Google Warning Users against State-sponsored Cyber attacks

This move by the technology giant shouldn’t be understood as an attempt to keep user information safe. Google, a government-sponsored data mining operation is perhaps the largest violator of privacy on the Internet.

By JOHN ROGIN | FOREIGN POLICY | JUNE 6, 2012

A senior Senate aide confirmed that this evening he received a warning on his Gmail account that Google suspected he had been the target of a state-sponsored cyber attack.

Web giant Google is about to announce a new warning informing Gmail users when a specific type of attacker is trying to hijack their accounts — governments and their proxies.

Later today, the company will announce a new warning system that will alert Gmail users when Google believes their accounts are being targeted by state-sponsored attacks. The new system isn’t a response to a specific event or directed at any one country, but is part and parcel of Google’s recent set of policy changes meant to allow users to protect themselves from malicious activity brought on by state actors. It also has the effect of making it more difficult for authoritarian regimes to target political and social activists by hacking their private communications.

“We are constantly on the lookout for malicious activity on our systems, in particular attempts by third parties to log into users’ accounts unauthorized. When we have specific intelligence-either directly from users or from our own monitoring efforts-we show clear warning signs and put in place extra roadblocks to thwart these bad actors,” reads a note to users by Eric Grosse, Google’s vice president for security engineering, to be posted later today on Google’s Online Security blog, obtained in advance by The Cable. “Today, we’re taking that a step further for a subset of our users, who we believe may be the target of state-sponsored attacks.”

When Google’s internal systems monitoring suspicious internet activity, such as suspicious log-in attempts, conclude that such activities include the involvement of states or state-backed initiatives, the user will now receive the specialized, more prominent warning pictured above. The warning doesn’t necessarily mean that a user’s account has been hijacked, but is meant to alert users that Google believes a state sponsored attack has been attempted so they can increase their security vigilance.

Google wants to be clear they are not singling out any one government for criticism and that the effort is about giving users transparency about what is going on with their accounts, not about highlighting the malicious actions of foreign states.

“If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account,” Grosse writes. “You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis-as well as victim reports-strongly suggest the involvement of states or groups that are state-sponsored.”

Google insiders told The Cable that Google will not be giving out information on which governments it sees as the most egregious violators of web privacy.  For Google, the new initiative is not an effort against governments but a way to help its users help defend and protect themselves.

Users who click through the new warning message will be directed to a page that outlines commonly seen security threats and suggests ways users can immediately raise their level of security on Gmail.

“We’re constantly working to prevent harmful activity on our services, especially attempts to compromise our users’ information,” the insider said. “The primary message is: we believe that you’re a target so you should take immediate steps to protect your account.”

The new announcement comes only days after the company said they would alert users in mainland China when they use search terms that are likely to be censored by the Chinese government. According to another of Google’s official blogs, that move was meant to improve the search experience for Chinese users by allowing them to avoid terms that would result in stalls or breaks in their search experience due to government filters.

For example, Google said that Chinese users searching the character for “river,” which is “jiang” in Chinese, causes technical problems. The same character is also used in the search for former Chinese President Jiang Zemin.

Google didn’t specifically mention Chinese censorship in its notice about Chinese search terms, apparently in an effort not to antagonize the Chinese government any more than necessary. Google and Beijing have been at odds since 2010, when the company announced it would no longer censor search terms on the Google.cn and moved the bulk of its Chinese operations to Hong Kong.

That move followed a series of Gmail attacks in 2010, directed at Chinese human rights activists, which were widely suspected to be linked to the Chinese government. Following those attacks, the government-controlled People’s Daily publicly accused Google of being an agent for U.S. intelligence agencies.

While last week’s announcement and this week’s announcement are both being presented by Google as user based initiatives not directed at foreign governments, Google CEO Eric Schmidt has been speaking out publicly and forcefully in recent months about the potential negative role governments can play in circumventing internet freedom.

“While threats come from individuals and even groups of people, the biggest problem will be activities stemming from nations that seek to do harm,” he said in London last month.

Google’s Unlimited Secrecy and Unaccountability Grow Unchecked

Fascism occurs when a society loses control of Government and Corporations are not accountable for their actions.

By LUIS MIRANDA | THE REAL AGENDA | MAY 24, 2012

Someone once said there would come a time when people would be made to enjoy a state of affairs they would not normally enjoy, a time when people would beg for it and then a time when they would kneel down and beg for more, even if that state of affairs meant the start of a painful experience, because the pain wouldn’t be felt; pain would be diluted by incentives to continue feeling it until people found enjoyment in pain.

The current state of affairs, where government shows no intention of curbing corporate greed and corporations do as they please without finding much opposition is exactly that state of affairs spoken of before. Banks loot their customers’ accounts, as it happened with MF Global, Pharmaceutical companies such as Merck explicitly intend to turn patients into lab rats who will consume their products for life and Biotechnology corporations like Monsanto use people as guinea pigs in worldwide open air experiments with its genetically modified organisms.

