Tuesday, May 06, 2014

Google Knew! And We Knew! For Over Four Years!

What China, India, and Obama Tell Us About Google


It’s now cool to dump on Google.

At Al Jazeera, Jason Leopold obtained copies of e-mail exchanges between the NSA’s Keith Alexander & Google executives.

The meetings addressed an apparently benign episode of behind-the-scenes jiggery pokery, in this case discussions concerning NSA-industry cooperation on various cybervulnerabilities.

But, since it’s Google, there’s also room for darker interpretations:


Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and the U.S. government than was implied by Silicon Valley brass after last year’s revelations about NSA spying.

Disclosures by former NSA contractor Edward Snowden about the agency’s vast capability for spying on Americans’ electronic communications prompted a number of tech executives whose firms cooperated with the government to insist they had done so only when compelled by a court of law.

But Al Jazeera has obtained two sets of email communications dating from a year before Snowden became a household name that suggest not all cooperation was under pressure.


Well, I dumped on Google before it was cool, when the Google slogan “Don’t Be Evil” sent a thrill up techies’ legs instead of a derisive smile to their lips. 

It was clear long before Snowden that Google was in bed with the US government.

In fact, it was revealed in the ruckus surrounding first big China cyber-scandal—the hacks of Chinese activists’ Gmail accounts and the Aurora exploit—back in December 2009-January 2010.

It’s interesting to go back and look at what was ignored and what was hyped in those innocent pre-Snowden days.

Fortunately, I wrote about the whole affair in January 2010 at Asia Times Online:


Google isn't doing well in China, and President Barack Obama isn't doing well in the United States. These twin realities have helped trigger a high-profile confrontation with China.

On January 12, Google responded to a sophisticated hack of its Google.cn servers, apparently emanating from within China, with the threat that it would stop filtering its Google.cn search results in compliance with the demands of the Chinese government, even if that meant Google would have to close its China operations.
Google's high-profile demolition of its relationship with China may not simply be a matter of outrage at the hacking of pro-democracy e-mails.

Bruce Schneier, a well-known US cyber security expert, made waves in the IT community with an op-ed on CNN on January 23 [3] asserting that the e-mail hacker had obtained the e-mail information by accessing Google's own internal intercept system - a program designed to enable Google to collect user information in response to US government demands.

If this is the case, the e-mail hack is more of an embarrassment for Google than anything else: an indication that Google had not only created the application to enable governments to spy on e-mail accounts, it had done such a poor job of protecting it that it could be hijacked by malicious parties.

The actual significance of the e-mail hack is open to question.

Only a handful of accounts were accessed, and apparently yielded no more information than the kind that the US government is supposed to get in response to a subpoena: account information and subject line. No message text was compromised, according to Google.

In a January 21 conference call with financial analysts, Google executive Eric Schmidt stated that Google wasn't even sure that the e-mail intrusion was related to the larger hack, now known as the Aurora exploit.

Aurora was a sophisticated, simultaneous industry-wide penetration of sensitive computers at Google, Adobe and perhaps more than two dozen other Silicon Valley companies, possibly a "zero day" attack intended to exploit an intrinsic weakness in Internet Explorer (IE) for maximum effect before the attack itself compelled Microsoft to issue a patch to plug the leak.

The target of this multi-front blitzkrieg was apparently a quest for IT's crown jewels - source code.

This cyber-sparring between Western high-tech companies and Chinese hackers is a historical albeit worrisome feature of the complicated relationship between US IT companies and the large Chinese market they hope to serve.

The large scale and synchronized timing of the assault has caused the target companies to point the finger, albeit gingerly and with caveats, directly at the Chinese government.

It is an open question whether the scale of the attack reflects Chinese government involvement, or an awareness of the transient nature of IE vulnerability and the resultant desire of networked private or semi-private Chinese hackers to exploit the flaw massively before it could be discovered and repaired.

