I'm just curious: If this program in reality did not give the government unfettered access to Google user data as has been claimed by The Guardian and Snowden, would there be any amount of evidence that could now be presented to you that would convince you that you were misled?
>Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.
Sounds suspiciously like they are going to ruin everyone's nerd rage.
I really doubt Google is going to play chicken about something so serious as giving away all their user data. Is it incomprehensible to you that they are telling the truth?
The problem Google has is that a huge number of their users -- those in foreign countries -- have (finally) realised what has been public knowledge for years: they have no legal protection at all from the US government examining data Google holds about them and that Google readily comply with such requests and aren't really in a position to do much else. 'Telling the truth' involves restating this truth in the full glare of worldwide publicity. The more they try to reassure americans that everything they did was 'legal'[1] and only targeted foreigners, the more foreigners they alienate.
So from a PR perspective I don't see how Google can fix this unless US law substantially changes (or they employ crypto on the users side but that undermines the economics of much of their business).
[1] I'm not convinced that it is legal under EU data protection law and Google does have a presence in the EU, but I'm no lawyer.
> "employ crypto on the users side but that undermines the economics of much of their business"
This is true, at least in Google's situation. However I think there is an untapped market of people that want to be advertised to, provided the advertising is relevant.
Surprisingly I think traditional print magazines actually have this figured out. The advertisements for designer clothing, watches, and booze get a lot of readership in "gentleman/bachelor/whatever" magazines (not sure what the correct term there is, not trying to refer to porn (well, except Playboy)) and I suspect that removing them would actually damage their subscription rates. Now, these adverts obviously are not targeted to the individual, but I think they nevertheless demonstrate the concept.
>Telling the truth' involves restating this truth in the full glare of worldwide publicity. The more they try to reassure americans that everything they did was 'legal'[1] and only targeted foreigners, the more foreigners they alienate
I'm sorry but where are you getting this from? Google has categorically stated that they do not share data without court approved mandates. There is no mass "targeting" that is going on, no matter what the nationality.
No, I am talking about much less specific interests, as his use of the phrase is similarly broad.
Nor does his attempt to marginalize an interest imply that the interest is marginalized on HN. It concerns me that you are so eager to misread others' comments, and defend comments that contain no substance, only name-calling.
It's one thing to care about privacy issues, it's another to believe (and react to, and soapbox about) a distorted and inaccurate version of reality. A lot of the "nerd rage" has involved people assuming facts that may not in fact be true. People who do this marginalize themselves. In general we call them "conspiracy theorists."
For the facts that do indeed turn out to be true, soapbox away.
As I have seen it used, "nerd rage" is really just a way of saying "if you care about this, you are a nerd", which is implicitly wrong. If the intent is to call into question the accuracy of statements, then there are better ways to do that.
Aggregate number of requests is one thing, but perhaps some indication of how much content is provided with the average request would be required to really indicate what is going on here?
An API may serve millions of requests per day and return single-integer responses, or it might serve one batch query per day and provide a nested document with many sub-sections.
From the article: "We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope"
As others have stated, it's fairly apparent that the parent poster wasn't talking about actual numbers, and was painting an example where the number of requests is meaningless without the scope (i.e. does each request specify one individual, or 20 individuals?). That said, this includes NSLs (National Security Letters) which do not have to go through a court, and which I don't believe there are any published numbers for (either in number of NSLs or their scope).
This is the kind of response I was expecting from tech companies. The mistrust of the government has extended to this industry and we can't simply rest on a simple denial of the accusations. Many people now believe that companies like Google send a complete copy of their entire customer records to the NSA. That is a dangerous belief and like discussed on other threads here, it could really damage the long term viability of the tech industry. This is at least a start to try to change public opinion.
It could really damage the long term viability of the __US__ tech industry dealing irreparable damage to one of the major assets of the US economy has. I would expect companies that need a strong international security reputation to begin closing up shop and moving away.
The NSA just killed the goose that lays the golden egg and not much is going change that.
I disagree that this is a problem limited to US companies. With the global nature of the tech industry, I think a product's or service's country of origin has seen a reduced importance over the years. I don't think the average consumer knows that Waze is based in Israel. I don't foresee anyone considering the NSA and choosing a Canadian designed Blackberry phone over a US designed Apple one. Instead I think this will just instill a general distrust of technology and the cloud. I doubt people will be discerning enough to focus their suspicions.
Yes and no. Example from the German government (10 Aug 2010):
"Germany's interior minister said that politicians and senior civil servants in government should avoid mobile devices such as the iPhone and the Blackberry, citing security risks and increasing hacker attacks.
(...)
ministers and senior civil servants have been told to rely on the German-made Simko2 gadgets, on advice from the German federal office for information security (BSI)."
I think it will cause a deinternationalization of the technology industry since each government will want it's citizens to use local tech (if you think governments can't force this look at S. Korea and IE). US companies are some of the most international, so this will hurt US companies the most and it will reduce the margins of all the big players across the board (that is, short GOOG).
Maybe corporations could go off the coast of nation states[0]… not that they will beyond the influence of them, but states may have no legal authority over them under those circumstances so they may have more freedom to be more transparent to the public because of their interests to their bottom lines.
Without government intervention, I don't think this news will disrupt the habits of typical consumers. They'll continue using whatever is easy or the most popular.
Corporations that have a vested interest in providing security (or the illusion thereof) may reconsider cloud-hosted solutions. But that's probably a relatively small market.
I agree! This opens the door for new services based in countries like Iceland to compete in the international market.
I'm surprised libertarian minded investors like Peter Thiel have not began a fund in some of these countries.
Even signaling such a move would give Google, Facebook, etc. strong argument to fight off NSA's broad requests and we all win!
I'd really enjoy hearing Thiel's perspective on this whole issue given that he is a libertarian with a strong business relationship with the NSA and a strong business relationship with facebook.
I wouldn't say the NSA killed the goose any more than I would say any other organizations that request warrants for user data did. What killed the goose was mass hysteria caused by a mistaken belief that Google let NSA see any user's data at the touch of a button. Poor journalism killed the golden goose.
How can you blame journalism when the nature of those data requests is such that in some cases companies (and even politicians) cannot talk about them, cannot fight them in court and they do not have to be approved by a judge?
This leaves a lot of space for speculation, how can somebody possibly know if they didn't request a bulk copy of all Facebook data? Or issue a billion seperate requests when by law nobody can talk about the count and scope of those requests.
If I were a journalist, the first thing I would question is if they did exactly this, because they wrote a law that allows exactly this type of behaviour.
Because the fact that there were secret requests for user data was already known since FISA came into being in 2005. This had nearly zero effect on the cloud companies. It took the clearly ridiculous assertions of The Guardian to kill the golden goose.
> mistrust of the government has extended to this industry
I'm sorry, are we now taking the opportunity to blame big evil government for this?
The mistrust of this industry has always existed as a completely separate issue due to the utter lack of respect for privacy and privacy related laws, an attitude of which Google is one the most prominent exponents. This is a company that lobbies governments against privacy protection.
An industry that has for years tried to convince the public that surrendering your privacy to them for profit is perfectly okay has zero credibility in this matter.
You have a valid point, but you're overlooking a really crucial difference: data in the hands of a corporations means something entirely different from data in the hands of government. One of them has a monopoly on the use of force and the other doesn't. At least, that's the distinction that is important to me.
Not to mention that one is voluntary* and one isn't. Sheesh, my grandparent comment needs a healthy dose of perspective.
*I'm using voluntary here in the most straightforward sense possible. You can switch services if you'd like, or even turn off ad targeting for most services. You cannot, however, go to a an nsa.gov link and click the "Please don't track me" box.
I'm only upvoting this not because I have much loyalty or trust left for Google, but because I want many other companies to follow their lead and flood the Administration with such requests.
I still feel this does very little, though. They need to be asking them for much more. They need to ask them to end the spying. Until then I'm still hoping Google, Microsoft, Facebook and others will suffer greatly for this abroad, and lose a ton of business and customers, both small and major.
