
Project Shield - ashishbharthi
http://projectshield.withgoogle.com/
======
devx
Serious question: what happens if say Wikileaks or Snowden or the next
important whistleblower uses this service, and then the head of DHS, FBI, DOJ,
etc (not a Court) "gives a call" to Google? Will Google "protect their free
expression", or comply with the order within hours, like Amazon did [1]?

Google may have great lawyers and a lot of money, but what if they tell them
"hey, you know that tax-free money you're sending to the Bermuda [2]? Yeah,
FTC will be knocking on your door tomorrow to ask you about that".

So I guess what I want to know is if Google will actually stand their ground
and protect their users till the end by doing the _right thing_ , or they'll
"compromise" if the potential cost to their business is too great. Maybe in
the past it was easy to believe Google would actually do the right thing, but
it's becoming increasingly harder to believe that.

[1] [http://www.theguardian.com/media/2010/dec/01/wikileaks-
websi...](http://www.theguardian.com/media/2010/dec/01/wikileaks-website-
cables-servers-amazon)

[2] [http://www.cnbc.com/id/101104483](http://www.cnbc.com/id/101104483)

~~~
packetslave
Google has been pretty explicit about the circumstances in which it will hand
user data over to governments or law enforcement. Even if it is required to be
done in secret (e.g. a NSL or FISA request), it still requires a valid court
order or other legal process.

[http://www.google.com/transparencyreport/userdatarequests](http://www.google.com/transparencyreport/userdatarequests)

If you think any U.S.-based company is able to do better, I'd love to hear
how.

~~~
workhere-io
Snowden mentioned Google as one of the companies that provides direct access
to its backend to NSA - meaning that NSA can access information on Google
users without needing a court order.

[http://www.youtube.com/watch?v=ZLrPquNK1Mc](http://www.youtube.com/watch?v=ZLrPquNK1Mc)

~~~
moultano
Which Google repeatedly vehemently denied.

> _I’m not sure I can say this more clearly: we’re not in cahoots with the NSA
> and there’s is no government program that Google participates in that allows
> the kind of access that the media originally reported. Note that I say
> "originally" because you'll see that many of those original sources
> corrected their articles after it became clear that the PRISM slides were
> not accurate. Now, what does happen is that we get specific requests from
> the government for user data. We review each of those requests and push back
> when the request is overly broad or doesn't follow the correct process.
> There is no free-for-all, no direct access, no indirect access, no back
> door, no drop box._

 _We’re not in the business of lying and we’re absolutely telling the truth
about all of this. Our business depends on the trust of our users. And I’m an
executive officer of a large publicly traded company, so lying to the public
wouldn’t be the greatest career move._

[http://www.theguardian.com/technology/blog/2013/jun/19/googl...](http://www.theguardian.com/technology/blog/2013/jun/19/google-
chief-legal-officer-david-drummond-live-q-and-a)
[http://googleblog.blogspot.com/2013/06/what.html](http://googleblog.blogspot.com/2013/06/what.html)

~~~
workhere-io
_Which Google repeatedly vehemently denied._

Probably because they're forced to do so by the authorities, like Lavebit was.
So it becomes a question of who you are going to trust: Snowden (who has
nothing to gain by lying) or Google (who is required by law to lie about it
_and_ risks losing a lot of money if their customers lose faith in them). I
know who I trust in this case.

~~~
DannyBee
Can you please state what law you believe would force them to lie about it?

As i've pointed out in a few discussions, the law does not (and generally
cannot constitutionally) require you to actively lie about something (IE
compelled inaccurate speech). It can require you to not speak about something,
compel you to speak truthful things (as a disclosure or otherwise), and
require you to not tell someone something, but cannot require you to tell them
something that is a lie.

AFAIK, Lavabit was forced to _not disclose something_ to their customers,
which fits in with what I said.

There are actually fairly important distinctions, legally, between different
types of speech, and important legal distinctions between compelled speech and
lack of disclosure. So you can't really paint all of these things with the
same brush.

(note: The above is about the US, someone asked me privately, and I have no
idea, about other countries)

~~~
michaelt
According to 18 USC § 2709 (C)(1) it is illegal to "disclose to any person"
[1] you have received a National Security Letter. Likewise, the FISA court
order used to gather all Verizon call data bars Verizon from disclosing its
existence [2].

