Here’s one of the latest tidbits on the NSA surveillance scandal (which seems to be generating nearly as many blog items as there are phone numbers in the spy agency’s data banks).
Earlier this week, Techdirt picked up on a passing mention in a Brazilian news story and a Slate article to point out that the US National Security Agency had apparently impersonated Google on at least one occasion to gather data on people.
Brazilian site Fantastico obtained and published a document leaked by Edward Snowden, which diagrams how a “man in the middle attack” involving Google was apparently carried out.
A technique commonly used by hackers, a MITM attack involves using a fake security certificate to pose as a legitimate Web service, bypass browser security settings, and then intercept data that an unsuspecting person is sending to that service. Hackers could, for example, pose as a banking Web site and steal passwords.
The technique is particularly sly because the hackers then use the password to log in to the real banking site and then serve as a “man in the middle,” receiving requests from the banking customer, passing them on to the bank site, and then returning requested info to the customer — all the while collecting data for themselves, with neither the customer nor the bank realizing what’s happening. Such attacks can be used against e-mail providers too.
……Google provided a short statement: “As for recent reports that the US government has found ways to circumvent our security systems, we have no evidence of any such thing ever occurring. We provide our user data to governments only in accordance with the law.”
The government doesn’t have to circumvent anything. Google is a willing collaborator. In fact, the National Security Agency, the FBI, and GCHQ, Britain’s equivalent of the NSA, have been tapping into Apple, Facebook, Microsoft, Google, Yahoo, YouTube, Skype, AOL and the lesser-known Internet company PalTalk, for the past six years. All of those companies have willingly participated in the PRISM program. They’re given immunity by the government in exchange for accepting on-demand “directives” from the Attorney General and Director of National Intelligence to open their servers to the FBI.
Google isn’t picky when it comes to abetting government censorship, such as accommodating the totalitarian thugs in Beijing, in exchange for maintaining its presence in China. Yahoo is guilty of that as well.
Government intrusion into privacy and the violation of the Bill of Rights is bad enough, now it’s teaming up with high-tech internet companies to enhance its capability to do so.
I stopped using Google as a search engine a while ago. I try to use GoDuckGo (an encrypted search engine that doesn’t track) as often as possible.
But hell, they don’t have to cull my emails, phone records, or internet searches to know where I stand. All they have to do is read my blog. I’d be surprised if I’m not on some kind of “watch list”. If I am, I wear that badge with honor.