Google has received a lot of press regarding their Project Shield announcement at the Google Ideas Summit. The effort is being applauded as a milestone in social consciousness. While on the surface the endeavor appears admirable, the long-term impact of the service may manifest more than Google had hoped for.
Project Shield is an invite-only service that combines Google's DDoS mitigation technology and Page Speed service. The intent is to offer the service to (quoting from their site) "websites serving news, human rights or elections-related content." The concept is to provide a voice to those that may be silenced via DDoS attacks.
The Possible Moral Dilemmas
As an example of a potential Project Shield user, Google spotlighted Aymta, a site that alerts Syrians to scud missile launches. In the past the site has been targeted by DDoS attacks, reportedly by the Syrian government.
So what happens when the Israeli and Palestinian conflict heats up again and a similar service is spun up on both sides of the border? Should Google choose who they feel is more "right" in the situation and worthy of their protection?
This is a huge moral question as people could literally live or die based on how they choose. Selecting either side in the conflict potentially draws fanatical anger from supporters on the other side. Doing nothing or supporting both potentially draws ire from both sides.
At the end of the day, Google is still a company looking to generate a profit. Certain choices could potentially impact their business model in large portions of the world. While Google's mantra is "don't be evil," sometimes you are faced with no-win choices. Adding to the complexity is that Google also has a responsibility to their investors. Is it impossible to consider that profit margins will never factor into their selection for inclusion into this service?
If they do choose to throw caution to the wind, could that not affect their bottom line, thus negatively impacting their investors and their ability to perform this philanthropic work in the first place? To draw on a Star Trek moral dilemma, do the needs of the few outweigh the needs of the many, or is it the other way around?
Protecting The Rest Of Us
There is another more subtle issue here. By protecting sites that are drawing a passionate response, Google is effectively raising the bar on what is required to perform a successful DDoS attack. Further, they are doing so to people who are highly motivated to reach that bar and may have the financial means to do so. In the past, whenever we've developed technology or processes to thwart large scale DDoS attacks, the bad guys have upped their game to meet the challenge.
Unfortunately, leasing time on botnets to perform DDoS attacks is a thriving business. This offering may provide financial incentives to the bad guys to again scale up their operations. This may leave the rest of us, who are not invited into Google's protected circle, that much more likely to be knocked offline.
Don't get me wrong, I honestly think this Google endeavor is an effort to make the world a better place. I think Google is truly attempting to give a voice to "the little guy," and should be applauded for the effort. However, philanthropy can sometimes be a double-edged sword. I'm really hoping someone at Google who is smarter than myself has plotted a clear path through the potential moral minefield that may lie before them.
By Chris Brenton, Director of Security at Dyn
|Data Center||Policy & Regulation|
|DNS Security||Regional Registries|
|Domain Names||Registry Services|
|Intellectual Property||Top-Level Domains|
|Internet of Things||Web|
|Internet Protocol||White Space|
With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»
Afilias - Mobile & Web Services