Another anxious aspect was added to the case as rumors spread that Google suspected that a Chinese employee of its organization inside China may have facilitated Aurora's intrusion onto a computer with administrative privileges, thereby opening significant domains of the Google realm to inspection and downloading by the hackers.

However, Google took an important and inflammatory step of escalating its conflict with China by using the e-mail hack against democracy advocates to wrap itself in a human-rights flag. As a result, its threat to stop censoring its Google.cn search engine in retaliation for the hacks has become a cause celebre for free speech and Internet-rights activists.

This cause has been taken up by the US government.

The Obama administration is smarting from its devastating political defeat in the Massachusetts senate election, a defeat that has removed the Democrat Party's supermajority and put it on track for possible electoral catastrophe at November's mid-term congressional elections - unless it can rally its disaffected base of liberal and progressive voters. Thus, Obama's government is set to embark on a populist anti-banking campaign inside the US and a crowd-pleasing anti-China campaign internationally.

Google's emergence as a champion of Internet openness is, in a certain sense, rather ironic. Its data-collection capabilities extend from cookies to click-logging, which involves the recording of a user's search terms for two years and has aroused the concern of the European Union, the US government and privacy advocates. The tools are likely the envy of China's busy public and Internet security monitors.

Google is no stranger to cooperation with security services in the United States as well as abroad.

Google has an intimate relationship with the US intelligence community. It acquired one of its signature services - Google Earth - from the Central Intelligence Agency's acknowledged not-for-profit venture capital arm, In-Q-Tel. As part of a one-hand-washes-the-other synergism between the private and public sector, In-Q-Tel's director of technology assessment, Rob Painter, moved to Google in 2005 to become chief technologist for federal business. His main job: selling Google Earth imagery back to the government.

The company itself is secretive not only about the precious algorithm that drives its world-beating search engine, but about everything else. Despite enjoying the benefits of being a publicly-traded company, its ownership is structured to enable close control by its founding members. It accumulates gigantic amounts of data concerning its users - including information from the over 75 billion Google searches, 10 billion Youtube views and hundreds of millions of Doubleclick ad page views per month they undertake - so it can target them with advertising tailored to their needs and weaknesses.

In an unintentionally ironic twist, Google chief executive officer Eric Schmidt turned the company's ballyhooed motto - Don't Be Evil - into a warning to Google's users in an interview with CNBC in December 2009. [4]

"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place," Schmidt said. "If you really need that kind of privacy, the reality is that search engines - including Google - do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities."

Google is committed to an open Internet because this provides the maximum leverage for its competitive advantage as the pre-eminent search engine. Google also relies on the open Internet to allow it to collect the full spectrum of data that allows it to characterize and exploit the monetary potential of its users.

The one area in which Google cannot tolerate openness is in the one area the hackers targeted: the secrets of its search engine.

It would not be surprising if Google decided to make a public issue of the December 2009 intrusions in order to get the Chinese government to crack down on hackers within its borders, be they public or private actors.

Simply walking back the tense situation and negotiating some kind of symbolic, face-saving compromise on filtering of search-engine results may also be out of reach, thanks to the rapid escalation of political rhetoric by the Obama administration.

In a speech in Washington on January 21, Secretary of State Hillary Clinton planted the US government flag as champion of the "right to connect" to an open Internet. Echoing the phrase of British statesman Winston Churchill that announced the beginning of the Cold War between the Soviet Union and the West, she talked of an "information curtain" (rather than an iron curtain) descending across the world at the behest of totalitarian regimes.

Clearly, the lengthy speech was prepared long in advance to burnish America's information age luster. Equally clear was the fact that one paragraph was inserted about the Google case at the last minute.

Clinton issued a call that the Chinese government investigate the Google case "transparently", implying in effect that China had a responsibility to mollify foreign stakeholders based on Google's so far undocumented public assertions:

And we look to the Chinese authorities to conduct a thorough review of the cyber intrusions that led Google to make its announcement. And we also look for that investigation and its results to be transparent.

