nothing more than a tiny kernel of truth wrapped in chocolatey FUD-ness that PHBs and corporate counsel love so much.

Re:

[Naughty Bob]

'Mark you out?' The fact of the matter is, everything we transmit outside of the firewall is subject to surveillance these days. And most companies have no clue how much of their data is crossing the firewall every day.

I was simply saying that boycotting something most people do raises a question mark against you as surely as more obvious, 'incriminating' behaviour. At least, it would if I was in charge.

Re:Not good enough

[grcumb]

I was simply saying that boycotting something most people do raises a question mark against you as surely as more obvious, 'incriminating' behaviour. At least, it would if I was in charge.

Point taken.

... And I'm really glad you're not in charge. 8^)

Re:Not good enough

[dwalsh]

I don't know why people are getting their knickers in a knot over Google, when the main problem lies with the US backbone carriers, who - with only one known exception - have opened their networks to constant and widespread monitoring by US security agencies.

Who dat?

Re:Not good enough

[theonetruekeebler]

Qwest. And shortly afterwards the U.S. government started finding excuses to (a) cancel existing contracts with Qwest, (b) declare them ineligible to for future no-bid contracts, and (c) preventing them from bidding on other contracts. Qwest alleges that hundreds of millions of dollars were routed around them to telcos more willing to play along. Good summary here [washingtonpost.com].

Re:

[rtb61]

I think you miss the point. Google a for profit corporation, is basically doing what those government agencies are doing and that everybody is complaining about. Really, which is worse a corporation with profit as it only goal (aside from the typical modern feel good marketing campaign), which will ultimately seek every competitive advantage in the pursuit of endless profit growth (censoring freedom and democracy in autocratic countries, no problem), or a government agency with public oversight, subject to

Re:I Propose

[protolith]

I propose Google Subpoena Gpoena - A searchable database of all of the gov't data requests and all associated legal documents, especially what is being requested and why.

The snooping would be greatly curtailed if there was no anonymity for a snooping govt. If every request was made naked in front of the teeming millions only the most vital info requests would occur.

Request for serches from machine No 000.000.000.0000 in relation to ongoing criminal investigation associated with charges of ... ... ... ... would seem legit.

Request for all machines that searched for "TSA" , "Liquid" , and "explosive" for ongoing terrorist investigation would suddenly seem quite dubious without better specifics.

This could work

[fv]

I agree that exposing the extent of this could definitely help. When I received multiple FBI subpoenas in 2004 for Insecure.Org [insecure.org] web logs, I notified Nmap users [seclists.org] and it was posted to various web sites, including Slashdot [slashdot.org].

After all of that press four years ago, the subpoenas stopped and I haven't received another one since. Maybe it is just a coincidence, but I'm happy about it nonetheless.

In other Nmap news, version 4.60 was just released [seclists.org]. You might want to download it with Tor though, just to be on the safe side in case the subpoenas resume :).

-Fyodor

Re:

[ScuzzMonkey]

I haven't looked at it lately, so maybe it's one of the expired provisions, but wasn't one of the more insidious problems with PATRIOT was that subpoenas issued under its auspices could not be revealed to anyone, or even the fact that they had been issued at all? Don't want those terrorists to know we're looking for 'em, after all.

That was really the most frightening part of the whole thing, although few people picked up on it (apparently--maybe those that did were just hustled off in the middle of the nig

Re:This could work

[theonetruekeebler]

I believe you were entirely within your rights to act as you did, Fyodor, but would be grateful if you'd take a moment to elaborate on why you chose your course of action.

From Securityfocus's account [securityfocus.com] and your own [seclists.org] it sounds like the FBI was trying to chase down a botnet that, as part of some process, downloaded Nmap 3.77. You emphasized that their requests were very narrowly crafted: a specific file requested via a specific user-agent within a specific five-minute window. It certainly didn't sound like a fishing expedition. If I had to guess, the requests were probably tied to the investigation of a specific criminal act or actor and they were trying to strengthen a case by establishing place-and-time.

My sleep-deprived analogy is this:

There's been a rash of burglaries recently where the perpetrators used a chainsaw to go straight through the side of the building. Yesterday morning a chainsaw burglary took place and the sheriff noticed a broken 16" Stihl chain near the hole. There was a second chainsaw burglary yesterday afternoon.

Meanwhile, you are the owner of Fyodor's Hardware, the busiest hardware store in three counties, and the tri-county area's only seller of Stihl chainsaws and accessories. You easily sell forty or fifty replacement chains a day.

So this morning the sheriff comes to you and asks if you sold or installed a 16" Stihl chain yesterday between 11:00 AM and 2:00 PM, and if so who did you sell it to. In fact, you sold ten, just like any other day.

