China Google Hack Shows Security Gaps... Or Issues In Online Surveillance Apps?
from the take-your-pick dept
Google's decision to change how it deals with China was supposedly precipitated by a hack attack on its computer system that was apparently most likely instigated by the Chinese government. While many are discussing how this shows the level of computer-based espionage -- corporate and national -- going on these days, a more interesting take comes from Julian Sanchez, who notes that the real issue isn't so much about hacking into computers, but about the official "surveillance" apps that companies now use to placate law enforcement. That's because what was hacked at Google was its surveillance app that it uses to help deal with law enforcement requests. As Sanchez notes:The irony here is that, while we're accustomed to talking about the tension between privacy and security--to the point where it sometimes seems like people think greater invasion of privacy ipso facto yields greater security--one of the most serious and least discussed problems with built-in surveillance is the security risk it creates.Indeed, we were just discussing how more surveillance can make us less safe by creating a bigger backlog, but Sanchez is pointing out that it's even worse than that. More surveillance can make us less safe because it can more easily expose data that should have been deleted. Creating surveillance databases creates a huge opportunity for attack. Remember those telco databases we were talking about that make it easy for law enforcement officials (hopefully with a warrant) to track your location by GPS? You have to imagine those make a nice target for hacking as well... And that's true of any such surveillance database. While they're supposed to help keep us "safer," they also put a ton of valuable info in a single place -- which makes them attractive targets for those who wish to make us less safe.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: china, safety, security, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
most likely instigated by the Chinese government.
yup me thinks maybe it was some yankie that just wanted to pull some bs on china. and we trust the fbi is still making good use of googles tools ?
yes yes perfect
trust the fbi and google to report the truth
[ link to this | view in chronology ]
Re: most likely instigated by the Chinese government.
[ link to this | view in chronology ]
Re: most likely instigated by the Chinese government.
[ link to this | view in chronology ]
Re: Re: most likely instigated by the Chinese government.
how that works is anyone's guess.
if they saw some way to benefit from it, it wouldn't surprise me at all.
[ link to this | view in chronology ]
Interesting angle...
That's a hell of an angle. I like it.
[ link to this | view in chronology ]
Power
[ link to this | view in chronology ]
The protective capability simply doesn't exist
Damage control after the fact is still a very important component of defense-in-depth, every bit as much as controls at other layers.
[ link to this | view in chronology ]
I can just see some crimal/terrorist now
[ link to this | view in chronology ]
Hacking.
But at least was not like the AT&T routers that logged people on others people's accounts on facebook right?
http://www.hardware.info/nl-NL/extcontent/ZpuZZ5hpmZfGbpSSyA/ATT_Network_Routing_Flaw_Conc erns_Security_Experts/
http://utalk.att.com/utalk/board/message?board.id=HSIA&thread.id=15145
Or the fix of the TLS protocol that prevents people from hijacking secure connections that will take a year to deploy.
Google wont be able to correct those things because is not Google fault entirely, there are many vectors of attack and some are Google independent(human operation failure, javascript, flash, JAVA, XSS, CSS overflow, browsers permission scalation, SQL injection, memory overflow, file type memory overflow and many many others).
Will people start using a mail manager to not let hotmail accounts expire and let others create a new account and ask for a change in password accounts?
Will people start signing their emails with encrypted keys to have a chance of having some certainty about who is sending them something?
Will Google be able to stop flash and javascript worms? or be able to catch all XSS in their services?
Will people stop using HTML viewing as an email standart?
I don't think so and they will be all vulnerable to scripts and no commom sense.
[ link to this | view in chronology ]
By the way.
[ link to this | view in chronology ]
IT WAS NOT THE CHINA GOVERNMENT
[ link to this | view in chronology ]
NAME OF THE GAME IS POLICITCS
[ link to this | view in chronology ]
NAME OF THE GAME IS POLICITCS
[ link to this | view in chronology ]