This time, it’s personal: Government spying hits Google where it hurts

Silicon Valley’s reaction to Edward Snowden and his leaks about government surveillance has taken on an indignant tone that was previously missing. All it took for the worm to turn was for the snooping to get personal.

After this summer’s revelations, Microsoft, Google, and the rest issued tepid calls for “greater transparency” — basically asking for the right to report the number of information requests made by government agencies. But now the tables have turned, and the latest leaks reveal that tech companies themselves have been spied on, their networks tapped without their knowledge or cooperation. Cue the outrage.

Google security employee Brandon Downey took to the blogosphere this week to express his displeasure at news that the NSA and British intelligence GCHQ had broken into Google’s systems. Professional pride seems to have played a part in his protest:

I’ve spent the last ten years of my life trying to keep Google’s users safe and secure from the many diverse threats Google faces….

But after spending all that time helping in my tiny way to protect Google — one of the greatest things to arise from the internet — seeing this, well, it’s just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips.

Google colleague Mike Hearn echoed the outrage: “We designed this system to keep criminals out. There’s no ambiguity here…. Bypassing that system is illegal for a good reason…. Thank you, Edward Snowden. For me personally, this is the most interesting revelation all summer.”

Google Chairman Eric Schmidt, reacting in a Wall Street Journal interview to reports the government spied on his company’s data centers, said, “It’s really outrageous that the National Security Agency was looking between the Google data centers, if that’s true. The steps that the organization was willing to do without good judgment to pursue its mission and potentially violate people’s privacy, it’s not OK.”

Oh, the irony — the head of a company dedicated to collecting every scrap of private data possible expressing outrage that people’s privacy has been violated. As The Daily Ticker points out, “Tech companies like Google, Facebook, and Yahoo … are now working harder than ever to protect their data from hackers and the government so they can make money off that same data to sell personalized ads.”

These are the same companies that, before Snowden came along and pulled back the curtain, were secretly in bed with the NSA — albeit perhaps reluctantly.

Still, with this new groundswell of indignation from the tech industry, good may yet come from Snowden’s leaks. The NIST, whose cryptographic standards are used by software developers around the world to keep data confidential, this week announced it is reviewing all its previous recommendations. Revelations that the NSA spends $250 million a year to secretly undermine encryption, using its influence to “weaken the standards that NIST and other standards bodies publish,” have already led the NIST to withdraw one cryptographic standard, called Dual EC DRGB.

The federal institute isn’t the only one working to restore users’ confidence by shoring up defenses. According to the New York Times, “Twitter plans to set up new types of encryption to protect messages from snoops.” And Google’s Hearn revealed on his blog that “encryption was being worked on prior to Snowden, but it didn’t seem like a high priority because there was no evidence it would achieve anything useful, and it cost a lot of resources. Once it became clear how badly compromised the fiber paths were, there was a crash effort to encrypt everything.”

As the New York Times notes, “What began as a public relations predicament for America’s technology companies has evolved into a … crisis that threatens the foundation of their businesses, which rests on consumers and companies trusting them with their digital lives.”

Speaking at the Usenix conference this week, security expert Bruce Schneier, an outspoken critic of the NSA, pointed out that “fear of NSA snooping has already soured some European companies from using U.S. cloud services, which, in turn, has started putting pressure on Congressional representatives to rein in NSA.”

As part of a pushback effort, Google, Facebook, Apple, Microsoft, Yahoo, and AOL recently wrote a letter to Congress, in support of the USA Freedom Act, that went beyond the usual calls for transparency to state that “government surveillance practices should also be reformed to include substantial enhancements to privacy protections and appropriate oversight and accountability mechanisms for those programs.”

But even as they finally muster against the government collection of personal data, the New York Times warns that “no matter the steps they take, as long as they remain ad companies, they will be gathering a trove of information that will prove tempting to law enforcement and spies.”

This story, “This time, it’s personal: Government spying hits Google where it hurts,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.