See my Forbes postGoogle 21st Century Robber Baron” which briefly tells the story of Google’s Robber Baron rap sheet, in advance of Google’s Wednesday Senate antitrust hearing.

The post is documented with 79 links to the supporting evidence.

The post also explains why Google’s Board of Directors have been AWOL while all this scofflaw behavior has been going on.

 

 

Mr. Chairman and Ranking Member, it is a real pleasure to be here today, and thank you again for not issuing that formal subpoena you had to threaten in order to compel us to testify.

Let me begin my testimony by taking this opportunity to divert the media’s attention from this hearing by making a series of Google public announcements that our news algorithms predict will bury news of today’s hearing on the second page of most search results.

  • Yesterday, in a contest between the world’s fastest supercomputers, IBM’s “Watson” was defeated by Google’s “Knowitall” at Jeopardy, The Price is Right and the Wheel of Fortune.
  • This week, the number of Google+ users surpassed Facebook as Google added 1.1 billion Google+ users “privately” without their permission in just the last month.
  • Today, as a gesture of goodwill to the European Union, Google has agreed to buy Greece for €7.77 billion.
  • Also today, Google’s “Knowitall” computer network became sentient and automatically renamed itself “Your Majesty.”

Now let me disarm the tension in this room by feigning humility and reciting some focus group-tested cliché mantras that our tracking algorithms tell us will be believed by 93.1459% of people in this relevant targeted audience: Don’t be evil; Google would never do anything to undermine the trust of users; Using Google is a choice; Competition is a click away; Not every website can come out at the top of the page; You can make money without doing evil; Google is not a monopoly; Big is not bad; We are for openness others for closedness; and We understand with success comes scrutiny.

That in a nutshell is our antitrust defense; so please move along, there is nothing to see here.

Before I go, I have been told by my Washington advisors it would be helpful if I feigned more humility and I apologized for what Google has been caught doing red-handed.

First, we are very sorry Google was forced by the DOJ to officially admit to knowingly committing criminal felonies over a period of several years in actively promoting illegal prescription drug imports into the U.S. and to having to pay a near record $500m in criminal fines to settle the matter. Honestly, we never intended to get caught.

Second, we are very very sorry that Federal Judge Chin and the DOJ opposed the Google Book Settlement because we illegally copied fifteen million books without the permission of, or payment to the copyright owners, and also attempted to corner the online market for orphan works. It never occurred to us that stealing was illegal.

Third, we are very, very, very, sorry for being forced to admit to deceptive privacy practices and to be on probation for twenty years in the FTC-Google Buzz privacy settlement. Google has always said one thing and done another, so we had no idea that misrepresentation on the Internet was considered a deceptive business practice. Who could have known that?

Fourth, we are very, very, very, very sorry, for being investigated by the FCC for effectively wiretapping tens of millions of Americans homes in the Google StreetView WiSpy scandal. We always thought that if an average person did not know how to encrypt their private information, passwords and email, they deserved to have their privacy violated.

Fifth, we are very, very, very, very, very sorry the DOJ had to threaten us with a Sherman Act monopolization case to stop us from colluding with Yahoo to corner the online advertising market in the proposed Google-Yahoo Ad Agreement in 2008. Frankly, we were surprised the DOJ could get so huffy about antitrust.

Sixth, we are very, very, very, very, very, very sorry the that discovery in the Viacom vs. Google copyright case showed Google knowingly infringed on hundreds of thousands of videos in order to corner the Internet video distribution market. At Google we call taking whatever content we want without permission “fair use” and “sharing,” not infringing or stealing.

Seventh, we are very, very, very, very, very, very, very sorry that in this difficult job market, the DOJ caught us colluding with five other companies, to restrain competition for highly-skilled employees to limit both the compensation and career opportunity of thousands of our employees. We are happy to report in this instance Google was not the only company caught breaking the law.

In conclusion, Google’s unique mission to organize the world’s information is not monopolistic. Our repeated clashes with law enforcement and the plethora of antitrust, criminal, privacy, property and other investigations of our company are just a big misunderstanding because Google’s ever-flowing innovations are so disruptive. Several years ago, Google’s founders chose a Tyrannosaurus-Rex as Google’s corporate mascot, and prominently installed a life size skeleton of a T-Rex at our Mountain View headquarters as a symbol of Google’s disruptive innovation. Every other dinosaur had to run faster and hide better because of the T-Rex’s constant disruptive innovation. Simply, where others see predation, Google sees innovation.

***

Google Antitrust Pinocchio Series:
Part IX: Google Locks-in Its One Click Away Defense
Part VIII: Google’s Deceptive One Click Away Defense
Part VII: Two fatal Flaws in Google’s Antitrust Defense
Part VI: Fact-Checking Google’s Antitrust Defense
Part V: “Google does not reap the benefits of significant network effects”
Part IV: Stress-Testing Google’s Top Ten Antitrust Defenses
Part III: “Google-AdMob: ‘Its too new to dominate'”
Part II: Google: Antitrust’s Pinocchio?
Part I: What is “One click away?

