{"id":1288,"date":"2009-03-13T21:57:17","date_gmt":"2009-03-14T05:57:17","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=1288"},"modified":"2009-03-13T21:57:18","modified_gmt":"2009-03-14T05:57:18","slug":"google%e2%80%99s-online-library","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/03\/13\/google%e2%80%99s-online-library\/","title":{"rendered":"Google\u2019s Online Library"},"content":{"rendered":"<p>Google has been scanning whole books and archiving them since <a href=\"http:\/\/business.timesonline.co.uk\/tol\/business\/article1294870.ece\">at least 2004<\/a>.\u00a0 More recently, it settled a lawsuit that will allow it to legally copy copyrighted books and <a href=\"http:\/\/yro.slashdot.org\/article.pl?sid=08\/10\/28\/145249&amp;tid=123\">making them available online<\/a>.\u00a0 Google allows users to search their book archive at <a href=\"http:\/\/books.google.com\/?hl=en\">Google Book Search<\/a>, and view samples or<a href=\"http:\/\/books.google.com\/support\/bin\/answer.py?answer=43729&amp;topic=9259&amp;hl=en\"> in some cases <\/a>entire books.\u00a0 While the ability to look at fragments of the more restricted books is only useful as advertising for luring in potential readers , the fact that some books are posted whole online is significant for the flow of information throughout the world.\u00a0 As this online library expands, it could aid education and help distribute ideas worldwide.<\/p>\n<p><!--more--><br \/>\nAssets:<\/p>\n<ul>\n<li> The digital copies of the books are information resources that individuals might want to spread or suppress.\u00a0 In general, it is important that users have access to them to supplement their education, and, in the case of partially available books, the publishers want to restrict how much can be seen while still providing enough information to act as an incentive to buy the books.\u00a0 Google\u2019s security goal with the digital books should be to ensure that access to books is not unduly restricted, while also not giving away too much about restricted works.<\/li>\n<li>The search results for books are another asset.\u00a0 The goal should be to keep these as balanced and open as possible.<\/li>\n<\/ul>\n<p>\nAdversaries, Threats:<\/p>\n<ul>\n<li>More oppressive governments try to censor all information, and censoring Google Books would be a natural extension of that.\u00a0 In addition to filtering traffic to Google, they might try denial of service attacks to take Google Books down altogether.<\/li>\n<li>In the future, Google itself or a successor company might want to practice censorship by not making certain works available.<\/li>\n<li>Users might want to gain access to restricted (copyrighted) books.\u00a0 If the entire books are being stored in a database connected to the Internet, it is conceivable that someone could break into the database and steal the books.<\/li>\n<li>Publishing companies would want to skew the search results on Google Book Search in favor of their own partially available books, in the hopes that users would buy them.\u00a0 While it may be doubtful that an attack could affect the search engine directly, it might be possible for a publisher to plant popular search terms in sections of a book and then release the relevant sections to Google.\u00a0 This could result in a higher number of views on the \u201cadvertised\u201d sections, and possibly higher sales of the book.<\/li>\n<\/ul>\n<p>\nWeaknesses:<\/p>\n<ul>\n<li>While Google undoubtedly has defenses against DoS attacks, it cannot prevent censoring nations from filtering traffic and denying some potential users access to its library.<\/li>\n<li>Google has a lead in publishing online versions of print books.\u00a0 This might eventually turn into something approaching a monopoly, which would make the library vulnerable to the possibility of someone with bad motives gaining control of it.<\/li>\n<li>If it\u2019s connected to the Internet, it can probably be accessed somehow; if the complete versions of copyrighted texts are stored on databases connected to the Internet, they could be vulnerable to being stolen.<\/li>\n<li>Google seems interested in scanning as many books as it can, and may not be paying too much attention to the contents.\u00a0 This would make their system vulnerable to the search-terms-planted-in-books strategy.<\/li>\n<\/ul>\n<p>\nDefenses:<\/p>\n<ul>\n<li>To defend against DoS attacks, having a distributed system of servers would help (and they certainly do have defenses).<\/li>\n<li>Encryption of data transmitted could help avoid censorship.<\/li>\n<li>Google no doubt has excellent access control mechanisms for their databases<\/li>\n<li> Google can avoid becoming a censor itself by promoting competition: encouraging rival libraries by giving them its own scanned copies when possible.<\/li>\n<\/ul>\n<p>\nRisks<br \/>\nCensorship of content on the Internet is basically inevitable; while some users in oppressive areas will be able to circumvent it, there is not much Google can realistically do to help spread information past censors.\u00a0 Google turning evil seems improbable at the moment, though it could turn into an evil monopoly in the future; hopefully by then there will be more competition.\u00a0 The possibility of copyrighted books being stolen by users is probably negligible, though there might be some risk of employees taking copies of copyrighted books for their own use or distributing them.\u00a0 The likelihood of publishers sneaking search terms into samples is fairly likely, and difficult to defend against.\u00a0 The last one is the most likely exploit to succeed in the short run, but it only affects balance instead of access to information, so it is not as important.<br \/>\n<br \/>\nConclusions<br \/>\nHaving access to information is important for a society in general.\u00a0 Two of the factors contributing to the growth of GDP are the amount of technological knowledge a society possesses and the level of education of the populace.\u00a0 This is why it is important to encourage the spread of information; making books freely available will help societies grow and prosper, and help lead to a more prosperous world.\u00a0 That it is important for books be able to spread information as much as possible, free of censorship.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google has been scanning whole books and archiving them since at least 2004.\u00a0 More recently, it settled a lawsuit that will allow it to legally copy copyrighted books and making them available online.\u00a0 Google allows users to search their book &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/03\/13\/google%e2%80%99s-online-library\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":95,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1288","post","type-post","status-publish","format-standard","hentry","category-security-reviews"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/1288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/95"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=1288"}],"version-history":[{"count":2,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/1288\/revisions"}],"predecessor-version":[{"id":1303,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/1288\/revisions\/1303"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=1288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=1288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=1288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}