The Internet has been good to me this day.
I recently wrote a post on the (to me) unconvincing hero-splaining of the privacy commitments espoused by Google, Yahoo! Et al. in the wake of revelations of “MUSCULAR” NSA intrusions into their data backbones:
Two engineers with close ties to Google exploded in profanity when they saw the [notorious smiley face] drawing [showing the NSA’s penetration of the Google data backbone]. “I hope you publish this,” one of them said.
Publish what? Evidence that Google’s security is cracked? Or document Google’s hyperbolic anger at NSA transgressions to reassure Google Cloud customers?
If you’re searching for privacy heroes, I think you’d better scratch Google off your list. Per Gellman:
Last month, long before The Post approached Google to discuss the penetration of its cloud, vice president for security engineering Eric Grosse announced that the company is racing to encrypt the links between its data centers. “It’s an arms race,” he said then. “We see these government agencies as among the most skilled players in this game.”
Google knew, kids. Get used to it.
Then the Guardian reported:
Yahoo, Microsoft and Google deny they co-operate voluntarily with the intelligence agencies, and say they hand over data only after being forced to do so when served with warrants. The NSA told the Guardian that the companies’ co-operation was “legally compelled”.
But this week the Washington Post reported that the NSA and its UK equivalent GCHQ has been secretly intercepting the main communication links carrying Google and Yahoo users’ data around the world, and could collect information “at will” from among hundreds of millions of user accounts.
The NSA’s ability to collect vast quantities of data from the fibre-optic cables relies on relationships with the companies, the document published on Friday shows.
The presentation, titled “Corporate Partner Access” was prepared by the agency’s Special Source Operations division, which is responsible for running those programs.
In an opening section that deals primarily with the telecom companies, the SSO baldly sets out its mission: “Leverage unique key corporate partnerships to gain access to high-capacity international fiber-optic cables, switches and/or routes throughout the world.”
This piece hasn’t received a lot of play. Wonder why. On the other hand, the Guardian treats us to a column from its digital beat guy, Dann Gillmour, with the title slug:
Google, Yahoo et al have the power (and money) to fight back against the NSA
The tech billionaires should create the anti-surveillance, pro-security equivalent of the National Rifle Association
In my humble opinion, asking Google, Yahoo! et al. to lobby on behalf of Internet privacy is like expecting the gun manufacturers who provide a lot of the NRA’s juice to endorse gun control.
A little perspective might be useful.
Back in the day (when Bill Clinton was president and the highest ambition of today’s high tech moguls was a prompt diaper change), the Internet was a text-based government utility enabling the efficient sharing of computer resources. The killer app—basically a side-benefit of networking all those computers: e-mail.
Then came the Netscape browser, which enabled image-based services and freed millions of males from the inconvenience of masturbating to large blocks of letters and numbers or, alternatively, decoding pornography through an awkward off-line utility. The dot com domain was busted wide open and allowed buyers and sellers of goods and services and disseminators and consumers of news and views to find each other in cyberspace. Search engines were in their infancy and the hottest item was the “portal”, a single web address that aggregated and organized valuable content on behalf of the user. There was advertising, but there were also subscription services. Does anybody remember “push” publishing, where you bought a piece of software that delivered and updated proprietary content from newspapers like the New York Times to your desktop? I do. The killer app: AOL.
Internet 3.0 is driven by Google and its business model: give away a full suite of services (search engine, browser, e-mail, Youtube, voice), then slice and dice the data and sell the eyeballs. That happens to be exactly the same thing the NSA does, the only difference being that the NSA delivers its product to security agencies, not corporations. Not coincidentally, both Google and the NSA have an undisguised interest in “having it all”, “indexing” or “collecting” all the pages. This is the Internet that’s been terminally bollixed up by the NSA and the big IT companies in their efforts—which seem to have been joint efforts on some level—to break down resistance to their quest for data monopolies in the national security and private sectors.
By my reading, Internet 3.0 is extensively compromised, both by the anti-privacy mindset of its main champions, and their destructive ad hoc fiddling with the Internet’s privacy and security infrastructure. The “open to everybody” architecture of the Internet that Google and the NSA have leveraged doesn’t look like an unalloyed advantage anymore and countries like Brazil and Germany are considering following the lead of authoritarian baddies like China and Russia and setting up national Internets.
At the same time, many original content providers such as newspapers are giving up on the “free stuff + eyeballs = advertising \$” model and are retreating behind paywalls.
That, ladies and gentlemen, is a trend. If left unchecked, it might lead to (in the words of anxious IT entrepreneurs dreading the evaporation of cherished projections of burgeoning traffic and stock valuations) the “Balkanization” of the Internet…
…or, maybe Internet 4.0, a constellation of independent data leagues, each with their own hardware, software, protocols, and policies for interacting with outside services. In other words, instead of accepting whatever communications network that the NSA and Google are willing to give us, users would choose a transparently designed and managed, accountable networking solution that offers the best combination of services and security.
Which, of course, is what the private sector used to do with stuff like “token passing networks” (remember that?) back in the day before Internet economies of scale swamped competing alternatives.
You could also call it “AOL on steroids”. Hey, I’m sure I have one of those installation disks around here somewhere…