Market Solutions Versus State Solutions: Google Edition

Xcel Energy demonstrated the difference between how markets and the state utilize drones. Now Google unwittingly provided another demonstration. When Google created the Play Store it saw it as a service that would improve the lives of their customers by providing a method to easily download Android applications. When the National Security Agency (NSA) saw the Play Store it saw it as a method to infect Android phones so they could be surveilled:

The information about Irritant Horn comes from documents provided by Edward Snowden to The Intercept and CBC. The program, which appears to have been in its early stages in 2011-2012, had NSA analysts use a type of man-in-the-middle attack to implant spyware on Android devices connecting to the Android Market or Samsung’s apps store. Basically, besides the requested app, the targets were served malicious software that allowed spooks to eavesdrop on everything that happened on the device. The NSA even explored using the capability to modify the target device, for propaganda or disinformation purposes.

Google wants to provide Android users with Firefox so they can browse the web. The NSA wants to provide Android users with a modified version of Firefox that reports on their browsing habits and potentially feeds them disinformation.

Whether the NSA was successful in highjacking Google’s service is up in the air. I think the answer to that heavily depends on the security used by the Play Store. If the Play Store uses effective tools to encrypt communications between an Android device and the Play Store as well as digitally sign provided software the likelihood of the NSA being successful is low. This is because a properly secured connection cannot be highjacked and digitally signing the software will alert you if it has been altered. Even if Google cooperated with the NSA the user would be able to tell if the software was modified so long as the developer signed it (that still leaves the possibility of the NSA enlisting the developer but then the problem isn’t the Play Store).

Two lessons should be taken away from this story. First, the market sees services as means to fulfill consumer wants whereas the state sees services as means to exploit them. Second, proper security is important and markets actors should focus on it to protect consumers from the state (and other malicious entities).