Google: Who Watches the Watchman?

Yesterday I read an article which highlights the recent activities of Google. In short, Google has taken it upon itself to enhance internet security by hacking not only its own programs, but the programs of other companies across the internet. If they are able to hack a program they report it to the company that owns the software, in the hopes that they will fix the problem. If not Google posts the issue on their own blog to put pressure on the company to do something about it. The article states that Google has gone so far as to create its own patches for vulnerable software.

On its face this seems like a great thing. The article lauds Google for aiming to become “cybersecurity superheroes.” It cites other major IT companies such as Apple and Microsoft for crediting the Google team (Project Zero) with making useful discoveries. My first thought upon reading this article was that it is an interesting example of what a company can do when they make more than just the accumulation of profit a goal. It seems that Google’s goals are mainly altruistic in trying to make sure that the internet remains as safe as possible for all who use it. This has the residual effect of making it easier and safer for Google to do business. Everyone wins here.

Or do they? On second thought last I checked, hacking any system but your own is a crime. If the internet has devolved into a kind of technological Wild West (which it has and always has been) then Google is acting as nothing better than a vigilante, taking the law into its own hands for a public good which it defines for itself, using means it justifies only to itself. Traditionally, the provision of national security has been the domain of the government. That is why we have police officers and that is why the government ostensibly has had the ability to subpoena information from private companies such as Google. I understand recent events have undermined the position of the government, but I think as private citizens we should ask serious questions about whether internet vigilantes should be providing our security for us.

There are very practical reasons why a company like Google is in a special position to provide the “service” it is providing. First, Google has the money to support such an effort relatively easily. Second, Google has access to precisely the type of people who would be able to conduct such a service. For the government it would be time consuming to pass a law and appropriate money for such a service and then hiring the people to do this would be difficult as most of them could get paid much more doing it in private. However, some of these difficulties could be overcome if the government hires any of many available IT companies to provide this service (or if it contracted Google to do it.)

It continues to baffle me that people trust private companies which really only have profit as their motive more than they trust the government. Furthermore, this particular action by Google is much like an individual who lives in a neighborhood in which there has been several break ins, appointing himself to check everyone’s houses for vulnerabilities by breaking into them and then reporting to them how he did it. It might look helpful at first, but how can we be certain that he will always leave everything just where he found it?

If Google is actively hacking the software of other companies, how can we be sure they aren’t illegally manipulating the market in ways that favor them? Do we just have to take Google’s word for it? This might be paranoia on my part but one reason I like the government to be involved in security is at least we have some kind of redress if something goes wrong. Government officials are elected by the people and are at least theoretically beholden to the people. Whether we trust them or not, the government has checks in place to balance against the abuse of power. Google is not headed by people that we elected and therefore they don’t really have to respond to anyone but their shareholders. This company which already owns a pretty sizable chunk of the personal data that is available has now appointed itself the protector of the internet by hiring hackers to perform what would be criminal activities in any other context. Am I the only person that sees a problem with this? What else will they appoint themselves to “protect” in the future?

It’s ironic that at this point in American culture we have become obsessed with superhero movies. If the Internet is Gotham and Google is Batman, then shouldn’t we be asking the same questions that arise in the comics? Just because Batman is better positioned than everyone else, does that really give him the right to dispense justice as he sees fit? Just because Google is Google, does that mean we should trust them over the government to secure the internet as necessary? After all, Batman was just a man, and Google is just a profit-driven company. They sometimes make disastrous mistakes and power corrupts. How much power should we release to Big Data before we start asking these important questions? If Google is our internet watchman, who watches the watchman?