Not a perfect analogy, I know, but seriously, what do you do? I mean, you could make him come back with a subpoena, but let's skip that step and get to the crux of the matter: You sold ten new 16" Stihl chains yesterday and it's the sheriff's opinion that one of them probably went to the chainsaw burglar. You, he and every defense attorney and Slashdotter all know there's always the chance the burglar got the chain somewhere else and that at least nine of your sales were to honest customers. If you tell the sheriff about all ten sales, to what extent (if any) have you violated the rights of all the non-criminal chain buyers? If on the other hand you refuse to cooperate, how do you justify the social cost of the continued burglaries against the rights of ordinary chain buyers?

I think it's an interesting dilemma. As I said, I certainly respect that you took a principled stand (or at least stayed slippery enough that you didn't have to), but not everything that law enforcement -- even the FBI -- does is a sinister conspiracy against civil liberties. Sometimes they really are just trying to catch a bad guy.

Time for google.ca?

[argent]

Time for Google to move to Vancouver?

Only terrorists host files abroad!

[Digestromath]

In this day and age, anyone who 'hides' thier data beyond the reach of America's patriotic government data mining operations is a cut and clear terrorist! Whether it be in some dank and dusty cave in the mountains of Afghanistan, or a climate controlled secure facility in Canada.

Uncle Sam says "Do your part, keep data in America!"

When you host abroad, your hosting with Osama!

Privacy is for the unpatriotic!

Re:Only terrorists host files abroad!

[dgatwood]

I hope the person who modded this insightful understands that this is irony. I hope that this is irony. If either of those two hopes turn out to be unfounded, I will likely lose what little faith I have remaining in humanity....

Re:

[node 3]

Resting your faith in humanity on two random slashdotters? You shall become a cynic in 3, 2, 1...

Re:Only terrorists host files abroad!

[Metasquares]

Tangential, but I find that small groups of people can restore faith in humanity, while it generally takes the actions and behaviors of large groups to dash it.

Re:

[Anonymous Coward]

Yes, even Elliot Spitzer got in trouble for hosting a broad

Re:Time for google.ca?

[Ogive17]

I think the bigger issue is how much information google is actually storing. I don't care if Canada's government respects the individual's privacy more.. the temptation is there for future abuse.

I'm not one that usually gets paranoid and I hate conspiracy theories.. but google worries me. Even if they never do anything wrong as a company, it just takes one person with bad intentions to make all that information public.

There is something wrong with a company that wants to be everything to everyone. (look at Microsoft)

Re:Time for google.ca?

[Sancho]

Since the article is about collaboration tools (like Google Docs and mail), I certainly hope that Google is storing the relevant information!

As for other information (such as who is searching for what), well they're probably not storing significantly more than Yahoo or MSN. Google's just one of the more popular targets because they're pretty highly visible.

The Patriot act says that, under certain circumstances, a service provider may not notify its customers that they've released their records. That's one of the biggest issues here--companies want to know if their documents are being viewed.

Re:Time for google.ca?

[jo42]

Someone should tell the US Gooberment that all their Crackberry©(tm) e-mail traffic goes through a data center in Canada, eh? See how fast The Bushies and Their Henchmen annex The Great White North, eh?

Re:Time for google.ca?

[Gonoff]

annex The Great White North

Be very careful! Look what happened the last time the US fell out with Canada! http://en.wikipedia.org/wiki/Burning_of_Washington [wikipedia.org]

Re:Time for google.ca?

[osu-neko]

Yup. Last time we invaded Canada, they kicked out asses back across the border. Although we did manage to burn down the Parliament in York (now Toronto) before leaving. :)

It's interesting, what they do and don't teach you about the War of 1812 in American schools. Like the fact that, oh, you know, we lost? Sure, we won a few nifty battles, but overall we lost the war. They didn't stop impressing our sailors or interfering with our trade because we fought a war over it, they stopped because they'd only been doing it as part of their war against Napoleon, and that war ended. In the treaty that ended the war, we agreed to a return to status quo ante bellum -- basically a big undo button: things were to return to exactly the state they were in before the war. But the British had been fine with the state of things before the war, we're the ones that had a list of demands for things to change. In the end, we agreed to no change. We did that because the alternative being argued by the other side was for the US to make territorial concessions to Britain. We were lucky we managed to get everyone to agree to just forget the whole thing, and doubly-lucky that the changing circumstances of the world basically obsoleted our original demands.

Re:

[iminplaya]

Or google.cx?

Only a small step away from goatse..

Re:

[xmedar]

Cayman Islands would be better, make Google a bank there and users account holders (with a zero balance of course) and all the data would be covered by the Caymans banking laws, any snooping would get the perp extradited and charged with breaking the bank secrecy laws.

