Google is stepping up efforts to toughen data encryption in an effort to limit unofficial snooping on user information in the wake of the revelations about the NSA and PRISM.
Speaking to the Washington Post, Eric Grosse, vice president for security engineering at Google said “It’s an arms race”, as he described government hackers as “among the most skilled players in this game.”
In the aftermath of leaked documents from Edward Snowden, suggesting that some US companies have made it easy for information to flow to the government, Google is keen to show it is doing its utmost to protect its users’ privacy.
The company did say, however, that it would still have to comply with any legally approved Foreign Intelligence Surveillance Act (FISA) requests and would hand over data whenever obligated to. Google, like Microsoft, is currently taking steps to sue the US government to gain permission to disclose just how many FISA requests it receives each year.
If such details do enter the public domain they could prove interesting reading, in conjunction with recent disclosures from companies like Yahoo, who revealed that it had received 12,444 requests for data from the US government in the first six months of this year.
Google officials declined to pass comment on how exactly the new encryption techniques would work, or what technology would be employed, though it does already have some experience in the field. Google implemented encryption with its Gmail service back in 2010 and then, later, did the same with many web queries using its own search engine.
While this affords protection to data travelling between Google and its users it does not cover its data centres where a huge amount of information – eg. web searches, emails and browsing histories – is stored and transmitted to and from each other on high speed fibreoptic lines.
Google officials did say that the new encryption will be “end-to-end” which suggests it will cover both the data centres and the connections between them, thus mitigating one vulnerable point of entry to potential snoopers.
Having accelerated the encryption program back in June, following the controversy over PRISM, Google is now apparently “months ahead” of its original deployment schedule with completion due very soon.
While this move from Google may not completely guarantee that data will remain private, it will likely bring some good PR the company’s way and at the same time make eavesdropping a far more time consuming and costly activity.