By: Rajesh Goel, Chief Technology Officer, Brainlink International Inc.
It’s no secret that Google retains search data and meta data regarding searches—in fact, they’re quite open about it. What’s unsure though is the long-term threat to information security and privacy.
Most consumers regard privacy as a basic right. They do not expect their private transactional details—whether it’s what they purchased or complained about, or how they paid for the purchase—to be part of the public record.
As long as companies have retained consumer data, there have been privacy breaches. Stone tablets, paper ledgers, data warehouses—it doesn’t matter how you store it, eventually, some of it will leak out.
Here are some examples of the ways that data has been leaked:
- Criminal acts: theft of data; insiders selling data
- Carelessness: putting unshredded paper records in the trash bin; shipping unencrypted backup tapes
- Lack of privacy awareness: prior to legislation such as the Health care Insurance Portability and Accountability Act, it was legally acceptable to place records in the trash; using personally identifiable numbers such as Social Security numbers as primary keys even though the various amendments to the Social Security Act reserved the use of SSNs to the US Treasury
- Going out of business: once a company ceases operations, all privacy policies are null and void.
What’s Google Role?
So far, Google hasn’t lost information, other institutions have. However, Google plays an ever-increasing role in our consumer and business lives. It has built a substantial business and reputation, which could pose a serious threat to consumer privacy worldwide.
Let’s review the Google’s elements:
Google Search: This search engine is gathering many types of information about our online activities. Its future products will include data gathering and targeting as a primary business goal.
All of Google’s properties—including Google Search, G mail, Orkut and Google Desktop —have deeply linked cookies that will expire in 2038. Each of these cookies has a globally unique identifier (GUID), and can store search queries every time you search the web. Note, Google does not delete any information from these cookies.
Hence, if a list of search terms is given, Google can produce a list of people who searched for that term, which is identified either by IP address and/or Google cookie value. Conversely, if an IP address or Google cookie value is given, Google can also produce a list of the terms searched by the user of that IP address or cookie value.
Orkut: Google’s social networking site contains confidential information such as name; e-mail address; phone number; age; postal address; relationship status; number of children; religion; hobbies.
As per Orkut’s terms of service, submitting, posting or displaying any information on or through the orkut.com service automatically grants Orkut a worldwide, nonexclusive, sub-licensable, transferable, royalty-free, perpetual, irrevocable right to copy, distribute, create derivative works of, and publicly perform and display such data.
GMail: The primary risk in using GMail lies in the fact that most of its users give their consent to make GMail more than an e-mail delivery service and enable features such as searching, storage and shopping.
This correlation of search and mail can lead to the potential risks such as:
- GMail may not get the legal protection the Electronic Communications Privacy Act (ECPA; see box) gives on e-mail.
- The storage of e-mail on third-party servers for more than 180 days can lead to the loss of those privileges. This in turn creates a danger that we may redefine whether an e-mail has the reasonable expectation of privacy.
ECPA
ECPA, an act enacted in 1986, includes provisions for access, use, disclosure, interception and privacy protection of all electronic communications. It declared e-mail as a private means of communication that has the same level of privacy as phone calls and letters. The employees of email companies cannot disclose emails to others and even the police in the US would need a wiretap warrant to read emails.
GMail Mobile: More and more phones comes with gmail applications built-in, or you can download Gmail for your phone. The question becomes: How uniquely does your cellphone identify you? When was the last time you changed it?
GMail Patents: Gmail’s Patent #20040059712 emphasizes on “Serving advertisements using information associated with email.” This allows Google to create profiles based on various information derived from e-mails related to senders; recipients; address books; subject line texts; path name of attachments; etc.
Google Desktop: Google Desktop allows users to search their desktops using a Google-like interface. All word files, spreadsheets, e-mails and images on a computer are instantly searchable. Index information is stored on the local computer. Google Desktop 3 allows users to search across multiple computers. GD3 stores index and copies of files on Google’s servers for nearly a month.