Re:

[Albanach]

make Google a bank there and users account holders (with a zero balance of course)

Crazy idea. They should make all the account holders with a balance like their gmail quota. That way, I could sit all day with online banking open watching my balance increase!

Re:

[casuist99]

One point I'd like to make about encrypting your email: you have to trust the person on the receiving end not to pass your (now) decrypted email on to another party. If you're picked up by the Feds after sending an email detailing an illegal act, I'd look to your "friend", the recipient, before I jumped to the conclusion that the government defeated your encryption.

Hate to say I told you so, but....

[mdm-adph]

...well, you know how the rest goes.

Don't keep logs

[Threni]

There's no reason why Google (et al) need keep logs of who's doing what. Websites keep logs largely to trace attacks, don't they? Can't they have a standard EFF-approved `we keep logs for 24 hours` policy, after which time they're removed permanently?

Re:

[innerweb]

Look for legislation with a rider that excuses Google from any information sharing with government caretakers.

InnerWeb

Re:Don't keep logs

[innerweb]

Ack... Proofread your posts!!!

Look for legislation with a rider that excuses Google from any legal liabilities for information sharing with government caretakers.

Though, I would prefer the wording of my first post.

InnerWrb

Re:

[Bigbutt]

Didn't proofread it again, did you :)

[John]

Re:

[innerweb]

lol!

Probably not. I am trying to cram my /.ing in between compilations and editing of a database for a commerce catalog. now, that gets proofread.. though my posts suffer.

InnerWeb

Re:Don't keep logs

[vux984]

There's no reason why Google (et al) need keep logs of who's doing what.

Ok, how naive are you?

Websites keep logs largely to trace attacks, don't they?

That's one element of it, but for most sites its a minor element. Most sites keep logs to trace where users are going, how they are using the site, etc.

Most site-admins are interested in where users are going on the site, how they get their, where they leave, how they arrive, how long they spend on each page, etc. They want to know which pages are popular, they want to know at which stage people usually abandon their shopping cart, etc, etc.

They generally want to make the site more effective, and logs (and analysis of those logs) are a primary tool.

Google, of course, being an ADVERTISNG company first and foremost, is further interested in logs in order to generate profiles, to attach your surfing habits to demographics. They want to know how old your are, what your interests are, how much you make, your ethnicity, level of education, etc. Now, getting that from one site would be nearly impossible. But when you consider that every site that has 'ads by google' on it, is doing its best to track you, they actually CAN get a lot of that information with a high degree of accuracy.

These logs are valuable. If they develop a new algorithm to extract new information they can run it against their logs and pull out that additional information.

And with google its not just -logs-, its content. Google apps like gmail, groups, documents, maps, store your content. So now they have your content (your email messages, your text documents and spreadhseets + a good chunk of your browsing history, possibly including what you've bought online... or at least what you've added to shopping carts, etc.

Google isn't in business to provide you with free useful applications. The value to google of google docs and gmail is to be able to data mine the content to generate profile information.

Can't they have a standard EFF-approved `we keep logs for 24 hours` policy, after which time they're removed permanently?

Even if they -would- delete your logs after 24 hours (They won't without a huge fight.) that still doesn't address the issue of google hosting (and data mining) your content, not to mention the risk they might turn it over to the us government if they ask.

Re:Don't keep logs

[vux984]

Of course, they could do quite a bit of this anonymously.

With enough 'anonymous' data you can unmask the identity. A few cases have already shown this.

While they can get some information from the IP address, it's not nearly as useful as information from the Google Cookie.

That's true in theory. In practice its very nearly as good in a great deal of cases. If you sign into gmail from home, they'll be able to link the ip address to the account. So even when you aren't logged in they can attach data to the profile, with a 'liklihood' of being the same, or at least an affiliated person. (affiliated people are likely in similiar demographics...)

Once they have a list of ip addresses you use your account from, you might as well be logged in. Sure it won't be 100% accurate, but the link is strong enough to be useful. And if your dynamic ip address changes, they'll pick you up again next time you log-in.

Proxy servers etc can also help, but even the proxy is useful... if your proxying in from webgate5.marketing.ibm.com that's useful information too. And they still have session cookies.

Even the combination of NAT address + browser + windows size + java version + etc can make a usable session variable. Its more than enough to track a session from page to page, especially on smaller sites, even if they are behind a proxy and have cookies disabled. If that session is at any pointed linked back to a 'authenticated' connection -- e.g. logging into a google app, all your 'supposedly' anonymous surfing can be linked.

Sure if you go to a web cafe and surf around they might not be able to make any useful inferences if you don't login to your gmail, but that's the exception not the rule.

Consider a scenario where two PCs are behind a NAT/Proxy - person X accesses gmail then continues along to a number of other sites: A, B, C, and D. Later on someone else, person Y, behind the same proxy accesses sites E,F,G,H and then logs into gmail. In both cases google can reliably link the history to the correct account.

