Google announces open source security initiative, continuing its love-hate relationship with user privacy
Google, Dropbox, and the Open Technology Fund have partnered to create Simply Secure, a group meant to make it easier for companies to build open source security tools into their products.
They couldn't have picked a better year to found a group dedicated to digital security. Whether it was the crippling Heartbleed bug that rocked the Internet earlier this year or Apple's inability to use basic tools in its operating systems, this has been a banner year for online insecurity.
Simply Secure intends to address those problems, as the group makes clear in its unveiling:
While consumer-facing security tools exist and are technically effective, they often have low adoption rates because they’re inconvenient or too confusing for the average person to operate. Even well-known features like two-factor authentication, offered by many online services, are not widely used.
The need to overcome this challenge is particularly clear in the wake of events like the recent celebrity photo leak and the Snowden revelations. No matter how effective security technologies are, people will not use them unless they become more accessible and easier to understand. We need simpler options for stronger security, available at our fingertips. One of the group's advisors, Cory Doctorow, makes its goals even clearer in a column for the Guardian, writing that Simply Secure will work to improve OTR, a secure messaging tool that is so frustrating to set up that Glenn Greenwald almost missed his chance to nab the documents leaked by Edward Snowden when he was first approached by the infamous leaker.
This isn't the first time Google has vowed to improve online security to help people keep their personal information to themselves -- or at least to make sure that people continue sharing their personal information with Google's services instead of shutting down out of fear. I wrote about one of the company's efforts, Project Zero, and that strange juxtaposition back in July:
Other companies have committed to funding independent security auditors in an effort to promote digital security — the oxymoron that it is — and restore faith in the foundation of the Web. Project Zero goes far beyond that by encouraging security experts to find problems in products that have nothing to do with their employer and making sure they’re promptly fixed.
Google’s commitment to degrading personal privacy might make it seem like a strange fit for something like Project Zero, which will inevitably help people keep some information private. But that misses the point of Google’s efforts to gain consumer trust. It doesn’t need to force its way into our digital houses; it’s already been invited in and told to make itself feel at home. Now the company is taking on yet another pet project to help keep people secure even as it works to invade their homes through acquisitions like those of Nest Labs and Dropcam. It's a funny thing to think about; is it better to have these secure tools and not look a gift horse in the mouth, or to question why Google's priorities can be so goddamned hard to keep straight?
At this point, it might be better to hope that the company's efforts are successful and security tools are made easier to use. Better to have a particularly snoopy locksmith who does good work than to leave your house unlocked because you can't figure out how to make it more secure.