Wednesday, January 19, 2011

Google: Iranian Internet users deserve communications security -- Americans, not so much

From The Guardian today:
Google Earth, Picasa and Chrome will be available for download in Iran for the first time from today after the technology firm was granted a communications trade licence by the US government.

...

[Scott Rubin, Google's head of public policy and communications for Europe, Middle East and Africa] said Google had decided not to make downloads of Google Talk available in Iran because it may have security implications if dissidents used it to communicate. "We're not confident with the security we could provide to keep those conversations private," he said. "Any government that wants to might be able to get into those conversations, and we wouldn't want to provide a tool with the illusion of privacy if it wasn't completely secure."


I am actually quite pleased to see Google acknowledging 1. That it is often very dangerous to offer insecure tools that users might mistakenly believe are in fact secure, and 2. That government agencies can easily monitor the communications of users using insecure tools.

The problem of course, is that Google Talk is widely used by Google's millions of customers in the United States, Europe, Asia and the Middle east, all of whom are at risk of government surveillance.

Here in the United States, the Federal government for years abused its surveillance powers to spy on the phone calls and Internet communications of US citizens without ever seeking a court order. The FBI has abused its National Security Letter powers that were expanded under the USA Patriot Act, and for years, the agency even embedded phone company employees at its offices, who repeatedly disclosed user data in response to requests submitted on post it notes.

All this begs the question: Why is Google more concerned about the privacy of Iranian users than those millions of Google users in the United States?

Google is a US company, is subject to US law, and must disclose communications to the government when law enforcement and intelligence agencies follow the appropriate legal process. As such, no one expects Google to refuse to comply with the law (especially, as Eric Schmidt has acknowledged, the government has guns, and Google does't).

What would be nice though, would be if Google was equally as committed to not giving its US customers the illusion of security and privacy, when, as the firm has acknowledged here, its Google Talk product is simply not capable of delivering anything approaching reasonable security.

4 comments:

Security Retentive said...

To be fair Chris, in the US the government can just show up and get the data directly from Google. In Iran they can't. Therefore in Iran the risk is of live intercept over the wire, and perhaps that isn't secure enough against a government. Or, that is at least one way to read Google's comments.

I don't think this is quite as nefarious as you're implying.

Shmerl said...

Why can't Google Talk clients use any kind of encryption? GTalk protocol just uses underlying Jingle/XMPP for transfer. Clients can encrypt/decrypt the stream without much trouble. There even are solutions which plug into existing non encrypting clients:

http://en.wikipedia.org/wiki/Zfone

Anonymous said...

Be sure they do something that is better for their own benefit.

Jillian said...

I wonder if you have an opinion on the fact that State extended this "privilege" to Iranians but not Syrians, Cubans, or Sudanese, who are all still forbidden (officially) from accessing these programs?