I don't have the legal expertise to say whether one would be forced to lie
about it, and the legislation doesn't explicitly use the word lie. However,
according to someone who received one and received legal advice: "Under the
threat of criminal prosecution, I must hide all aspects of my involvement in
the case -- including the mere fact that I received an NSL [...] When clients
and friends ask me whether I am the one challenging the constitutionality of
the NSL statute, I have no choice but to look them in the eye and lie." [3]

[1]
[http://www.law.cornell.edu/uscode/text/18/2709](http://www.law.cornell.edu/uscode/text/18/2709)
[2] [http://www.theguardian.com/world/2013/jun/06/nsa-phone-
recor...](http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-
verizon-court-order) [3] [http://www.washingtonpost.com/wp-
dyn/content/article/2007/03...](http://www.washingtonpost.com/wp-
dyn/content/article/2007/03/22/AR2007032201882.html)

~~~
DannyBee
1\. As I mentioned, non-disclosure is _very_ different from compelled speech.
Compelled accurate speech is even held to a different standard than compelled
lies. I have the legal expertise to tell you they are different. :)

2\. This person seems to have missed choice b: "Do not comment". They are not
compelled to lie, by the very law you cite. They are only required not to
disclose. No court has ever held this to mean "lie when asked", rather than
"say nothing when asked". If the government went after someone for not saying
anything, that would be ... a tough case.

3\. I am happy to admit the distinction between compelled lying and non-
disclosure is, for some people, no distinction at all, but the law does make
such a distinction.

~~~
michaelt
What you say may be traditionally held by non-secret courts, but the
revelations so far indicate the secret courts produce some astonishing
rulings.

If the chap quoted in the Washington Post article was actively challenging the
constitutionality of National Security Letters with the help of the ACLU, that
makes me think he would probably have received reasonably reliable legal
advice? Don't you think?

~~~
DannyBee
First, it is not secret courts who have produced any precedential rulings on
the reach of NSL's (at least in the sense of binding any large group of
people). It has been normal federal courts. Those that have ruled, have ruled
the gag portion unconstitutional.

Here in fact, it says they verified he's the person through publicly available
court documents, which must mean it's likely docketed in a normal federal
court somewhere (the article pre-dates the FISC publishing their docket)

Second, there are two issues I do not expect he necessarily received
reasonably reliable legal advice. The people who participate in these cases
are often _not_ specialists, and often _not_ highly knowledgable about the
area (especially at this stage of the game, when things get to SCOTUS or
something they generally are willing to engage more competent people). They
are just passionate.

Past that, he was not quoted, he wrote the piece. You assume the piece is, for
example, not using hyperbole. It does not say the government, or anyone else,
has actually made these threats. It does not say what legal viewpoint they
take that makes them believe this (and again, given the only gag orders to be
challenged have _all_ been struck down, it seems a bit out there ...). There
are no details or anything else to support or verify the legal reasoning or
implications for what he says.

This is an opinion piece, meant to support his case. Reading it as an accurate
view of the state of the law is, well, probably not a great idea (I certainly
agree that reading it for the chilling effects part, fine. But to take
everything he says as if his lawyer said that was the way it had to be, is a
bit far)

------
srhngpr
On an unrelated note, I had never seen the withgoogle.com domain before and I
did some searching and found all these other projects, initiatives, landing
pages, and even online courses:

\- Chromebook mobile site:
[http://us.chromebook.withgoogle.com](http://us.chromebook.withgoogle.com)

\- Developer Bus:
[http://developerbus.withgoogle.com](http://developerbus.withgoogle.com)

\- Full Value of Mobile:
[http://www.fvm.withgoogle.com](http://www.fvm.withgoogle.com)

\- Google Analytics Academy:
[https://analyticsacademy.withgoogle.com](https://analyticsacademy.withgoogle.com)

\- Google Expert:
[http://expertbrasil.withgoogle.com](http://expertbrasil.withgoogle.com)

\- Google Wallet Instant Request Form:
[http://getinstantbuy.withgoogle.com](http://getinstantbuy.withgoogle.com)

\- Mapping: [https://mapping.withgoogle.com](https://mapping.withgoogle.com)

\- Online Marketing 101:
[https://onlinemkt101.withgoogle.com/preview](https://onlinemkt101.withgoogle.com/preview)

\- Royal Baby Congrats Card:
[https://royalbabycard.withgoogle.com](https://royalbabycard.withgoogle.com)

\- Tour Builder:
[https://tourbuilder.withgoogle.com](https://tourbuilder.withgoogle.com)

\- Web Accessibility:
[https://webaccessibility.withgoogle.com](https://webaccessibility.withgoogle.com)

\- YouTube Creator Academy:
[https://creatoracademy.withgoogle.com](https://creatoracademy.withgoogle.com)

\- Your Tour (Tour de France):
[http://yourtour.withgoogle.com](http://yourtour.withgoogle.com)

Non-English:

\- [http://vpered.withgoogle.com](http://vpered.withgoogle.com)

\-
[http://docchinogame.withgoogle.com/pc/](http://docchinogame.withgoogle.com/pc/)

\- [http://minchizu.withgoogle.com](http://minchizu.withgoogle.com)

\- [http://ennovate.withgoogle.com](http://ennovate.withgoogle.com)

\-
[http://brasilfreewifi.withgoogle.com](http://brasilfreewifi.withgoogle.com)

