DragonI

Google employees staged a protest over Trump’s immigration ban

Walking off the job in eight offices worldwide

www.theverge.com|Casey Newton

More than 2,000 Google employees in offices around the world staged a walkout on Monday afternoon in protest of President Donald Trump’s executive order banning immigration in seven Muslim-majority countries. Using the hashtag #GooglersUnite, employees tweeted photos and videos of walkout actions around the world, including at headquarters in Mountain View.

Both Google co-founder Sergey Brin and CEO Sundar Pichai spoke to employees at Mountain View. "The fight will continue," Pichai said, according to a New York Times reporter who was on the scene. Brin told employees "it's a debate about fundamental values," according to the reporter, Daisuke Wakabayashi.

Google co-founder Sergey Brin joins protest against immigration order at San Francisco airport

Sergey Brin, Google co-founder and president of Alphabet, joined protesters at San Francisco International Airport tonight as demonstrators assembled at airports across the country in opposition to President Trump’s immigration order.

www.theverge.com|T.C. Sottek

When asked for comment by The Verge, Brin said he was attending “in a personal capacity” and would not be giving comment. But Forbes’s Ryan Mac did catch Brin elaborating slightly — reportedly saying “I’m here because I’m a refugee.”

Brin’s family emigrated from the Soviet Union to the United States in 1979 to escape Jewish persecution.

Google’s secret NSA alliance: The terrifying deals between Silicon Valley and the security state

www.salon.com

Inside the high-level, complicated deals -- and the rise of a virtually unchecked surveillance power

Google uncovered evidence of one of the most extensive and far-reaching campaigns of cyber espionage in U.S. history. Evidence suggested that Chinese hackers had penetrated the systems of nearly three dozen other companies, including technology mainstays such as Symantec, Yahoo, and Adobe, the defense contractor Northrop Grumman, and the equipment maker Juniper Networks. The breadth of the campaign made it hard to discern a single motive. Was this industrial espionage? Spying on human rights activists? Was China trying to gain espionage footholds in key sectors of the U.S. economy or, worse, implant malware in equipment used to regulate critical infrastructure?

...

After Google’s declaration, it was easier for other companies to admit they’d been infiltrated by hackers. After all, if it happened to Google, it could happen to anyone. Being spied on by the Chinese might even be a mark of distinction, insofar as it showed that a company was important enough to merit the close attention of a superpower. With one blog post, Google had changed the global conversation about cyber defense.

The company had also shown that it knew a lot about Chinese spies. The NSA wanted to know how much.

Google had also alerted the NSA and the FBI that its networks were breached by hackers in China. As a law enforcement agency, the FBI could investigate the intrusion as a criminal matter. But the NSA needed Google’s permission to come in and help assess the breach.

Google took a risk forming an alliance with the NSA. The company’s corporate motto, “Don’t be evil,” would seem at odds with the work of a covert surveillance and cyber warfare agency. But Google got useful information in return for its cooperation. Shortly after the China revelation, the government gave Sergey Brin, Google’s cofounder, a temporary security clearance that allowed him to attend a classified briefing about the campaign against his company. Government analysts had concluded that the intrusion was directed by a unit of the People’s Liberation Army. This was the most specific information Google could obtain about the source of the intrusion. It could help Google fortify its systems, block traffic from certain Internet addresses, and make a more informed decision about whether it wanted to do business in China at all. Google’s executives might pooh-pooh the NSA’s “secret sauce.” But when the company found itself under attack, it turned to Fort Meade for help.

...

Operation Aurora was the first glimpse into the breadth of the ATP’s exploits. It was the first time that names of companies had been attached to Chinese espionage. “The scope of this is much larger than anybody has ever conveyed,” Kevin Mandia, CEO and president of Mandiant, a computer security and forensics company located outside Washington, said at the time of Operation Aurora. The APT represented hacking on a national, strategic level. “There [are] not 50 companies compromised. There are thousands of companies compromised. Actively, right now,” said Mandia, a veteran cyber investigator who began his career as a computer security officer in the air force and worked there on cybercrime cases. Mandiant was becoming a goto outfit that companies called whenever they discovered spies had penetrated their networks. Shortly after the Google breach, Mandiant disclosed the details of its investigations in a private meeting with Defense Department officials a few days before speaking publicly about it.