 

Evidence continues to mount that Google’s management and supervision of its Android operating system is out-of-control when it comes to protecting privacy and security.

  • Google’s corporate ethos that it is better to “ask for forgiveness than permission” increasingly means Android has no privacy by design and hence less security for users by default.
  • Requiring and respecting the need for permission and authorization is a bedrock truism of IT security — and the evidence below increasingly indicates that Google has a deep aversion to that IT security truism.

Consider the growing pattern of Google’s default design and behavior that maximizes collection of private information, which inherently puts users at greater security risk. 

First, and profoundly disturbing, is a new TechRepublic revelation in a post by security blogger Donovan Colbert.

In setting up his new Android-based tablet, Mr. Colbert discovered that the Android operating system by default, i.e. without permission, automatically collected and implemented encrytion key passcodes to automatically gain access to private networks without the permission of the user. In Mr. Colbert’s own words:

  • Google is not only storing a list of what hotspots you have visited, but any private encryption keys necessary to connect to those hotspots in the cloud.”
  • “The idea that every Android device connects with that access point shares our private corporate access keys with Google is pretty unacceptable.”
  • “Honestly if there is any data that shouldn’t be harvested, stored and synched automatically between devices, it is encryption keys, passcodes and passwords.” 

Second, we learned from WSJ privacy reporting that Google Android tracked users location a thousand times a day without the users’ meaningful permission.

  • This Google no privacy by design revelation prompted congressional hearings, the scandal moniker “locationgate,” and new legislation from Senators Franken and Blumenthal.

Finally, how does this pattern involve the WiSpy scandal of Google being caught wardriving tens of millions of homes, in over thirty countries, for over three years, eavesdropping on unencrypted home WiFi routers and recording all signals including emails, and passwords.

As you may remember, Google said that systematic eavesdropping on citizens, was the mistake of one engineer, and not at all sanctioned by the company at large.

Here is Google’s 5-14-10 official story:

  • “So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.” 

However if Google was being forthright that it’s Android effort indeed did not want to by default to collect the maximum private information possible, why did Google mobile engineering manager Dave Burke tell the Guardian 1-29-08, the following that shows it was obviously Google’s policy to collect the most WiFi information possible…

  • If you’re going to concentrate on location you want every bit of data you can…”
  • “…Cell ID is one location, the address of your Wi-Fi access point is another. The end result is that we want the user to have the best possible experience, and we’ll do whatever it takes to get it … to us they’re just network signals and we’re interested in all of them.
In sum, the pattern here is becoming more clear. Google’s corporate ethos is at work here: “ask for forgiveness not permission.” That ethos puts innovation, speed and efficiency, ahead of the privacy and security of users.
  • The big takeaway here is that Google’s corporate priority is to collect the maximum amount of information by most any means, without meaningful permission or authorization, as fast as possible.
  • This means that Google effectively has a “no privacy by design” approach to privacy, and that security is a lesser priority at Google

***

Previous parts of the “Security is Google’s Achilles Heel” Series:

  • Part I: “Why security is Google’s Achilles heel”
  • Part II: “Google values security much less than others do”
  • Part III: “Google: “Security is part of our DNA” (Do Not Ask)
  • Part IV: “Why Security is Google’s Achilles Heel”
  • Part V: “Google Apps Security Chief is a magician/mentalist”
  • Part VI: “Google-China: Implications for Cybersecurity”
  • Part VII: “Did Google Over-React to China Cybersecurity Breach?”
  • Part IX: “Google’s Titanic Security Flaws”
  • Part X: : “A Google Android Botnet Problem”:
  • Part XI: “Google’s Deep Aversion to Permission”
  • Part XII: “Top Ten Reasons Google Has Culpability in the Gmail Data Breach”

For even more information, see the Security section of PrecursorBlog’s sister site: www.GoogleMonitor.com; or read the “Security is Google’s Achilles Heel chapter of my Book: Search & Destroy Why You Can’t Trust Google Inc. at www.SearchAndDestroyBook.com.

 

Google’s deep aversion to accountability was in full view in its blog response to the latest gmail security breach, in which Google placed most all of the blame on users and others, while largely trying to absolve Google of its responsibility and accountability in the matter as the world’s largest source of private, sensitive and secret information.

