Ira Winkler

Much outrage has been expressed about Google's new privacy policy. People are acting as if they are shocked that Google would consolidate the personal information it gathers from its customers through all of its varied services. What is shocking to me is that none of these people, including members of Congress, seemed to see it coming.

Google's move doesn't surprise me. In fact, three years ago, I gave a presentation at an RSA conference saying that the information that Google was gathering through its wide-ranging services was just too tempting and that consolidation of that data was inevitable, despite the compromise of privacy that would result. (The presentation wasn't recorded, but you can view an interview I did at the time that summarizes what I had to say.)

I had to laugh when I read about Facebook's latest effort to woo businesses . While Facebook wants to look like its well ahead of Google + in the commercial uses of social networking, its track record of dealing with users suggests that businesses should not rely on it.

Of course, when you rely on a free service, you should expect to get what you pay for. But when the free service is provided by a highly profitable company like Facebook, you have to think that at least a modicum of customer service and responsiveness would be in its best interests, especially when it wants to convince people to choose its service over a fast-rising competitor.

When I saw the Computerworld article about Square touting how it is going to replace cash registers with iPads, I was dismayed that there was no discussion of security. And Square's app isn't the only payment app that makes me anxious. While I admit that I would find applications such as Square Register and Google Wallet useful, turning mobile devices into credit cards or credit processing systems is foolish at this time.

OK, some of these payment applications are pretty cool. Square Register could be really convenient for small-business people, making accepting credit card payments practical for businesses that make few transactions. For some small companies, that could be a competitive edge. Likewise, applications like Google Wallet that let you pay for things by having your smartphone communicate with a terminal consolidate another function onto a device that people always have with them.

What surprises me about the latest hack of Google , supposedly by the Chinese government, is that it was surprising to anyone. Stories about the incident are flooding Computerworld.com and other sites throughout the Internet. Google is threatening to pull out of China in response to the hacking , which is giving people the impression that Google is protecting its Web mail subscribers and itself. In reality, I doubt that it will do either.

The whole affair reminds me of a scene in the movie There Will Be Blood , when Daniel Day Lewis' corrupt oil baron tries to buy drilling rights from several landowners, and only one holds out. Years later, the farmer, in need of money, reconsidered. The oil baron, in a drunken rage, laughs at the landowner's representative and tells him that all of the oil was in one common pool, and that when he pumped the oil out of the ground from one piece of land, he got the oil under everybody else's land. It was as if he had stuck a really long straw in the farmer's milkshake, he said, adding "I drank your milkshake." Given the nature of the Internet, whether or not Google pulls out of China, China will drink Google's milkshake.

For 15 years now, I have been publicly lambasting all of those people who have made their careers, or at least made fleeting news headlines, based on their declaration of an imminent Electronic Pearl Harbor. My disdain is based on several factors, but predominantly the lack of accountability for such statements. One industry analyst, for example, stated that there will be such an event by the end of 2003. Six years later, I didn't see anyone revisit the utter lack of such an event.

However, I now see things developing to the point where there can be a strategic attack on computer infrastructures. The key word is Strategic.

I have generally supported the government's border search policies. But I am horrified by the recent DHS Privacy Office's approval of searches of electronic devices without suspicion. It is wrong for many reasons; from the constitutional to the logistical.

I should never be surprised at things related to government security efforts, but I did think the concept of hiring hackers was pretty much dead in government circles. Then comes the recent headline, " U.S. Looks to Hackers to Protect Cyber Networks." Frankly, I think it set the security profession back at least three years.

The story, widely quoted throughout the U.S. and the world, makes people think that hackers are superior to the best security professionals. Now, admittedly, recent stories have made it appear that the government's security efforts are poor at best. We've had foreign intelligence agencies infiltrating the power grid, and The Wall Street Journal recently reported that the F-35 designs have been hacked for years. All of that is something to ponder. But hiring hackers to fix security breaches? Hackers are not security experts. A recent, and most telling, survey from Verizon basically found that hackers' skills reside in the ability to exploit very basic mistakes on the part of their victims.