The APT is not one body but a collection of hacker groups that include teams working for the People’s Liberation Army, as well as so-called patriotic hackers, young, enterprising geeks who are willing to ply their trade in service of their country. Chinese universities are also stocked with computer science students who work for the military after graduation. The APT hackers put a premium on stealth and patience. They use zero days and install backdoors. They take time to identify employees in a targeted organization, and send them carefully crafted spear-phishing e-mails laden with spyware. They burrow into an organization, and they often stay there for months or years before anyone finds them, all the while siphoning off plans and designs, reading e-mails and their attachments, and keeping tabs on the comings and goings of employees — the hackers’ future targets. The Chinese spies behave, in other words, like their American counterparts.

Google’s Sergey Brin is just one of hundreds of CEOs who have been brought into the NSA’s circle of secrecy. Starting in 2008, the agency began offering executives temporary security clearances, some good for only one day, so they could sit in on classified threat briefings.

“They indoctrinate someone for a day, and show them lots of juicy intelligence about threats facing businesses in the United States,” says a telecommunications company executive who has attended several of the briefings, which are held about three times a year. The CEOs are required to sign an agreement pledging not to disclose anything they learn in the briefings. “They tell them, in so many words, if you violate this agreement, you will be tried, convicted, and spend the rest of your life in prison,” says the executive.

The NSA helps the companies find weaknesses in their products. But it also pays the companies not to fix some of them. Those weak spots give the agency an entry point for spying or attacking foreign governments that install the products in their intelligence agencies, their militaries, and their critical infrastructure. Microsoft, for instance, shares zero day vulnerabilities in its products with the NSA before releasing a public alert or a software patch, according to the company and U.S. officials. Cisco, one of the world’s top network equipment makers, leaves backdoors in its routers so they can be monitored by U.S. agencies, according to a cyber security professional who trains NSA employees in defensive techniques. And McAfee, the Internet security company, provides the NSA, the CIA, and the FBI with network traffic flows, analysis of malware, and information about hacking trends.

Companies that promise to disclose holes in their products only to the spy agencies are paid for their silence, say experts and officials who are familiar with the arrangements. To an extent, these openings for government surveillance are required by law. Telecommunications companies in particular must build their equipment in such a way that it can be tapped by a law enforcement agency presenting a court order, like for a wiretap. But when the NSA is gathering intelligence abroad, it is not bound by the same laws. Indeed, the surveillance it conducts via backdoors and secret flaws in hardware and software would be illegal in most of the countries where it occurs.

...

It’s inconceivable that every company on such a list could be considered “so vital to the United States” that its damage or loss would harm national security and public safety. And yet, in the years since the 9/11 attacks, the government has cast such a wide protective net that practically any company could claim to be a critical infrastructure. The government doesn’t disclose which companies are receiving cyber threat intelligence. And as of now the program is voluntary. But lawmakers and some intelligence officials, including Keith Alexander and others at the NSA, have pressed Congress to regulate the cyber security standards of critical-infrastructure owners and operators. If that were to happen, then the government could require that any company, from Pacific Gas and Electric to Harrah’s Hotels and Casinos, take the government’s assistance, share information about its customers with the intelligence agencies, and build its cyber defenses according to government specifications.

VK It's amazing when the business people take over, they get focused on short-term revenue and lose the long-term vision.

...

LP When I talk to most companies, I do think their leaders are pretty short-term focused. Imagine you're running Exxon, what do you do? Say you want to do something good with the most valuable company on earth. A lot of people think probably, it's not doing good things - worried about the environment and so on. But if the company has a lot of capabilities--worldwide operations and manufacturing, government relations, probably could do a lot different things, if you took a 20-year view. If you took a four-year view, that's a pretty hard question to answer. What are you doing in the next four years, which I think is about the average tenure of a Fortune 500 CEO. So if you're being measured quarterly-- obviously, it's good to have some pressure so you actually do things, make money and improve things. But I think the four-year horizon for leaders is pretty difficult. It's pretty difficult to solve big problems in four years. I think it's probably pretty easy to do it in 20 years. I think our whole system is setup in a way that makes it difficult for leaders of really big companies.

