Sophos Cloud Optix
Google is stepping up efforts to toughen data encryption in an effort to limit unofficial snooping on user information in the wake of the revelations about the NSA and PRISM.
Speaking to the Washington Post, Eric Grosse, vice president for security engineering at Google said “It’s an arms race”, as he described government hackers as “among the most skilled players in this game.”
In the aftermath of leaked documents from Edward Snowden, suggesting that some US companies have made it easy for information to flow to the government, Google is keen to show it is doing its utmost to protect its users’ privacy.
The company did say, however, that it would still have to comply with any legally approved Foreign Intelligence Surveillance Act (FISA) requests and would hand over data whenever obligated to. Google, like Microsoft, is currently taking steps to sue the US government to gain permission to disclose just how many FISA requests it receives each year.
If such details do enter the public domain they could prove interesting reading, in conjunction with recent disclosures from companies like Yahoo, who revealed that it had received 12,444 requests for data from the US government in the first six months of this year.
Google officials declined to pass comment on how exactly the new encryption techniques would work, or what technology would be employed, though it does already have some experience in the field. Google implemented encryption with its Gmail service back in 2010 and then, later, did the same with many web queries using its own search engine.
While this affords protection to data travelling between Google and its users it does not cover its data centres where a huge amount of information – eg. web searches, emails and browsing histories – is stored and transmitted to and from each other on high speed fibreoptic lines.
Google officials did say that the new encryption will be “end-to-end” which suggests it will cover both the data centres and the connections between them, thus mitigating one vulnerable point of entry to potential snoopers.
Having accelerated the encryption program back in June, following the controversy over PRISM, Google is now apparently “months ahead” of its original deployment schedule with completion due very soon.
While this move from Google may not completely guarantee that data will remain private, it will likely bring some good PR the company’s way and at the same time make eavesdropping a far more time consuming and costly activity.
Nice PR job, Google. Of course, you forgot to say you're going to sift through everyone's info BEFORE you encrypt it, so you can use it for your own purposes, which may include helping out NSA when they ask for it.
Common sense tells me we need to take matters into our own hands to protect what little is left of our privacy. Doing your own encrypting probably won't keep NSA out entirely, but it will make it harder for them to pick us out of the crowd. Decrypting still takes extra time & effort and that little bit of hassle may be enough to keep their noses out of your business.
The same goes for storing stuff on Google Drive, Dropbox, iCloud, etc. Take it down and stash everything in a CloudLocker (www.cloudlocker.it), which works just the same but it's private and stays in your home where they still need a warrant to see inside.
I agree with JT Reynolds. Users must remember that Google's business model is still driven by indexing and advertising content, and it's pretty awkward to index something after it's been encrypted.
Thus Google must either do as JT suggests and index before encrypting and sending, or after delivering and decrypting.
It will be interesting to see what they are really working on, how it will help users and how it will fit into Google's existing methods of making money. Nonetheless it's good news that the large vendors are starting to push back against government surveillance. We just have to continue to be critical and mindful of whatever is offered.
Gavin
Who is managing keys ?
Smoke and mirrors. Google, Microsoft, Facebook are just a few of the large media companies who are willingly providing all of the information the government wants. What's more is that it will never end. I'll tell you why.
All have been busted for tax evasion. They pleaded to the US Law that to avoid jail they would forever display our private information.
When I was doing this stuff, we found that we had to comply with government requirements for encryption that basically told us that they could decode it if need be. So we were limited on what algorithms or types of encryption. Seems like one of the analysts stated that anything we could use could be decrypted by the Government within something like a few days or we couldn't use it. Nice huh?
Ha! Like anyone ever learned anything from information. Next thing you know we will not be anonymous either!
Does no one realise that google and the NSA are freaks for any data no matter what it is. I hear from the grape vine that Google have promised the NSA to be an assistant in collecting personal Data….how true this may be remains to be seen but if the rumours are true then the NSA have supplied the encryption key for Google to use.