This text is a part of a collection on company surveillance, highlighting civil liberty, privateness, cybersecurity, security, and tech-product consumer exploitation threats related to related merchandise which might be supported by the Android (Google) OS, Apple iOS, and Microsoft Home windows OS.
Partially 1 of this text, Enterprise Customers of Smartphones Could also be Breaking the Regulation, I addressed using smartphones inside a confidential and guarded setting such because the protection business, crucial infrastructure, authorities, and authorized and medical career.
My findings, coupled with admissions made by T-Cellular and Verizon, led to the conclusion that smartphones, pill PCs, voice-automated assistants, related merchandise, and PCs supported by surveillance and data-mining enterprise practices shouldn’t be used inside a confidential and guarded surroundings.
All merchandise involved are supported by intrusive pre-installed content material that may leak confidential and guarded telecommunications, info, and knowledge to quite a few unauthorized third-parties akin to AT&T, T-Cellular, Verizon, Dash, Google, Apple, Microsoft, Samsung, Fb, Amazon, Baidu, and different telecom and tech giants.
The article concluded that it might, in reality, be unlawful to make use of any smartphone or related know-how supported by surveillance and data-mining content material, corresponding to apps, inside a confidential and guarded surroundings ruled by confidentiality agreements, non-disclosure agreements (NDAs), business and federal cyber safety requirements, federal info processing requirements (FIPS), and confidentiality legal guidelines that govern medical info, shopper–lawyer privilege, and categorized info.
China Has Entry to Your Knowledge
Because of uncontrollable pre-installed content material, resembling intrusive apps, smartphone and related know-how customers are unaware that many multinational corporations, together with nation-state corporations from China, are enabled by corporations comparable to Google to concurrently monitor, monitor, and knowledge mine the consumer for monetary achieve.
Because of this at any given time, a smartphone or connected-product consumer is being concurrently surveilled and knowledge mined by as many as 15 or extra multinational corporations, together with nation-state corporations from China resembling Baidu.
It doesn’t matter to corporations similar to Google if the smartphone and connected-product consumer is an grownup, teen, youngster, enterprise skilled, physician, lawyer, CEO, member of regulation enforcement/army, decide, journalist, or a authorities worker, official, or perhaps a regulation maker.
It doesn’t matter to corporations reminiscent of Google if the pre-installed content material builders, together with builders corresponding to Baidu, are accumulating private and professional info referred to as the product-user’s digital DNA.
Corporations comparable to Baidu are usually not restricted by corporations corresponding to Google with regard to how a lot of a product-user’s digital DNA they will gather to take advantage of for monetary achieve.
For instance, corporations akin to Baidu are enabled to indiscriminately gather info such because the consumer’s ID, location knowledge, messaging (textual content, on the spot, e-mail, and so forth.), e-mail attachments, movement knowledge, well being and health knowledge, contacts, calendar occasions, account info (medical, banking, and so on.), auto telematics (a automotive’s velocity), plus different extremely confidential info.
Corporations similar to Google don’t prohibit the surveillance and knowledge mining carried out by corporations that buy entry to the Google-product consumer.
Because of this corporations corresponding to Google are enabling content material builders, together with nation-state corporations from China, to indiscriminately gather, use, share, promote, buy, and combination a product-user’s digital DNA for monetary achieve, together with telecom-related confidential and guarded digital DNA.
Notice, I’m not suggesting Google is the one firm responsible of promoting entry to the smartphone and connected-technology consumer.
Apple and Microsoft additionally promote entry to their working system (OS)-driven product customers. Promoting entry to smartphone and connected-technology customers is a privateness and cyber safety menace that’s systemic to OS builders basically.
Smartphones and related know-how supported by the Android OS, Apple iOS, and Microsoft Home windows OS are designed for consumerism and leisure, which signifies that all merchandise involved are usually not designed to help personal, safe, and protected telecommunications and computing, as admitted by Verizon and T-Cellular.
Corporations reminiscent of Baidu pay corporations reminiscent of Google, Apple, and Microsoft giant sums of cash to realize entry to telecommunication subscribers (people and companies) and approved system customers (partner, baby, worker, and so on.) from around the globe, together with right here in the USA.
