I’m grateful to NSA!

Google and Microsoft are deflecting blame for their own inadequate protection of customer’s privacy.

It’s sad that NSA is being blamed for Google’s lax protection of user information. Consider the following image:

Because Google didn’t protect users’ information, NSA was able to break in

What you’ve been told by the media is that this shows how evil and childish NSA is, and how Google is an innocent victim. This is not the case. NSA is just one entity that sought to hack into Google. Google accumulates a huge amount of private, sensitive information. Moreover, its centralized architecture makes it very vulnerable to attack:

Communication between user’s browser and Google is encrypted, so someone on your local network or the telephone company can’t see what’s being communicated.

The GFE is an “information dock” at Google that receives the users’ information, and unlocks the information.

The users’ information inside Google and between their data centers wasn’t even encrypted, making it easy for NSA to observe

What NSA did was show a flaw in how Google protects their users’ data: by keeping it unencrypted within their own data centers. It’s not just that this creates a very attractive spying target — but it also allows Google’s employees to abuse individual users (some of Google’s employees are GCreeps).

The honest solution would be for Google not to be able to peek at users’ data — only storing information that’s encrypted by users’ keys.

One might argue, how will the search work if the data is encrypted? There are ways to provide indexing and search without peeking into the data.

That a small number of companies control a tremendous amount of very important, private data — is very worrying: it gives them a lot of power, and they seek to accumulate even more of it. Even more worrying is their willingness to create alliances between each other, colluding to form a powerful lobby. Most worrying, however, is their willingness to do politics and transfer blame — instead of looking at themselves and developing better technological solutions for their customers’ privacy.

And NSA should keep on hacking! With Snowden, NSA became a white hat security operation which publishes the security flaws they discover. The corporate opacity is a danger just as government’s opacity. NSA did tell the world that it compromised Google — someone else might not.

dr. Aleks Jakulin

@aleksj