Over time, someone from behind the proxy visits sites A,B,C on a regular basis. Google can with high probability link all that data to person X, even if its an isolated session that never visited gmail. If someone later visits E,F,H, that data can be linked to profile Y.

Sure it -might- be wrong, but odds are its not. And its right often enough to be worth making these inferences for the purposes of placing targeted ads.

Re:Don't keep logs

[AHuxley]

Its the NSA at the choke points of google's wonderful optical roll out that should have most of you thinking a bit harder.
Google wants to play nice in Asia, the NSA upgrades in Hawaii.

http://cryptome.org/google/kunia-us.htm [cryptome.org]

Not just Canada...

[uid7306m]

Yup. In the UK, here, the Data Protection Act makes it legally dubious to put anyone else's data onto Google. Here, there's a responsibilty to protect personal data.

Re:

[26199]

You could replace the word "Google" in that sentence with the name of any other company. You can't just randomly give out personal data to anyone if you're following UK law.

If it's part of doing business and done properly, you can do it. It's standard that when the recipient is an American company there is a "safe harbour" agreement that requires they follow the provisions of the Data Protection Act.

The question is, do crazy US laws make it impossible for US companies to respect the privacy of their cus

Re:

[cayenne8]

"The question is, do crazy US laws make it impossible for US companies to respect the privacy of their customers?"

Actually, companies respecting the privacy of their customers, it a bit of a new thing, and not observed by all of them. Many companies make a GREAT deal of money gathering, storing and selling data like this. This company [acxiom.com] has made tons of money over there years gathering and buying data from all sorts of companies, to market, sell...and use to clean other company's databases.

Re:

[innerweb]

There is a responsibility to protect data in the US as well. That is why Homeland Security spends os much time gathering it. They have to make sure your information is clean, and then arrest oyu and stop you from making it more unclean if you seem to be doing so.

Oh, yeah, they do go after criminals as well, especially the ones not in power or unable to come up with the right campaign contributions.

InnerWeb

Geography, politics and RIM

[Midnight Thunder]

Yup. In the UK, here, the Data Protection Act makes it legally dubious to put anyone else's data onto Google. Here, there's a responsibilty to protect personal data.

The truth is, if your provider is in a foreign country, then you should expect that the government can do whatever they want with its hardware - this about territory and not constitution. At the same time your own government is probably going make laws which suits themselves about the data you access. How this mess sorts itself out depends on th

Re:

[DerekLyons]

To be fair - it's legally dubious to put anyone's data on any computer not directly and physically controlled by the organization charged with maintaining the data. I.E., it's not just Google.
 
But being honest and answering fully doesn't let you get in a gratuitous attack on the US government.

PGP

[Rinisari]

Perfect time to consider PGP.

http://firegpg.tuxfamily.org/ [tuxfamily.org]

Re:PGP

[26199]

That would be when nasty laws that allow law enforcement to demand cryptographic keys come into play.

These days encryption just makes you a target. Clearly the way forward is steganography :)

Re:PGP

[Digi-John]

yes, sTeganogRaphy seems like a good idea to me... perhaps we coUld even embed SecreTs iN Our messages ON slashdot or somEthing...

Re:

[MicktheMech]

Not even Indy [theraider.net]?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Tragically PGP is too hard to use

[sjbe]

Perfect time to consider PGP.

When you can figure out a way to make public key encryption so easy even my mother can use it I'll be happy to try. I'd love to use it but the person on the other end of the message has to be willing to try too. I haven't found anyone I correspond with yet willing to jump through the hoops required. Maybe you've had better luck than I have.

Never mind the fact that almost no one except serious geeks have even heard of, much less actually understands, public key encryption.

Re:

[Chemisor]

> When you can figure out a way to make public key encryption so easy even my mother can use it I'll be happy to try.

Try enigmail [mozdev.org].

Re:Tragically PGP is too hard to use

[Zatar]

It's not just hard to use, it's also ugly as hell. I thought about starting to use PGP again recently and just using it for digital signatures makes my email nearly unreadable never mind using actual encryption. Here's a nice one-line email:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey dude, how's it going?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFH6CrifPJd VEzW7qwRAs8fAKCSg8j qWO8zfHpIrNKJ zBtrHF54UwCfQWhO
lGZk7Ys4hl e1OqxyEuHn1EY=
=izSS
-----END PGP SIGNATURE-----

If I sent this it a non-geek they'd probably go WTF? and tell me my email program is broken.

It would need to be transparently integrated into all popular email programs so that no one actually needs to see the code in their inbox. An argument could be made that in the long run PGP has actually made the problem worse by allowing email vendors to punt on the concept of encryption and just tell users "if you want encryption use PGP" instead of having to develop an integrated solution that actually works well enough for mass adoption.

