Feeds

How Google paved the way for NSA's intercepts - just as The Register predicted 9 YEARS AGO

Gmail redefined searching and reading... just like we said it would

Internet Security Threat Report 2014

Flashback Much hilarity has greeted Eric Schmidt’s deeply sincere “outrage” at his “discovery” that the NSA was spying on Google. For example, Vanity Fair pointed Mr Schmidt to some helpful Google searches.

But the NSA is merely treading in some well-worn footsteps – some of which were made by Google itself. Let us refresh your memory of one of the most prescient and chilling pieces of prediction in the last decade. For all this was forecast here at The Register in early 2004 – nine years ago.

In early 2004, Google launched Gmail. Gmail performed an automated interception of your email, and – having scanned the contents and guessed at its meaning – ran contextual advertising alongside it.

Former security advisor Mark Rasch, an attorney who had worked in the Department of Justice’s cyberfraud department during the Clinton administration, and was writing for Security Focus, raised a very interesting problem. If Google could search through and read your email without explicit legal authorisation, then surely the security agencies could do the same.

Rasch argued that Google had redefined the words “read” ("learn the meaning") and “search”, which protect citizens, when it unveiled its new contextual ads service. It had removed explicit human agency from the picture. An automated search wasn’t really a search, and its computers weren’t really "reading".

“This is a dangerous legal precedent which both law enforcement and intelligence agencies will undoubtedly seize upon and extend, to the detriment of our privacy,” forecast Rasch, here, in June 2004.

“Google will likely argue that its computers are not ‘people’ and therefore the company does not ‘learn the meaning’ of the communication. That's where we need to be careful. We should nip this nonsensical argument in the bud before it's taken too far, and the federal government follows.”

Remarkably, Rasch even suggested where the security services might most effectively put this into practice.

“Imagine if the government were to put an Echelon-style content filter on routers and ISPs, where it examines billions of communications and 'flags' only a small fraction (based upon, say, indicia of terrorist activity). Even if the filters are perfect and point the finger only completely guilty people, this activity still invades the privacy rights of the billions of innocent individuals whose communications pass the filter,” he wrote. “Simply put, if a computer programmed by people learns the contents of a communication, and takes action based on what it learns, it invades privacy.”

Well, fancy that.

Rasch returned to the subject several times over the years – for example here, where he discussed the implications of cloud computing.

But very few people wanted to know. Examining the ethics of internet giants is apparently vulgar. Free email, free cloud services, and bringing freedom to oppressed regimes - who wants to look a gift horse in the mouth? Through a network of think-tanks and “internet freedom” groups – it’s a substantial donor to Public Knowledge, the Electronic Frontier Foundation and many others – Google even maintained the illusion that it was on your side.

Yet after pioneering an ethical loophole in the public imagination that government agencies jumped through, it spent the following decade lobbying furiously to weaken citizens' property rights. It’s extraordinary what a small amount of money can buy.

Pundits and punters and politicians love to hear how Google is creating clever machines - but they seem loathe to accept that there's a Wizard behind the curtain, or that said Wizard may have a ruthless focus on its own self-interest.

“It's just bad public policy ... and perhaps illegal,” fretted Schmidt to the WSJ. “There clearly are cases where evil people exist, but you don't have to violate the privacy of every single citizen of America to find them.”

It’s too late, Eric. Google not only made that bed, it set up the bed store. ®

Beginner's guide to SSL certificates

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
Turnbull should spare us all airline-magazine-grade cloud hype
Box-hugger is not a dirty word, Minister. Box-huggers make the cloud WORK
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.