Maybe then they'll start doing some real lobbying to the government to end the madness, and maybe the government will stop thinking all the spying is worth breaking all international relationships and hurting the US economy in the process.
Until that happens, if Google cares that much about encryption and their users' privacy, they should show me they are willing to implement OTR, ZRTP and PGP in their services. The same goes for Microsoft and Facebook. Otherwise, this press release means nothing except for showing that "they are doing something".
1. Google probably should offer passive S/MIME on mail. START TLS goes a long way, but providing the same signals about message authenticity to people who IMAP from gmail as who use the web UI would be nice.
A non-google-trusting way to do PGP with a better UI/UX would also be a nice feature for gmail. Just indicating "encrypted" at the message-list view or something. I have PGP working quite nicely in mutt, but a lot of people seem to prefer webmail.
2. I'd actually prefer a world where signals intelligence, outside extremely tactical intelligence, were impossible through technical means. I think we'll be there at some point, just because the cost of protection is dropping.
(confidentiality and message integrity should be feasible for any reasonable government defender at this point. traffic analysis/direction finding/etc. burns bandwidth and latency budgets, so that might be harder, but you can do arbitrarily well.)
The US (government and citizens/private industry) probably has more to gain from universally strong COMSEC vs. effective USG SIGINT.
I'd bet "before 2025", absent some major catastrophe. First you build systems which let platform developers centralize trust, then the essential step is letting individuals or organizations pick their own roots of trust (and some kind of crazy web of trust thing for interchange).
We're doing a pretty good job on mobile of "centralized trust", and also sort of with cloud infrastructure, if not apps.
At least, we'll have secure infrastructure on which people can continue writing insecure applications by 2020-2025. The "people writing insecure applications" won't stop until people stop writing applications, hopefully replaced by non-humans writing applications, maybe in 2050+.
Everytime I think about the S/MIME and PGP issue I can't get away from the fact that you need to give your private key to the client-side JS. I'm not sure we've found all the security flaws we'll find in the browser JS model so that just seems risky to me (especially for digital signature purposes).
And as you mention, you would still have to trust Google.
W3C webcrypto, done in a smart way, is probably one of the most critical pieces of security infrastructure to be built today.
I'm not talking about giving the real PGP or S/MIME to Google; just a UI flag saying "this message has special content, click here to download". And some kind of low-assurance S/MIME signature which just says "was downloaded from gmail" to protect from local modification. I'm not sure how mail clients deal with multiple s/mime signatures (or s/mime + PGP inside).
It's not being done in a particularly smart way; Web Crypto has more to do with enabling pure-web plugin-free streaming media than with enabling secure browser-based PGP.
Presumably all it would take would be Google, Apple, or even Mozilla to do something more real on their own. I'd probably bet on the Chrome doing it more than anyone else.
STARTTLS is supported on both IMAP/SMTP. Email from Google outgoing uses TLS encryption (at least to my mail server), email from my server to Google also uses TLS encryption.
IMAP is already TLS encrypted.
The biggest missing puzzle piece is making it simpler for people to get S/MIME set up (or PGP for that matter), and having it work with all major mail clients (yes, Mail.app is a major mail client).
Right now S/MIME still requires too many steps to get the lay person to set it up, same with PGP, we need something that is secure from the get-go with very minimal effort required on the users part.
The downside is that S/MIME and PGP don't really fit into the online world, no longer will it be simple to open the browser and go look at your email, you will be required to have your keys with you. Securing those keys becomes the second problem, one that has partially been solved with smart cards and other devices that will do signing/encrypting/decrypting on the card without giving up the private key... but loss is still an issue so key escrow becomes a big thing.
It is an interesting problem, with interesting challenges and I look forward to seeing how we as a group of technologists solve them. Once it becomes easy enough for grandma and grandpa to use secure encrypted communication it will become much harder to do wide-scale snooping on data.
The lowest hanging fruit is probably a simple way to get S/MIME certs for mail.app (osx/ios). There isn't really an easy way to get a cert right now as an individual. A "real" cert is around $20-30 from top companies, and maybe $5-10 for others. Obviously someone could do their own for free.
I wish you wouldn't phrase your questions like that as it invites some to accuse you of implying that it's either the US spies on everybody or ends all foreign signals intelligence.
Also, the fellow you replied to didn't specify what sort of spying needs to be stopped. He could have no issue with foreign signals intelligence (which presumably means spying on non-US folks).
The argument is that all meaningful communications (outside military tactical, and even there, a lot of it) is moving to the Internet. Without applying SIGINT to the Internet, you essentially can't have meaningful foreign SIGINT capability anymore. It's very difficult to distinguish between foreign and domestic parts of foreign-origin threats, and even more so on the Internet, at collection time.
(Even worse, as the transport security part gets better, you either need to add a bunch of active-attacker MITM or somehow compromise endpoints. At some point, even if you thought purely passive SIGINT collection was fine, the level of prior restraint on service providers/developers becomes absurd and probably no one would support it; witness the key escrow crypto wars of the 1990s.)
Generally NSA seems to put a good amount of effort into minimization post-collection. But, that only works if you trust them to be 1) forever competent and 2) forever equally ethical.
It's not about a few people using those encryption tools. It's about major companies like Google making them mainstream tools, and also making them very easy to use (as easy as it can get).
I'm curious what the other big reasons are. I send & receive GPG encrypted messages via Gmail occasionally and it's no different than using any other mail provider (of course, I'm using mutt, GnuPG, and SMTP/IMAP and not web-mail).
No, there isn't. Protecting secrets cryptographically is an engineering problem. There are right answers and wrong answers, and having Google Mail deliver PGP to you directly is a wrong answer.
First, you know full well that security is a matter of degree, and not binary thing. It's tradeoff against convenience that can be made more easily when there's a trusted third party. We're already willing to trust webmail providers with all our email -- how can it possibly be worse than the status quo if suddenly everyone can use PGP transparently, too?
Well, they are trusted 3rd parties, regardless of whether or not you happen to trust them. Anyone who has a private Gmail account necessarily trusts Gmail.
In any case, the argument isn't that webmail is perfect for implementing PGP. The argument is that
1) no one uses PGP now because no on else uses PGP
2) if webmail providers deployed PGP, everyone would be using PGP
3) some use of PGP is better than no use of PGP
It really seems like some people are cutting off their PGP noses to spite their PGP faces. I remember when the assumption with vegetarianism was that you were either a vegetarian (and never ate meat) or you were a meat eater (and ate meat regularly). So people kept eating meat regularly because they "couldn't give up meat", thus believing in a false choice. If vegetarians had been pragmatic, they'd have realized that would have been much easier, and would save more animals, if you convinced 95% of people to give up meat 95% of the time.
Dear privacy advocates: stop wanting everything yesterday, because it's keeping you from getting something tomorrow. Most change takes place gradually. Webmail providers deploying PGP will instantly create millions of PGP users, which will at the very least serve a valuable educational and awareness purpose. These users will gradually become more concerned with the implementation details, triggering a gradual increase in overall privacy and security.
I would. Any secrets we allow the government to keep are a license to be abused. They're barely capable of following their own laws under the microscope. I doubt they even try so long as the citizens aren't aware of their activities.
> And the surveillance process must comply with the Fourth Amendment.
This phrasing seems to suggest that the intended target of FISA 702 - the US cloud data of non-US-resident non-US-citizens - enjoys Fourth Amendment-based protections, such as the probable cause requirement, under FISA 702. But in fact it seems that (IANAL) FISA 702 is compatible with the Fourth Amendment (if it is) only in the sense that slavery was compatible with the Fifth Amendment: simply because the Fifth Amendment does not apply to slaves. If 702 envisaged non-resident aliens' US cloud data as being protected by the Fourth Amendment then it would presumably require the US government to establish probable cause at the FISC (or some other court). But in fact 702 doesn't seem to require the government to claim any kind of cause or suspicion or even state any purpose or motivation for the search to the FISC. The FISA 702 PowerPoints obtained by the ACLU under FOI make it clear that the US government understands FISA 702 as removing the probable cause requirement http://www.aclu.org/files/pdfs/natsec/faafoia20101129/FAAFBI... .
