Why Google won’t protect you from big brother: Christopher Soghoian at TEDxSanJoseCA 2012

Why Google won’t protect you from big brother: Christopher Soghoian at TEDxSanJoseCA 2012
ArticlesBlog


Translator: Mohand Habchi
Reviewer: Denise RQ My name is Christopher Soghoian,
and I’m a privacy researcher. In particular, I study the surveillance state
that we now live in. Not exactly the theme
that’s happened today. If you look in Hollywood movies,
cop shows on TV, we see a single vision of surveillance. We see surveillance
as a labor-intensive task for the police. So imagine a police officer
climbing a telephone pole to attach a couple of wires to get to intercept
a particular phone line. Or you know, the image of an FBI agent
hunched over a pair of headphones, in an unmarked van
parked outside someone’s home, listening to the conversations
that are occurring inside. And certainly, that did happen
a few years back, but that’s not the way
the modern surveillance works. Modern surveillance, for the most part, now occurs in the comfort
of an air conditioned room, at a comfy desk, a nice chair, and the surveillance itself is performed
with the few keystrokes, someone is typing away at a keyboard. Whose fingers are behind the keyboard? It’s not the police. In fact, it’s employees
working for the companies to whom we entrust our private data: Search engines, social networking sites,
and telephone companies whose products we keep
in our pockets at all times. These companies have teams that do nothing but respond
to government surveillance requests. Sprint, the third largest
telephone company in the United States, has more than 110 employees, who do nothing than respond
to surveillance requests. Facebook has 25 employees. The Senate Select Committee
on Intelligence, in 2007, said that electronic surveillance
depends in great part on the cooperation
of the private companies that operate the Nation’s
telecommunication system. Our modern surveillance state
wouldn’t be possible without the willing assistance
of these companies. We are spied on because they help. The Seventh Circuit Court of Appeals
noted just a few years ago, that technological progress
poses a threat to privacy, by enabling an extent of surveillance that in earlier times,
would have been prohibitively expensive. What does this mean? 10 to 15 years ago, if the FBI had wanted to tail someone, had to watch where
they’re going 24 hours a day, they would have needed
a team of 10, 15, 20 agents. The person who is driving
around their car, you need a few vehicles, with a few agents
to each one, tailing the suspects. Every few minutes,
the vehicles have to change, so that when you’re looking
in the rear-view mirror, you don’t notice the same vehicle
following you at all times. 24 hour surveillance requires
24 hour surveillance teams. That’s a lot of agents,
that’s a lot of salaries. And the FBI has limited resources. And so in the days
of scarce surveillance resources, the government had to figure out
who was a high priority for surveillance. That’s not longer the case. Modern surveillance
is cheaper and more efficient. And why not, technology companies make everything
more efficient and everything cheaper. Now, today, a police officer
from the comfort of his desk, can monitor 200 or 300 individuals’
location, in real time, with services provided
by the communications companies. Sprint, for example, offers a website where law enforcement can log in
and pay 30 dollars a month for unlimited access to an individual’s
real time GPS location information. In 2009, Sprint revealed that in the one year
since the website has been set up, it’s been used 8 million times. So Verizon, a large telephone company,
one of the largest ones in the country, they revealed in 2007 that they get 80,000 requests a year
from law enforcement agencies. But most companies
actually don’t provide any data. Verizon wrote this
in a letter to Congress. Google is probably the most transparent
company in the industry, and for that we should thank Google. So when you get home to your computers,
look for Google’s transparency report, it’s a website that they’ve set up that
provides aggregate detail information, breaking down surveillance
requests every six months, showing how many they get from
law enforcement and different countries, which requests they turn down or approve. So Google is great. So we know from this that they get
about 12,000 requests a year in the US. But most companies
don’t provide this level of data, or in fact, any data at all. And because of this, most surveillance
occurs below the radar. We simply have no idea
how much is occurring, although, experts estimate that there are at least a few hundred thousand requests
a year made in the United States. One thing you really need to understand
is that the way the US law is written, companies cannot refuse to comply
with a surveillance request. If the request is valid, if it’s a valid court order,
if it’s a valid subpoena, companies must give your data