Corporations akin to Google, Apple, and Microsoft state that every firm doesn’t promote their product customers’ identifiable private info, which is very deceptive, as a result of every firm sells entry to their product customers, creating privateness and cyber safety threats to the product consumer.
Which means the Google, Apple, and Microsoft product consumer is bought to the very best bidders, who pays for entry to the consumer by means of uncontrollable pre-installed content material, corresponding to intrusive apps which are designed to allow the content material developer with the power to indiscriminately surveil and knowledge mine the product consumer for monetary achieve.
For instance, based on Google’s privateness coverage, Google doesn’t immediately promote their product customers’ identifiable private info to different corporations.
Nevertheless, Google sells entry to the Android OS-supported know-how consumer to corporations similar to Baidu.
Baidu in flip develops intrusive and exploitative content material resembling an internet browser, app, or a widget that’s programmed to allow Baidu with the power to take advantage of the consumer for monetary achieve.
Corporations akin to Google and Baidu program their content material to take full management of the host gadget, corresponding to a smartphone or pill PC, in order that the content material developer can indiscriminately surveil and knowledge mine the host gadget consumer.
Though Google’s revealed privateness coverage states that Google doesn’t share or promote the Android content material consumer’s identifiable info to third-parties resembling advertisers, the Android software legalese that helps the pre-installed Android content material, reminiscent of apps, states in any other case.
Which means Google allows content material builders corresponding to Baidu to determine the Google-product consumer whereas enabling Baidu to share the Android app consumer’s identifiable info with others.
In different phrases, Google places the legal responsibility onto corporations comparable to Baidu regarding what info Google permits content material builders to gather, together with the consumer’s identifiable private info, such because the consumer’s private ID and profile info, together with contact info.
Don’t take my phrase for these claims: The Google software legalese explains Google’s Android app coverage higher than I can.
Right here’s the Android software legalese for “Your Personal Information” from pre-installed Android content material on a Samsung Galaxy Word smartphone operating the Android OS: “Allows apps to read personal profile information stored on your device, such as your name and contact information. This means apps can identify you and may share your profile information with others.”
The truth that corporations corresponding to Baidu can determine Google smartphone and technology-product customers just isn’t revealed inside Google’s on-line phrases of use, resembling Google’s privateness coverage, which is very deceptive and must be investigated by the Federal Communications Fee (FCC), Federal Commerce Fee (FTC), state attorneys common, Division of Homeland Safety (DHS), Division of Justice (DOJ), Division of Protection (DOD), and different related businesses.
The Google–Baidu relationship is just one instance of many Google, Apple, and Microsoft relationships that pose an existential menace to a smartphone and connected-technology customers’ civil liberties, privateness, cyber safety, and security.
The menace can also be related to the nationwide safety of america normally.
For instance, the Google–Baidu relationship poses an existential menace to all telecommunications and computing related to IT networks which might be supported by protected (due course of/Fourth Modification) telecom infrastructure ruled by the FCC.
The Google–Baidu relationship additionally poses a menace to the financial system of america, as a result of corporations corresponding to Google and Baidu compete in lots of industries worldwide towards U.S. corporations.
Why is the Google–Baidu relationship a menace to all U.S. residents? As a result of Google is enabling Baidu to indiscriminately monitor, monitor, and knowledge mine U.S. telecommunication subscribers and approved system customers by approach of the telecom-product consumer’s smartphone, pill PC, or related product that’s supported by protected telecom infrastructure ruled by the FCC.
Exposing confidential and guarded telecom-related info to Google plus Google’s associates and content material builders corresponding to Baidu poses threats to truthful enterprise competitors, mental property (IP), innovation, commerce secrets and techniques, delicate info, knowledge, and privateness.
To place the threats into perspective, permitting a overseas firm to surveil and knowledge mine telecom-product customers would have been the equal of a U.S telecom firm promoting entry to U.S. telecom subscribers (people, enterprise, and authorities) and approved house telephone customers to a German telecom supplier pre-World Struggle II.
Related to Google, Apple, and Microsoft’s enterprise practices immediately, a deal between U.S. and German telecom suppliers pre-World Struggle II would have enabled the German telecom supplier to indiscriminately monitor, monitor, and knowledge mine content material from residence and workplace telephones to make use of, share, promote, and combination for monetary achieve, of which the German telecom supplier might have used the income and telecom info to wage financial struggle in addition to struggle basically towards america.
