My fear—for Google and for us—is that the reason they know it’s the Chinese government behind these attacks is because Google gave them the key.
If accepted at face value, Google’s argument now—in a reversal of a policy it put in place five years ago—is that it wants to be a staunch defender of “free speech on the Web.” Instead of cooperating with the Chinese government’s repression of its people, Google now demands that China let it be Google—the relatively totally open corporate-owned index to the Web.
But then why the sudden wakeup call? In this scenario, it’s because Google realizes it is in bed with the bad guys. It has supported the actions of a regime that eventually turned on its online facilitator, Google. So Google is saying it is fine with repressive regimes as long as they don’t repress Google without the company’s knowledge.
No, that’s even too stupid for a corporate communications department to imply. Which, to me, means there’s more going on.
The first and most likely possibility is that Google is attempting to create a distraction. From what?
From the fact that some Chinese hackers broke into their servers and gained access to what was supposed to be secure private and corporate data. Get it? That means none of our stuff on Google’s servers is safe.
Now this would be a big deal—especially for those of us who have already bought into Google’s halcyon promise of a secure, always on, and always accessible “cloud” in which to do our computing. The company’s bid to lure us out of our locally run Microsoft Office suites and off our closed corporate mail servers loses more than a bit of its luster. The cloud is still really just a bunch of servers, owned by someone or something, whose decisions and competence must be trusted. This applies to everything from Google Docs to Gmail: Putting our data out there really means putting it “out there.” For the first time, many of us Google converts feel like the cloud, where Google wants us to organize our personal and professional digital lives, is less secure than that encrypted hard drive under the desk.
So what is Google to do? Make sure that people don’t believe that a few hackers could have accomplished such a feat. (And in case you didn’t know, China has a few hundred thousand hackers for every one of ours. They gather outside their universities at lunch to discuss which corporate or government computer to try to break into, simply for the challenge.)
Instead of letting our minds even go there, Google blames the government. At least the Chinese government sounds big and scary and qualified enough to break into a few corporate servers—and surely they wouldn’t be interested in any of America’s companies or users. If they did, well, that would be real war. If it’s true, at least it’s something we can get our heads around and go to the United Nations and complain about.
But Google says it has some genuine reasons for believing that the Chinese government was involved in these attacks, and the international investigation now under way will reveal whether that evidence is legitimate, soon enough. So the biggest question becomes, why does Google believe its partner in repression—the Chinese government—is behind this violation of Chinese activists’ and others’ online privacy?
Sadly, I suspect it is because Google’s collaboration with Chinese efforts to slow the Internet’s democratizing effects may go deeper than limiting Web searches for “Dalai Lama” and “Tiananmen Square Massacre.”
Google publicly and famously surrendered the integrity of its searches to Chinese repression in order to do business there, and never provided a good enough rationale for breaking its pledge to do no evil. We have no way of knowing what the company surrendered technologically in its efforts to break into the fastest growing Internet market in the world. If the deal involved giving the Chinese government some level of access to the Chinese activity occurring on Google—as a way of verifying that their censorship deal was being adhered to—then perhaps this access could have been exploited, leading to the security breach.
So it’s not that Google’s cloud computing technology is so easily hackable, it’s that Google’s misguided partnership with a repressive regime is so easily exploitable. My concern—for Google and for us—is that the reason they know it’s the Chinese government behind these attacks is because Google may have inadvertently given them the key.
Google rejects that possibility, claiming that they are just one of “over 20” companies that have been attacked by the Chinese. Of course, most of those companies aren’t the Chinese government’s online partners, like Google is. Lumping in the surveillance of specific Chinese activists using Gmail within China with the breach of a data center in Texas seems disingenuous. Meanwhile, cybersecurity experts are suggesting that by locating the servers for Chinese Gmail accounts in China, in buildings over which they had little control, Google made the servers vulnerable to physical wiretaps by the Chinese secret service, who could have gained access to the cables leading into and out of the facility. No matter how well scrambled, the packets can still be reassembled. That’s not too reassuring, either. (Google did not respond to my request for comment yesterday.)
At least a conspiracy theory, in which Google willingly gave the Chinese authority over its clients’ communications, offers the comfort of there being some human agency in all this. Just as we prefer to find out that a single pilot was drunk than that there’s a problem with every plane in the sky, it is easier to contend with the notion that Google’s young executives made a stupid decision by engaging with dictators than to consider the alternative: that the cloud being entrusted with an increasing amount of our banking, business, and everything else, is the for the taking.