West Point: Googling Considered Harmful
While stumbling around the Web this weekend I ran across a paper published by West Point comp. sci. professor Gregory Conti, titled "Googling Considered Harmful" (PDF). A subsequent search for the paper online revealed only a few brief mentions, so I thought it might be of interest, especially as the paper dwells on the inevitable security problems of using Google's free software.
Conti's paper isn't anti-Google; he acknowledges that Google search and Google's apps, when combined with the free flow of information on the Internet, contribute to a healthy Internet and economy. But, Conti argues -- and this will be familiar to anyone who follows security news -- the average user isn't aware of the cumulative sum of the individual pieces of data they release to Google. "I liken these pieces of data to micropayments," Conti told me. "It's not just Google, they just happen to be the biggest in the space. And, I think, have the best apps."
Conti argues that Google (and its competitors) will likely store this information for long periods of time and analyze it in order to sell advertising. And, since Google is legally bound to act in the best interests of its shareholders, and legally required to respond to government requests for information, the probability that user privacy will be compromised greatly increases over time:
Google's business model is based upon targeted advertising and it is probable that they will seek to tie clusters of interactions, across multiple computing platforms, with specific individuals and organizations. This situation is analogous to the use of encryption. Cryptographers typically consider encryption valid for only a period of time due to cryptanalytic advances and increased processing power. Likewise, we should assume our anonymity is only a function of time. Eventually, given enough information disclosing interactions, privacy will be compromised. Current anonymization countermeasures increase the time required for fingerprinting, but ultimately will only delay the inevitable when faced with Google's capabilities.
According to Conti, our trust in Google is actually the most dangerous aspect of our relationship with the world's largest search engine.
While we assume that Google is a non-malicious entity, they do face a legal requirement to act in the best interests of their shareholders. This fact creates a tension between making a profit and their stated goal of providing long-term value for their end users as well as their informal corporate motto "Don't be evil." It is important to note, despite our assumption, that there have been incidents that call into question their "Don't be evil" philosophy. [ed.: Censoring in China and banning CNET after Elinor Mills' article on Eric Schmidt] While Google, by choosing "Don't be evil" as their corporate motto, has admirably set a very high standard for their company, the fact remains that evil is subjective. In the words of Google CEO Eric Schmidt, "Evil is what Sergeyâ says is evil."
Conti's paper includes an analysis of basic security problems that impact our exchange of data with Google. He also argues that as fingerprinting technologies increase in capability and stores of information on individuals increase in size, we'll reach a tipping point where data breaches will become more and more common.
"But it's also in Google's best interests to protect this data," Conti cautions, saying that consumer trust is one of the best assets a company like Google has.
The paper offers a few solutions, including the creation of a Firefox plug-in that shows what data you're revealing on each site, continued research into usable anonymous surfing software and the creation of high-quality persona management practices. "If properly executed," Conti writes, "persona management would allow users to portray a wide variety of online personas from anonymous to very sensitive, based upon the requirements of their interaction with a given service." (Sounds a bit like the hologram suits from A Scanner Darkly...)
Check out the paper (PDF) for a good read.
 Now, I can already hear Matt Cutts groaning when he reads this. Papers like this no doubt irk the Googlers who, as Monsieur Cutts alluded to in a recent post, can't understand why people fixate on Google as a security threat while ISPs control more data. The answer probably has to do with brand recognition -- we worry about what people tell us to worry about.