On 7/18/15 10:32 AM, Lodewijk andré de la porte wrote:
2015-07-19 2:22 GMT+09:00 Stephen D. Williams <sdw@lig.net <mailto:sdw@lig.net>>:
I feel perfectly confident that Google is going to protect their billions in income and valuation by being very careful with avoiding abusing their data or users in any strong sense.
I want to say "You're new here, aren't you?", but I know you're not. Parallel construction and intelligence laundering take care of this in case they want to abuse your data. Big Data is never very much of a privacy issue, but when they silently use that Big Data for their (or their companies') profit, well, without competition you'll lose. And then there's straight business-secret-stealing, which they also do, and which is very hard to ever find out about (parallel construction is also possible here).
So, yeah, they'll protect their billions in income and valuation. And they'll use all the intelligence the US can bring to the table to do it.
Perfectly within the realm of the possible. A lone employee may be able to abuse things, but they likely will be caught, fired, and the incident has some chance of being righted and paid off. Unlikely to actually be the case in any pervasive way. Nearly all conspiracies leak eventually. Being a commercial company, they are a huge target for a jackpot payday. TLAs have no such worry, which is why when they do illegal things and otherwise drift or charge outside the boundaries that it is so bad. A few years ago, before Congress stepped in to let them off the hook, phone companies like ATT were in a tight spot for allowing a lot of open access to customer data. I'm sure that legal departments everywhere took notice of that exposure; Congress isn't going to do that too many more times, and especially not for commercial gain. Parallel construction is a big problem, although I think that it has been exposed in some major cases lately that should soften courts for detecting and confronting it. It's possible both for prosecutors, TLAs, and companies wanting to steal proprietary trade secrets. Perhaps practical and legal techniques used to combat insider trading may start to provide some protection. It is at least possible to take countermeasures to expose parallel construction: information that provides ways of detecting eavesdropping is an obvious solution. It is certainly the case that we should consider the possible, especially since there have been a number of surprises about how far things actually did go in the past, especially the TLAs, but also sometimes with companies with really bad culture. But that red team gaming shouldn't spill over too much into our rational assessment of actual risks and reasonable countermeasures. There is a typical problem I call the Fallacy of Insisting on Zero Risk: A mother fearing their children using the bathroom at the mall alone or calling the police because someone else's child walks to the park alone while thinking nothing of horse riding or football or rodeo or smoking. Or OSHA related spending millions per death to prevent one type of injury while ignoring other much lower hanging injury risks. Gun control, vaccines, playground equipment, etc. often involve similar elements. When making actual concrete security choices, a rational actor considers the threat, opportunity, costs, rewards, exposure, overhead, etc. when weighing what measures are worth taking. In a presentation to the Nevada Gaming Commission years ago, I used the analogy of protecting nuclear weapons: The cost of a compromise is nearly infinite, so the amount you would be willing to rationally invest to prevent a compromise also can be nearly infinite. (But apparently not given recent events related to those crews.) Everything else falls in a lower tier where there is a cost / benefit tradeoff. You can go far enough in taking measures that you are worse off than if you had been compromised in the worst probable way. The question there was how much certainty was needed that an Internet gambler was of age. We went through a similar thing related to porn: Early on, many jurisdictions insisted on absolute certainty that a remote viewer was of age, or a company-ending lawsuit or criminal case would result. Now, porn is essentially wide open, with at most proof of control of a credit card required to verify age; easily bypassed by a determined teenager, who could legally have a Visa debit card anyway. For one thing, most of the supposed damage (Meese report etc.) was bogus, so few controls are really called for. Now, many of us here want to be able to protect ourselves and others out of principle, need, career, and/or interest. We may find it fun and career worthy to have TLA / scammer / evil genius defeating countermeasures and tradecraft. We may get to the point we actually need it, or work with clients who definitely do. But we shouldn't slip into unnecessary paranoia, especially if it gets to the point of shooting ourselves in the foot. When we're making an argument, we are often taking the paranoid view because that's required to get into the right mindset. After determining how to prevent issues, we should then decide what is actually worth putting into place. I've run my own physical Internet server, including my own DNS servers, since 1992 when I obtained my first domain name and started a couple ISPs. For various reasons, I will continue to do that, but I'm not sure I'd recommend it to others, especially the non-technical. My uptime, currently at 267 days, is basically the lifetime of the hard drive or the rare case when the colo moves things around. sdw