UPDATE 2: On further analysis, it seems that we were right the first time. Google does in fact flag as containing malware the majority of PFF’s PDF documents on net neutrality, and none of these documents actually does contain malware, viruses, or exploits. It’s a case of “guilt by association” as they share a directory with some infected files. This doesn’t mean Google is deliberately censoring free-market ideas on net neutrality, but they certainly are interfering with the public’s access to them. This is more a case of incompetence than of deliberate censorship, however.
Let’s apply the same standard to Google that its net neutrality partners have applied to Comcast, AT&T, and Verizon. ISPs shape traffic on their first mile networks, sometimes with blunt instruments and sometimes with surgical tools. According to Free Press and Google’s other partners in the net neutrality “let’s micro-manage broadband” coalition, blunt instrument management is a sign of anti-competitive bias.
How does Google look if we judge their actions by the yardstick they propose for ISPs? Guiilty as sin. Now you see why this is an important story.
UPDATE: See the comment by Erica George of Stop Badware. It’s actually Google that identifies malware-infected sites, and Stop Badware simply works the process of removing black-listed sites when their problem is resolved. These stories are hard to get right, but we try.
In a now-deleted post, I complained about certain net neutrality criticisms being apparently censored by Google. This was an error by my part, as I rushed a reader e-mail into a blog post without doing my research. Here’s a comment by PFF on the matter:
Everyone at PFF appreciates your concern, Richard, but what actually happened is quite benign; Google was not certainly censoring anyone!
Here’s what happened… Unlike the rest of our site, our “Issues & Publications†system relies on an SQL database—which, like any SQL database, is vulnerable to certain kinds of attack. We recently noticed such an attack and took steps to solve the problem. This is standard operating procedure for anyone running a site with an SQL database.
The Google search engine relies on the “Badware Website Clearinghouse†kept by StopBadWare.org [Editor’s note: see comments, as this isn’t quite correct]. The StopBadware project is a very helpful “neighborhood watch†campaign led by the good folks associated with the Berkman Center at Harvard. StopBadware works with Google to automatically identify sites that might contain badware, as their FAQ explains: http://www.stopbadware.org/home/faq#partnerwarnings-warning
Once a site is flagged, a warning message will arise when someone attempts to visit the site from the Google search engine or if one is using Google desktop or certain other firewall tools that aim to protect users from visiting dangerous sites.
The reason you encountered that warning page is that our site was quite accurately flagged as potentially dangerous and we had not yet completed the procedure for having our site removed from the Badware Website Clearinghouse, which is explained here: http://www.stopbadware.org/home/faq#partnerwarnings-remove
We consider the StopBadware a valuable self-help tool for protecting Internet users from potentially harmful software and applaud Google for its leadership in this area. If this incident demonstrates anything, it’s that an educational campaign would help users understand how the process works, why it’s good for all Internet users and that it is NOT censorship.
Once again we learn the value of doing a little research before posting.
PFF comments on their blog here.
Hi Richard,
Thanks for posting this! I just want to clarify who does the actual flagging of compromised websites. That is in fact Google, specifically their safer searching / anti-malware team, and not StopBadware.org or the Berkman Center. Google’s warnings are entirely based on their own internal systems for identification of malware distribution; StopBadware comes in simply to help site owners who want to remove the warnings in learning about badware and getting the warnings removed.
StopBadware sees our role in the process as an external fail-safe. Our public reviews process is an assurance that Google search users and webmasters alike can request an independent review of any flagged site from a nonprofit organization. We do our best to make the reviews process as transparent as possible. For example, anyone interested in the progress of the PFF review can follow its status here:
http://www.stopbadware.org/reports/container?reportname=www.pff.org/issues-pubs/&reportident=1155984
Anyone with questions or concerns about the process is invited to contact me directly, at egeorge AT cyber.law.harvard.edu.
Thanks!
Erica
StopBadware.org staff
Thanks for the clarification, Erica, I’ve updated the post.
I was one of the people who observed the problem and was the one who reported it to Richard. SQL injection is certainly a vulnerability of great concern in database-driven Web sites. However, in this case Google was blocking direct links to PDF documents. There was no opportunity for a reader to be infected by fetching those documents. Thus, there were only two possible explanations for Google’s behavior: overzealous blocking when another part of the Web site had a link to malware, or deliberate censorship. It’s a great relief to hear that the problem was the former, not the latter, since — after all — Google has such a monopoly on search that when you’re off Google, you’re essentially off the Net.
Response to Richard’s “UPDATE 2”: Yes, it does seem more likely that Google is merely guilty of being irresponsible rather than of deliberate censorship.
But that irresponsibility deserves some attention. It’s MUCH easier to tell which documents on a site contain malware than it is to determine whether a P2P stream is illegal or not! So, if Google et al are criticizing Comcast for using too heavy a hand in mitigating P2P, they should look in the mirror and ask earnestly if they are not even more guilty of the same sin of which they are accusing Comcast, Bell Canada, and other ISPs who are merely trying to manage their networks.
If you go by the standards of folks like Jim Buckmaster who said Cox was guilty of Net Neutrality violations even though it was caused by an incompatibility between a personal firewall software and Craigslist’s weird zero window size setting, then Google is guilty.
According to Google’s Vint Cerf, ISPs should be guilty until proven innocent and the burden of proof of network censorship should be on the duopolistic ISPs. So by this standard, Google the monopoly should be charged with a crime and fined until they can PROVE their innocence.