"if Google cares that much about encryption and their users' privacy, they should show me they are willing to implement OTR, ZRTP and PGP"
That would only make sense if they wouldn't be required to become your key escrow service (=custodians of your private keys). PGP is also a pretty bad choice for private communication, as it offers no forward-secrecy. Something like client-side OTR implementation would be better.
In expressing his view that Google is being harmed by USG's lack of transparency (combined with the godawful operational security of the contractor-run intelligence agencies), is Google's chief counsel here starting to build the standing to sue the government?
If this whole debacle sets up an epic confrontation between Google and the DoJ, I may have to reevaluate how irritated I am at how "Prism" has been reported. More Greenwald agita! Let's see if we can pick a fight!
My perspective on this is going to sound weird to you.
1. I am very irritated at inaccurate and sensationalized reporting.
2. I think the USG should have been much more open and forthcoming, at least in the aggregate, about how foreign signals intelligence was coming into contact with online services used mostly by citizens.
3. I think leaking details of signals intelligence programs should be a crime.
4. I hope Google picks a giant fight with the DoJ and wins it.
I agree with your perspective, with the exception of a slight modification to #3. I believe that leaking should be a crime, but I also believe that if the court of public opinion judges the original secret worse than the leak, that it should become politically out-of-bounds to actually prosecute the case.
I think there's a world of difference between Bradley Manning and Edward Snowden. And while I think Manning's treatment has been harsh, I do think he should be prosecuted because he was reckless and untargeted. Snowden clearly has a much more focused goal and surgical approach.
I don't know enough about what happened with Snowden to have an opinion about him one way or another; I'm just not of the opinion that leaks are by default heroic.
What if one of Kim Jung Un's subordinates leaks details on "abuses" in the prison camp system? Technically he's breaking the law - North Korea's law - but I think it would be difficult to say that it would be the wrong thing to do. Also, if these reports are accurate, then I wouldn't necessarily consider that analogy too hyperbolic.
I would think that one of the main points of signals intelligence and their efficacy is if the emitter is not aware that you are collecting their signal.
Then you run the risk (as it just happened) of having the program losing efficacy if knowledge about it is leaked. Compared to a hypothetical program where knowing of its existence doesn't weaken it. Whether such a system can be built is debatable (something like the universal eavesdropping in 1984), but not a priori impossible.
3 surprises me. I don't think leaking should ever be a crime. Making leaking a crime is an invitation for the government to engage in more illegal activities.
Leaking should get you fired, of course. Realistically, it will and you'll be blackballed from working in security forever. I think that's more than enough incentive not to leak unless there is real abuse going on.
I have two ideas that are just as well supported by the complete lack of facts that we all have.
First, that Google is setting us up to believe a half-truth related to FISA letter counts. There are such numbers, we will get them, and they will not include all surveillance conducted with Google's data but anyone who says that will be back to being a crank.
Second, that Google perceives an existential threat to their company along two related but separate axis. The first is that their customers will leave, but that is less likely than the second. The second is that their best employees will leave. Googlers will not want to consider themselves as clerks in the Ministry of Truth. If they and their peers began to think about it in that way, then they will leave and the business will eventually die. If their employees have a credible excuse to think of their employer as a noble crusader, then this threat is significantly mitigated.
It isn't a claim at all, its simply speculation. I think you raise an interesting point though, which is that there is no possible evidence, testimony or papers written by blue-ribbon commissions (coming in 2017!) that will ever "settle" these questions in some quarters.
You have to think, that with the limited data they are allowed to release, this must be extremely frustrating! A true rock and a hard place. The general public are led to believe, that they are willing to conspire secretly together with the government, to spy on their customers, must not only be infuriating, but brand damaging! Then you are required by law not to defend yourself ;)
p.s. I'm taking google at their word -- that they are not giving 'direct access' to the NSA. I am assuming they know, that the truth could leak out at some point, where they to lie about it.
As a Google employee I find it extremely frustrating. I'm sure it's even more so for the executives and founders who created the brand and are being personally questioned and attacked on top of it.
I'm more interested in the international numbers, as US politics seems to differentiate between US citizens and non-US citizens when it comes to human rights.
Edit: Or is this also including requests for users in other countries? Sorry, English is not my mother tongue, so I might got it wrong.
I believe, if it continues as it is currently, the numbers are government requests, and how many users effected. There is no check or distinguishment in whether the government and the user's country match.
They also publish non-us government requests as well.
The cat's definitely out of the bag anyways, so Drummond is definitely right that mentioning FISA numbers can't further harm national security. Make the right call, Mr. Attorney General!
What are the legal ramifications if employees at Google also work at the behest of the NSA/FBI/CIA (unbeknownst to Google)? It is one thing to compel the organization to reveal information, but what are the legal questions around essentially spies within the various corporations?
This very blog post mentions that Google hires some of the best security engineers in the world. I'm sure having "prior" employment at the NSA would look great on a resume, and put the person in a position to compromise essentially all internal security and data integrity.
In that ever court case involves a judge interpreting the law, and none of the FISA cases will ever be public because they involve confidential targets, informants, sources, and methods of intelligence gathering, yes.
But the prevailing view seems to be that the whole FISA program is a system of secret laws, which is not in fact the truth.
The interpretation of the Law rests on judicial opinions. Many of those decisions are indeed secret, rendering the interpretation of the law itself secret. I think it's reasonable to say that this makes the laws 'secret', since it is impossible to know whether you are in violation without knowing the interpretation.
The laws the FISA court uses to authorize surveillance are not secret.
Well, so far as we know anyway. There is still, AFAIK, an open question about the existence and/or exact nature of "secret laws" in the US. See John Gilmore's struggle to travel without offering up identity documents[1], for example.
No, but they work for the guy that can--
1. Veto prosecution efforts, and
2. Provide literal get out of jail free cards.
So, there's a pretty good chance that unless its a rogue NSA operation, they are pretty well covered on the whole threat of criminal prosecution front.
I second this question. I know it seems like it would be against the law...but a lot of things that seem like they would be against the law actually aren't, so I'm interested in specifics.
While you're correct as a matter of legal theory, this doesn't happen in practice. Aside from Felt and Miller who were given small fines and then pardoned, can you name another precedent for prosecuting government employees for overreach in intelligence and security matters? Is there even a single example where a meaningful penalty was dispensed?
You mean a felony in the way that assassinating people is against US and international law, it's illegal to hold someone more than 24 hours without charging them and so on? I'm not sure how much laws like that matter at this point.
I'm working on the client-side (Chrome) and my knowledge in the server area is therefore limited, but from my understanding this would be really hard.
1. Googlers have access to almost all source code. It would be difficult to hide code that just sends data to an outside entity.
2. Google continually monitors its (internal) bandwidth. This is done to optimize traffic, and detect intruders. A rogue Googler would trigger the same traps that are exist for potential hackers.
3. Google's infrastructure changes. You can't just install a gateway to the NSA and expect it to continue working for a long time. It's not as if user-data was stored in simple text-files.
> 3. Google's infrastructure changes. You can't just install a gateway to the NSA and expect it to continue working for a long time. It's not as if user-data was stored in simple text-files.
I think this was the biggest bullshit signal for me (also a Googler, although a recent addition). The high rate of change of Google's infrastructure is astounding when you consider the scale it operates at. The notion of trying to maintain a functional API in secret of the scope they're talking about is laughable without a pretty sizable team.
Impossible? No, probably not, but really ridiculously unlikely.
That was sort of my point: those apps require sizable teams and a huge amount of cooperation from dependencies.
If you're operating in secret, cooperation is going to be a hard commodity to come by. I also feel like a sizable team of the sort of people who work at Google would inevitably have leaked something about this before now.