That a nation-state firm from China can deploy intrusive apps on telecom-related units resembling smartphones and PCs which might be supported by protected telecom infrastructure ruled by the FCC is past my comprehension when it comes to civil liberties, privateness, cyber safety, and security.
The DOD, DHS, regulation makers, and the FCC want to research relationships between telecom suppliers, tech suppliers, and nation-state corporations from Russia, China, North Korea or another nation that may conduct financial warfare in addition to warfare towards the USA.
Google, Apple, and Microsoft Killed Privateness and Cyber Safety
The FTC, FCC, DHS, DOJ, and regulation makers have been asleep on the wheel when Apple first launched the iPhone 10 years in the past, enabling Apple and their enterprise companions to indiscriminately surveil and knowledge mine U.S. telecom subscribers and approved system customers for monetary achieve.
That call to permit Apple to surveil and knowledge mine U.S. residents by approach of smartphones, pill PCs, and PCs killed privateness and cyber safety related to any IT community supported by protected telecom infrastructure ruled by the FCC.
Sadly, Google and Microsoft needed to compete, so every firm developed a smartphone OS that can also be supported by intrusive content material that’s programmed to allow the content material developer with the power to surveil and knowledge mine the telecom-product consumer for monetary achieve.
Google, Apple, and Microsoft management the OS market pertaining to smartphones, desk PCs, related merchandise, and PCs usually. Because of this the OS builders management what content material is pre-installed into all merchandise, plus what content material is distributed by way of on-line app shops owned by all three OS builders.
I don’t assume that Google, Apple, and Microsoft have deliberately got down to kill privateness and cyber safety, however because of the income made by cultivating smartphone, pill PC, and connected-product customers’ private and professional surveillance knowledge (e.g. location knowledge) and delicate consumer knowledge, they’ve opened Pandora’s Field with regard to unsecure telecommunications and computing nationwide.
Senior executives at Google, Apple, and Microsoft want to understand that each one three corporations have killed privateness and cyber safety related to smartphones, pill PCs, related merchandise, and PCs which might be supported by surveillance and data-mining enterprise practices.
Likewise, regulation makers and authorities officers on the FTC, FCC, DHS, DOJ, DOD, Nationwide Safety Company (NSA) plus different related businesses want to know the civil liberty, privateness, cyber safety, security, and tech-product consumer exploitation threats posed by telecom-related surveillance and data-mining enterprise practices rooted in surveillance capitalism.
Telecom suppliers similar to AT&T, Verizon, T-Cellular, and Dash, additionally want to know all threats involved as they’re the conduit to the telecom subscriber and approved gadget consumer.
Telecom suppliers, regulation makers, and all businesses involved have to take motion now to deal with the quite a few violations of legal guidelines plus all threats which are related to indiscriminate telecom-related surveillance and data-mining enterprise practices.
One other destructive impression has been the influence on IT community safety nationwide. Authorities entities and corporations are spending billions on privateness and cyber safety options that shield their IT networks from home and overseas threats posed by people, firms (espionage), and state actors.
Nevertheless, units resembling smartphones which might be used for day-to-day telecommunications and computing are bleeding confidential and guarded telecommunications, info, and knowledge to quite a few unauthorized third-parties that embrace multinational corporations and nation-state corporations from China.
Intelligence, privateness, and cyber safety specialists worldwide have recognized the identical threats that I’ve uncovered, plus many extra threats related to leaky telecom hardware, software program, purposes, infrastructure, and know-how.
In mild of the collective threats that privateness and cyber safety specialists have recognized worldwide, telecom suppliers plus the U.S. authorities are turning a blind eye to relationships between U.S. tech builders comparable to Google and nation-state corporations similar to Baidu, which is a mistake that would have already value the U.S. financial system billions in misplaced alternative to nation-state Chinese corporations.
This declare is being validated by different intelligence, privateness, and cyber safety specialists worldwide, corresponding to T. Casey Fleming, CEO of BlackOps Companions.
“One strategic goal of the Chinese Communist Party (CCP) is ‘technological sovereignty’ where the CCP is moving to internalize all technology innovation and distribute it for the purpose of ‘espionage and command and control’ of technology in all Western countries,” Fleming, a prime intelligence and cyber technique adviser, stated.
