[LINK] Crikey: 'Google a 'honeypot' for authoritarian governments'

Roger Clarke Roger.Clarke at xamax.com.au
Thu Jan 14 19:20:49 AEDT 2010


At 18:26 +1100 14/1/10, Geordie Guy wrote:
>... The overall thrust of the article is that the attack on Google 
>was not to achieve knowledge of the conversations of human rights 
>activists, but more likely that Google has a near-exhaustive 
>database of personal information that makes them target zero for any 
>hackers and that was the motivation.  ...

Qualify the whole with 'speculation that', and that's close enough to 
what I meant.


>In order for that thrust to exist, Google must have not only the 
>personal information we all accept they have, but for it to be 
>comprehensible in any way other than streams of machine-readable 
>data going from one system that collects it to another system that 
>profitably uses it (highly doubtful or even impossible).  ...
>Example:
>System A contains [data] partially encrypted and I don't know which 
>columns in the database mean what.  ...
>System B ... an internal description of distances between cameras 
>and grid references in the mall and I don't have any meaningful way 
>of interpreting it.

I was using the term 'view' in the CODASYL sense.  By about 1972, it 
was conventional to gain access to data-files by means of 
code-libraries.  As DBMS emerged, and as data dictionaries matured 
into IRDS, apps became quite easy compared with the early years.

An amateur cracker who gets inside and says 'golly, I made it' might 
well see a mass of bits much like sci-fi films depict the matrix.

But a professional cracker who's seriously inside can acquire the 
necessary privileges, and invoke pre-written applications software, 
and utilise available libraries and utilities.


>>>Note that I didn't intend to convey that Google employees spend 
>>>much time doing such things (and it's my error if what I wrote can 
>>>be read that way).

>No.  I can't think of a jurisdiction where it'd be legal.

Um, Arkansas?  India?  (Arkansas is the data haven in which Acxiom is 
understood to have its database.  The significance of India is 
probably apparent enough).

Apart from which, what's data protection law got to do with it?  It's 
unenforced, and in most countries that have it, unenforceable.

But, agreed, that's a side-show in the present discussion.


>It is now my nicotine withdrawl has gone away thanks to these mint things...

Commiserations.  But it explains the smoking gun  (:-)}


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University



More information about the Link mailing list