~~~
jcampbell1
My guess is that everything on a .google.com domain requires loads of security
testing. This let's them put up a marketing site with out tons of auditing.

~~~
sprizzle
Yeah that's absolutely correct. Google has more initiatives than they can
produce internally and so a lot of work is contracted to external
vendors/agencies, which can have security concerns. The withgoogle.com domain
allows Google to host externally-created sites that do not have any access
whatsoever to internal user data.

------
Systemic33
Seems like its just a straight up competitor to Cloudflare. There doesn't'
appear to be any direct revenue gain from this, maybe this is more of a mafia
protection kinda thing (as in protecting its interests, the websites hosting
its ads).

Does anyone know what it takes to mitigate DDoS, at this kind of scale?

~~~
packetslave
Did you seriously just accuse Google of "a mafia protection kinda thing"?
Seriously?

~~~
jere
I'm assuming the OP was referring to a protection racket:
[http://en.wikipedia.org/wiki/Protection_racket](http://en.wikipedia.org/wiki/Protection_racket)

>A protection racket is an operation where criminals provide protection to
persons and properties, settle disputes and enforce contracts in markets where
the police and judicial system cannot be relied upon.

Of course, Google isn't threatening anyone with DDoS, (even assuming that they
somehow make money of you).

Otherwise though, it's somewhat of an interesting analogy. This _is_ a form of
protection (of online property). And you can't really rely on the police to
protect you from DDoS. I suppose it would be more reasonable to just compare
it to a security firm though.

~~~
icambron
> I suppose it would be more reasonable to just compare it to a security firm
> though.

That's why the analogy is not interesting; the use of "mafia" is silly because
it implies there's some criminal element to Google's intensions. For example,
here's the opening line of that Wikipedia page:

> A protection racket is a scheme whereby a criminal group provides protection
> to businesses through violence outside the sanction of the law.

The only word this has in common with what Google is doing is "protection".
The analogy captures nothing _useful_ that "hiring a security guard" doesn't.
But it also captures a whole universe of other implications that are entirely
unwarranted and laughably unfair. It's a _terrible_ analogy.

"You're just like a mafia don in that you also drive a car."

I should disclaim that I don't think the offering is above suspicion and
criticism, just that the comparison to a protection racket is absurd.

------
mariusz79
I can already see the headlines: "Beginning January 1st 2016 Google will
discontinue Project Shield"

~~~
MrZongle2
You beat me to it. My first thought was, " _now_ what sub-industry is Google
trying to kill off and subsequently force the resurrection of in a couple of
years when their product gets pulled?"

~~~
saraid216
You make them sound like a forest fire.

------
jjoe
Based on the wording, technology used is going to be a mixture of IP Anycast
(traffic sharding) and cache proxying (serve content through), which is what
CF does. Except google has all the cash and resources to throw at the problem
without putting a dent on their bottom line.