to the government. There’s nothing they can do. Now, some companies lean more
towards protecting users’ privacy, and some companies
lean more towards providing loyal assistance to the government. But all companies must hand
your data over to the government. When the request comes in,
the data goes out. But companies
do have flexibility in other areas. So they have to respond to the requests, but the kinds of data that they keep
and the other things that they do are things that they control. And so, some companies in fact,
have very different practices, with regard to the way in which they protect your privacy
or don’t protect your privacy. Unfortunately, you won’t find this out
by visiting the companies’ websites. There’re big differences between the telephone companies,
between the search engines, between the email services,
and the social networks, and they don’t compete
on their privacy practices. One of the best ways
the companies can protect their users is through transparency. So while companies are obligated to give your data to the government
when the government asks, they have the freedom to tell you about
many of the requests that they get. Not all companies tell users. In fact the norm in the industry is to not tell users
about requests for their data. Twitter and Google, in this regard,
are actually unique. Both companies have established policies
that whenever possible, whenever they’re permitted
to do so by law, they will tell their users about requests, oftentimes, before they hand
the data over to the government, thus giving the user the opportunity to hire a lawyer
and try to contest the order, if they think that maybe
it’s inappropriate. Most companies don’t have these policies, and for this, we should thank
Google and Twitter. Because they’re really doing something
that is not required to them by law. In January of 2011, the media reported that Twitter had received
the requests for information about three individuals associated
with the Wiki Leaks organization. For those of us who study surveillance
and are interested in this topic, the fact that Twitter
is receiving requests isn’t news. This company receives hundreds
if not thousands of requests a year from law enforcement agencies
around the world. What was interesting here
is that the request was sealed. The judge who had issued
the order to Twitter, had sealed it. Which meant that Twitter was prohibited
from telling the users about the request. In this case, Twitter hired
a very expensive outside counsel, and got the lawyers to ask
the government to unseal the order. The lawyers made a convincing case,
the order was unsealed by the judge, and then Twitter was free to tell
the 3 Wiki Leaks associated individuals. Those people themselves hired lawyers, tried to fight the request,
and that matter is ongoing. In October of 2011, we also learned that Google
and a small California ISP named Sonic, a provider of broadband service, had also received requests, court orders,
as part of the same investigation. Now the details were a little bit unclear, but it seems like Google also asked
the government to unseal the order, but in Google’s case, they were not able to convince
the government or the judge. So that order remain sealed. In fact, the only reason
we know about these orders is because of anonymous sources who provided information
to the Wall Street Journal. So, most companies do not tell users about government requests
for their users’ data. They could, but they choose to not do so. I think some would think
that it might alarm users, it might give consumers a reason to not
trust the companies with their data. And after all, maybe we shouldn’t,
maybe we shouldn’t trust these companies, if there’s nothing they can do to stop our data from ending up
in the government’s hands. And so in this regard, Google
and Twitter are transparency leaders. They’re going beyond the call of duty. They’re doing far more
than is required of them by law. But even in these cases,
the government still gets the data. Even though Google can tell you
about the requests they receive, they’re still forced to hand
the data over after they tell you. In the case of the Wiki Leaks order
and Twitter, the individuals information eventually made it into the hands
of the Department of Justice. No number of lawyers could shield
the data from the government’s fingers. There are ways to protect users, more comprehensive ways
to protect users, and the best way to protect users is
to not keep the data in the first place. Companies that do not keep data
have nothing to hand over when the government comes
asking for it later. The most companies keep users’ data. Most companies keep
huge amount of users’ data. In fact, the trend in Silicon Valley
is to keep as much data as possible, just in case you can figure out
how to monetize it later. So Google keeps detailed records
of who you are, what you’re searching for,
and where you’re searching from. And they keep that information