“On the path to 100 percent technological sovereignty, the CCP employs an interim strategy to embed spyware in one of many layers of technology in manufactured items. This is accomplished by embedding spyware in firmware, microcode, or software in technology products that are manufactured in China. If the CCP doesn’t manufacture it, they employ malware methods to facilitate espionage while they complete technological sovereignty.”
BlackOps Companions advises Fortune 500 corporations, authorities, and different assume tanks on these issues and is 100 % right. Fleming simply described how nation-state corporations from China use malware to facilitate espionage.
I recommend that the FTC, FCC, DHS, regulation makers, and senior executives that work for telecom suppliers and data-driven know-how suppliers corresponding to Google attain out to the intelligence, privateness, and cyber safety group to work collectively relating to the event of personal, safe, and protected smartphones and related know-how that can be utilized inside a confidential and guarded setting.
Robust questions have to be requested.
Corporations resembling Google are enabling nation-state corporations from China reminiscent of Baidu with the power to indiscriminately monitor, monitor, and knowledge mine the U.S. telecom-product consumer for monetary achieve on the expense of the telecom-product consumer’s civil liberties, privateness, cyber safety, and security. Why?
The general public must be asking the next questions:
- Who at AT&T, Verizon, T-Cellular, and Dash is auditing the pre-installed content material that helps the smartphones, pill PCs, and related merchandise that the telecom suppliers promote to most of the people, enterprise enterprise, and the U.S. authorities?
- Who at AT&T, Verizon, T-Cellular, Dash, Google, Apple, and Microsoft is auditing the third-party content material that corporations corresponding to Baidu distribute although their app shops on the web?
- Who inside our authorities is maintaining a tally of Google, Apple, and Microsoft?
- As I’ve requested in earlier articles, who’s defending us?
Failure to Shield U.S. Residents
Corporations similar to Baidu have been paying Google to realize entry to Google-product customers for years now with out being challenged by the FTC, FCC, DHS, DOJ, DOD, state attorneys common, telecom suppliers, or some other related company inside america.
With regard to ZTE and Huawei, the U.S. authorities has taken motion to cease ZTE and Huawei from promoting leaky telecom-related gear that’s supported by surveillance and data-mining know-how.
Only recently, Huawei’s CFO, Meng Wanzhou, was arrested for allegedly violating sanctions set towards Iran.
What about Google and Baidu? The U.S. authorities ought to examine if Google and/or Baidu are distributing content material developed by Baidu to Iran, or another know-how each corporations are chargeable for creating.
Because it stands now, it seems to be just like the U.S. authorities is simply targeted on Chinese telecom and tech corporations reminiscent of ZTE and Huawei, whereas corporations akin to Baidu freely achieve entry to telecom and tech customers worldwide by approach of data-driven know-how suppliers reminiscent of Google.
The U.S. authorities wants to comprehend that Baidu develops telecom-related surveillance and data-mining content material, which in flip helps Android-driven smartphones, pill PCs, and related merchandise which are getting used by telecom-product customers worldwide, together with in the USA.
It’s time that U.S. residents, together with enterprise leaders, demand modifications that embrace safety from predatory surveillance and data-mining enterprise practices that may convey hurt to the telecom-product consumer.
Based on the admissions made by T-Cellular and Verizon, telecom suppliers similar to AT&T, Verizon, T-Cellular, and Dash are promoting unsecure and unsafe telecommunication merchandise which are supported by predatory surveillance and data-mining enterprise practices to U.S. residents, companies, and authorities entities in any respect ranges, together with the army.
Telecom suppliers, authorities officers, and regulation makers want to deal with predatory surveillance and data-mining enterprise practices related to smartphones, pill PCs, voice-automated assistants, related merchandise, and PCs typically.
Partially three of this text, I can be addressing a battle of curiosity between telecom suppliers and data-driven OS and content material builders who compete in a number of industries worldwide, resembling Google.
Rex M. Lee is a privateness and knowledge safety advisor and Blackops Companions senior analyst and researcher: www.MySmartPrivacy.com
Views expressed on this article are the opinions of the writer and don’t essentially mirror the views of The Epoch Occasions.