TL;DR: trash-talking Google's record doesn't seem fair to me.
Here are some things that are public knowledge:
1) Google considers some kind of network traffic to be attacks (obviously). Google claims (and no one doubts) that in some cases Google reports these attacks to law enforcement authorities, and to other companies believed to be affected. The main example of this that I'm aware of is Operation Aurora (see http://en.wikipedia.org/wiki/Operation_Aurora ), the purported 2009 attack, allegedly by Chinese state actors. AIUI, this is the source of the Google/government collaboration mentioned in that Wired article that clobber linked. I think that any reasonable person would agree that this type of data-sharing between victims of crime and the government is not necessarily tantamount to "allying oneself with the surveillance state" (although a reasonable person could point out that once you start cooperating with governments, sometimes it's a slippery slope).
2) Google wants to position itself as a defender of user rights against governments. Maybe this is for-real, maybe this is bullshit; what do we know? We know that Google publishes a transparency report ( google.com/transparencyreport ) , you can read it for yourself. Google claims that they comply with the law, and thus obeys e.g. National Security Letters (including the gag orders that come with most NSLs). If you want to say that obeying legally-constituted surveillance law is necessarily "allying oneself with the surveillance state", well, maybe... but I dispute that this is in-general true.
3) Google also purports to push back the limits of this legal surveillance. For example, in the case of the IRS claiming (until a few days ago) that it can warrantlessly read your email, Google alleges that they refuse to respect such IRS demands, instead requiring a warrant. That is, Google claims to be daring the IRS to take Google to court, since Google thinks the IRS is overreaching their government authority. I cannot prove (or disprove) that Google is in fact doing as they claim, but if so, I see this as a mildly courageous act that protects civil society.
(For full-on heroics, see John Doe vs Ashcroft, revealed to be Nicholas Merrill of Calyx, so mad props to him. Also see http://www.wired.com/threatlevel/2013/03/nsl-found-unconstit... , another piece of brave civil challenge to the same surveillance bullshit).
------
So, what's my point here?
Look, we don't know that Google isn't doing sinister shit. Google knows a lot, and has a lot of secrets, so it's appropriate to be wary. (Knowing a lot is key to the huge benefits that Google provides, btw.) But I think we have basically zero evidence of this hypothetical sinister behaviour; all secret-sharing we know about is appropriate and above-board. And we have some meaningful evidence that Google is actively pursuing the public interest by resisting over-sharing (not that I'm claiming this is the #1 corporate goal).
TL;DR: trash-talking Google's record doesn't seem fair to me.
Disclaimer: I work at Google, I have a pro-Google bias, I have no insider knowledge of any of the things discussed in this comment, and if I did have insider knowledge I wouldn't post it on Hacker News.
I'm the one who claimed they seem to have "allyed themselves with the surveillance state," so I guess I'm really the one you're responding to. I wouldn't consider that to be trash talking, exactly, but I don't mind you saying that.
I actually don't know many of the facts on the ground, as you do. I mean, you can cite evidence and provide links, and I can't.
What I do know is that Google is a humongous red target painted on it that is screaming, "I have a huge proportion of all global email and lots of other kind of data! Governments and other malicious actors, come and get it if you can!"
So, I think it's absolutely insane that so many of us trust Google with so much. I think we should all be encrypting everything as a matter of principle and policy, and I don't think we should all be using Google so much.
I mean, how much of China's annual budget is devoted just to hacking Google via technical and social engineering means? Tens of millions of USD? That sounds very reasonable. That's what I'd be doing if I were on their side and had authority.
Also, it's worth noting that individual rights are no longer considered absolutes in the US, and our legal system is currently in a trend of slow erosion. So, eventually, the government authorities are probably going to be able to demand whatever they want of Google. They possibly already have ways of doing this.
As an aside, I don't begrudge you for working there. In fact, once I'm on the job market, I may even try to get a job there (not sure if they'd still have me, though, since I make the above point not infrequently).
> so I guess I'm really the one you're responding to
Partially, yup.
> facts on the ground
Again, I emphasize that I learned most of what I know by following privacy-oriented links on HN, and reading public sources. And I know these things because I, like you, think it's very much worth thinking about. I want to know whether or not Google is evil.
> Google is a humongous red target
Absolutely. No doubt.
> we should all be encrypting everything
I think I agree with your reasoning, but I disagree with your conclusion; I think this is simply evidence that I value my privacy much less than you value yours.