for 18 months at the bare minimum, and then they modify some portions of it, and then keep the remaining bits
for a much greater periods of time. Bing, which is Microsoft search engine, keep that same data
for at least six months. Twitter keeps records
of where you’re tweeting from, for a period of up of 18 months. Now the company is a little vague
with their actual data retention period. I think it’s a few months, but in their privacy policy,
they set it up to 18 months. And Facebook is entirely vague
about what they keep. Probably they keep it
for a significant period of time. But these companies keep our private data that will eventually make its way
into the government’s hands. Why? Because the dominant
business model in Silicon Valley is to provide free services to consumers in exchange for their personal
and private information. These companies give us
fantastic social networking services, free email, web browsers,
and other software, and in exchange, they collect
our data, and they monetize it. They have these black boxes,
whether it’s behavior advertising, whether it’s detailed dossiers
on individual consumers, whether it’s analytics, the dominant model in Silicon Valley is
user’s data goes in, profits go out. This is the norm. Most big companies have adopted this, and many startups
think this is the way forward. These business models, at their very core,
are fundamentally incompatible with strong privacy protections
from the government. If you keep data for proposes
of data mining and analytics, there’s nothing you can do to stop when the government
comes and ask for it later. so companies have to choose. They have to choose privacy
or the business model. Google has made this choice. And does this mean that Google evil? Google has chosen keeping, monetizing,
and mining user data over privacy. I don’t think this makes Google evil. But I do think we have to acknowledge
that they’ve made a conscious choice, and that their business model won out. This isn’t the only business model though. Other business models
can protect user privacy. This is a photo of a street
in my town in Washington DC, this is just a few blocks away from me, and this is a storefront
run by a phone company called Cricket. Cricket is a prepaid provider
of telephone service that targets largely urban markets. they target people
who don’t have credit histories, who just want telephone service
without any surprises. I don’t work for Cricket, and the reason
I’m even mentioning them is that the American Civil Liberties Union just got 5,000 pages of documents back,
from a Freedom of Information Act request – actually several requests – detailing the surveillance
practices of many forms. And the information provided by Cricket
was really eye-opening. Cricket keeps no records
about the numbers that you dial, or the numbers of people who call you. Cricket keeps no information
about the text messages that you send, or at least the content
of the text messages that you send. And Cricket keeps no records
of the IP address is given to you that would detail what you do online and allow others to link your activities
on the web to your mobile phone. Cricket keeps the bare minimum necessary
to provide you with telephone service. Now this is not the norm. The norm in the telephone industry
is to keep lots and lots of data. So as an example, AT&T keeps records
of who you call and who calls you for between five and seven years. Many telephone companies also keep
detailed records of where you’ve been. Historical location information about
the towers that your phone connected to for a period of several years. And so the norm in the telephone industry
is to keep data, but they don’t need to. In fact, when you pay
for service with money, that company doesn’t need to go
and find other ways to pay their bills. When you pay 50 dollars a month,
or 100 dollars a month, that service doesn’t need
to engage in data mining, they don’t need to engage in analytics, their bills are paid,
they can pay their employees, they can return a profit
to their shareholders. The monthly bill that you pay them, enables them to protect
your privacy if they wish to do so. Now, of course, this doesn’t mean that paying for a service
automatically leads to privacy protection. After all, AT&T famously illegally shared
its customers’ information with the National Security Agency, as part of the warrantless
wiretapping program. Many phone companies
are truly in bed with the government. And so just because you pay
a monthly telephone bill, doesn’t mean you get privacy protections. But paying for a service can enable
a company to protect your privacy if they wish to do so. With free services, the ad supported services,
the data mining supported services, there will always at the end of the day, be a clash between privacy
and the business model. And privacy never wins. If we want privacy from these companies,
we have to start paying for it. Thank you very much. (Applause)