Re:

[internic]

I can only say that I haven't had that happen. I've never even had anybody ask what it is, and this almost certainly includes people who know nothing about public key encryption. People are also probably used to superfluous attachments since, for example, email clients that send HTML emails usually send both an HTML and a plain text version together using MIME.

Privacy is an illusion

[rbanzai]

The war over privacy in the U.S. was fought during the last eight years and common people lost. Nothing is secure. No information is out of reach of any government agency that decides it wants it, and there are no legal protections. Laws are in place now to make sure that our old image of privacy can never be restored, no matter what the current presidential candidates might claim. They don't us t have that privacy back because it does not serve their purpose.

The war was fought. We lost. I don't blame people from other nations for being concerned but if they haven't already lost privacy where they live they soon will, and it isn't coming back.

Re:

[tmosley]

Just remember that the American people have not yet begun to fight!

The only question is, WILL they fight?

Comment removed

[account_deleted]

Comment removed based on user account deletion

"Patriot" act

[iamacat]

What is so patriotic about passing laws that will eventually put US companies out of business in the era of hosted applications while terrorists will simply move their sites abroad?

Re:"Patriot" act

[Fjandr]

I think the problem is assuming that Congresscritters are patriotic on the whole or that they have any thoughts outside of ensuring their own re-election.

All they have to do is shout "Think of the children" or "We need this to fight terrorism" and the majority who have no interest in delving into the consequences of any given action will line up behind them like good little citizens.

Re:"Patriot" act

[Sperbels]

All they have to do is shout "Think of the children" or "We need this to fight terrorism" and the majority who have no interest in delving into the consequences of any given action will line up behind them like good little citizens.

That'll only work for so long. Then they'll need a new boogey man to scare the shit out of everyone. It's almost amusing sometimes to watch old movies to see how our nation's top boogey man evolves... right now I'm thinking of Back to the Future. During that era, the boogey men were Libyans. They used to be Russians, and Germans/Japanese before that, and now it's Al Qaida. Is there ever a time when we don't single out someone as the enemy and use them as an excuse to gain more control of the domestic population? I guess I just hate freedom...don't listen to me.

Re:"Patriot" act

[Fjandr]

I quite agree. If there is no enemy, one will be invented. Like stereotypes, there's always some truth involved in making a particular group "the enemy," but that's just to make it plausible among the masses. No critical thought required to accept that some new group is Public Enemy #1.

Re:"Patriot" act

[robertjw]

I think the problem is assuming that Congresscritters are patriotic on the whole or that they have any thoughts outside of ensuring their own re-election.

I really think most people in Congress try to do the right thing. A police state, in theory, is SAFER than a free society. If we all lived in a supermax prison, had our nutritional balanced meals fed to us every day, had a mandated exercise program, forced healthcare and bars on the door we'd probably all live a lot longer.

Problem is this country was based on liberty, but freedom comes with a lot of risk and responsibilities. When people are free to do what they want there are a certain segment that will abuse those freedoms by blowing up buildings or shooting people in college classrooms. Unfortunately, most people don't want to be free, they want to be safe, and Congress tries to do what the people want. Historically, this is how cultures survived. Rulers came to power because they could protect their citizens. Sure, they got rich and powerful in the process, but why shouldn't they. They were protecting their people.

The Patriot Act is just another method to keep people safe. Until the average Joe decides he would rather be free than safe, the oppression will continue.

Re:"Patriot" act

[pimpimpim]

the standard phrase comes to mind:

you only want what they tell you to want

But really, you could decrease bombings, high-school shootings, and all of that shit, by not actively trying to destroy governments of foreign countries, and by instead spending that amount of money on fighting poverty and uneducation. People being too little educated as they are, they are easily convinced to believe the "let's invade and stop terrorism" stuff they are told.

As for "how cultures survived", I am not sure if you can give me the name of a culture that traded freedom for oppression that survived in a healthy way.

Re:

[dgatwood]

Absolutely, I often say the same about the word "professional". If you feel the need to call yourself a professional [insert occupation here], you almost certainly are not (with the possible exception of professional athletes since sports is so rarely a profession). This applies doubly for product descriptions, e.g. "Try our new professional-grade Blend-O-Matic." This doesn't apply to product names, though, since "Pro" is commonly used to distinguish between different product variants.

But I digress.

Unbelieveable!

[Flakeloaf]

You mean, if I enter personal information on a free web server run by some organization whose business model is the harvesting and sale of personal information, that my personal information might not be kept private?

Horror of horrors.

Re:

[Crypto Gnome]

Since when is Google an

organization whose business model is the harvesting and sale of personal information

?

