tssci security

Privacy, Google, Scroogle, and You

In an article on the CNet Blogs, Chris Soghoian writes on Privacy: What should Google do?

Brilliant article. A must read.

I have one question, one comment, and one look into the future.

Question: We might be able to trust Scroogle not to steal our search queries and tie them to an individual (i.e. an invasion of privacy), but how do we prevent Google/Scroogle (or any organization for that matter) from using stolen search queries as a sociological reference (for everything from marketing Adwords to possible propoganda)? How do we trust anyone with the ability to display, collect, and harvest this kind of data?

Comment: Scroogle is all well and good. They support up to 130k searches per day, 10 percent SSL -- great! However, Google is on a different scale. TS/SCI Security spoke with some Google employees about privacy and security issues at Shmoocon. It appears that there would be interest on Google's part to create a less well-known "Secure Google/GMail". If it becomes too widely known, and they cannot monetize from it -- it doesn't make sense for them to keep running it.

Future look: the time period between 1960 and 2060 will not be known as the information age. It will be known as the "lack of privacy" age. Our children's children will know how to protect their privacy. Today, I can easily deduce a person's first name, last initial, and city they live in both online and off. Using Google, Pipl.com, Paterva, et al -- it is easy for me or anyone to perform a Sweeney attack. It is no longer necessary to have very detailed information (such as zip code, DOB, SSN) , or even know the correct spelling of a person's name.

I'm fairly certain that my medical information, email, and search queries are in the top three pieces of information that I would like to keep private (besides my full name, SSN, and DOB). A credit card can be replaced. I can get a new passport or driver's license. Fortunately, I was never in the military -- which has been a notorious problem for veterans, whose privacy is almost an open door.

Replacing your SSN, DOB, or full name is nearly impossible if you have been a victim of identity theft. It quickly becomes additionally impossible to pass a credit check or sell your home. However, there are workarounds to these such as changing your name. We are beginning to understand the problem.

I don't feel that we fully understand the value of our search queries -- as individuals, companies, and civilizations. Search queries are your thoughts; they are our thoughts. Will this empower us, or will it destroy us? Will it enable an organization similar to the Thought Police in 1984? I think that if we're not careful, then it most certainly will.

Posted by dre on Thursday, April 3, 2008 in Privacy.

blog comments powered by Disqus
blog comments powered by Disqus