82 thoughts on “Why Google won’t protect you from big brother: Christopher Soghoian at TEDxSanJoseCA 2012

  1. I'd like to know how youtube decides what comments are worthy of being slotted into the top comments section,it can't be comments that are meaningful to the talking point of the video because the latest 'top comment' i'm seeing here is '…want that T-shirt'. Your comments section sucks youtube,we have to go to latest comments to try and find meaningful conversations and even then you get half of a conversation and when you want to see the comment a person was replying to it opens a new page.This obviously is not conducive to starting 'meaningful conversations'. At best the comments section updates are badly designed,..at worst they are a deliberate attempt to manipulate and censor certain opinions.

  2. AT&T just bought and took ownership of Cricket as of March 13, 2014. That's the end of having any privacy on Cricket I would think.

  3. Why do we care if companies have this information? Many crimes are solved with this information. Known criminals and terrorist cells can be tracked. Families of the victims of murders or violent crimes can use this information to prosecute. Missing persons can be triangulated with this information. Police once used live cell tower information to find a rape victim while she was actively being assaulted. Moreover, this information could be used to exonerate an innocent person from a crime. I believe subpoenas for this information are generally used for a good. If the creators of this information have it, it is their responsibility to provide it for that good. It's not an invasion of privacy unless someone is thumbing through my stored data just for fun and without cause. I believe we should be more concerned about the loss of information through data breaches/theft, insider carelessness, and poor security practices.

  4. 1:30 I got to with the statement , product we keep in our pockets at all times! DUDE just don,t by a smart phone.Never had one never will problem solved.

  5. the whistle after he stopped talking really distracted me throughout this whole talk… but good nonetheless, very eye opening and interesting

  6. If this doesn't work out as least 10 times as bad as all our "free/cheap" stuff from China, I'll eat my Great Value hat.

  7. We all know nowa days everything is controlled by GOV such as Media, phone Companies, Google, yahoo, hotmail, Facebook itself is CIA cuz it's invented by CIA and many many more stuff.
    We as ppl need be smart, we have to use the above mentioned things for ordinary things not sensitive.

  8. In a republic ruled by the people we should have no secrets, otherwise how can the people rule themselves. Through fear, pride and greed the American people have allowed this conversation and expense to enter society trying to find the right level of privacy, which is impossible. It will always be a source of big money for many companies taken from worried consumers. As we know, every lock can be broken eventually. I really resent how the American Bar Associatian encourages this expensive nonsense.

  9. I always thought that if you have nothing to hide then you have nothing to worry about. Every country Administration in the world spies on its people. Sometimes spying is justified to stop terrorists, pedophiles and all sorts of criminals and in am many cases spying is not justifying as there is no ground to do so. I fought corruption using the media who helped me very much, the police, and some politicians . I risked losing my own life and I took the challenges. Now I am very well known in my very big city and I have lots of respect for having done what I did and it was documented by some TV, Newspapers and magazine networks.

  10. the internet is getting played out and it sucks, same ppl who were against it when it came out thanks to innovative young people, are same ppl TRYING to control it and use it as a means to control people and eliminate jobs, that is not what it was meant for, its supposed to be an enhancement, not a mandatory dependancy, nothing online is secure and you have to be short a few screws if you post up every move you make all your confidential documents there, and there is something seriously wrong with banks and govt agencies using discreet methods to try to give you no option but to constantly stare at a screen day and night to get all your most important priorities and tasks done, its so easy for people to remotely access servers and just copy all your 411 and do well so many things with it that are illegal, before people used to write letters now its email which is not secure we know that but whatever, its not your medical records and taxes, that is going too far, that is where you draw the line and every govt, bank, business should understand that if they tell you otherwise then something fishy is up, just like how a few days ago some ditz tried to convice me to go paperless and mail is not reliable, um hello? I'm 40 years old its never been a problem why is it now? so for 20 years I didn't pay my bills? really? huh, riiiight, oh or maybe you want me to miss my payment because for some reason the email didn't come through and boom you can try to slowly ruin my credit, which I see with everything all the time, "did you get the email yet I sent it" "nope" ok wait 15 minutes, now? nope, next morning? still didn't and you want to tell me thats secure? even text messages do that shit man, texts used to be instant, fast and reliable 10 years ago but not anymore, too many messed up groups doing things all wrong and my suspicion is with bad intentions, but thats not the worst part, the part is the people who follow along because they are a part of it to make other people feel they should do it too, follow the crowd, monkey see monkey do, NOT ME I ain't takin more shit so back off

  11. I read googles privacy policy and it's bad they track more than you would think. At least they are open about it and tell you if you take the time to find and read their policy.

  12. Well i think its smart to prevent home grown terrorists like what heppened here in New Jersey and New York, the dutch oven bomber, i know exactly where his parents restaraunt is.