I could accept the argument that "processing your private emails to better qualify my search engine results" could be considered "harvesting" but I wasn't aware that Google in any but the weirdest and most remote sense "sold" the information they collected.

Yes, they effectively "sell" the results of the analysis of what they collect, but that is not the same thing at all.

Otherwise I've got this "analysis" of 100tons of Pure Gold I'd like to sell you, bargain prices ;-)

Ahem...

[GoodbyeBlueSky1]

Since now: Google Takes Control of DoubleClick [google.com]

Re:Unbelieveable!

[JustinOpinion]

Just in case you're serious (or someone else suffers from the misconception embodied in your post):

The issue here is not with users voluntarily using Google services (search, gmail, etc.). Rather it is with companies who want to outsource their data needs to Google. In addition to the visible public products that Google has, it also offers corporate solutions: for instance if a company wants to outsource their email system, or have Google run search and collaborative software for use inside the company.

Google is trying hard to make these new kinds of products work. But unfortunately U.S. laws mean that any data that ends up on Google servers can be snooped by U.S. authorities. Many companies don't like the idea that the U.S. government will have such broad access to their data. In many countries where strong privacy laws exist (Canada, U.K., etc.), allowing the data to be managed by a U.S. company would then actually be illegal--since the company couldn't guarantee integrity or privacy of the data.

The end result of this is that Google is at disadvantage in the global marketplace because of the over-reaching U.S. laws. Google isn't the only one, of course: I'm sure U.S. companies have been losing lots of contracts because international businesses are wary of storing or moving data through U.S. systems since it is now well-known that such systems are not immune to U.S. government monitoring or interference.

How did google get singled out?

[joeflies]

ever look at the kind of data stored in an online CRM, like salesforce.com? complete sales records, every email to every client, all the product defect issues. Maybe the SEC and the IRS may decide to look at raw data and not wait for the auditor report to come back.

Re:

[scubamage]

Why is it that decent posts like this get rated down? Stupid mods.

I do agree.. google isn't the only one that keeps large stores of information and records - only google has their business modeled around storing and manipulating this data.

Re:

[Clansman]

They weren't singled out. TFA is just saying that, because of the law, some users are getting wary. The example in the article is a university that happened to use Google. What made it news worthy is that they themselves recommended to their own users not to transmit secrets. Some of their users are hacked off because they expect a secure network.

Not a conspiracy against google ...

C

p2p

[jamshid]

If I exchange an email, link, song, or video with my friend, why does that have to be a marketing opportunity for some company?

I'm on the Internet, my friend is on the Internet, we should be able to communicate directly, privately, and securely. Sure, unless we have a 24/7 connection, we'll need some intermediate place to store the data, but we shouldn't need anything more than a dumb bitshifter for that.

I don't want to rent my eyeballs to google or anyone else. Yes, I know private person-to-person communic

Conspiracy

[Hao Wu]

I'm not worried about Google enabling or cooperating with the government. I'm worried that Google IS the government... maybe the FBI/NSA/CIA.

Some people say the same about Microsoft.

Re:Conspiracy

[db32]

I can debunk this one easily.

Google works as advertised and works well.

You name one government service that has ever worked as advertised or worked well.

Clearly, Google is too productive and effective to be a government thing.

Typical Near-Sighted Govt Policies

[Crypto Gnome]

• use Hosted-App-Services from US Based Company ==> Get Spied Upon via Patriot Act
• use Hosted-App-Services from Al-Qaeda ==> Get Spied Upon via Patriot Act

Where is SeaLand [sealandgov.org] when you need them?

Corporate Espionage?

[SuperBanana]

Many people are suddenly deciding to spurn Google's services and applications because it opens up potential avenues of surveillance.

Um, how about corporate espionage? Nothing, absolutely nothing, stops Google from harvesting everything they can get their hands on- and they have the storage systems and human expertise to do it.

Case and point: I emailed a link to a wiki I had just set up to 3 people, two of whom had Gmail accounts. A spider from Google hit the page hours before anyone else did, hitting the wiki just after I emailed the link out. There were no public links to the site, and no referral URL.

So, let's see: processing your email to show you relevant ads? Check. Processing email to feed URLs to their spider? Check. What else does Google do with your email? Wouldn't it be the greatest tool in their quivver- the "God Google"? Sit down with HipWebShit.com, then an hour after the meeting and see a)How many people search/click on links for HipWebShit b)Who from HipWebShit.com has sent gmail users email (and what it says...), c)Who is talking about HipWebShit from/to a Gmail account period (ie general "valley buz"?

Hint: why do you think Google has so many PhDs? It starts getting creepy when you realize that Google seems to work very hard to keep their employees inside the google campus as much as possible, how secretive their operations are (seriously, nobody can compete with them anymore- it's not like they're guarding the henhouse for competition reasons) and how cult-like the atmosphere is...

