Google recently announced in an important change of policy that it will stop censoring search results for queries coming from China. That is interesting in its own right, but is not why I am writing this article. According to their corporate blog post, what prompted this change of policy was the discovery of “a highly sophisticated and targeted attack on [Google’s] corporate infrastructure originating from China”. They found similar attacks on “at least twenty other large companies from a wide range of businesses”. Google further said that they “have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists”. We are not likely to hear more detail in public about the attacks, but this is extraordinary news.
As you can imagine, Google has one of the strongest IT staffs, with among the broadest and deepest security expertise of any company in the world, and presumably the other twenty plus large companies are generally well protected as well. Yet they were all apparently compromised remotely, by agents of a foreign power, and for political purposes!
Is there anyone out there who still believes that some small company that has run a few election pilots and now wants to run infrastructure for Internet voting has any chance of locking down its vote servers so tightly that it can withstand a similar “highly sophisticated and targeted attack” against a U.S. election when Google and these other big companies cannot?