But even Monsanto and Merck felt the anger of the people once or twice, losing lawsuits here and there. They were embarrassed most of the time as consumers found out and denounced their schemes. In some cases, these corporations even paid fines. In the case of Google, however, it’s been a completely different story. Google has managed to deny all requests for access to its secretive operational model, even to authorities who directly requested to be shown how the company used the information it collected, legally or otherwise. In response to such negative, the only thing regulators do is recognize that the technology giant simply operates outside the law when it comes to information collection and management. They even admit it publicly, saying that this is just the way it is. “The industry has gotten more powerful, the technology has gotten more pervasive and it’s getting to the point where we can’t do too much about it,” says Michael Copps, a former FCC commissioner.

Technology experts such as Christian Sandvig, a researcher in communications technology says that “We don’t have much choice but to trust Google.” Is his statement an example of learned helplessness? I would say so. A common follow-up to the apparent legal impotence government regulators have is the talking point that the legal framework has not kept up with Google’s ‘evolution’. This is a convenient although not useful excuse to give since the company has been around for a long time. Perhaps the regulation that protect privacy, the stickiest aspect of Google’s continuous infringements around the world were left to decay. But even if one buys that premise. it is amazing that in an era where technology companies pop out on every corner, industry regulators and watch men did not envision the need for clear rules for this new era. What were they doing? Sleeping while driving?

The most unreasonable of Google’s sins that continues to go unchallenged is its Street View program, through which the company collected uncountable amounts of private information from wireless networks. The company attributed this behavior to human error saying that an engineer who works for Google Street View had accidentally included software that just happened to collect information from those networks. Google also said the information collected was of no use to the company. The technology company has committed the same error in several countries, where those whose privacy was violated have seen little or no action taken by authorities to hold Google accountable for their recurring error.

In Germany data protection regulators got the door shut in their faces after attempting to force Google to show the in side of the Street View program. “It was one of the biggest violations of data protection laws that we had ever seen,” said Johannes Caspar, a data protection official. Most of the legal actions taken by regulators have so far been limited to warnings and ultimatums Google simply brushes off. In Australia, a recent attempt to try holding Google accountable after the company’s latest breach of privacy resulted in the same: nothing. Australian Communication Minister, Stephen Conroy described Google’s violation of privacy as “probably the single greatest breach in the history of privacy.”

A fact that seems to be the most abhorrent about Google’s successful avoidance to comply with minimum standards of privacy in many countries is that its customers and users are the biggest supporters of such violations. “People willingly, at times eagerly, surrender this information. But there is a price: the loss of control, or even knowledge, of where that personal information is going and how it is being reshaped into an online identity that may resemble the real you or may not,” says Peter Streitfeld in his article Google Privacy Inquiries Get Little Cooperation. Remember that scenario where people don’t mind the pain anymore? This situation is not limited to Google of course. It happens with other data mining giants like Facebook, Yahoo, Microsoft and every single communications company out there that knowingly or not serves corporate plans to learn everything about everyone everywhere.

Under everybody’s eyes, Google has become extremely successful at what it does, collecting information while keeping its records off the eyes and hands of regulators and the public in part by offering rather unimportant Privacy Policy that no one reads and that is not reflective of the company’s long reaching operations. Despite continuous unwarranted access to people’s personal information, which is a direct violation of their right to privacy, in the United States the FCC found in one case that Google had not infringed any American law and the result of its investigation was a mere $25,000 fine for what the agency labeled as an obstruction of its inquiry.  In Europe, regulators have been a bit more emphatic about Google’s violations, condemning programs like Street View for their resemblance with the Nazi massive collection of information which later served as the main tool to round-up Jews and other people deemed as undesirable by the government.

If Nazi Germany had the capacity — with IBM’s help — to effectively gather citizens’ information and use it against them to kill 6 million Jews and millions of others it found repugnant, what could be the result of a company having the power to outdo the Nazi government’s work on a global scale while remaining unaccountable to established governments? Suddenly the cries about the existence of a Shadow Government don’t seem far-fetched at all. Google is today exponentially more powerful than the Nazis ever were when it comes to collecting, keeping and disseminating information. The company in fact explains its wrong doing by saying their Street View cars gather information with the purpose of improving location-based services, which is why they illegally spy on people through wireless internet technology without their consent.

For Google there seems to be no problem with spying. Peter Fleischer, Google’s global privacy counselor, said the company failed to tell anyone about Street View’s information mining because they didn’t think it was necessary. It is now well-known that Google collected not only technical information about the wireless networks themselves, but also the content of e-mails, names of users, addresses, and so on. During a review process in Germany, Google accepted that revealing their information collection program could compromise the company due to its violation of telecommunication laws. The company, however, shows no remorse or accepts any wrongdoing when representatives respond to questions about illegal practices.

As of today, most cases against Google have been dismissed. The only hopeful effort to curb the tech giant is an investigation to be completed and acted upon come summer in Europe. It is an anti-trust case against Google which some experts believe could be the beginning of tough times for the company. As for most people worried about their privacy, it is unlikely Google will be held back in its attempt to gather massive amounts of information. The suspicion arises from the fact that the meetings to be held in Brussels will  occur behind closed doors, which will prevent the people from learning about the real details of the anti-trust case.