***** Googling Security: How Much Does Google Know About You? By Greg Conti; published by Addison-Wesley Professional, www.informit.com (Web); 332 pages; $49.99.
Millions of people have Google accounts. And by logging in, those users provide Google with their current location on the Internet, an IP address that might identify their company, and perhaps search parameters that telegraph business interests or other proclivities. Google policies state it will use any information you provide to “enhance your user experience,” which means it will target advertisements and other services. Google’s ability to gather information and connect discrete and seemingly innocuous bits of data to form an identifiable profile of the user—right down to name, home address, phone, and interests, for example—increases every time one is online.
Greg Conti does not think Google is currently an evil empire, but he does think it’s an empire that in today’s wired world could become evil in a snap, whether intentionally or not. Conti, an assistant professor of computer science at the U.S. Military Academy and a renowned security expert, explains the risks in Googling Security: What Does Google Know About You?
How Google and its competitors operate is important to security professionals on two conflicting fronts. First, the ability to access information on individuals and subjects is important in threat assessments, investigations, and general research. Second, restricting much of the same data from others is important to protecting one’s own personal and sensitive information. Google, says Conti, is not merely a search engine; in the first chapter he calls it a “nation-state” and notes its corporate mission is to “organize the world’s information.” Its corporate motto? “Don’t be evil.” But what about all of the individuals who work for it or the thousands of other partners with access to the information? He goes on to address these points through 10 detailed, thought-provoking, and occasionally scary chapters.
The short answer to the question in the book’s title is “everything.” On the positive side, the massive, widely scoped, deeply intrusive extent of Google’s data management does have some inherent and user-enabled controls. In theory, it’s not open to just anyone. In reality, however, pretty much anyone willing to jump through some hoops can get to it. Conti says, “If you use the Web, you should read this book.” He’s not just talking to security professionals, but that’s who should be paying the most attention.
Reviewer: Derek Knights, CPP, PCI, CISSP (Certified Information Systems Security Professional), CFE (Certified Fraud Examiner), CIPP/C (Certified Information Privacy Professional/Canada), is director of investigative services for Sun Life Financial in Toronto. He serves on a committee of the ASIS International Physical Security Council.