Aww. I cannot resist.
Let’s say Im doing a google login (over https). And lets note the BIG NOISE Google made over the introduction of https capabilities (and the particular ciphersuites they use, and the way they do resumption). All in all they crowed about the technical properties of the channel security.
But if the audit events of google post-SSL *process* login modules are being sent to the NSA GFE box (for “selection”) google is responsible for having signaled to a government the act of login (which is as private as the credentials used by the authentication process). They have to now that the EDN (the “notification” is intended to allow packet-level traps to start collection.
Folks may want to have a long look at certain intrusion “detection” vendors (e.g. BT America) that do “log monitoring” according to pattern analysis. One can also look at the association of Baum’s (newly IPO’d) company to such market development – particular since his product/service facilitates the delivery of the log records to the GFE equipment (that runs the selector searches in a trusted hardware module). Did the IPO properly disclose the “risks” (that the wider nature of the “market opportunity” may involve issues of spying etc)?
If you want to use the follow the money route, track how offers to buy cloud services from the likes of Google or Microsoft are tied to placement of GFE (for intrusion detection). If you want, you can look t the investment category of SIOC, which tried to capture the “growth opportunities” of signaling selected audit events – particularly in SSO servers. (SSO as in single sign on, note).
If you want to have a look at the design of an early “Trusted processing” node – likely used in GFE – come to my garage. Basically, it’s a linux box with a 2005-era cryptomodule that can run trusted java applets on the micro of the crypto unit. The point is that the cryptomodule is repurposed to avail the records (comsec custodian grade) manager of the accountaiblity rules concering selector updates and policy changes (and to ensure auto-delete of selectors and evidence of settings – in case of compromise of the GFE or ts crypto/trusted-process module, to be more accurate).