Home / Blogs

Google's Project Shield May Actually Be A Double-Edged Sword

Chris Brenton

Google has received a lot of press regarding their Project Shield announcement at the Google Ideas Summit. The effort is being applauded as a milestone in social consciousness. While on the surface the endeavor appears admirable, the long-term impact of the service may manifest more than Google had hoped for.

Project Shield is an invite-only service that combines Google's DDoS mitigation technology and Page Speed service. The intent is to offer the service to (quoting from their site) "websites serving news, human rights or elections-related content." The concept is to provide a voice to those that may be silenced via DDoS attacks.

The Possible Moral Dilemmas

As an example of a potential Project Shield user, Google spotlighted Aymta, a site that alerts Syrians to scud missile launches. In the past the site has been targeted by DDoS attacks, reportedly by the Syrian government.

So what happens when the Israeli and Palestinian conflict heats up again and a similar service is spun up on both sides of the border? Should Google choose who they feel is more "right" in the situation and worthy of their protection?
This is a huge moral question as people could literally live or die based on how they choose. Selecting either side in the conflict potentially draws fanatical anger from supporters on the other side. Doing nothing or supporting both potentially draws ire from both sides.

At the end of the day, Google is still a company looking to generate a profit. Certain choices could potentially impact their business model in large portions of the world. While Google's mantra is "don't be evil," sometimes you are faced with no-win choices. Adding to the complexity is that Google also has a responsibility to their investors. Is it impossible to consider that profit margins will never factor into their selection for inclusion into this service?
If they do choose to throw caution to the wind, could that not affect their bottom line, thus negatively impacting their investors and their ability to perform this philanthropic work in the first place? To draw on a Star Trek moral dilemma, do the needs of the few outweigh the needs of the many, or is it the other way around?

Protecting The Rest Of Us

There is another more subtle issue here. By protecting sites that are drawing a passionate response, Google is effectively raising the bar on what is required to perform a successful DDoS attack. Further, they are doing so to people who are highly motivated to reach that bar and may have the financial means to do so. In the past, whenever we've developed technology or processes to thwart large scale DDoS attacks, the bad guys have upped their game to meet the challenge.

Unfortunately, leasing time on botnets to perform DDoS attacks is a thriving business. This offering may provide financial incentives to the bad guys to again scale up their operations. This may leave the rest of us, who are not invited into Google's protected circle, that much more likely to be knocked offline.

Don't get me wrong, I honestly think this Google endeavor is an effort to make the world a better place. I think Google is truly attempting to give a voice to "the little guy," and should be applauded for the effort. However, philanthropy can sometimes be a double-edged sword. I'm really hoping someone at Google who is smarter than myself has plotted a clear path through the potential moral minefield that may lie before them.

By Chris Brenton, Director of Security at Dyn

Related topics: Censorship, Cyberattack, Cybersecurity, Web

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

I don't see the same issue Phillip Hallam-Baker  –  Oct 28, 2013 7:31 PM PDT

Google could end up picking sides but by and large DDoS attacks are rarely the work of state actors and even more rarely state actors who are on the NATO forces side.

GCHQ and the NSA don't spend their tim DDoSing Al Qaeda Web sites, they infiltrate them. Folk Who try to DDoS the sites are causing more problems for our side than theirs.

They might get into some difficulty if they offer the service to US political campaigns due to the rules on donations in kind. But I am pretty sure they would have the sense to offer the same service to all parties.

Google has fat enough pipes and servers to soak up the entire DDoS attack volume. Perhaps what they are planning is not to make a business stopping DDoS but just looking to strike a knock out blow.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias

DNS Security

Sponsored by Afilias
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services
Verisign

Cybersecurity

Sponsored by Verisign

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

.TECH Gets Its Big Hollywood Break

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Major Media Websites Lose Audience Due to Slow Load Times on Mobile

Leading Internet Associations Strengthen Cooperation

DeviceAtlas' Deep Device Intelligence Now Addresses Native App Environment

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Why .com is the Venture Capital Community's Power Player

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

Miss.Africa Announces 2016, Round II Seed Funding Tech Initiative for Women in Africa

How Savvy DDoS Attackers Are Using DNSSEC Against Us