But the interesting tidbit coming out of this project's going to be the
internal packet/traffic scrubbing system they've developed. Will it be
commercialized or will it spawn a new startup. So many positive outcomes
however it ends up.

------
United857
NVidia already has something named Project Shield -- although it has nothing
to do with this. Wonder if this is confusing enough for a trademark case.

~~~
opinali
Not to mention the S.H.I.E.L.D. Nick Fury will be pissed.

~~~
atestu
not to be mistaken with… The Shield!
[http://www.imdb.com/title/tt0286486/](http://www.imdb.com/title/tt0286486/)

------
Geee
Isn't it a clear that they set this up to track users to those kinds of sites
and feed NSA with that information? Also, they get to control what information
they want to let out. Call me paranoid, but I don't trust Google a bit here.

~~~
MisterWebz
You don't have to be paranoid to realize that information given to a third
party can be abused or leaked to other parties. I'd like to believe that most
of us are already past the whole "trusting an organization" thing and have
already moved on to deciding whether the benefits of using a service outweigh
the downsides of said service sharing your information with other people.

------
chanux
I think _protect free expression online_ is too precious of an idea to be used
there. But that's just my opinion.

------
ck2
Every time I see a new google product launch, in the back of my mind I start
to wonder when it will be shut down.

------
snird
"protect free expression online"? and who will protect us from google
itself?...

------
clebio
Whoa, interesting Captcha (sorry to go on a tangent). Looks a bit like crowd-
sourcing their street-view work (though could of course be sourced from all
sorts of other things).

~~~
fsckin
This started last year. Pretty smart usage, in my opinion.

[http://techcrunch.com/2012/03/29/google-now-using-
recaptcha-...](http://techcrunch.com/2012/03/29/google-now-using-recaptcha-to-
decode-street-view-addresses/)

------
znowi
> Project Shield is an initiative to use Google's infrastructure to protect
> free expression online

How peculiar. The tech is DDoS mitigation, but the PR focus is on "free
expression online", Syrian gas attacks, and evil Iran.

Wonderfully executed. The internet crowd is cheering the "free speech", the
government approves of the Middle East angle.

Meanwhile, PRISM keeps working and very few care about it.

------
car
How will Google determine which opinions to protect?

As wonderful as Project Shield sounds, there is a fundamental risk of it being
undemocratic.

~~~
thethimble
Why won't it protect all sites regardless of content? Isn't that the point of
free speech?

~~~
jkscm
No, Google will decide what will be protected or the people that have the
power to control Google in these regards.

Content that will certainly not be protected: \- Content that violates the
Digital Millennium Copyright Act

\- Illegal pornography, snuff videos ...

\- sedition,incitement

\- confidential NSA stuff (you know, because it helps terrorist )

------
Theodores
I am not being funny, however, shouldn't this form be https? Or did I miss
something?

------
lnanek2
Kind of a bad name choice with NVIDIA Shield being a popular topic in tech and
gaming circles right now.

------
pearjuice
_Good goy, come host your government neglecting data with us, we promise we
won 't hurt you!_

------
neves
Great! Now the NSA can monitor every dissident of the world without the need
to search for them.

~~~
TeMPOraL
Well, that's what Google is all about - providing good search solutions ;).

------
daljeetv
One more step toward Google creating a complete and comprehensive end to end
solution

~~~
daljeetv
Which provides GOOGLE with even more connected data points about a user when
he/she is surfing the net.

------
lazylizard
so this is like cloudflare but for people whom google like?

------
chadwickthebold
Hopefully this project will come with increased openness about Googles
complicity in the PRISM scandal. It would be rather ironic if this ends up
protecting free speech everywhere except in America.

~~~
Systemic33
It is quite ironic how the country that class itself the land of the free, and
home of democracy, etc. exudes no fight for freedom within its own borders.
Kinda ruins the whole freedom facade, when freedom is only given when it is
inline with the government strategic plan.

~~~
krapp
There have been protests, haranguing in the news, even an attempt to defund
the NSA's metadata collection program which almost passed. What do you expect,
molotov cocktails to be thrown at Congress? It's a big country and most people
simply don't care.

------
tharshan09
github needs this.

------
Fando
Wow, what a load.