I see a big potential benefit for the NSA to have a spy within google who simply manually pulls and relays info on people at th nsa's request... It doesn't have to be a full Api
Access to sensitive data is strictly controlled, logged and audited, often on a per-case basis ("I need read access to log X for 60 minutes to investigate bug Y"). Even if your hypothetical spy did manage to worm their way into the very, very select ranks of people who can access (say) Gmail data, he'd be busted as soon as the auditors spotted him accessing the files of people he has no reason to access.
Extracting and sending it manually seems incompatible with the idea that they're doing this on a really massive scale.
Also, forwarding all of everybody's gmail would be a lot of data transiting the network. Unexpected traffic equal to all of gmail's normal traffic could be noticed.
1. What if the source code that does this isn't checked in? You would need to verify that the runtime matches the source code. What if it's not spread across Google's entire codebase, and is just in one of the pieces of infrastructure that almost all of the data hits? (eg. map-reduce clusters)
2. The link out to the NSA would need to be massive as well. Would be very difficult to keep that secret. A 4G modem is not going to cut it.
3. Sure, but I imagine the NSA would be happy to put in the maintenance effort required. The data would have high ROI from their perspective.
>1. Googlers have access to almost all source code.
So what. The world has access to the Linux source code. If I told you there was code in there that sent every byte written to disk to some external entity could you find it? Even if it was clear enough for you to find it, you'd have to be looking for it.
Further, you said yourself that googlers have access to almost all source code. How do you know something else isn't injected in before deployment. Honestly, the vast majority of googlers would have no idea and no way to have any idea if something like this were going on. Especially if people's jobs/freedom depending on no one knowing.
Security and audit controls are almost always bullshit. We're discussing a story that arose because a three-month tenure employee for an external contractor had wide ranging access to tonnes of stuff in the NSA. Previously Bradley Manning demonstrate the same with the armed forces.
Are all internal Google communications encrypted? Probably not, but even if they are if you work in network security you likely hold the keys to that encryption regardless. You probably have access to their PKI keys as well.
Yes, i'm going to describe internal security procedures in detail to a stranger.
Suffice to say, the idea that random people in some nebulous "network security" group have access to all traffic related PKI (or whatever) is barely worth responding to.
Google is not made of idiots. It is not a startup run in a garage where every the "IT guy" has access to all the private keys.
Suffice to say, the idea that random people in some nebulous "network security" group have access to all traffic related PKI (or whatever) is barely worth responding to
Curious sarcasm. Network security is a role, and it's one which Google holds in very high esteem. Yes, if someone is configuring IPSec or new load balancers or any other front-end system, they need the Google certs. This is a simple function of the job.
It is not a startup run in a garage where every the "IT guy"
Here you go again. "IT Guy" when I was talking about network security roles (which despite your laughable sarcasm we know is a role at Google) -- the guys in charge of the coop, protecting the chickens. Maybe they wolves.
I have never, ever, in my life seen checks and controls that weren't laughably insecure. I've worked at a multinational bank, a large insurance company, a national telephone company, among other places. There will always be those people who cluck their mouths and wave their arms about how no way this is super advanced controls...in my experience it never, ever is.
The issue here is that Google doesn't know how much data the NSA collects. The NSA has access to the internet backbone that Google uses and can read whatever traffic it wishes that leaves the Google network. Obviously this is not everything but most everything. It is a low view of the NSA to think that they do not have the ability to real-time decrypt SSL certs from every major SSL cert authority. So while Google can claim they do not allow the NSA direct access to it's servers that is only a small comfort in the big scheme of things.
This sort of response from Tech companies is just a distraction from the real issue.
> It is a low view of the NSA to think that they do not
> have the ability to real-time decrypt SSL certs from
> every major SSL cert authority.
The technology required to break SSL is sufficiently advanced that any organization possessing it would probably have easier ways to collect data, all of which would grossly outmatch all known security precautions. There would be no need for any of these sneaking-around stuff because breaking SSL is an instant win condition.
The only thing required to "break" SSL in the absence of some serious protocol flaw is either the ability to MITM connections with a CA-signed certificate, or possession of the private key used by the server.
Ok, so its a bit snarky, but I wish Google would invest as much cleverness in evading the letter of these non-disclosure rules as they do in evading the letter of the tax laws in their various jurisdictions. Perhaps they could create Google Panama Ltd which is the official entity to petition for all FISA and NSL requests which is an independently operating subsidiary based in Panama and outside the jurisdiction of the disclosure rules or something. There are a lot of smart people there, you can figure this out.
The US needs to close its tax loopholes and stop blaming people for taking advantage of its own terrible laws. As long as the loopholes exist its in everyones best interests to take advantage of everything they can.
It's not just snarky, it's preposterously unreasonable.
How much work do you, personally, put into making money? At least 40 hours a week, I'm guessing, plus the time you spend on managing your investments, doing your taxes, and so on? How much work do you put into maintaining your own privacy? Is it even 1 hour per week, on average? Really?
Note that Google has, allegedly, already put a LOT of work into pushing back on ensuring that due process is followed. Many engineers, many lawyers, lots of executive-decision-effort.
Maybe you don't believe anything Drummond or Page say? Maybe you think google.com/transparencyreport is purely fabricated? Maybe you think Google should violate the law and get shut down (that's what you said, actually, with "evade the letter of the law", but I find that position so laughable that I assume I misunderstood you)? Maybe you yourself actually DO spend the same time on privacy that you spend on pecuniary gain, or maybe you expect Google to hew to a higher standard than you yourself do?
Not precisely a rebuttal (you missed my point) but an interesting point in it's own right which I read was "Can you evaluate dollar value of privacy using the dollar value of your income stream?" And doing a sort of solve for X thing where you end up with hours invested in maintaining privacy becoming valued at hours invested in generating income. If I misunderstood please let me know, but assuming that I got the gist of it...
For me, I don't believe there is even a piece wise approximation between time investment and privacy value because the tools are so much different and the available actions being constrained. To illustrate where I get hung up on that reasoning, if you build a phishing page setup and contract a botnet to spam few hundred million people with phone phish-spam, you might get a lot of "income" for a relatively small time investment, similarly you can get greatly increase your privacy by investing in forged identity documents. So at the least we would have to constrain the hours invested in legitimate ways to enhance ones privacy and legitimate ways to enhance one's income.
Next there is an issue of facilitating the effort, so when company A sells me raw materials at a modest markup they facilitate my ability to make a living using them to provide said raw materials.If instead they were to charge an extortionate mark up, I might still be able to make a living but I might find the effort to do so requiring many many more hours of time investment. So at what point do the actions of my raw materials supplier work for or against my efforts at generating income. Similarly the provider of my tools can make it easier or less easy for me to maintain my privacy, so for example a Google Drive plugin which let me keep everything on their servers encrypted. If Google provides that then its a small number of hours invested to enhance my privacy, but if I have to rely on a third party who is acting without support from Google, then it takes many more hours for the same level of enhancement.
Given these built in and essentially intractable forces which affect the efficiency of hours invested needed to achieve the desired result, I am not persuaded by your claim that I can evaluate the 'worth' of privacy using your proposed reasoning.
Google can, and apparently does, to things like warrant notices where if you are suddenly asked to reconfirm your acceptance of their terms of service it's a signal that a warrant was served to them that they had to turn over your data. I think these sorts of things help them in the eyes of their users and are not illegal. They meet the letter of the law and so are not actionable, just as their transferring of rights around amongst their national subsidiaries is a completely legal way of not paying more tax.
My call to action was to try to think of ways that would make things like the PRISM data not useful to the NSA and yet meet their obligations under the law. I mentioned one (in cloud encryption with client side decryption) but I am sure there are others.
Okay, 80% of your comment is replying to a framing that you chose earlier. You said Google should spend comparable amounts of effort on X and Y. In that context, I pointed out that no one spends even 10% as much effort on X as on Y, so why would you ask Google to, and you're being completely unfair. YOU chose this context.
