I was somewhat surprised that Bruce Schneier article on CNN blames the US for enabling the Google hack. Bruce you work for the big boys now and you should know how the system works anyhow. I have been mulling his article over for a while and thought I ought to post my thoughts – its not every day you get to point out where an industry leader is wrong.
First lets take the argument about TLA’s and law enforcement being able to subpoena data, phone records and to tap phones causes a weakness , well duh! both law enforcement and the general population accept that with suitable safe guards the police and intelligence organizations should have access to this information. Just because data is moving over the intertubes doesn’t suddenly magically make it any different to other types of data.
There’s of course a different debate about what the safe guards should be and who has access – in my opinion the
induhvidual Sir Humphrey in the Home Office who thought that letting local government have access to this sort of data should be rewarded with early retirement and a MBE.
So if you’re a very large organization like Google you do have to work with the system and have procedures and systems to properly handle this sort of data.
Secondly lets take the argument that adding a “backdoor” creates a weakness well theoretically yes. But it behooves Google or any one else to use well established ways of securing that data – in BT I knew team leaders on some projects that had to be PV’d.
I suspect that Googles NIH attitude and general arrogance led them to “invent” there own half assed way of securely accessing the Gmail data – or maybe Gmail security is crap to start with.
Building the ability to tap an email account and then dump that encrypted data out to a separate secure system isn’t that hard given Google’s resources – of course any such system should use an appropriate security model with only security cleared staff allowed to access the data and an audit trail so that if you do have unauthorized use of such data suitable action can be taken – this is all security 101 and i am sure Matt Cutts could point you in the direction of the right people to ask 🙂
The real thing to take from this is that the main people to blame (other than the hackers) for this fiasco are Google – who screwed up big time and shows that Google’s “adult supervision” is not doing a very good job.
Other things that come out of this is the suspension of all Google’s staff in china, fairly obvious where the problem is then. And it must truly suck to be one of those people as I suspect that getting a visa to work in the west is going to get a lot harder for them.
I know The CNN article was written for a
Sub civilian audience but. you are still wrong and completely missing the point. And I suspect that the secret squirrels BT Security might want to have a word 🙂
Also the web2.0 Social Media industry needs to take this as a wakeup call as I am sure at some point there will be a tragedy where a jilted EX, stalker or criminal gets hold of information and a murder results.
The recent case where a a couple under police protection where murdered by hit men with the victims address information being obtained via an BT employee being one example from an oldskool industry (bet the tape of that interview without tea and biscuits with SD would make grim listening)