Google security engineer on NSA: "Fuck these guys"


#1

[Permalink]


#2

There's always a fallback position. We knew they were splitting beams. But what's the fallback? Any point the communication isn't encrypted. So, if now they can't split fiber to collect unencrypted packets that way, what's next?

THE ENCRYPTION ITSELF IS SUSPECT.


#3

For the NSA? Putting Brandon Downey under heavy surveillance for the rest of his career at a guess.


#4

Incredibly interesting timing there Cory smile


#5

Even better (and more interesting) is this response from Downey's Google security colleague Mike Hearn. He reiterates "fuck these guys," and, well, here's the money quote:

Nobody at GCHQ or the NSA will ever stand before a judge and answer for this industrial-scale subversion of the judicial process. In the absence of working law enforcement, we therefore do what internet engineers have always done - build more secure software. The traffic shown in the slides below is now all encrypted and the work the NSA/GCHQ staff did on understanding it, ruined.

Thank you, Edward Snowden.

So, uh...wow. Is Google finally growing a spine?


#6

Google is hardly innocent of the heavy NSA surveillance, though. They're nagging people to log in with their Google Accounts, in the Google Accounts they're nagging people to give up their real name and phone number, and they're logging any and all interactions and apparently keeping the logs forever, as the Petraeus case showed.

Google is building an infrastructure that can be used to keep a detailed track of the movements of millions of people (IP address, name, search term, confidential services) and according to the Snowden files and what was revealed in the Petraeus case, they're gladly sharing these data with agencies, thus betraying the very users they're nagging to give up their real names and always be signed in to their Google Account.

I recognize that building this surveillance infrastructure was probably not Brandon Downey's decision, but still, what would you expect? If you lie down with dogs, don't be surprised when you're bitten by fleas.


#7

innocent of the heavy NSA surveillance

You can be free from, but not innocent of other people surveilling you.

There are fairly legitimate business reasons for the things you're saying are nefarious. They ask you to login to their services because they want that sweet, sweet user behaviour data (they are an advertising company). You don't have to give your real name to any company on the internet. Fuck their EULAs and whatever: Nothing on the net (except eshopping) has my real name.

You can choose to put in your number if you want (and almost certainly have to for some Android 2 factor auth functions) but in reality Google added that for user security because their gmail service was becoming a target for hacks (remember Palin getting her email broken into?). Reality is that if you're using any non-encrypted email service then the NSA or many other 3 letter acronym bodies can get copies of your email and there's a pretty good chance you emailed your phone number to someone at some point.

Google is building an infrastructure that can be used to keep a detailed track of the movements of millions of people (IP address, name, search term, confidential services)

As are a multitude of other companies. Credit card companies have been doing it for decades. Amazon has all those details PLUS your purchase history. Facebook are just evil turds who don't even deserve a mention.

Define "gladly". If you mean they'll abide by the idiotic patriot act you're right. What about the cases where they refuse to hand over data (which happens on a daily basis)? How do those factor into your definition of "gladly"?

People love to rail on Google because they're a big company and for many people they keep a hell of a lot of data on you. Thing is that they're also probably doing more to protect people's data than any other single company and, unlike Facebook, their updates usually improve default security, not degrade it. Also keep in mind that you don't have to use anything they make and if you personally find their behaviour unacceptable then don't use their free stuff. It's not hard.


#8

I think it is fair to say you can't really avoid Google on the net. I suppose you can limit your contact, but they are feeding ads to a lot of the pages and I am sure track what happens.

I am not actually timquinn, by the way. It is a clever ruse to fool everyone. My real name is


#9

I don't think that's fair at all considering you have the ultimate control over which internet-connected computers get to talk to yours. If you avoid Google's services and run Adblock Plus then your computer will likely have nothing to do with them. You'll also have to avoid Youtube.

I make adsense ads and I run Adblock. I'm happy to steal from my own wallet smile


#10

And we ARE allowed to get tired of the Internet and turn it off. I do that from time to time. Sometimes it all just gets so boooooooring.


#11

This person is crazy and I entirely disendorse their input.

Nah.. fair point. I call that "sleeping" smile


#12

Dream state adsense, they call it "currently untapped" market smiley


#13

Oh man, there should be a limit to what you will sacrifice. Youtube is such an awesome resource. It is about half the value of the tubes. Seriously.

Otherwise thanks for the education.


#14

Well, let me be more precise then.

The best way to avoid abuse of massive concentrations of sensitive data is not to build these concentrations in the first place. Nobody forces Google to build the very extensive logs they are keeping, and if they didn't build them they couldn't turn them over to the NSA. Google are complicit in building the Orwellian surveillance society, not just victims of it.

Google's business model used to be to show ads to go with their search results. Now, it seems to increasingly be to invade their users' privacy in order to sell advertising. With Google+ and their new unified Google account and constant nagging I don't see their behaviour as any more ethical than Facebook's.


#15

That's correct! I would add that Google's "free" services are anything but. Only you don't pay with your money, you pay with your privacy. But you do pay.


#16

The best way to avoid abuse of massive concentrations of money is not to build these concentrations in the first place.

FTFY


#17

Come to think of it, I like the idea. Decentralization etc.


#18

Google has good reasons to hate that. For example polls here in Germany indicate that people are moving away from (some) American online services because of the recent NSA news. Of course those reactions are a bit naive and it remains to be seen how many people follow through in the long run, but people looking for "America free" IT solutions are certainly not in Google's interest. For dominant players like Google the risk is not really the lost revenue as such, but that it can create viable niches for competitors.


#19

Because the Prism leaks from August suggested they collaborated willingly or at least without making a big fuss about it. Only after those leaks where Google, Yahoo, MS and Apple were named those companies started fighting back and started to feign outrage and indignation. To me it looks like an attempt to get good PR after behaving like the "good german".


#20

The best way to avoid surveillance is to prevent the flow of information flowing near a tap. How many alternative network ideas are out there?

What's the legalities around comms networks? Could I, here in London, build a local network freely from wire and string? Do I need any licensing? How about elsewhere?