What would Google do?

Now that the first major botnet that runs on Android has been found by the Anti-virus vendor community, I wonder what would Google do?

In October of 2011 the London Action Plan in cooperation with the Messaging Anti Abuse Working Group organised a session on mobile security. In December 2011 the Dutch Association ECP did the same for the Dutch market. At both events Google and Apple, as the main Operating System developing companies for the mobile world, declined participation. In the Netherlands not one mobile operator chose to participate in the event. What does this tell us?

Addressed topics

At these sessions one main question prevailed: Are there lessons to be learned from the fixed network that can be applied fast to the mobile one? Yes, people decided and they are quiet predictable. What makes it hard, is who calls the shots? There are so many different layers involved, that it results in a form of stagnation where mobile cyber security is involved. Who decides on updates of operating systems? Will bought apps, downloaded software, etc. still work if an update is offered? How are app stores secured? Who decides whether a standard anti-virus product is sold with a smart phone?

And even if all these problems and a lot more are worked out between all the involved partners in the mobile chain, there are the individual users who download illegal software, often infected with a trojan. The two sessions made one thing clear, there is no easy solution to these questions.

Enter Google

If Google is present at international meetings (at least the ones I attend) they show how good they are and do. New search engine applications are shown that will better the world (and Google). You may have heard them also. I ask myself two questions here:

1. Why is Google not, actively, present when cyber crime and security is discussed?

2. Why does Google not apply its enormous potential to assist law enforcement and the cyber security community?

In the end if the Internet is hurt, as trust levels go down because of the possibilities the Internet offers to criminals and fraudsters and how this effects the choices of individual persons and organisations, Google will be seriously hurt in the process. Trust in Google(‘s products) will go down accordingly.

If I just stick to topics which are relevant to Google and leave other possibilities aside, the company has the potential to filter search queries for illegal software on the Internet as well as identify the related websites. How hard is it to engage with law enforcement and cyber security organisations on this data? Isn’t it in the interest of Google to do just this? And how about assisting in creating a level playing field among said agencies, e.g. by providing trainings that benefit Google as much as law enforcement officers and cyber security personnel?

Is this abusing the power of Google? I do not think it is. Companies are allowed to protect its products as well as its customers, especially when its own systems are used to abuse or hurt itself and/or its customers. As long as it does not go beyond its own terms of contract and the law. That abuse of its products will hurt Google in the end, is only a matter of time if it isn’t already happening.

I seriously wonder whether Google can afford to remain aloof where the stability and security of the (use of the) Internet are concerned. The Internet is its main source of existence. Making it a safer place with acceptable levels of risk may become a matter of priority for the company fast. Hence my question: What would Google do?

BTW. The same goes e.g. Apple and Facebook.

Wout de Natris, De Natris Consult

Leiderdorp, 5 July 2012


About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Botnets, Cyber awareness, Cyber crime, Cyber crime reporting, Cyber education, Cyber ethics, Cyber security, International cooperation: cross border aspects, Internet governance, Malware enforcement, Mobile, Self regulation and tagged , , , , , , , , , , , . Bookmark the permalink.

2 Responses to What would Google do?

  1. Hi, Wout. We met at the ENISA botnet workshop last year.

    At present there is *no evidence of an Android botnet*. This started when a Microsoft employee received a spam that claimed it was sent from an Android, and started spewing FUD about Android botnets, which several news outlets believed. Several antivirus companies have since commented that they have been unable to find a single example of the claimed malware (though Sophos claims it might still exist).

    Google is actively involved in online security. A lot of work happens behind the scenes and isn’t obvious, but some efforts are published at http://googleonlinesecurity.blogspot.com/ — you should definitely check it out.

    • Hi Damian,

      Thank you for your swift reply and I’m glad to read your answer. My suggestions still remain. I truly do think that Google could be more at the fore front on this topic and assist in making the Internet safer, in everyone’s interest, including Google’s.

      Glad to take this up discussion further off this blog post.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s