In the United States, using Gmail and Google Desktop on computers that contain health records, financial records, educational records or credit applications could be a violation the Family Educational Rights and Privacy Act, HIPAA, Gramm-Leach Bliley, PCI-DSS and state privacy laws if protected information is accidentally or maliciously leaked.
Given the XSS attacks that Gmail has suffered; the attacks that OpenSocial demonstrated (google for “First OpenSocial app hacked in 45 minutes”); and the privilege-ignorance flaw that let users of GDS3 see other users’ files and the XSS attacks that GDS is subject to (see http://news.zdnet.com/2100-1009_22-151299.html), it’s only a matter of time before protected information is leaked and the covered entities (healthcare personnel for HIPAA, Educators for FERPA, Merchants for PCI, etc) point fingers at Google.
It’s an open question whether the courts will buy the “Google leaked it, not me” defense or whether they’ll hold the covered entities liable for the leakage.
One potential problem with the desktop search products is that they enable other people with access to the desktop to discover information about other users. For example, spouses can read indexed e-mails or browsing history and discover their partners’ infidelity or online shopping trails. In business, competitors and malicious employees could use desktop search products to locate proposals or negotiation documents.
Chrome: Chrome is Google’s browser. It’s available for download today – and will be installed on new PCs in the near future. Some of the risks it poses include:
- Every URL you visit gets logged by Google;
- Everything you type into the location bar—every word, partial word or phrase, even if you don’t click the enter/return button—gets logged by Google;
- Chrome sends an automatic cookie along with every automatic search it performs in the location bar.
Android: Android is Google’s operating system for cell phones. It retains information about dialed phone numbers; received phone call numbers; web searches; e-mails; geographic locations at which the phone was used.
Google Health: This product allows consumers—such as employees, co-workers and customers—to store their health records with Google. Recently, CVS Caremark, along with WalGreens and Longs Drugs in the United States, agreed to allow Google Health users to import their pharmacy records into GH.
Future Threats
So far, we’ve looked at dangers posed by using or installing Google products. Most of these threats can be mitigated by uninstalling these products or using competitive tools.
What about dangers to your organization just from Google Search? Look no further than Google Flu Trends.
http://www.google.org/images/flutrends/annual_cdc_comparison.png
Google correlated CDC flu data from 2003-present with Google’s search data. Spikes in users’ searches about flu treatments correlated tightly with the CDC data. Using Flu trends, Google has demonstrated its ability to analyze search data for a specific term or set of terms. And Google’s privacy policies state they record IP addresses.
Google, as does Sun, Oracle and Microsoft, has a history of working with and selling data to the U.S. Central Intelligence Agency, U.S. National Security Agency and others.
Long-Term Threats
Overall, the most critical threat is our reliance on GMail—whether the setting is universities, cities, companies or countries switching to GMail en masse, or the newest employees in the organization using GMail as their primary or sole e-mail platform.
Questions to ask your security team are: How big is the organization’s e-mail archive? How many years of e-mails are saved? If your company, agency or government, switches to hosting email on Gmail, what happens to the privacy and confidentiality clauses in your contracts?
The U.S. Department of Justice is arguing that the ECPA does not apply to ISP-hosted e-mails. In addition, Google, Yahoo and Microsoft have a history of complying with the U.S.’s and foreign governments’ requests for information. If such data is turned over, how much corporate security is being eroded by use of these platforms?
What the reliance on Microsoft Windows did to desktop and network security (consider the amount of budget and manpower dedicated to dealing with Windows patches, viruses, spyware, botnet detection), reliance on Gmail will do to corporate privacy and security.
Raj Goel, CISSP, is chief technology officer of Brainlink International, an IT services firm. He is located in Queens, NY, and can be reached at raj@goel.com.
NOTE: An excerpt from this article appears in the June/July issue of Infosecurity Magazine, the official publication of ISC2, the certifying body for CISSPs.
