‘An Investigation Into Google Has Started Already’ – Cybersecurity Specialist

Google has said that it plans to shut down its social network Google Plus after discovering a massive security vulnerability. According to a report published by The Wall Street Journal, the network’s users have had personal data exposed since 2015. The app reportedly got access to full names, email addresses, birth dates, gender and other info.
Sputnik

Sputnik discussed this with Gary S. Miliefsky, a globally recognized cybersecurity expert, inventor, and founder of numerous cybersecurity companies.

Sputnik: What surprises you most in this latest Google scandal? Is it the fact of what happened, or is it the cover-up?

Gary S. Miliefsky: Neither surprises me; Google used to have a slogan "Don't be evil" and they changed that slogan in 2018 after restructuring and it just doesn't surprise me — there really is bad behavior.

Sputnik:  Are they hiding other things?

Russia's 'Meddling' in US Election 'Pales in Comparison' to China's – Pence
Gary S. Miliefsky: Probably. Google is going back to China, they want to build a censored search engine. The things that they're up to is in my mind just the opposite of their original slogan "Don't be evil": they spy on you, they eavesdrop on you, they collect data on you, but they claim that they're doing it in proper regulatory compliance.

In this case with the 500,000 records from the Google Plus accounts, Google stated that it didn't violate any federal law, each state has a different law and each state require disclosure of a breach with more information. I expect attorney-generals to circle the wagons and start a lawsuit against Google for this very soon.

Sputnik: How often do breaches like this get reported?

Gary S. Miliefsky: When there is a breach, you're supposed to disclose it, at least, at a state level; for example, in California, within 30 days of a breach you have to disclose it.

Now we can't blame just Google, look at the Yahoo breach, it took them years to disclose one of the largest breaches in history, so you're supposed to disclose within 30 days, but sometimes they have excuses — maybe they are under lockdown, maybe the FBI is involved, maybe they're still collecting data, but the best practice is, to be honest, open and transparent as quickly as possible.

READ MORE: Russia Blames Google of Meddling in Russian Elections, IT Giant Not Responding

Sputnik: How much damage can you do in 30 days; why is it such a long period of time? I believe that the new European regulations say 72 hours?

Gary S. Miliefsky: Yeah, and the GDPR (General Data Protection Regulation) will probably be all over on them on this. You remember recently, Facebook had a similar problem with a different bug, but it's a vulnerability that allowed exploitation of at least 50 million Facebook accounts, I think, accounts just a month or two ago and as a result, they're going to be fined $1.2 — 1.3 billion by the EU.

Sputnik: I'm also wondering, if I were evil and I were Google, I'd probably want to do everything I could to make sure that this information would not come out. Why ruin your reputation? Do you think that they actually stifle or suppress news about these kinds of things by manipulating search results or doing other covert things?

Google Says Private Data of Up to 500,000 Users Exposed Due to Security Bug
Gary S. Miliefsky: Google discovered the glitch in their software in March of this year; the year is almost over, it took a long time to disclose it. That kind of bothers me, they should've put the word out there and said: "Hey, we found a problem and we're fixing it." The second thing is they're actually shutting down Google Plus completely and the US government, I believe the Senate, has actually demanded that they turn over material in full disclosure; there's an investigation that's started already.

READ MORE: Google Is Walking on the Razor's Edge — Cyber Security Expert

Sputnik: According to the law, 30 days in the US, the new European regulations say 72 hours; how soon do you have to not just disclose publicly, but do you actually have to contact the people who are affected? Because in this case, they're saying half a million users were perhaps affected. Are you supposed to reach out to those specific users to tell them that there's a possibility that their data was leaked?

Gary S. Miliefsky: Yes, absolutely — in fact, every person. I think personal sovereignty is such an important thing, […] they'll tell you it's just for marketing, "we're just doing consumer demographics, that's why we turn on your microphone, that's why we geo-locate you so many times that the batteries die on your devices, it's just to help us do things better" […] they're making a lot of money off of us becoming the product, and as a result they don't want to disclose as fast as possible, they don't want to tell everyone that you've become a product and your data is linked somewhere, and by the way, "we've done eavesdropping on you so the amount of data we have on you is a lot more than you thought."

READ MORE: Google, Facebook, and the Manipulation of Society

Sputnik: Tell me about the eavesdropping, you're getting me very worried actually. What are they actually listening to?

Researcher Explains If Lack of Security Could Spread to Facebook Owned Portals
Gary S. Miliefsky: Google and Facebook and a few others have brilliantly developed tools to collect data on you all the time. Google acquired Keyhole, which was the first visual mapping of the world, then Google started those driverless cars mapping the whole globe, getting every street they could imagine tying in your geolocation on your phone to maybe the local restaurant you might be about to be near and maybe it's the right time of day, maybe you're hungry and for some strange reason and add pops up, over 50% off at Groupon, and Groupon paid Google for that, to know that you're going to be near the restaurant; Groupon doesn't know where you are, but Google does.

Sputnik: You always hear these stories, even experiments, where people don't have a cat saying: "I think we should get some food for the cat" and then they get an ad for cat food — is it really that bad?

Gary S. Miliefsky: How many Android phones are in the world and how many Google apps are on the Apple iPhone? So I believe there're over a billion Androids and Google owns on the Android; the function calls to a microphone, keyboard, Wi-Fi, Bluetooth and webcam, GPS; they own it all, they own your data. We have to accept that we've given up our privacy for convenience and these companies really don't care about us.

Views and opinions expressed in the article are those of Gary S. Miliefsky and do not necessarily reflect those of Sputnik

Discuss