And I am _highly_ skeptical about this "reconfirm your TOS, as a hint that there's an NSL on you". (I have no inside knowledge of this, and if I did I would lie to you about it.) But if any engineer did that, and got caught, they'd go to jail. Given that 99.9% of users who're NSLed will not have read that blogpost (the crazy tinfoil-hat wild-speculation one that started this rumour), what would be the benefit? No benefit, but one conscientious engineer goes to jail. Yay.
Law, in general, is just as concerned with the spirit of the law as the letter.
My whole reply is that Google is already working harder on privacy, as a fraction of total resources, than nearly anyone you've ever met, and certainly more than nearly any corporation. (Unless Google is lying about basically everything, which I can't/won't prove they/we are not). Your expectations, as originally stated, are unreasonable.
Disclaimer: And yes, I have a vested interest. Hopefully my argument stands on its own merits. Your call to action is insulting.
Fair enough, we've spent a lot of effort at Blekko (also a search engine) at being conscientious designing ways that we can dis-associate data from users in order to protect our users from data that can be tied back to them. Since our taxes are reasonably straight-forward at this point it is entirely possible that we've invested more time in keeping peoples identities protected in our data than we have in minimizing our tax burden. We are a prima facie example of "someone" who has spent more effort on X than Y. But arguing exemplars misses the point.
I am sure that Google is a much different place than when I left it, hell it was different between the time I joined and left. That said ...
The comparison I was trying to make, and I grant you that it is imperfect, is that Google, like Apple, has billions of dollars in free cash flow and in legal testimony lately they have shown great creativity in ways to shuffle that cash around so as to avoid being required to hand it over to various revenue agencies. Google is also has billions of data points about all of the individuals that use its services. If those data points were dollars, and the revenue agencies were intelligence agencies, what creative ways might they come up with to disassociate which data point belongs to which user such that they could still use the data but not be compelled to hand it over. Just like they use those free cash dollars rather than hand some percentage over as tax.
I've got nothing but respect for the smart people at Google, and still have friends that work there (and folks who used to work here and are now working there :-). Perhaps I'm misreading your tone but it sounds like you want to pick a fight.
Unfortunately, the statements from everyone involved have made me skeptical to the point I feel I have to consistently read between the lines and pick a statement apart.
What does "unfettered access" mean? What are "valid legal requests"?
While there is an implication of spirit in their words, I know deep down that everyone involved is focused on the letter of their words.
This has nothing to do with my personal trust and confidence in Google, but in my trust and confidence in this entire charade. Google is part of it, whether they're on the right side or not. I simply cannot tell.
Exactly, if the requests exist only to cover the legality of the access of the U.S. citizen data as long as they are on U.S. soil, the numbers they mention would still represent just a small piece of the whole picture.
At least they mention in one sentence "the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests" which is already much more useful information than only the "number of requests." We saw that in Verizon case one single request was enough to mean "give me all about everything from everybody."
While I'd like to know how many secret requests are being made to whom, why should I ever believe any numbers?
We're living in crazy-town, maybe we always were. What is to stop the A.G. from publicly saying "Yes, disclose away!" and then to privately send one of those magic-do-anything-we-say requests saying, "Don't disclose X, Y, and Z."? Or if we are given an accurate count today, what is to prevent the government from in the future secretly retracting that privilege?
I think in the end we can be satisfied by nothing less than some sort of "Too Many Secrets" Constitutional Amendment, stating clearly that no private citizen can be required or compelled to partake in a "National Security" cover-up, so that everyone currently bound up in the web of lies could speak up without fear of persecution.
That is what galls me as much as anything. If the government wants to gather data and keep secrets, let them gather and keep them themselves. Drafting people against their will into compulsory service in signals-intelligence, forcing them to lie to their loved ones and the world, and persecuting them for honesty, is absolutely amoral.
Difficult to tell. The fact the Google's name is singled out with 8 others on an NSA slide fuels speculation, and is at odds (again, speculation) with this letter. Someone on either side will have to provide something spectacularly believable to kill that speculation.
From the news I've read, my understanding about FISA is that if someone asks you whether you've been subject to one, you're legally obligated to lie and say no. Right, or am I missing something?
That is the impression that I've been given from reading the stories about the stress of living under a FISA order and lying to everyone about it.
Which is not to say Google or anyone else is lying about the nature or the scope or anything else about the requests they have received. But the problem is that we can't ever know one way or the other, because we have apparently created a system of secrecy and dishonesty. Once you know someone (in this case, the intelligence community, and those they compel) has a history of lying to you, how do you move past that back into a state of trust?
If that is the case, it seems like a very risky move. If I were so ordered, for example, I would immediately seek to challenge it on the basis of the first amendment. Not the free speech part - the free exercise of religion part. My religion explicitly states "thou shalt not lie".
EDIT: well, technically it says not to 'bear false witness against thy neighbor', but it certainly would not be hard to justify a religious objection to that requirement.
I think you may be able to get away with saying "we aren't allowed to divulge information regarding FISA requests". If you say that to everyone who asks.
Again, i have seen this in argument after argument. Nobody has yet provided any legal authority that states it is constitutional or legal for the government to compel forced lies.
They can compel silence, for sure.
There is plenty of authority in other contexts (IE not national security), that the government cannot compel you to speak misleading or non-truthful information.
I wish this idea that everyone must be lying because the government can legally, force them to, would stop.
I imagine someone started with the NSL gag orders, which compel silence, and then just started saying they compel you to lie instead (which they don't).
In fact, even the compel silence part of the NSL was found unconstitutional.
You're interneting wrong. Of course we can't give official links pointing to where this is policy, that's the point of the policy! But from the information we've gathered so far it very much appears to be the case that companies are forced to deny getting requests from the government, not just be silent.
And don't bother trying to work out how the law allows this, we're not even allowed to know what some of the laws even are.
"And don't bother trying to work out how the law allows this, we're not even allowed to know what some of the laws even are.
"
This is false. You may not be allowed to know some internal agency regulations, but that's always been the case.
What laws do you think you can't know of, exactly?
Who cares people? The gig is up on Google. They are in PRISM. Instead of upvoting every piece of Google PR we should be ignoring their rhetoric and distancing ourselves from this company; and the other 9 implicated in PRISM.
Secret partnerships with government agencies is detrimental to free market capitalism and goes against the true spirit of entrepreneurship.
So I'm a bit confused. Google has been happily complying with NSA without a care or concern in the world. Now some news leaks that they have been.. Happily complying with NSA without a care or concern in the world.
So they release an "open" letter trying to redirect the masses attention, and I'm not a little shocked it's working. People are actually praising Google? WTH? If Google really cared this letter is like 5 years too late doncha think? Google cares about one thing! That they got caught not giving a crap about the privacy/rights of their customers.
News Flash, they still don't give a crap. But hey, if losing gmail, google+, picasa, blogspot, drive etc. would just cause your world to fall apart, then keep using it and just be honest that you don't give a crap about your privacy or rights any more than Google does.
The sad thing is that this letter is currently frontpage/top of HN. The #1 most important company implicated in this NSA leak; the very company accused of co-operating & enabling the NSA's intrusive violation of our privacy - is now enjoying this great exposure at the top of HN as 'hackers' eat it up.
> So they release an "open" letter trying to redirect the masses attention
> If Google really cared this letter is like 5 years too late doncha think?
You should read the news occasionally. Google has been publishing a Transparency Report since 2010, and has been expanding it since then. Not quite 5 years, but more than long enough to render your comment paranoid nonsense.
Traitor or not, you can't argue with the fact that Ed Snowden just gave Google, FB, Yahoo, MSFT, etc fighting ammunition to at least address these issues with the government publicly, and for that I am thankful.
I suppose it would be nice to know how many FISA requests there have been, but what does the number of requests have to do with the core issue? Is the number of FISA requests in proportion to the amount of data being shared? Does it tell us the nature of what is shared or how it is shared? We still know nothing about the contents of legal FISA requests and therefore can't really say whether a single request violates our rights or not. Publishing aggregates tells us essentially nothing because we still don't know the limits of a request, or at least I don't.
