I've reported about how Google is the Dog that Has Not Barked on the NSA, and I still think it's not really barking.
An Avid Reader points out in response to my next blog post showing great skepticism about Bart Gellman's and Ashkan Solari's reporting on the alleged NSA hack of Google that now in the next episode of Tom Terrific, he *has* come up with the goods.
And there are these two Google engineers (the same ones cited in the caption of Gellman's photo to the story, but not in the story itself, oddly?). They appear informally on G+ here and here
Oh, so conveniently. G+ might have been invented for this very moment!
Then the Guardian squawks some more.
So here's my response, which I'm moving up to a post to be more visible:
This isn't confirmation. This is two guys speaking off the cuff on G+.
Mike Hearn is a Brit -- that's built-in anti-Americanism right there. He describes a system he himself worked on-- so he's biased.
He says "fuck the people who made these slides" -- but he doesn't know who made them. None of us do. Gellman refuses to confirm or deny that they might be merely consultant's ambitious thinking, like everything Snowden, given that he worked not directly at NSA, but at Booz, Allen, which was a consultant to the NSA.
I asked how it could possibly be that there is clear text in Google's cloud. This is explained by being intercepted on private fiber lines:
"Doing end to end on the scale of Google is a lot harder than it looks. Ignoring CPU capacity constraints, the entire thing requires a large and complex key distribution and management infrastructure (fortunately already present). Also lots of different protocols flow over our wires, each one of which has to be handled."
So maybe, like a lot of things related to why geeks leave clear text, this is the reason, but we don't have it confirmed. We have suppositions only from this guy.
This Square engineer says exactly what needs to be said -- he doesn't see how it is possible without PHYSICAL compromise. That indeed is the question. But then he doesn't stay with that critical thinking, but merely accepts on faith what a Google engineer tells him:
John A. Tamplin1 day ago
I don't know in Google's case, but when I was at an ISP before, dark fiber meant we owned the fiber in the ground and were responsible for terminating it with our repeaters/routers/etc. So, to tap it would require either compromising the equipment we owned or someone physically digging up the fiber, inserting a tap, and putting it back. You could conceivably detect such a tap with TDR, but especially if this happened under the cover of a cable cut you might just assume the tap was an imperfect splice to repair the cut. So, I don't think it was unreasonable to assume that dark fiber was "safe".When I came to Square, it seemed over the top that even connections between services in the same datacenter were secured with mutual auth SSL -- it doesn't seem so excessive now.
What this is really about is a struggle for power -- and of course, the one Googler saying essentially "this isn't a surprise" and "encrypt, encrypt, encrypt" is basically summing up what it's really all about.
Some in the discussion are calling on Google to sue the government. They should. Because that would compel them to come up with evidence. And I bet they won't.
Brandon Downey's comment on G+ is even more vague, he doesn't even confirm a slide.
No, this is just a PR strategy and not the goods yet. It is meant for "the commuuuuunity" to reassure them and get the anger focused on something else besides Google.
As for the Guardian article -- call me when somebody besides the the Snowden Brotherhood reports this. Greenwald is now utterly dependent on the geeks, and there isn't a story that doesn't come out now without James Ball and Schneier, and that means it is biased.
***
And to continue.
Another person who has shown skepticism but from a different perspective is.
That's because he thinks Google is being craven and complicit with the US government.
I'd be happy if Google would REALLY cooperate with the USG AND if CISPA were passed to regulate such relations between Big IT platforms and the People of the United States. I'm all for that. Nobody else is.
Vanity Fair has had fun looking up funny Google searches.
The Verge has also reported the two "fuck you" Google engineers. I'm sorry, but this is lame. Two major stories appear, in the New York Times and the Washington Post, and neither of them have real Google engineers relevant to the story quoted IN the story, much less high ranking Google officials.
I think The Register, as always, gets this story best -- How Google Paved the Way for NSA's Intercepts.
They explain their own deja vu about all this reported 9 years ago in a fascinating report at the time that Google launched G-mail and began dredging our communications to run contextual advertising:
Former security advisor Mark Rasch, an attorney who had worked in the Department of Justice’s cyberfraud department during the Clinton administration, and was writing for Security Focus, raised a very interesting problem. If Google could search through and read your email without explicit legal authorisation, then surely the security agencies could do the same.
Rasch argued that Google had redefined the words “read” ("learn the meaning") and “search”, which protect citizens, when it unveiled its new contextual ads service. It had removed explicit human agency from the picture. An automated search wasn’t really a search, and its computers weren’t really "reading".
“This is a dangerous legal precedent which both law enforcement and intelligence agencies will undoubtedly seize upon and extend, to the detriment of our privacy,” forecast Rasch, here, in June 2004.
“Google will likely argue that its computers are not ‘people’ and therefore the company does not ‘learn the meaning’ of the communication. That's where we need to be careful. We should nip this nonsensical argument in the bud before it's taken too far, and the federal government follows.”
He then goes on to predict a program exactly like that said to be run by the NSA by Snowden.
Well, here's the thing. I think Google is right, actually, even though I don't trust them with this data and I think the goverment is required to regulate their management of it. And I think exactly that reasoning is right for the NSA to apply, too. Because scanning millions of phone records to find matches to terrorists isn't reading your mail, isn't intruding, isn't "keeping a dossier on you" -- as Clapper in fact rightly said, and did not lie. It definitely is not, anymore than AT&T publishing a phone book with everyone's numbers means that the government now eavesdrops on every phone call or notices whose phone is next to who else's on which street.
No, the point really is that there has to be human intelligence that drops down into the communication to comprehend it with meaning. And that requires an act of will, and that requires a warrant -- and in the warrantless cases, grounds for suspicions of terrorism. I do think that terrorism is the exception and rightly so as defined by the FISA. I think this on human rights grounds because human rights were always meant to be in balance with each other, and the right to justice or religious belief can't trump women's rights or the very right to life and safety.
This isn't that silly, often misused Benjamin Franklin proposition or balancing security versus rights; it's recognizing that there is an inherant balance of rights themselves. Different. Your religious beliefs or your right to freedom of belief or your right to redress perceived or real grievances don't extend to a right to blow up buildings or people. The end. Because they have rights. Really, if more people would begin to think and speak about this in terms of rights, not balances between security and rights it would be more understandable.
Most people embracing Snowden and even thinking about Google (most aren't) conceive of the problem as Google being corporate, capitalist and complicit and the USG as being corrupt and overreaching. But I don't. I think the problem originated with Google and lack of regulation of Google, and that the government SHOULD monitor communications to try to stop terrorism. I don't see that this is overreach because not a single case of this has been shown - only sweeping generalizations have been made.
Google knows that its days scraping our email to pitch ads are coming to an end, and that's why they've been frantic to develop hardware to sell as well as otherways to pitch ad using open social media. That's why there's G+ and their latest ad scheme there. They get all this, it was never going to last forever. Here we all are now...
The Whore of Mensa says Fuck These Google Guys because he thinks big evil capitalist corporations are basially the problem. So I go half way with him on the "evil" part but not because it is a corporation. If anything, Google is, oh, the Soviet Academy of Sciences or the Soviet Knowledge Society...or something. It should become more of a corporation, not less. I think they should stop feeding engineers free M&Ms and shushi lunches and providing free massages and spend more money hiring customer service people.
He also helpfully quotes @ioerror who is ridiculous:
I suspect that Google will soon be a key element in the fight against #NSA spying.
— Jacob Appelbaum (@ioerror) November 1, 2013
Recent Comments