Top 10 Reasons Google Has Culpability & Needs More Accountability:

  1. No other entity has a mission to “organize the world’s information and make it universally accessible and useful.” This gives Google a unique responsibility to aspire to be the world’s leader in information security.
  2. No other entity actually collects all the world’s information, making mirror copies of the entire Internet many times daily involving 5 exabytes of data every two days, the amount of information created from the beginning of time and 2003.
  3. No other entity stores all of its information in one unified “BigTable” database eschewing the normal security protocol of compartmentalizing information to prevent catastrophic universal data breaches.
  4. No other entity so plainly and corporately prioritizes speed and efficiencyof accessing data over the security, privacy, and other internal controls of data.
  5. No other Fortune 500 company so officially relieson the crowd sourcing of their non-expert users and others to be their primary line of security defense, rather than taking corporate responsibility for maximizing the security of the information and people entrusted to safekeeping and protection at Google.
  6. No other entity universalizes its password access to more products and services (more that 500) than Google, a practice Google Security expert Greg Conti describes as a “single point of failure” problem.
  7. No other entity that we know of has had their entire password security code stolen wholesale by hackers like Google has — per John Markoff’s front page expose in the New York Times. This is relevant given Google’s representations to the public that “it is important to stress that our internal systems have not been affected — these account hijackings were not the result of a security problem with gmail itself.”
  8. No other entity has made more personal profiles (35 million Google Profiles) publicly accessible for easy downloading by hackers to effectively aid and abet spearfishers than Google per a recent studyby a University of Amsterdam PHD student Matthijs R. Koot. This is relevant to this latest gmail security breach because it was spear-fishing-driven.
  9. No other entity has been accused by the U.S. Department of Justice in court documentsof publicly misrepresenting that a suite of Google software that is related to gmail was FISMA certified. This is relevant here because Google misled that it was security-compliant with the Federal Information Security Management Act when it was not, which could have led Government employees who used gmail, and were compromised by the latest gmail breach, to believe they were secure in using gmail when they were not.
  10. And the most disturbing reason of all, Google is the only entity in the world to decide at the highest executive levels to index Julian Assange’s Wikileaks stolen cables and make them universally accessible and useful to bad actors, terrorists, crooks and hackers like the ones in the latest gmail breach of senior U.S. Government officials.
    • (This is highly relevant in this case because spear fishing depends on learning intimate accurate details of groups and their communications about secret information that would enable a hacker to successfully fraudulently misrepresent themselves to gain officials trust, that would not have happened but for the hackers knowledge of secret Wikileaks documents made available by Google search.)

In sum, not only is Google not taking responsibility and accountability for its users security like one would expect any top brand and purported good corporate citizen to do, Google has made a series of strategic and tactical corporate decisions that have systematically and materially facilitated the success of security breaches like occurred this week with gmail.

  • Most troubling of all is the fact that Google’s willful disregard for national security secrets, confidential sensitive government communications, and privacy, in deciding at the highest levels to make Julian Assange’s Wikileaks stolen cables universally accessible and useful to hackers like the ones that hacked Google’s gmail, appears to potentially have aided and abetted our Nation’s enemies in compromising our national security.
  • At a minimum, appropriate oversight by inspector generals and Congressional Oversight Committees should want to investigate the connection between this latest gmail spear-fishing attack and the stolen government cables released by WikiLeaks and publicly indexed by Google’s search engine.
    • The purpose of this oversight would be to bring accountability to the situation, and to help prevent future gmail or other data breaches in the future to the best extent possible.

***

Previous parts of the “Security is Google’s Achilles Heel” Series:

  • Part I: “Why security is Google’s Achilles heel”
  • Part II: “Google values security much less than others do”
  • Part III: “Google: “Security is part of our DNA” (Do Not Ask)
  • Part IV: “Why Security is Google’s Achilles Heel”
  • Part V: “Google Apps Security Chief is a magician/mentalist”
  • Part VI: “Google-China: Implications for Cybersecurity”
  • Part VII: “Did Google Over-React to China Cybersecurity Breach?”
  • Part IX: “Google’s Titanic Security Flaws”
  • Part X: : “A Google Android Botnet Problem”:
  • Part XI: “Google’s Deep Aversion to Permission”

For even more information, see the Security section of PrecursorBlog’s sister site: www.GoogleMonitor.com; or read the “Security is Google’s Achilles Heel chapter of my Book: Search & Destroy Why You Can’t Trust Google Inc. at www.SearchAndDestroyBook.com.

My new Forbes’ op-edGoogle Disregards the Law, tells the sordid story behind today’s story of Google apparently agreeing to settle a criminal investigation with the Department of Justice for ~$500m for promoting and accepting advertising from illegal online pharmacies.

  • The op-ed sadly chronicles that this latest law-breaking by Google is part of a well-established pattern of disregard for the rule of law.
  • If one cannot trust a public Fortune 100 company to obey the law, one cannot trust them overall as I explain in much great detail in my new book “Search & Destroy Why You Can’t Trust Google Inc.
Follow

Get every new post delivered to your Inbox.