Re:Corporate Espionage?

[hxnwix]

It starts getting creepy when you realize that Google seems to work very hard to keep their employees inside the google campus as much as possible, how secretive their operations are (seriously, nobody can compete with them anymore- it's not like they're guarding the henhouse for competition reasons) and how cult-like the atmosphere is

More sympathetically: if you keep the workers at work, they work more. However, I can't discount your view completely. Perhaps they really are preparing their worker bees for the transfer to the comet hale bop UFO, and if you are correct, they'd want to hold those workers close to their incorporeal breast so that word of this lunacy doesn't spread beyond the compound confines.

I emailed a link to a wiki I had just set up to 3 people, two of whom had Gmail accounts. A spider from Google hit the page...

Oh my gord. They sent a digital arachnid!?

Hint: why do you think Google has so many PhDs?

I don't know. Because they're employing Dr. Evil(s)?

Re:Corporate Espionage?

[PS3Penguin]

Or .. its how the gmail anit-smap system tries to find and filter out spam / virus links by tasting what links are sent to gmail recipients and looking for known exploits / spam / etc. Sorry if that was tin-foil-hatted enough :)

NSA

[hhawk]

Of course it is reasonable that the US Government could have been one of early funders of google, but then generally government are not that smart.

database =! security

[globaljustin]

the Mountain View, Calif.-based company will not discuss how often government agencies demand access to its customers' information or whether content on its new Web-based collaborative tools has been the subject of any reviews under the Patriot Act

Google isn't doing nearly enough to keeps its users informed about privacy issues. A press release saying "We're doing everything we can" isn't nearly good enough from the company that wants to organize all the world's information.

If anything, the federal law enforcement should be watching Google to ensure they aren't violating their user's privacy.

Part of me is hopeful that eventually the misguided people in government who think you can fight terrorism with a database will learn and change. Not everyone in the government is as evil as Bush/Rove/Cheney. If databases stopped terrorism, we wouldn't have had 9/11...at least one person on each of the 9/11 planes was on the terrorist watch list (in the database).

File/Info sharing

[ludomancer]

I'm adamantly against this new society of surveillance, but I also enjoy the freedom that the internet has blessed our generation with. What would be an acceptable meeting point to me, is if governments around the world could help themselves to all the info they can eat, but they and every other corporate entity should have to lay off file sharing and free distribution of knowledge and information online.

It has to go both ways to work, but at least we level things out a bit!

In-Q-Tel

[triffidsting]

Surely it helps their cause that Google was originally partly funded by the venture capital investment arm of the CIA (In-Q-Tel)... Are people just now becoming wise to this, or did they just forget?

POP/SMTP Lets Anyone Read Your E-Mail

[da' WINS pimp]

From TFA:

"Mr. Puk says teachers want an in-house system that doesn't let third parties see their e-mails."

Then screw GMail, they better be using encryption anyway! I know most here know this, but someone needs to hit the author and this school's faculty with the clue stick. If you are just using a plain old POP/SMTP client without encryption anyone with access to a packet sniffer can read your email at any point along the route, whether it be in the US or Canada. Its is amazing (read: scary) the number of f

Haunting eh?

[Oktober Sunset]

I pulled off the rubber mask, and it turns out it was old man Cheney, the creepy vice president!

Now to get out of here before the FBI find my Scooby Snacks. Scoobydoobiedooooo!!

An example consequence

[Sara Chan]

From TFA:

For instance, a [university] researcher with a Middle Eastern name, researching anthrax or nuclear energy, might find himself denied entry to the United States....

It could be worse than that. He might be allowed to enter, and then be detained on the basis of Google-supplied information. Especially if he was not a Canadian citizen.

No rule of law with data hosted in the US

[farbles]

The trouble here is not Google, it is the fact there is no longer the rule of law with regards to data hosted in the United States. When the government can take any information they like from a server hosted in their country with no warrant, no notification, no nothing, then it's not law, it's criminal activity no matter who does it.

Here in Canada this has been a big deal now for the last couple of years. I've been at many IT meetings where tracking down what was hosted on US-based servers and removing it back to Canada has been on the agenda. We're not perfect here but we do have PIPEDA [privcom.gc.ca], the protection of privacy act, binding our ISPs. You need access to data, convince a judge and get a warrant. That's the rule of law.

That this US government data free-for-all has not been a big deal to American sysadmins has been a source of more than a little concern and confusion to us here north of the border. As long as there remains an Emperor in the White House rather than a President I guess there will be no movement on this.

Erased White House email, backups, and hard drives without penalty despite a legal court order? That's some government you guys have running there. You might want to do something about it.

