Google and Its Security Woes

January 18, 2010

There are some practical issues that must be addressed when dealing with security. First, the people working on the security problem have to be vetted. This requires time and organization. Organizations in a hurry and not well organized are at greater risk than a plodding, more methodical outfit. Although troubling to some, the security people have to be subject to some type of monitoring as well. The idea is that layers of security methods and procedures are required. Again, this takes expertise and experience. Short cuts can increase risk.

Then when something bad happens, it is a good idea to look for indications that someone close to the matter is involved, intentionally or unintentionally. Some countries use clever methods to socially engineer an opportunity to exploit a weakness in security. I know that the idea of a team implies that everyone is going to run the game plan. Alas, that’s not always accurate.

In my experience, keeping an issue contained is a prudent first step. The idea that quick reaction or chatter helps may be an inaccurate one. Some outputs are necessary, but crazy talk is rarely helpful whether from pundits, poobahs, satraps, or azure chip consultants.

I was surprised to read several widely circulated news stories that provide some additional “information” or “disinformation” about the Google security matter. The work “attack” is attached to this issue, but I don’t know enough to be able to say whether this was an “attack” or one of those cute things that math club members perpetrate as a way to get attention, change grades for the football team, or transfer cafeteria money to a charity like Midnight Auto Supply.

image

The Great Wall of China was built for a reason. Some of those reasons exist for today’s Chinese governmental entities. Those who build the Great Wall were not concerned with the environmental or financial impact of the Great Wall. Priorities may be different in China than in other geographic areas or nation states. Image source: http://www.globusjourneys.com/Common/Images/Destinations/great-wall.jpg

That’s the problem with lots of information or lots of disinformation. There is uncertainty, what I call a “cloud of unknowing”.

Here’s what’s caught my attention. (Keep in mind that I have no solid opinion on this matter because I only know what flops into my newsreader and that information or disinformation is suspect by definition.)

ITEM, there is a Reuters story “Google Probing Possible Inside Help on Attack.” You can read it yourself to make sure I got the gist right. The idea is that there is a possibility that someone working at Google in some way allegedly assisted those involved in the security matter. Troubling to me because this strikes at the heart of the “team” concept and the “running of the game plan.” The idea is that an insider is not on the team and not running the game plan. If true, the very culture of Google may require some adjustment in my opinion.

ITEM, there is a story with the headline “Google Denies Leaving China, Seeks Negotiations”. Again go to the original to verify my interpretation. The idea I took from the write up is that Google is not going to pull out of the world’s largest market for online. I did not know that Google had shut up shop in the first place. The Google has a big building and lots of employees, business partners, and shareholders. Whatever the China market is worth in cash may be a factor. So which approach is Google taking? Staying and working under the laws of China or pulling out and working where life is more comfortable? I don’t know.

ITEM, I saw a story again from Reuters with the title “Q+A – How Will Google Case Impact Foreign Investors in China?” The article trots through the world of cyber attacks and risks. For me, the issue boils down to money. If an organization wants a piece of the Chinese market, companies are going to have to find a way to work within China’s rules and regulations or work around them in a way that does not put executives within sight of the Chinese Mobile Death Van. (I saw one of these vans in 2007 on my trip to China. See China Makes Ultimate Punishment Mobile.) All the Q+A from outsiders won’t change the reality that the Chinese authorities play by their rules. The death van, by the way, replaces another method involving a device capable of sending a projectile to the back of the head behind a police station. Fancy talk does not alter the methods of the Chinese authorities who are, in my experience, usually not too impressed with certain types of behavior.

image

Chinese death van. No logos. Violate Chinese law and you may get to see one of these rolling execution chambers up close. Different country, different methods. Getting frisky in another country when you are a citizen of another country is not always a great idea. Source: http://www.flatrock.org.nz/topics/prisons/assets/chinese_death_van.jpg

What’s my take away?

First, the yap about one world and one Internet is baloney. China is one example and there are others if you poke around. Visit Iran and do some Web surfing to get some first hand intel, gentle reader.

Second, the mix of “information” and “disinformation” leaves the situation murky, which is not going to change the fact that when in Rome, do as the Romans do.

Third, countries ultimately have more power than global information companies within their borders. The instruments of communication include police, military, and legal institutions. No mouse pad or T shirt will change this fact in my opinion in certain situations. Cute does not work in security.

Stephen E Arnold, January 18, 2010

A freebie. Due to my references to various legal matters, I will report working for free to the Department of Justice when it reopens on the 19th of January.

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta