FTC’s Google Safari Settlement: Impact on Government Computing

August 9, 2012

Why we need a criminal investigation to finish the job the FTC couldn’t

By Doug Miller

By just about any accepted definition, Google’s overriding of default security settlings and unauthorized intentional access of Apple’s Safari web browser on users’ systems that led to the recent FTC investigation and settlement should be considered illegal hacking that warrants criminal investigation. That is, Google surreptitiously loaded executable code onto users’ devices, ran that code to weaken the browser’s security settings, and then used the weakened security environment to load third-party cookies to enhance the relevance of ads displayed to the user. This was done to provide Google with revenue from the additional ads. Since advertising generates 96% of Google’s revenue, the motive for hacking seems clear. Hacking for profit is against the law. Google should not get a pass for what is a criminal act.
Read the rest of this entry »

What Utah CIO’s firing means for public sector cloud computing

May 16, 2012

By Jeff Gould

Utah’s Governor has just fired the state’s CIO over a data breach that let foreign hackers steal the social security numbers of 280,000 state residents. Why did this unfortunate episode happen, and what can we learn from it?

Here are the basic facts. Sometime back in March, Romanian data pirates hacked into a state database. Utah, like many states, maintains a database of Medicaid recipients that health insurance providers query to verify a patient’s entitlement status before paying for care. Unfortunately, the way the process works is badly designed: everyone who receives health care in Utah has their name queried, whether they are on Medicaid or not. The CIO can’t be held responsible for this poor workflow design choice. Most likely the politicians are to blame, or perhaps the state department that regulates health insurance in Utah.

Read the rest of this entry »

Safari-gate: Did Google break government computing laws?

May 3, 2012

By Doug Miller

On February 17th, the Wall Street Journal reported that a researcher working for them discovered that Google ran hidden code designed to circumvent the security settings on Apple devices that use the Safari web browser. While much of the coverage of this revelation has focused on consumers and whether the action may have violated laws or the consent agreement between the FTC and Google, little has been written about the impact for public sector customers. Public sector customers are big users of Apple devices and these users are governed by a strict set of unique regulations and laws. Given the circumstances of the events here, the question needs to be asked: did Google break any of the laws or regulations that restrict entities from accessing or changing government computing systems?

Read the rest of this entry »