Re:

[farbles]

No, I'm not confusing anything. Do a lookup on National Security Letters. Their power is greatly expanded under the Patriot Act. The upshot is if a high ranking FBI, CIA or Pentagon person or their designee wants some information, digital or physical, they can take it and not tell you about it for as long as they want. No judicial oversight and limited administrative oversight which has found that these "rules", as loose as they are, are still being broken lots of times. They can "sneak and peek" anything a

Ir surpasses understanding...

[John Hasler]

...why anyone would entrust any data of any importance at all, secret or not, to free services provided by an advertising agency. I can see using it to plan your frat party or organize Little League games, but using it for business?

it also haunts...

[nguy]

It also haunts your ISP, your E-mail provider, and probably your backdoor-infested commercial OS.

Are they just NOW figuring that out?

[erroneus]

I'm rather surprised more aggressive measures to circumvent US communications and all other paths of commerce and communications haven't been attempted. Wanna do warrantless wiretaps on foreigners? Fine. Watch the foreigners build new lines of communications that do not connect to the U.S. Wanna log, fingerprint, probe and scan all foreigners who happen to fly over or through the U.S.? Fine. Watch the foreigners start to build airports in Mexico and Canada to avoid U.S. soil. Wanna monitor and observe all foreign commerce through U.S. banks? You get the idea.

At some point, the rest of the world will tire of these policies and take step to make the U.S. less relevant.

Re:Are they just NOW figuring that out?

[m.ducharme]

If enough countries get sick of the US' bullying, they could basically tell the WTO to piss off. The WTO is just a bunch of agreements made by world leaders after all. If the EU, and China, and the rest of Asia decided to make the US irrelevant by restricting trade, who'd enforce the embargoes? Hell, China just has to cash in its greenbacks and you're all screwed. What exactly do you think is propping up the American economy right now, other than China, Japan, maybe a few other creditor nations? You don't think the EU would love to see the Middle East receiving payment for oil in Euros? The American gov't has two things going for it: the military, and the world's biggest consumer culture.

The Iraq war is showing everyone what the limits of the US military really are (they can't handle a geurilla war in a country that they'd previously bombed the snot out of for twelve years, despite the best-equipped military in the world), and China and India -- that's 2B potential consumers, kids -- are set to outpace American consumption levels, probably in the next decade or two, less if we're all really unlucky.

You know, it doesn't even matter what the rest of the world does, the US government is well on the way to making your country a backwater anyway. Too bad you're going to take us down with you.

we've seen this ourselves

[ddent]

First hand experience this is true:

We have several customers who have dedicated servers with us where one of their deciding factors in choosing us was that we can offer them service out of our Vancouver data centre.

In some cases this is not just a 'nice to have' feature. For some customers, putting their data in the US would be illegal - the patriot act is not compatible with our privacy laws.

Huh???

[LWATCDR]

While I am not one of the Google faithful I must say that your criticism is at best miss placed.
Google has fought when the US government wanted them to turn over customer records in the past. They do not seem to cooperate with the US government anymore than is required by law. Anytime you use a hosted service you loose some privacy. Once the data leaves your systems you have lost some privacy and control.

If you want to scream at Google for not living up to there "Don't be evil" line. I suggest that there following US laws it far less evil than their good relationship with China.

Re:

[iminplaya]

Google has fought when the US government wanted them to turn over customer records in the past.

That's what we've been told...by Google. There's no way of knowing what they log, or what they hand over, while they supply plenty of dramatics to keep us distracted.

Re:Don't be evil?

[mOdQuArK!]

Can you imagine what Google could really do if they were utterly unscrupulous about manipulating the political process in their favor?

Every politician who crossed them would have every possible scandal associated with them come up on the front search page whenever somebody was looking for info about them. Politicians who did what Google told them to would have all their scandals banished to the 300th page.

Muck-raking reporters would be mysteriously signed up for Google Alerts on Google-hostile politicians, and might "mysteriously" receive private documents from the hard drives of those politicians & their interns who happen to be running the "Google Desktop" toolbar.

Or some hacker might "discover" how to get the search histories of selected politicians, and suddenly the politician has to explain why he keeps searching for child porn photos.

Re:VIRUS ALERT

[Anonymous Coward]

This has a spoofed link whose structure identical to this post http://science.slashdot.org/comments.pl?sid=496946&cid=22837250 [slashdot.org] which, when clicked on, downloads a virus, brings up dozens of pages in Firefox in seconds and tries to use mailto: BEWARE curious people.

Re:

[Jeremy Erwin]

So, you're a loyal supporter of the government, who refrains from doing anything that could be even possibly construed as naughty?

Re:

[SwashbucklingCowboy]

If you don't care about your Constitutional rights that's fine, but some people do and we'd like to protect them if you don't mind.