Please also request tagging for each of the requests. e.g.
2013-07-12
Foreign National
Drug Related - Cocaine
2013-07-18
US Citizen
Drug Related - Marijuana
Request from FBI
2013-07-22
Foreign National
Terrorism Related
2013-08-01
Foreign National
Industrial Espionage
I think it's really important that we know how many of the requests have to do with the existential threat of terrorism, since that is the example the administration and Congress keep using to justify these actions.
The more metadata the better. If they want our metadata, it's only fair that we get their metadata too, to be able to keep tabs on their actions.
I would also like to see Google and other companies specifically fund counter-surveillance technologies, like end-to-end human friendly encryption.
I would love it if Chrome came with a GPG chrome extension that worked with Yahoo Mail, Gmail and other popular webmail clients right out of the box. Mozilla should also have a plugin that comes preinstalled for this.
The limiting factor in adopting end-to-end encryption in email is network effects. Preinstalling GPG support in browsers is half the battle.
188 comments
[ 2.7 ms ] story [ 402 ms ] threadJust read the damn thing, it's not long.
Sounds suspiciously like they are going to ruin everyone's nerd rage.
So from a PR perspective I don't see how Google can fix this unless US law substantially changes (or they employ crypto on the users side but that undermines the economics of much of their business).
[1] I'm not convinced that it is legal under EU data protection law and Google does have a presence in the EU, but I'm no lawyer.
This is true, at least in Google's situation. However I think there is an untapped market of people that want to be advertised to, provided the advertising is relevant.
Surprisingly I think traditional print magazines actually have this figured out. The advertisements for designer clothing, watches, and booze get a lot of readership in "gentleman/bachelor/whatever" magazines (not sure what the correct term there is, not trying to refer to porn (well, except Playboy)) and I suspect that removing them would actually damage their subscription rates. Now, these adverts obviously are not targeted to the individual, but I think they nevertheless demonstrate the concept.
I'm sorry but where are you getting this from? Google has categorically stated that they do not share data without court approved mandates. There is no mass "targeting" that is going on, no matter what the nationality.
Nor does his attempt to marginalize an interest imply that the interest is marginalized on HN. It concerns me that you are so eager to misread others' comments, and defend comments that contain no substance, only name-calling.
I'll give you a hint and tell you one of the things it doesn't mean. It doesn't mean "surprises me".
For the facts that do indeed turn out to be true, soapbox away.
An API may serve millions of requests per day and return single-integer responses, or it might serve one batch query per day and provide a nested document with many sub-sections.
Let's try and keep the speculation to a minimum.
The NSA just killed the goose that lays the golden egg and not much is going change that.
"Germany's interior minister said that politicians and senior civil servants in government should avoid mobile devices such as the iPhone and the Blackberry, citing security risks and increasing hacker attacks. (...) ministers and senior civil servants have been told to rely on the German-made Simko2 gadgets, on advice from the German federal office for information security (BSI)."
http://digitaljournal.com/article/295798
[0]: http://www.seasteading.org/about/
Corporations that have a vested interest in providing security (or the illusion thereof) may reconsider cloud-hosted solutions. But that's probably a relatively small market.
I'd really enjoy hearing Thiel's perspective on this whole issue given that he is a libertarian with a strong business relationship with the NSA and a strong business relationship with facebook.
This leaves a lot of space for speculation, how can somebody possibly know if they didn't request a bulk copy of all Facebook data? Or issue a billion seperate requests when by law nobody can talk about the count and scope of those requests. If I were a journalist, the first thing I would question is if they did exactly this, because they wrote a law that allows exactly this type of behaviour.
I'm sorry, are we now taking the opportunity to blame big evil government for this?
The mistrust of this industry has always existed as a completely separate issue due to the utter lack of respect for privacy and privacy related laws, an attitude of which Google is one the most prominent exponents. This is a company that lobbies governments against privacy protection.
An industry that has for years tried to convince the public that surrendering your privacy to them for profit is perfectly okay has zero credibility in this matter.
*I'm using voluntary here in the most straightforward sense possible. You can switch services if you'd like, or even turn off ad targeting for most services. You cannot, however, go to a an nsa.gov link and click the "Please don't track me" box.
I still feel this does very little, though. They need to be asking them for much more. They need to ask them to end the spying. Until then I'm still hoping Google, Microsoft, Facebook and others will suffer greatly for this abroad, and lose a ton of business and customers, both small and major.
Maybe then they'll start doing some real lobbying to the government to end the madness, and maybe the government will stop thinking all the spying is worth breaking all international relationships and hurting the US economy in the process.
Until that happens, if Google cares that much about encryption and their users' privacy, they should show me they are willing to implement OTR, ZRTP and PGP in their services. The same goes for Microsoft and Facebook. Otherwise, this press release means nothing except for showing that "they are doing something".
Also: by offering PGP in GMail, Google would harm online security. If you want PGP, install it on your computer. Google won't do anything to stop you.
A non-google-trusting way to do PGP with a better UI/UX would also be a nice feature for gmail. Just indicating "encrypted" at the message-list view or something. I have PGP working quite nicely in mutt, but a lot of people seem to prefer webmail.
2. I'd actually prefer a world where signals intelligence, outside extremely tactical intelligence, were impossible through technical means. I think we'll be there at some point, just because the cost of protection is dropping.
(confidentiality and message integrity should be feasible for any reasonable government defender at this point. traffic analysis/direction finding/etc. burns bandwidth and latency budgets, so that might be harder, but you can do arbitrarily well.)
The US (government and citizens/private industry) probably has more to gain from universally strong COMSEC vs. effective USG SIGINT.
We're doing a pretty good job on mobile of "centralized trust", and also sort of with cloud infrastructure, if not apps.
At least, we'll have secure infrastructure on which people can continue writing insecure applications by 2020-2025. The "people writing insecure applications" won't stop until people stop writing applications, hopefully replaced by non-humans writing applications, maybe in 2050+.
And as you mention, you would still have to trust Google.
I'm not talking about giving the real PGP or S/MIME to Google; just a UI flag saying "this message has special content, click here to download". And some kind of low-assurance S/MIME signature which just says "was downloaded from gmail" to protect from local modification. I'm not sure how mail clients deal with multiple s/mime signatures (or s/mime + PGP inside).
IMAP is already TLS encrypted.
The biggest missing puzzle piece is making it simpler for people to get S/MIME set up (or PGP for that matter), and having it work with all major mail clients (yes, Mail.app is a major mail client).
Right now S/MIME still requires too many steps to get the lay person to set it up, same with PGP, we need something that is secure from the get-go with very minimal effort required on the users part.
The downside is that S/MIME and PGP don't really fit into the online world, no longer will it be simple to open the browser and go look at your email, you will be required to have your keys with you. Securing those keys becomes the second problem, one that has partially been solved with smart cards and other devices that will do signing/encrypting/decrypting on the card without giving up the private key... but loss is still an issue so key escrow becomes a big thing.
It is an interesting problem, with interesting challenges and I look forward to seeing how we as a group of technologists solve them. Once it becomes easy enough for grandma and grandpa to use secure encrypted communication it will become much harder to do wide-scale snooping on data.
Also, the fellow you replied to didn't specify what sort of spying needs to be stopped. He could have no issue with foreign signals intelligence (which presumably means spying on non-US folks).
(Even worse, as the transport security part gets better, you either need to add a bunch of active-attacker MITM or somehow compromise endpoints. At some point, even if you thought purely passive SIGINT collection was fine, the level of prior restraint on service providers/developers becomes absurd and probably no one would support it; witness the key escrow crypto wars of the 1990s.)
Generally NSA seems to put a good amount of effort into minimization post-collection. But, that only works if you trust them to be 1) forever competent and 2) forever equally ethical.