  13. The question really is "Has technology made our lives better or worse." I would argue that it has made our lives just slightly better. There is still poverty, depression, wars, and now an online mob. Do we really want this technology even more in our lives?

  14. "We are spied upon, because they help"

    Um, no, not exactly. We are spied upon because the state wants the ability to be able to spy upon it's citizens and if these businesses defy the state, then does it not seem probable that the state would use whatever means to coerce their compliance or punish these businesses for disobeying the will of the state? Does no one remember what happened to Microsoft back in early 2000 I believe it was, when they were suddenly being audited for no apparent reason. Then Microsoft hired a bunch of lobbyists, having next to none beforehand, and what do ya know? No more auditing, just more lobbying.

  15. In final analysis, this surveillance will cost Google mucho gusto! Can you say BANKRUPTCY,
    ANTI-TRUST BUSTER LAWS APPLIED (with a death blow)!!!
    Not a wise move on Google’s part. It will be TAPS for Google! This activity can not continue. It’s un-America and does not reflect American values going back to the inception of the UNITED STATES 🇺🇸!!!!
    Very short sighted, but what do you expect from those who only look quarter to quarter.
    That’s in addition to how Facebook is now being viewed. Loss of users.

  16. "Why Google won't protect you from big brother"? Because "Google" was created in large part by the CIA, Soooo there for Google is part of "Big Brother"

  17. Well this is old, the leader in privacy is apple, and users don’t have to pay for it. They have tons of data but non accessible. And to this day is still in a fight with a government, who wants access to all encrypted data and Apple won’t give it. And stays on the top of security and privacy, I’m 20 and I do see this as a problem. At only 20 god knows how much google, Microsoft, banks, etc has on me. I’ve slowly been migrating more and more to Apple, currently switching to all iCloud mail. I’ve been working to limit as much but that would be impossible to eliminate, I could, but I’d have to live in a shack in the woods with no electricity, that’s not practical. Even then how am I going to get money? Id have to work. I’d have to find a little local business that deals entirely with paper. It’s a problem that will need addressed in my life time.

  18. I think it is great that google published information on the government information requests. In our day of digital information, eventually they will have a leak of information showing all the people who are / where being tracked. Citizen X will scratch his head, wondering why the FBI did queries on his location back in 2019. Supporting law enforcement, supporting our government agencies, what could go wrong? Be assured that your internet viewing and posts are searchable. All this because we want security, we have given up all privacy. Talk to someone in person, don't send emails, don't talk on the phone, and you have some privacy. And cricket phone service? I think the information about Cricket phones is not really accurate. Its factual but that doesnt mean much, as Cricket is a virtual carrier. The actual phone carrier Cricket uses can get all those call records for the local or federal government, when requested.

  19. Mad magazine spy vs.spy to the nth degree. ask m he know, that tp sophia just used. knows you dont like pickles n why.FEED ME SAID SEYMORE FEEEEED ME.

  20. I am a retired Police Detective that has obtained Electronic Search Warrants. I had to prove to a Judge that probable cause existed
    before a search warrant was signed. In many cases, it was necessary to obtained a sealed warrant.
    It is a valuable tool that enable me to solve cases involving homicides, robberies, drug trafficking, etc. Sometimes its absolutely necessary.

  21. So much has changed for the worse @goog since 2012! Now they openly ban and shadow ban if you don't go with their narrative.

  22. Google?? Transparent?? Oh, wait… This video was published 7 years ago, when people still trusted Google.

    Google won't protect you from Big Brother because Google IS BIG BROTHER.

  23. Funny thing is they seem not to do surveillance of people who are terrorists (extremists), they are targeting innocent people as a revenge for listening something that was not according what they desired.

  24. Saying Cricket is somehow unique in all this is ridiculous. Cricket is an MVNO for AT&T – the worst company in privacy protection.

  25. He is talking about Cricket wireless. It is a wholly owned subsidiary of AT&T. So AT&T is bad but Cricket is good. Shows how much research in his talk

  26. Thank You for the HardTalk on our individual security…. Especially where our children are concerned. Home education.

Leave a Reply

Your email address will not be published. Required fields are marked *