Open-society advocates lauded the tough American approach, even as IT professionals pointed out the awkward fact that the US itself embargoes Internet software - including Google's Chrome browser - to deny the benefits of Internet openness to users within Syria, Sudan and other countries.

The Chinese government - which has labored mightily to create an international regime in which China is an acknowledged superpower and not the target of condescending and embarrassing demands for transparency - responded with predictable heat.

China's Ministry of Foreign Relations denounced Clinton's call, stating, "We urge the US to respect facts and stop attacking China under the excuse of the so-called freedom of Internet."

China's Global Times accused the United States of "information imperialism".

According to an Associated Press report [7], the US government seems willing to up the ante:

Washington, meanwhile, carried its message on Internet freedom directly to Chinese bloggers. The US Embassy in Beijing and consulates in Shanghai and Guangzhou hosted Internet-streamed discussions with members of the blogging community on Friday afternoon - the latest example of Washington's outreach to Chinese bloggers as a way of spreading its message.

The bloggers met with US diplomats from the political, economic and public affairs sections, who held discussions and answered questions about Clinton's speech. The meetings were similar to a session organized during Obama's visit to China in November.
It would appear that nothing good for US-China relations will come of this. Perhaps the United States doesn't care too much.

In a widely-linked comment entitled "The Google news : China enters its Bush-Cheney era" [8], the Atlantic Monthly's James Fallows saw the Google case as a regrettable hardening of Chinese attitudes towards the US just as America was entering the halcyon period of the Obama administration.

It is more likely that the Obama administration, with the world financial system stabilized and Chinese goodwill a less vital commodity than before, and its own political fortunes in jeopardy, has found it politically expedient and feasible to harden towards China.


It subsequently came out that the Aurora hack--a zero-day vulnerability in Internet Explorer--had been discovered and reported to Microsoft a year before by an Israeli security firm, but MS had not gotten around to writing a patch for it.  Nowadays, of course, we can wonder if the NSA also knew about it, did nothing about it, or, worst case did something about it: i.e. told Microsoft to keep the vulnerability under its hat while the NSA used Aurora itself to rummage through the innards of various target computer systems.

The exploit itself was relatively unsophisticated and remarkable only for the fact that it had been simultaneously unleashed against over two dozen companies, presumably to try and get something in a hurry before the vulnerability got fixed.  When Symantec analyzed Aurora, it observed there was nothing special about the hack, only about the mainstream media furor surrounding it.

I am of the opinion that the United States government had decided to put Chinese hacking on the menu of US grievances, Google was ready to cooperate, and a generic hacking episode was seized upon in order to start selling the pre-prepared product.

By the way, blowing up Google's position in the China market was apparently a brainwave of Sergey Brin, executed over the objections of Eric Schmidt.  

In my original piece for Asia Times Online, I speculated that Brin could afford to be blase about the mainland China market because the PRC had banned key Google services like Youtube, Baidu was eating Google's search-engine lunch, and Google's alternate future was the currently low-spending but big, democratic, Anglophone, pro-US, Indian market.  

Indeed, Google responded to its setbacks in China with a huge push into India, making India--where only 12% of the population is currently on-line-- its most important market bet after the United States.  In India Google's search engine share is over 97%, attracting envy, fear, and concern of everybody, including its customers, as a lengthy and revealing article in Forbes India reported:


Thus, partners and customers warily treat it as both a threat and an opportunity. A friend and a sort-of enemy—a ‘frenemy’.

Of the nearly two dozen people Forbes India spoke to for this story, none were comfortable saying anything even remotely critical of their frenemy, Google, on record. Many refused to be quoted at all. Reason: When the bulk of online sales depends on one company, you can’t afford to antagonise it.

Readers reflecting on the close political ties between Google and the Obama administration will find this passage concerning Google's political activities in India revealing:
In December 2011 things appeared pretty bleak for Google after the union telecom and IT minister, Kapil Sibal, berated it (along with peers Facebook and Yahoo!) for not “pre-screening” user content for defamatory comments before it was uploaded.