In any case, the argument isn't that webmail is perfect for implementing PGP. The argument is that
1) no one uses PGP now because no on else uses PGP
2) if webmail providers deployed PGP, everyone would be using PGP
3) some use of PGP is better than no use of PGP
It really seems like some people are cutting off their PGP noses to spite their PGP faces. I remember when the assumption with vegetarianism was that you were either a vegetarian (and never ate meat) or you were a meat eater (and ate meat regularly). So people kept eating meat regularly because they "couldn't give up meat", thus believing in a false choice. If vegetarians had been pragmatic, they'd have realized that would have been much easier, and would save more animals, if you convinced 95% of people to give up meat 95% of the time.
Dear privacy advocates: stop wanting everything yesterday, because it's keeping you from getting something tomorrow. Most change takes place gradually. Webmail providers deploying PGP will instantly create millions of PGP users, which will at the very least serve a valuable educational and awareness purpose. These users will gradually become more concerned with the implementation details, triggering a gradual increase in overall privacy and security.
This phrasing seems to suggest that the intended target of FISA 702 - the US cloud data of non-US-resident non-US-citizens - enjoys Fourth Amendment-based protections, such as the probable cause requirement, under FISA 702. But in fact it seems that (IANAL) FISA 702 is compatible with the Fourth Amendment (if it is) only in the sense that slavery was compatible with the Fifth Amendment: simply because the Fifth Amendment does not apply to slaves. If 702 envisaged non-resident aliens' US cloud data as being protected by the Fourth Amendment then it would presumably require the US government to establish probable cause at the FISC (or some other court). But in fact 702 doesn't seem to require the government to claim any kind of cause or suspicion or even state any purpose or motivation for the search to the FISC. The FISA 702 PowerPoints obtained by the ACLU under FOI make it clear that the US government understands FISA 702 as removing the probable cause requirement http://www.aclu.org/files/pdfs/natsec/faafoia20101129/FAAFBI... .
That would only make sense if they wouldn't be required to become your key escrow service (=custodians of your private keys). PGP is also a pretty bad choice for private communication, as it offers no forward-secrecy. Something like client-side OTR implementation would be better.
If this whole debacle sets up an epic confrontation between Google and the DoJ, I may have to reevaluate how irritated I am at how "Prism" has been reported. More Greenwald agita! Let's see if we can pick a fight!
1. I am very irritated at inaccurate and sensationalized reporting.
2. I think the USG should have been much more open and forthcoming, at least in the aggregate, about how foreign signals intelligence was coming into contact with online services used mostly by citizens.
3. I think leaking details of signals intelligence programs should be a crime.
4. I hope Google picks a giant fight with the DoJ and wins it.
I think there's a world of difference between Bradley Manning and Edward Snowden. And while I think Manning's treatment has been harsh, I do think he should be prosecuted because he was reckless and untargeted. Snowden clearly has a much more focused goal and surgical approach.
This one surprised me. Wouldn't the strongest signals intelligence program be one that doesn't need to depend on obfuscation?
I would think that one of the main points of signals intelligence and their efficacy is if the emitter is not aware that you are collecting their signal.
I think dealing in absolutes, anywhere, should be a crime.
Leaking should get you fired, of course. Realistically, it will and you'll be blackballed from working in security forever. I think that's more than enough incentive not to leak unless there is real abuse going on.
I have two ideas that are just as well supported by the complete lack of facts that we all have.
First, that Google is setting us up to believe a half-truth related to FISA letter counts. There are such numbers, we will get them, and they will not include all surveillance conducted with Google's data but anyone who says that will be back to being a crank.
Second, that Google perceives an existential threat to their company along two related but separate axis. The first is that their customers will leave, but that is less likely than the second. The second is that their best employees will leave. Googlers will not want to consider themselves as clerks in the Ministry of Truth. If they and their peers began to think about it in that way, then they will leave and the business will eventually die. If their employees have a credible excuse to think of their employer as a noble crusader, then this threat is significantly mitigated.
p.s. I'm taking google at their word -- that they are not giving 'direct access' to the NSA. I am assuming they know, that the truth could leak out at some point, where they to lie about it.
Edit: Or is this also including requests for users in other countries? Sorry, English is not my mother tongue, so I might got it wrong.
They also publish non-us government requests as well.
This very blog post mentions that Google hires some of the best security engineers in the world. I'm sure having "prior" employment at the NSA would look great on a resume, and put the person in a position to compromise essentially all internal security and data integrity.
- NSA 2013
But the prevailing view seems to be that the whole FISA program is a system of secret laws, which is not in fact the truth.
Source: https://www.eff.org/deeplinks/2013/06/government-says-secret...
Well, so far as we know anyway. There is still, AFAIK, an open question about the existence and/or exact nature of "secret laws" in the US. See John Gilmore's struggle to travel without offering up identity documents[1], for example.
[1]: http://en.wikipedia.org/wiki/Gilmore_v._Gonzales
So, there's a pretty good chance that unless its a rogue NSA operation, they are pretty well covered on the whole threat of criminal prosecution front.
(genuinely interested, because I did not know this)
I'm working on the client-side (Chrome) and my knowledge in the server area is therefore limited, but from my understanding this would be really hard.
1. Googlers have access to almost all source code. It would be difficult to hide code that just sends data to an outside entity.
2. Google continually monitors its (internal) bandwidth. This is done to optimize traffic, and detect intruders. A rogue Googler would trigger the same traps that are exist for potential hackers.
3. Google's infrastructure changes. You can't just install a gateway to the NSA and expect it to continue working for a long time. It's not as if user-data was stored in simple text-files.
I think this was the biggest bullshit signal for me (also a Googler, although a recent addition). The high rate of change of Google's infrastructure is astounding when you consider the scale it operates at. The notion of trying to maintain a functional API in secret of the scope they're talking about is laughable without a pretty sizable team.
Impossible? No, probably not, but really ridiculously unlikely.
If you're operating in secret, cooperation is going to be a hard commodity to come by. I also feel like a sizable team of the sort of people who work at Google would inevitably have leaked something about this before now.
Also, forwarding all of everybody's gmail would be a lot of data transiting the network. Unexpected traffic equal to all of gmail's normal traffic could be noticed.
2. The link out to the NSA would need to be massive as well. Would be very difficult to keep that secret. A 4G modem is not going to cut it.
3. Sure, but I imagine the NSA would be happy to put in the maintenance effort required. The data would have high ROI from their perspective.
So what. The world has access to the Linux source code. If I told you there was code in there that sent every byte written to disk to some external entity could you find it? Even if it was clear enough for you to find it, you'd have to be looking for it.
Further, you said yourself that googlers have access to almost all source code. How do you know something else isn't injected in before deployment. Honestly, the vast majority of googlers would have no idea and no way to have any idea if something like this were going on. Especially if people's jobs/freedom depending on no one knowing.
Are all internal Google communications encrypted? Probably not, but even if they are if you work in network security you likely hold the keys to that encryption regardless. You probably have access to their PKI keys as well.
Google is not made of idiots. It is not a startup run in a garage where every the "IT guy" has access to all the private keys.
Curious sarcasm. Network security is a role, and it's one which Google holds in very high esteem. Yes, if someone is configuring IPSec or new load balancers or any other front-end system, they need the Google certs. This is a simple function of the job.
It is not a startup run in a garage where every the "IT guy"
Here you go again. "IT Guy" when I was talking about network security roles (which despite your laughable sarcasm we know is a role at Google) -- the guys in charge of the coop, protecting the chickens. Maybe they wolves.
I have never, ever, in my life seen checks and controls that weren't laughably insecure. I've worked at a multinational bank, a large insurance company, a national telephone company, among other places. There will always be those people who cluck their mouths and wave their arms about how no way this is super advanced controls...in my experience it never, ever is.
There is more than one way to skin a cat. Google employs lots of smart people who are adept at developing cat-skinning algorithms.
But it's saving a whole lot more than that. Much more.
This sort of response from Tech companies is just a distraction from the real issue.
That is the entire story in this case, direct access to the servers.
No it isn't.
For most SSL certs this is probably true, but Google uses perfect forward secrecy which makes this very unlikely if not damn near impossible: http://googleonlinesecurity.blogspot.com/2011/11/protecting-...
