Is Your Company Googling It's Security and Privacy Away? Raj
Total Page:16
File Type:pdf, Size:1020Kb
Is Your Company Googling It’s Security and Privacy Away? Raj Goel investigates. It’s no secret that Google retains search data and metadata regarding searches—in fact, they’re quite open about it. What’s unsure though is the long-term threat to information security and privacy. Most consumers regard privacy as a basic right. They do not expect their private transactional details—whether it’s what they purchased or complained about, or how they paid for the purchase—to be part of the public record. As long as companies have retained consumer data, there have been privacy breaches. Stone tablets, paper ledgers, data warehouses—it doesn’t matter how you store it, eventually, some of it will leak out. Here are some examples of the ways that data has been leaked: • Criminal acts: theft of data; insiders selling data • Carelessness: putting unshredded paper records in the trash bin; shipping unencrypted backup tapes • Lack of privacy awareness: prior to legislation such as the Healthcare Insurance Portability and Accountability Act, it was legally acceptable to place records in the trash; using personally identifiable numbers such as Social Security numbers as primary keys even though the various amendments to the Social Security Act reserved the use of SSNs to the US Treasury • Going out of business: once a company ceases operations, all privacy policies are null and void. What’s Google Role? So far, Google hasn’t lost information, other institutions have. However, Google plays an ever-increasing role in our consumer and business lives. It has built a substantial business and reputation, which could pose a serious threat to consumer privacy worldwide. Let’s review the Google’s elements: Google Search: This search engine is gathering many types of information about our online activities. Its future products will include data gathering and targeting as a primary business goal. All of Google’s properties—including Google Search, Gmail, Orkut and Google Desktop —have deeply linked cookies that will expire in 2038. Each of these cookies has a globally unique identifier (GUID), and can store search queries every time you search the web. Note, Google does not delete any information from these cookies. Hence, if a list of search terms is given, Google can produce a list of people who searched for that term, which is identified either by IP address and/or Google cookie value. Conversely, if an IP address or Google cookie value is given, Google can also produce a list of the terms searched by the user of that IP address or cookie value. Orkut: Google’s social networking site contains confidential information such as name; e-mail address; phone number; age; postal address; relationship status; number of children; religion; hobbies. As per Orkut’s terms of service, submitting, posting or displaying any information on or through the orkut.com service automatically grants Orkut a worldwide, nonexclusive, sub-licensable, transferable, royalty-free, perpetual, irrevocable right to copy, distribute, create derivative works of, and publicly perform and display such data. GMail: The primary risk in using GMail lies in the fact that most of its users give their consent to make GMail more than an e-mail delivery service and enable features such as searching, storage and shopping. This correlation of search and mail can lead to the potential risks such as: • GMail may not get the legal protection the Electronic Communications Privacy Act (ECPA; see box) gives on e-mail. • The storage of e-mail on third-party servers for more than 180 days can lead to the loss of those privileges. This in turn creates a danger that we may redefine whether an e-mail has the reasonable expectation of privacy. ECPA ECPA, an act enacted in 1986, includes provisions for access, use, disclosure, interception and privacy protection of all electronic communications. It declared e-mail as a private means of communication that has the same level of privacy as phone calls and letters. The employees of email companies cannot disclose emails to others and even the police in the US would need a wiretap warrant to read emails. Though email in transit is protected, those in law enforcement believe that once the mail is processed and stored, it is no longer a private letter, but simply a database service. The biggest selling point of GMail is that they don’t simply deliver your mail, but also store and index it so that you can search for it. In US v. Warshak the Dept of Justice (DOJ) argued that Gmail/Hotmail/any ISP-hosted emails are not subject to ECPA at all, and therefore should not require subpeonas for disclosure. So far, the courts have ruled against the government – however, this shows that the DOJ is actively seeking access to emails and online activities without notifying US citizens and is looking to circumvent ECPA and Stored Communication Act (SCA). GMail Mobile: More and more phones comes with gmail applications built-in, or you can download Gmail for your phone. The question becomes: How uniquely does your cellphone identify you? When was the last time you changed it? GMail Patents: Gmail's Patent #20040059712 emphasizes on ªServing advertisements using information associated with email.