...

LP I totally believe we should be living in a time of abundance, like Peter Diamandis' book. If you really think about the things that you need to make yourself happy - housing, security, opportunities for your kids - anthropologists have been identifying these things. It's not that hard for us to provide those things. The amount of resources we need to do that, the amount of work that actually needs to go into that is pretty small. I'm guessing less than 1-percent at the moment. So the idea that everyone needs to work frantically to meet people's needs is just not true. I do think there's a problem that we don't recognize that. I think there's also a social problem that a lot of people aren't happy if they don't have anything to do. So we need to give people things to do. We need to feel like you're needed, wanted and have something productive to do. But I think the mix with that and the industries we actually need and so on are-- there's not a good correspondence. That's why we're busy destroying the environment and other things, maybe we don't need to be doing. So I'm pretty worried. Until we figure that out, we're not going to have a good outcome. One thing, I was talking to Richard Branson about this. They don't have enough jobs in the UK. He's been trying to get people to hire two part-time people instead of one full-time. So at least, the young people can have a half-time job rather than no job. And it's a slightly greater cost for employers. I was thinking, the extension of that is you have global unemployment or widespread unemployment. 

...

VK I fundamentally believe we move from an economy of labor and capital to an economy of ideas. Most economists haven't caught on to this change, that ideas are a disproportionately large part of the growth of the economy, which I won't go too deep there, but it leads to some interesting questions. The Republican/Democratic divide about taxes and income redistribution may become much more critical and much more intense. I don't know if you have any thoughts on that. That seems to be-- we don't have to go there if you—

SB I think ideally, one would try to tax more of the things that we don't want, and either subsidize or encourage the things that we do want. The kinds of things people spend money on that are wasteful, you can imagine having higher taxes on. Or things that are harmful, like carbon, could be taxed at a higher rate. On the one hand, presumably it will slow wasteful spending. But on the other hand, perhaps we could encourage the kinds of investments that we want to be making.

...

VK Let me go back to Larry. As CEO of Google, a lot of these guys have board members who keep saying, Focus on a few things. Self-driving cars is one. You've done some things in health and others. How do you decide what's focused and what's unfocused?

LP I've been thinking about this change quite a bit over the years. I think it sounds stupid if you have this big company, and you can only do five things. I think it's also not very good for the employees. Because then, you have 30,000 employees and they're all doing the same thing, which isn't very exciting for them. So I think, ideally, the company would scale the number of things it does with the number of people in a linear fashion. As far as I can tell, that never happens. It's logarithmic with the number of people, if that. I would always have this debate actually, with Steve Jobs. He'd be like, 'You guys are doing too much stuff.' And I'd be like, 'Yeah that's true.' And he was right, in some sense. But I think the answer to that - which I only came to recently, as we were talking about this stuff - is that if you're doing things that are highly interrelated, then there is some complexity limits. It's all going to escalate to the CEO, because you have things that are interrelated. At some point, they have to get integrated. A lot of our Internet stuff is like that. The user experience needs to make sense. It needs to feel like you're using Google, not that you're using something else. So I think there is a limit on how much we can do there, and we have to think carefully about it. Everything about the automated cars is like-- Sergey can do that, and I don't have to talk to him. I like talking to him. But I don't really have to talk to him about that, because there's almost zero impact on the rest of our business. Although it does use some great engineers who we have on mapping and other things. Naturally, they move to that project, but that's a scalable process. I don't have to talk to those engineers. They just move magically. So I do think companies usually try to do very adjacent things. They figure, "We're going to know exactly how to do something that's very similar to what we already do." The problem with that is that causes a management burden. Whereas, if you did something a little less related, you can actually handle more things.

The guide starts off when Larry Page met Sergey Brin at Stanford in 1995, and chronicles all of the major milestones the company hit up until the end of last year. Given all of Google’s latest efforts in social, it looks like Online PhD will have a huge task in updating this at the end of 2012.