> trend of slow erosion
This one flows back and forth. The battle is not lost, even in the US. See e.g. that last link my my previous post, re Judge Susan Illston
possibly already have ways of doing this
You know what an NSL is, right? As far as I can tell, the FBI can ask for anything of anyone at any time. If surveillance scares you, get scared. Though, again, c.f. Susan Illston.
In any case, I once again think it is important to distinguish between the good points you make in this comment, and the shitty summary you made in the previous comment, which in my opinion is vastly under-supported and also probably wrong.
> not sure if they'd still have me, though, since I make the above point not infrequently
I was more trashing the NSA's record because they ARE doing sinister shit.
We just don't know 100% if Google is being forced to play along. I'd say it's really naive to think there would be public 'evidence' in the first place. You say it's unfair but I say it's critical thinking. Given the circumstance and the history, I'd say it's completely fair.
I agree with almost all of this comment of yours (contrasted with the previous one). The NSA should be assumed to be invasive, we don't know how much Google is being forced to play along, there would be little or no public evidence. And critical thinking is good, especially given the circumstances and history.
Your previous comment said that "the likely thesis that Google has decided to ally itself with the US surveillance state" was "seem[ingly] fact at this point". That's a completely different statement, and I strongly disagree with it; I do not think that is Google's decision or allegiance, nor that it's established fact. I think the parent to your comment accused Google of malfeasance, and I think that is neither critical thinking nor fair.
Either way, I'm not personally terrified, but I do think it's worth awareness and resistance, on principle.
Here are some things that are public knowledge:
1) Google considers some kind of network traffic to be attacks (obviously). Google claims (and no one doubts) that in some cases Google reports these attacks to law enforcement authorities, and to other companies believed to be affected. The main example of this that I'm aware of is Operation Aurora (see http://en.wikipedia.org/wiki/Operation_Aurora ), the purported 2009 attack, allegedly by Chinese state actors. AIUI, this is the source of the Google/government collaboration mentioned in that Wired article that clobber linked. I think that any reasonable person would agree that this type of data-sharing between victims of crime and the government is not necessarily tantamount to "allying oneself with the surveillance state" (although a reasonable person could point out that once you start cooperating with governments, sometimes it's a slippery slope).
2) Google wants to position itself as a defender of user rights against governments. Maybe this is for-real, maybe this is bullshit; what do we know? We know that Google publishes a transparency report ( google.com/transparencyreport ) , you can read it for yourself. Google claims that they comply with the law, and thus obeys e.g. National Security Letters (including the gag orders that come with most NSLs). If you want to say that obeying legally-constituted surveillance law is necessarily "allying oneself with the surveillance state", well, maybe... but I dispute that this is in-general true.
3) Google also purports to push back the limits of this legal surveillance. For example, in the case of the IRS claiming (until a few days ago) that it can warrantlessly read your email, Google alleges that they refuse to respect such IRS demands, instead requiring a warrant. That is, Google claims to be daring the IRS to take Google to court, since Google thinks the IRS is overreaching their government authority. I cannot prove (or disprove) that Google is in fact doing as they claim, but if so, I see this as a mildly courageous act that protects civil society.
For Google's claims about IRS email surveillance, see e.g. http://thehill.com/blogs/hillicon-valley/technology/279441-f...
(For full-on heroics, see John Doe vs Ashcroft, revealed to be Nicholas Merrill of Calyx, so mad props to him. Also see http://www.wired.com/threatlevel/2013/03/nsl-found-unconstit... , another piece of brave civil challenge to the same surveillance bullshit).
------
So, what's my point here?
Look, we don't know that Google isn't doing sinister shit. Google knows a lot, and has a lot of secrets, so it's appropriate to be wary. (Knowing a lot is key to the huge benefits that Google provides, btw.) But I think we have basically zero evidence of this hypothetical sinister behaviour; all secret-sharing we know about is appropriate and above-board. And we have some meaningful evidence that Google is actively pursuing the public interest by resisting over-sharing (not that I'm claiming this is the #1 corporate goal).
TL;DR: trash-talking Google's record doesn't seem fair to me.
Disclaimer: I work at Google, I have a pro-Google bias, I have no insider knowledge of any of the things discussed in this comment, and if I did have insider knowledge I wouldn't post it on Hacker News.