How much work do you, personally, put into making money? At least 40 hours a week, I'm guessing, plus the time you spend on managing your investments, doing your taxes, and so on? How much work do you put into maintaining your own privacy? Is it even 1 hour per week, on average? Really?
Note that Google has, allegedly, already put a LOT of work into pushing back on ensuring that due process is followed. Many engineers, many lawyers, lots of executive-decision-effort.
Maybe you don't believe anything Drummond or Page say? Maybe you think google.com/transparencyreport is purely fabricated? Maybe you think Google should violate the law and get shut down (that's what you said, actually, with "evade the letter of the law", but I find that position so laughable that I assume I misunderstood you)? Maybe you yourself actually DO spend the same time on privacy that you spend on pecuniary gain, or maybe you expect Google to hew to a higher standard than you yourself do?
For me, I don't believe there is even a piece wise approximation between time investment and privacy value because the tools are so much different and the available actions being constrained. To illustrate where I get hung up on that reasoning, if you build a phishing page setup and contract a botnet to spam few hundred million people with phone phish-spam, you might get a lot of "income" for a relatively small time investment, similarly you can get greatly increase your privacy by investing in forged identity documents. So at the least we would have to constrain the hours invested in legitimate ways to enhance ones privacy and legitimate ways to enhance one's income.
Next there is an issue of facilitating the effort, so when company A sells me raw materials at a modest markup they facilitate my ability to make a living using them to provide said raw materials.If instead they were to charge an extortionate mark up, I might still be able to make a living but I might find the effort to do so requiring many many more hours of time investment. So at what point do the actions of my raw materials supplier work for or against my efforts at generating income. Similarly the provider of my tools can make it easier or less easy for me to maintain my privacy, so for example a Google Drive plugin which let me keep everything on their servers encrypted. If Google provides that then its a small number of hours invested to enhance my privacy, but if I have to rely on a third party who is acting without support from Google, then it takes many more hours for the same level of enhancement.
Given these built in and essentially intractable forces which affect the efficiency of hours invested needed to achieve the desired result, I am not persuaded by your claim that I can evaluate the 'worth' of privacy using your proposed reasoning.
Google can, and apparently does, to things like warrant notices where if you are suddenly asked to reconfirm your acceptance of their terms of service it's a signal that a warrant was served to them that they had to turn over your data. I think these sorts of things help them in the eyes of their users and are not illegal. They meet the letter of the law and so are not actionable, just as their transferring of rights around amongst their national subsidiaries is a completely legal way of not paying more tax.
My call to action was to try to think of ways that would make things like the PRISM data not useful to the NSA and yet meet their obligations under the law. I mentioned one (in cloud encryption with client side decryption) but I am sure there are others.
And I am _highly_ skeptical about this "reconfirm your TOS, as a hint that there's an NSL on you". (I have no inside knowledge of this, and if I did I would lie to you about it.) But if any engineer did that, and got caught, they'd go to jail. Given that 99.9% of users who're NSLed will not have read that blogpost (the crazy tinfoil-hat wild-speculation one that started this rumour), what would be the benefit? No benefit, but one conscientious engineer goes to jail. Yay.
Law, in general, is just as concerned with the spirit of the law as the letter.
My whole reply is that Google is already working harder on privacy, as a fraction of total resources, than nearly anyone you've ever met, and certainly more than nearly any corporation. (Unless Google is lying about basically everything, which I can't/won't prove they/we are not). Your expectations, as originally stated, are unreasonable.
Disclaimer: And yes, I have a vested interest. Hopefully my argument stands on its own merits. Your call to action is insulting.
I am sure that Google is a much different place than when I left it, hell it was different between the time I joined and left. That said ...
The comparison I was trying to make, and I grant you that it is imperfect, is that Google, like Apple, has billions of dollars in free cash flow and in legal testimony lately they have shown great creativity in ways to shuffle that cash around so as to avoid being required to hand it over to various revenue agencies. Google is also has billions of data points about all of the individuals that use its services. If those data points were dollars, and the revenue agencies were intelligence agencies, what creative ways might they come up with to disassociate which data point belongs to which user such that they could still use the data but not be compelled to hand it over. Just like they use those free cash dollars rather than hand some percentage over as tax.
I've got nothing but respect for the smart people at Google, and still have friends that work there (and folks who used to work here and are now working there :-). Perhaps I'm misreading your tone but it sounds like you want to pick a fight.
What does "unfettered access" mean? What are "valid legal requests"?
While there is an implication of spirit in their words, I know deep down that everyone involved is focused on the letter of their words.
This has nothing to do with my personal trust and confidence in Google, but in my trust and confidence in this entire charade. Google is part of it, whether they're on the right side or not. I simply cannot tell.
At least they mention in one sentence "the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests" which is already much more useful information than only the "number of requests." We saw that in Verizon case one single request was enough to mean "give me all about everything from everybody."
We're living in crazy-town, maybe we always were. What is to stop the A.G. from publicly saying "Yes, disclose away!" and then to privately send one of those magic-do-anything-we-say requests saying, "Don't disclose X, Y, and Z."? Or if we are given an accurate count today, what is to prevent the government from in the future secretly retracting that privilege?
I think in the end we can be satisfied by nothing less than some sort of "Too Many Secrets" Constitutional Amendment, stating clearly that no private citizen can be required or compelled to partake in a "National Security" cover-up, so that everyone currently bound up in the web of lies could speak up without fear of persecution.
That is what galls me as much as anything. If the government wants to gather data and keep secrets, let them gather and keep them themselves. Drafting people against their will into compulsory service in signals-intelligence, forcing them to lie to their loved ones and the world, and persecuting them for honesty, is absolutely amoral.
Which is not to say Google or anyone else is lying about the nature or the scope or anything else about the requests they have received. But the problem is that we can't ever know one way or the other, because we have apparently created a system of secrecy and dishonesty. Once you know someone (in this case, the intelligence community, and those they compel) has a history of lying to you, how do you move past that back into a state of trust?
EDIT: well, technically it says not to 'bear false witness against thy neighbor', but it certainly would not be hard to justify a religious objection to that requirement.
Again, i have seen this in argument after argument. Nobody has yet provided any legal authority that states it is constitutional or legal for the government to compel forced lies. They can compel silence, for sure.
There is plenty of authority in other contexts (IE not national security), that the government cannot compel you to speak misleading or non-truthful information.
I wish this idea that everyone must be lying because the government can legally, force them to, would stop.
I imagine someone started with the NSL gag orders, which compel silence, and then just started saying they compel you to lie instead (which they don't).
In fact, even the compel silence part of the NSL was found unconstitutional.
And don't bother trying to work out how the law allows this, we're not even allowed to know what some of the laws even are.
What laws do you think you can't know of, exactly?
Secret partnerships with government agencies is detrimental to free market capitalism and goes against the true spirit of entrepreneurship.
So they release an "open" letter trying to redirect the masses attention, and I'm not a little shocked it's working. People are actually praising Google? WTH? If Google really cared this letter is like 5 years too late doncha think? Google cares about one thing! That they got caught not giving a crap about the privacy/rights of their customers.
News Flash, they still don't give a crap. But hey, if losing gmail, google+, picasa, blogspot, drive etc. would just cause your world to fall apart, then keep using it and just be honest that you don't give a crap about your privacy or rights any more than Google does.
You should read the news occasionally. Google has been publishing a Transparency Report since 2010, and has been expanding it since then. Not quite 5 years, but more than long enough to render your comment paranoid nonsense.
Strange phrase to put in there.
The more metadata the better. If they want our metadata, it's only fair that we get their metadata too, to be able to keep tabs on their actions.
I would love it if Chrome came with a GPG chrome extension that worked with Yahoo Mail, Gmail and other popular webmail clients right out of the box. Mozilla should also have a plugin that comes preinstalled for this.
The limiting factor in adopting end-to-end encryption in email is network effects. Preinstalling GPG support in browsers is half the battle.