[Cryptography] How the CIA Made Google

Tom Mitchell mitch at niftyegg.com
Sat Jan 31 15:51:51 EST 2015


On Fri, Jan 30, 2015 at 1:10 AM, ianG <iang at iang.org> wrote:

> On 30/01/2015 02:15 am, Richard Outerbridge wrote:
>
>> On 2015-01-29 (29), at 17:58:09, ianG <iang at iang.org> wrote:
>>
>> [….]
>>
>>  They aren't handing data to NSA?  Show us, how?  The executive doesn't
>>> take their agenda from 'Highlands Forum' ?  Show us, that you don't. The
>>> pipes between data centers are encrypted by keys that aren't being leaked
>>> -- where's the evidence?  Your CSO doesn't have a phone in his shoe?  Let’s
>>> see!
>>>
>>
>> Hmmm… proving negatives. Does that have something to do with quantum
>> entanglement?
>>
>
>
> It has to do with thinking outside the data/tech box.
>

Sigh... living as close as I do to Google and folk inside Google this is
paranoia.
It is true that "just because you are paranoid doesn't mean they are not
out to get you"
but  I suspect that the reverse flow of idea seeds is what fueled the
growth of
Google not the flow of data to TLAs.

It is not hard and not expensive to build a modest machine room and crawl
the web.
Blekko and Cuil have and had a modest footprint and $$ beginnings. Any
agency
could build their own and with hints from hither and yon could dive in and
collect
information they care about.  Any registered domain will get crawled and any
opportunistic home service will get probed and crawled.   I keep logs and
am astounded
how many times a day my IPaddress gets poked at and from all over the globe.
In todays world with bot farms, discovering targets to watch is easy and
impossible
to distinguish from each intent and purpose that bot farms are used for.

It is true that the number of legal requests often sealed made of Google
 boggles
the mind but it is a big and effectively free service which implied that
special
interactions will happen.   Renting office space.. so serving a warrant is
just
walking down the hall.  Dedicated network links to the rented office
space....
Little different than on site vendor accommodations in company and agency
facilities.   In the 60's CDC and IBM had a number of technical resources
on site at
my University to assist with and support their products.  So proximity of
staff is to be expected.

I might also note that there has not been (yet?) a Snowden event disclosing
bad behaviour initiated by Google.   The international nature of Google
puts them
in a much harder place than a TLA as serious blunders could roll up the
business
and give them no place to hide.

The reality I suspect is: Google protects its data with more care than most
federal agencies.   N.B. the recent sale of information from healthcare.gov
to
marketing groups.   That data that is much more specific and personal than
any inference that G might make.













-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150131/efd7d6a3/attachment.html>


More information about the cryptography mailing list