Having been ejected from China for its failure to kowtow to the government, Google was, of course, extremely wary of losing its next biggest market the same way. So it pulled out the stops on a high voltage charm offensive.

Google has used its popularity with consumers as a carrot, offering key influencers a digital pulpit few others can match—the Google Hangout, a multi-party video-conferencing service that can also be broadcast.

Though Hangouts can be set up free of cost by any Google user, the service offered to ministers and politicians was supported directly by Google, with weeks of preparation beforehand.

The first person Google chose to do a Hangout with in August 2012 was Gujarat chief minister and BJP leader Narendra Modi. Drawing in tens of thousands of online viewers, the session was a resounding success. That made the job of convincing Congress politicians much easier, leading to Hangout sessions this year featuring union ministers Shashi Tharoor, CP Joshi, P Chidambaram and Milind Deora.

“It was the platform determining the speaker, and not the other way round,” says a senior industry watcher on the condition of anonymity.
Modi, of course, will become India's next prime minister if his BJP party performs up to expectations in the current Indian parliamentary elections.


Over four years ago the institutional relationships between Google and the US government (and the presence of surveillance backdoors in Google services) and the political and personal synergies between Google execs and the Obama administration became apparent, and a thing for people to get worked up about.

As to where this all leads, post-Snowden, I rubbed it in in a post from late 2013 titled Google Knew!


I recently wrote a post on the (to me) unconvincing hero-splaining of the privacy commitments espoused by Google, Yahoo! Et al. in the wake of revelations of “MUSCULAR” NSA intrusions into their data backbones:

Two engineers with close ties to Google exploded in profanity when they saw the [notorious smiley face] drawing [showing the NSA’s penetration of the Google data backbone]. “I hope you publish this,” one of them said. 

Publish what?  Evidence that Google's security is cracked?  Or document Google's hyperbolic anger at NSA transgressions to reassure Google Cloud customers?

If you’re searching for privacy heroes, I think you’d better scratch Google off your list.  Per Gellman:

Last month, long before The Post approached Google to discuss the penetration of its cloud, vice president for security engineering Eric Grosse announced that the company is racing to encrypt the links between its data centers. “It’s an arms race,” he said then. “We see these government agencies as among the most skilled players in this game.”

Google knew, kids.  Get used to it.


Then the Guardian reported:

Yahoo, Microsoft and Google deny they co-operate voluntarily with the intelligence agencies, and say they hand over data only after being forced to do so when served with warrants. The NSA told the Guardian that the companies' co-operation was "legally compelled".



But this week the Washington Post reported that the NSA and its UK equivalent GCHQ has been secretly intercepting the main communication links carrying Google and Yahoo users' data around the world, and could collect information "at will" from among hundreds of millions of user accounts.



The NSA's ability to collect vast quantities of data from the fibre-optic cables relies on relationships with the companies, the document published on Friday shows.



The presentation, titled "Corporate Partner Access" was prepared by the agency's Special Source Operations division, which is responsible for running those programs. 



In an opening section that deals primarily with the telecom companies, the SSO baldly sets out its mission: "Leverage unique key corporate partnerships to gain access to high-capacity international fiber-optic cables, switches and/or routes throughout the world."

This piece hasn't received a lot of play.  Wonder why.  On the other hand, the Guardian treats us to a column from its digital beat guy, Dann Gillmour, with the title slug:
Google, Yahoo et al have the power (and money) to fight back against the NSA

The tech billionaires should create the anti-surveillance, pro-security equivalent of the National Rifle Association.

In my humble opinion, asking Google, Yahoo! et al. to lobby on behalf of Internet privacy is like expecting the gun manufacturers who provide a lot of the NRA’s juice to endorse gun control.
Google Knew!  Maybe the new corporate slogan should be...Google Knows!



1 comment:

Xinxi said...

In a sense, we all knew. Doesn't nearly every single Hollywood spy movie feature some kind of global headquarters where American agents can access almost any data anywhere in the world?