º This allows Google to create profiles based on various information derived from e-mails related to senders; recipients; address books; subject line texts; path name of attachments; etc. Google Desktop: Google Desktop allows users to search their desktops using a Google-like interface. All word files, spreadsheets, e-mails and images on a computer are instantly searchable. Index information is stored on the local computer. Google Desktop 3 allows users to search across multiple computers. GD3 stores index and copies of files on Google's servers for nearly a month. In the United States, using Gmail and Google Desktop on computers that contain health records, financial records, educational records or credit applications could when is it considered a violation? be a violation the Family Educational Rights and Privacy Act, HIPAA, Gramm-Leach Bliley, PCI-DSS and state privacy laws if protected information is accidentally or maliciously leaked. Given the XSS attacks that Gmail has suffered; the attacks that OpenSocial demonstrated (google for “First OpenSocial app hacked in 45 minutes”); and the privilege- ignorance flaw that let users of GDS3 see other users' files and the XSS attacks that GDS is subject to (see http://news.zdnet.com/2100-1009_22-151299.html), it's only a matter of time before protected information is leaked and the covered entities (healthcare personnel for HIPAA, Educators for FERPA, Merchants for PCI, etc) point fingers at Google. It's an open question whether the courts will buy the “Google leaked it, not me” defense or whether they'll hold the covered entities liable for the leakage. One potential problem with the desktop search products is that they enable other people with access to the desktop to discover information about other users. For example, spouses can read indexed e-mails or browsing history and discover their partners’ infidelity or online shopping trails. In business, competitors and malicious employees could use desktop search products to locate proposals or negotiation documents. Chrome: Chrome is Google's browser. It's available for download today ± and will be installed on new PCs in the near future. Some of the risks it poses include: • Every URL you visit gets logged by Google; • Everything you type into the location bar—every word, partial word or phrase, even if you don’t click the enter/return button—gets logged by Google; • Chrome sends an automatic cookie along with every automatic search it performs in the location bar. Android: Android is Google's operating system for cell phones. It retains information about dialed phone numbers; received phone call numbers; web searches; e-mails; geographic locations at which the phone was used. Google Health: This product allows consumers—such as employees, co-workers and customers —to store their health records with Google. Recently, CVS Caremark, along with WalGreens and Longs Drugs in the United States, agreed to allow Google Health users to import their pharmacy records into GH. Future Threats So far, we’ve looked at dangers posed by using or installing Google products. Most of these threats can be mitigated by uninstalling these products or using competitive tools. What about dangers to your organization just from Google Search? Look no further than Google Flu Trends. h ttp://www.google.org/images/flutrends/annual_cdc_comparison.png Google correlated CDC flu data from 2003-present with Google’s search data. Spikes in users’ searches about flu treatments correlated tightly with the CDC data. Using Flu trends, Google has demonstrated its ability to analyze search data for a specific term or set of terms. And Google’s privacy policies state they record IP addresses. So, what’s to stop Google from analyzing all search data from Citibank’s networks? Or yours? How many firewalls or proxy servers does your company use to control Internet access? One? Five? 500? What’s the difference between analyzing flu trends and “Top 100 search terms from XYZ Corp.”? Or what if someone were to correlate regional threats from swine flu, avian flu, floods, etc., with search data from Google Health/Prescription data and then analyze the health of their employees and detect long-term effects? Google, as does Sun, Oracle and Microsoft, has a history of working with and selling data to the U.S. Central Intelligence Agency, U.S. National Security Agency and others. Long-Term Threats Overall, the most critical threat is our reliance on GMail—whether the setting is universities, cities, companies or countries switching to GMail en masse, or the newest employees in the organization using GMail as their primary or sole e-mail platform.