January 2010
Why I Won't Buy an E-book Reader -- and When I Might (13 January 2010)
Google, China, and Lawful Intercept (13 January 2010)
Why Isn't My Web Site Encrypted? (16 January 2010)

Google, China, and Lawful Intercept

13 January 2010

Like many people, I was taken by surprised by Google’s announcement about its threatened withdrawal from China in the wake of continued censorship and attacks that appeared to emanate from there. My immediate reaction was quite simple: "Wow".

There’s been a lot of speculation about just why they pulled out. Some reports noted that Google has been losing market share to Baidu. Under those circumstances, cutting losses makes sense. Yahoo and many other Western companies have done that.

I don’t think, though, that that’s the whole story. Blaming China not for its rules, which the Chinese government defends, but for hacking is an entirely different kettle of fish. That is a move more or less guaranteed to raise the ire of Chinese government officials, and quite likely block the return of Google to China for a very long time. And, of course, there’s no reason to think that if China has indeed been attacking Google, this will make it stop — quite the contrary, I suspect.

There is, I suppose, a line of reasoning that assumes that China will retaliate for the insult by blocking access to all of Google’s services, including gmail; this in turn might mean less use of gmail by Chinese dissidents, which in turn would give the government less reason to hack Google. I don’t buy it. There are lots of other reasons to hack. The Wall Street Journal says

Much of the data stolen from Google was its "core source code," Mr. Mulvenon said. "If you have the source code, you can potentially figure out how to do Google hacks that get all kinds of interesting data." Among the data, would be the information needed to identify security flaws in Google’s systems, he said.
Beyond that, the source code to much of Google’s infrastructure has immense value, though I should add the caveat that running an operation of that scale requires a lot more than a code base. All in all, this looks like extremely rare case of a foreign company taking a stand on human rights. In fact, the Wall Street Journal unambiguously credits Sergei Brin for the initiative.

The most interesting aspect of the whole affair, though, might be one of the ways the attacker got in. Matt Blaze pointed me at an article that states that the attackers abused the "lawful intercept systems" — the mechanism that Google uses to comply with subpoenas. If this is true, it represents another major abuse of such mechanisms, probably second only to the Athens Affair, where parties unknown used an analogous mechanism in a Greek cell phone switch to eavesdrop on some mobile phone calls in Athens.

Unfortunately, I can’t say I’m surprised that such things can happen. My colleagues and I have been warning for years of the risks of schemes to ease government access. (There are a number of papers and essays on the subject on my web page.) The proper question is no longer whether or not lawful intercept schemes are dangerous; I think that question is now settled. Rather, we must ask this: are the dangers from lack of government access to nasty people’s communications greater or less than the dangers from other nasty people abusing these self-same mechanisms? I don’t think that that perspective has been adequately addressed.

Given that, another Google announcement — that they’re turning on https by default for gmail users — is quite intriguing. Six months ago, I was one of the signatories on a letter that Christopher Soghoian drafted calling for just such an action. The official word is that https would not have prevented these attacks:

Sam Schillace, an engineering director at Google Apps, said the shift to default HTTPS was not prompted by the attacks and, to the best of his knowledge, would not have averted them. The move had been in the works for some six months, during which time Google engineers did extensive testing and made numerous technical fixes to enable a smooth transition.

However, the announcement itself was prompted by the attack news. "The Gmail team decided, why wait?" he said. "We want our users to be as safe as we can make them be."

Indeed, if the lawful intercept mechanism was on the plaintext side of the decryptor, the new defense would indeed not have helped. But there are many other threats to communications, and it’s a lot easier for the Chinese government (or any other government) to tap communications on its own territory.

This is still a hot, breaking story, and I don’t claim to know everything or even close to everything about it. I’m sure that more details will come out over the next few weeks. Brian Krebs has an excellent summary article posted; I hope he’ll continue to update it. For the moment, though, my tentative conclusions are that genuine ethical concerns, possibly coupled with ire about the hacking, have led Google to take a step that may not be in their best long-term financial interests. Such behavior by corporations is rare but praiseworthy.


Update: I should have added — I do receive a small amount of research funding from Google. Virtually all of this money has gone towards student travel to conferences.
https://www.cs.columbia.edu/~smb/blog/2010-01/2010-01-13a.html