IBM, Microsoft, Google, Verizon

Google: Keep User Data Safe by Letting Us Hoard It Forever

January 20, 2010

The Register - Google has sought to turn its China crisis to its advantage by arguing it demonstrates why it should be allowed to hang onto search logs indefinitely.

Privacy supremo Peter Fleischer told ComputerWorld in an interview that:

"The unprecedented hacking... and the threat of similar such attacks in the future emphasized the importance of internal analysis of logs."

Google has been under particular pressure in Europe to stick a time limit on how long it hangs onto information that can be used to identity searchers.

In 2008 it halved the time it hung onto such info to nine months, a cut that still did not find favour with Eurocrats. It continues to hold data beyond that date, but says it does not hold the full IP address of users, effectively anonymizing the data, but still making it useful to the world's largest ad broker.

Microsoft has upped the ante by lowering the amount of time it hangs onto data about Bing users to six months. Which would be significant if anyone used the service.

"We find it reprehensible that a company would throw away useful data when it holding it poses no privacy threat," Fleischer thundered.

Which illustrates how Google's view of privacy differs from many other people's, and ignores the possibility of the data becoming a privacy (and/or security) threat if it fell into the hands of, say, Chinese hackers.

Fleischer also called for the creation of an EU panel featuring data protection and cyber security experts. This demand will be part of a submission to Europe's Article 29 committee on data protection, in which it will also rule out any further reduction in the amount of time it holds onto data.

This could presumably mean Fleischer spending even more time in Brussels. In December 2008 he was asked to join an EU quango which would advise on future data protection legislation.

Of course, Fleischer's not the only one who believes that the best way to preserve security (and sell a few ads as well) is by hoarding every bit of information a user generates. This is the same principle behind the UK government's Interception Modernisation Program. Except for the ads flogging bit.

We asked Google if it could add anything more to Fleischer's comments, or confirm if he was still serving on the data protection panel. They're still holding onto that data.

Google Alleges Ongoing Corporate Espionage is Originating from China

January 13, 2010

IDG News Service - Google's decision Tuesday to risk walking away from the world's largest Internet market may have come as a shock, but security experts see it as the most public admission of a top IT problem for U.S. companies: ongoing corporate espionage originating from China.

It's a problem that the U.S. lawmakers have complained about loudly. In the corporate world, online attacks that appear to come from China have been an ongoing problem for years, but big companies haven't said much about this, eager to remain in the good graces of the world's powerhouse economy.

Google, by implying that Beijing had sponsored the attack, has placed itself in the center of an international controversy, exposing what appears to be a state-sponsored corporate espionage campaign that compromised more than 30 technology, financial and media companies, most of them global Fortune 500 enterprises.

The U.S. government is taking the attack seriously. Late Tuesday, U.S. Secretary of State Hillary Clinton released a statement asking the Chinese government to explain itself, saying that Google's allegations "raise very serious concerns and questions."

"The ability to operate with confidence in cyberspace is critical in a modern society and economy," she said.

The search-engine company first learned it had a security problem in mid-December, coincidentally just days after hosting a closed-door symposium on circumventing censorship. Soon the company's security team realized that it was dealing with more than just a few hacked workstations.

"First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses -- including the Internet, finance, technology, media and chemical sectors -- have been similarly targeted," wrote Google Chief Legal Officer David Drummond in a Tuesday blog posting. "Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists."

Drummond said that the hackers never got into Gmail accounts via the Google hack, but they did manage to get some "account information (such as the date the account was created) and subject line."

That's because they apparently were able to access a system used to help Google comply with search warrants by providing data on Google users, said a source familiar with the situation, who spoke on condition of anonymity because he was not authorized to speak with the press.

"Right before Christmas, it was, 'Holy s***, this malware is accessing the internal intercept [systems],'" he said.

That, in turn led to a Christmas Eve meeting led by Google co-founder Larry Page to assess the situation. Three weeks later, the company had decided that things were serious enough that it would risk walking away from the largest market of Internet users in the world.

German Government Warns Against Using Microsoft Internet Explorer

The German government has warned against using Internet Explorer after a security flaw left it vulnerable to hackers.

January 16, 2010

Telegraph - The Federal Office for Information Security, or BSI, urged web users to find an alternative browser to protect security.

The warning comes after Microsoft admitted Internet Explorer was the weak link in recent attacks on Google's systems.

The company said, however, that the hole could be closed by setting the browser's Internet security zone to "high," although this limits functionality and blocks many websites.

However, German authorities say that even this would not make IE fully safe.

Graham Cluley of anti-virus firm Sophos told the BBC that the warning applied to versions 6, 7 and 8 of the browser.

"This is a vulnerability that was announced in the last couple of days. Microsoft have no patch yet and the implication is that this is the same one that exploited on the attacks on Google earlier this week," he said.

"The way to exploit this flaw has now appeared on the internet, so it is quite possible that everyone is now going to have a go."

Microsoft said that while all versions of Internet Explorer were affected, the risk was lower with more recent releases of its browser.

Thomas Baumgaertner, a Microsoft spokesman in Germany, said that the attacks on Google were by highly motivated people with a very specific agenda.

"These were not attacks against general users or consumers," Baumgaertner said. "There is no threat to the general user."

Free Google Software Tracks People

February 4, 2009

Raw Story - A new piece of free Google software released today allows people to keep track of each other using their cell phones — and while it’s opt-in, it’s sure to create a privacy firestorm.

CNET, owned by CBS News, debuted the product on the Early Show Wednesday. It’s designed to work on any phone with Internet capabilities — except the iPhone, one of Google’s competitors (Google launched their own phone, Android, for T-Mobile last year).

Latitude "uses GPS systems and what’s called cell tower triangulation to do the job," CBS reports. "The software seeks the closest three cell towers and, with GPS, combines the data to show where someone is."

It’s being marketed to help parents keep track of their children — but commenters at the liberal forum Democratic Underground note that surreptitious installation could allow girlfriends or boyfriends, or husbands and wives, to track each others’ movements unwittingly.

"What Google Latitude does is allow you to share that location with friends and family members, and likewise be able to see friends and family members’ locations," Steve Lee, product manager for Google Latitude, told CNET. "For example, a girlfriend could use it to see if her boyfriend has arrived at a restaurant and, if not, how far away he is."

Adds Lee, "To protect privacy, Google specifically requires people to sign up for the service. People can share their precise location, the city they’re in, or nothing at all."